Exchange 2013 Virtual Directories, CNAME & DNS Help

Posted on 2014-09-23
Last Modified: 2016-06-14
I am in the process of setting up a fresh install of Exchange 2013 in a new domain.  The domain is  I have setup the Exchange Virtual Directories (OWA, ECP, etc.) to be  

In order to allow my internal users to use to access their email in their browser, I created an Alias / CNAME in the DNS Manager on the domain controller.  Since there was only one Forward Lookup Zone of, I had to create a second Forward Lookup Zone of and create the Alias there for  

This seems to have worked.  Within the network, I am able to go to and it brings me to the OWA login page.  

Now for my questions:

#1 - Did I set this up correctly?  I am pretty green when it comes to DNS configurations and such.  I just want to make sure that this was setup properly and that I am not going to have any problems.  

#2 - I am purchasing a wildcard SSL certificate for use on the Exchange Server.  I am assuming that I will need to use as the root domain for the certificate.  While the Exchange server that the certificate will be installed on is part of the domain, the site that the user will go to is to access their mail.  I just want to verify that is the proper root domain to have the certificate issued to for use on the Exchange server.  

Thanks in advance for all the help!
Question by:csimmons1324
  • 3
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 40340432
It will work but the question, why do you have different domain names for the same org ?  one internally and one externally with different names ?
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40340476
You should set up your DNS entries to something like as wild card certificates works for entries such as * where * could be each division name.  If you are going with then you will require multiple SSL certificates, one for each division name.

Author Comment

ID: 40341788

Our legal name for the company is "XYZ, Inc."  However, we do not really use this name in the marketplace as it is simply the legal parent company name.  Everyone in the market knows us as "XYZ Systems."  Technically speaking, "XYZ Systems" is a division of "XYZ, Inc."  We also have another division "ABC Technologies."  Once again, this division falls under the "XYZ, Inc." parent company.  

We own the external domains, and  "ABC Technolgies" sells a subset of the products of "XYZ Systems" and just targets a niche market.  Being a SMB...all of our sales guys and internal employees support both divisions.  So from an internal structure there is really no seperation between the divisions.  Therefore, management made the decision that all of our email addresses will be as this is our largest division and the name we are known as in the market place.    

With all of that said, I made the decision to setup our internal domain as "" since it is our actual legal name.  As I stated above, management made the decision to use for all our company email addresses.  When I setup our new Exchange server I set all the virtual directions to be I did this for two reasons:

1.  This is the site that our current Exchange Server (setup by our previous IT person) uses so our employees are familiar with going to to check their email over the web.

2.  Seeing that our email addresses are all it makes the most sense for the users to got to to get their email.

Author Comment

ID: 40341935

I understand what you are saying and see the advantages there.  Using the naming convention in my last post...On the other hand, we pretty much use for everything.  If I buy a wildcard SSL certificate for * then I can use it in the following locations:

1. On our webserver to encrypt our backend admin login pages for our hosted website site.
2. I can use it on our internal email server.
3. Possibly on our IIS server for our outside sales guys to access our ERP portal.  I have yet to look into this so I am not entirely sure about this one.

Let's say I decide to with setting up DNS entris to something like as you mentioned.  How would I setup an Alias within DNS for  When I create the alias, the FQDN is automatically set with the format aliasname.forwardlookupzone.  If I had forward lookup zones of, per your suggestion, then wouldn't my virtual directories for Exchange need to be set to so that I could setup the mail alias within DNS?

I hope that makes stated previously, I am pretty new to this stuff.

Accepted Solution

csimmons1324 earned 0 total points
ID: 40342152
After setting up DNS with a new forward lookup zone for I realized that when I opened IE and went to it wouldn't resolve to our webhost.  I did some investigating and came across this article:

DNS now seems to resolve correctly as my internal users can visti and the website loads properly.  They can also go to and DNS resolves and they are able to access OWA.

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
outlook 2013, exchange 2007 13 41
Windows Deployment Services 6 48
Powershell Exchange - help using invoke-command 16 52
Purge \Deleted Items? 2 27
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question