Exchange 2013 Virtual Directories, CNAME & DNS Help

Posted on 2014-09-23
Medium Priority
Last Modified: 2016-06-14
I am in the process of setting up a fresh install of Exchange 2013 in a new domain.  The domain is ad.LegalName.com.  I have setup the Exchange Virtual Directories (OWA, ECP, etc.) to be https://mail.DivisionName.com/.  

In order to allow my internal users to use https://mail.DivisionName.com/owa to access their email in their browser, I created an Alias / CNAME in the DNS Manager on the domain controller.  Since there was only one Forward Lookup Zone of ad.LegalName.com, I had to create a second Forward Lookup Zone of Division.com and create the Alias there for mail.DivisionName.com.  

This seems to have worked.  Within the network, I am able to go to https://mail.DivisionName.com/owa and it brings me to the OWA login page.  

Now for my questions:

#1 - Did I set this up correctly?  I am pretty green when it comes to DNS configurations and such.  I just want to make sure that this was setup properly and that I am not going to have any problems.  

#2 - I am purchasing a wildcard SSL certificate for use on the Exchange Server.  I am assuming that I will need to use DivisionName.com as the root domain for the certificate.  While the Exchange server that the certificate will be installed on is part of the ad.LegalName.com domain, the site that the user will go to is mail.DivisionsName.com/owa to access their mail.  I just want to verify that DivisionName.com is the proper root domain to have the certificate issued to for use on the Exchange server.  

Thanks in advance for all the help!
Question by:csimmons1324
  • 3
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 40340432
It will work but the question, why do you have different domain names for the same org ?  one internally and one externally with different names ?
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 40340476
You should set up your DNS entries to something like divisionname.legalname.com as wild card certificates works for entries such as *.legalname.com where * could be each division name.  If you are going with mail.divisionname.com then you will require multiple SSL certificates, one for each division name.

Author Comment

ID: 40341788

Our legal name for the company is "XYZ, Inc."  However, we do not really use this name in the marketplace as it is simply the legal parent company name.  Everyone in the market knows us as "XYZ Systems."  Technically speaking, "XYZ Systems" is a division of "XYZ, Inc."  We also have another division "ABC Technologies."  Once again, this division falls under the "XYZ, Inc." parent company.  

We own the external domains XYZinc.com, XYZsystems.com and ABCtechnologies.com.  "ABC Technolgies" sells a subset of the products of "XYZ Systems" and just targets a niche market.  Being a SMB...all of our sales guys and internal employees support both divisions.  So from an internal structure there is really no seperation between the divisions.  Therefore, management made the decision that all of our email addresses will be @XYZsystems.com as this is our largest division and the name we are known as in the market place.    

With all of that said, I made the decision to setup our internal domain as "ad.xyzinc.com" since it is our actual legal name.  As I stated above, management made the decision to use @XYZsystems.com for all our company email addresses.  When I setup our new Exchange server I set all the virtual directions to be https://mail.XYZsystems.com. I did this for two reasons:

1.  This is the site that our current Exchange Server (setup by our previous IT person) uses so our employees are familiar with going to https://mail.XYZsystems.com to check their email over the web.

2.  Seeing that our email addresses are all @XYZsystems.com it makes the most sense for the users to got to mail.XYZsystems.com to get their email.

Author Comment

ID: 40341935

I understand what you are saying and see the advantages there.  Using the naming convention in my last post...On the other hand, we pretty much use XYZsystems.com for everything.  If I buy a wildcard SSL certificate for *.XYZsystems.com then I can use it in the following locations:

1. On our webserver to encrypt our backend admin login pages for our hosted website site.
2. I can use it on our internal email server.
3. Possibly on our IIS server for our outside sales guys to access our ERP portal.  I have yet to look into this so I am not entirely sure about this one.

Let's say I decide to with setting up DNS entris to something like divisionname.legalname.com as you mentioned.  How would I setup an Alias within DNS for mail.divisionname.com?  When I create the alias, the FQDN is automatically set with the format aliasname.forwardlookupzone.  If I had forward lookup zones of divisionname.legalname.com, per your suggestion, then wouldn't my virtual directories for Exchange need to be set to mail.divisionname.legalname.com so that I could setup the mail alias within DNS?

I hope that makes sense....as stated previously, I am pretty new to this stuff.

Accepted Solution

csimmons1324 earned 0 total points
ID: 40342152
After setting up DNS with a new forward lookup zone for Division.com I realized that when I opened IE and went to www.division.com it wouldn't resolve to our webhost.  I did some investigating and came across this article:


DNS now seems to resolve correctly as my internal users can visti www.division.com and the website loads properly.  They can also go to mail.division.com and DNS resolves and they are able to access OWA.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question