Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 112
  • Last Modified:

2007 exchange server configuration

I'm working with 2007 Exchange Server installed on a server with MS Server 2008 R2. It is the only server for a small business, so Edge is not installed. They need to use it for email & a shared calendar. I set up A & MX records on GoDaddy (domain host). I created a SSL certificate on Digicert & installed it through Exchange Management Shell. I can't get the email to work. MXlookup says email is ready but the SSL is not  working & there's a DNS mismatch. I receive an error when trying to set up the email account in Outlook that says it can't be completed because the server is offline. I can ping by the FQDN of the Hub Transport Receive Connector.
Do I need to set up A, MX, Forward & Reverse DNS records on the server also? The current records there use the MS server IP address & the Exchange uses the Firewall IP address. What address should I use if I create new records there? Do I have to configure differently for LAN & remote users? The exchange FQDN is mail."MyDomain".com. That's what I used on both local & remote setup with the same failure. Also, under "domain".local in the DNS Manager, there are only 3 of the 6 computers listed with their own IP address & FQDN. I manually added the others in the AD because they kept losing their trust relationship. I wonder if something was missed in the original configuration that is causing this difficulty.
0
Albatross1953
Asked:
Albatross1953
  • 5
  • 4
  • 2
2 Solutions
 
IntMediaNetCommented:
A record on the internal DNS, no need for the MX internally - did you 1 to 1 forward the IP in the firewall to the exchange server ?
I would recommend a separate IP for the Exchange Server then I to I NAT the address.
in 2007 EMC did you assign SMTP, IIS to the cercificate ?
Andrew
0
 
Simon Butler (Sembee)ConsultantCommented:
You need to ensure that the name on the SSL certificate resolves internally as well as externally.
By default Exchange will be using the internal of the server, which will generate the SSL mismatch errors.
Easily resolved though http://semb.ee/hosnames2007

Simon.
0
 
Albatross1953Author Commented:
IntMediaNet: What do you mean by 1 to 1?

Simon: That link redirects to whatis:semb.ee;  How else can the name on the certificate be changed?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Simon Butler (Sembee)ConsultantCommented:
0
 
Albatross1953Author Commented:
Do I need to use the 2nd WAN port to have a separate IP address for the Exchange Server?
0
 
IntMediaNetCommented:
your ISP would be the one to provide you with a  block of IP addresses, other wise you will need to use port forwarding to get mail to route to your mail server.
0
 
Albatross1953Author Commented:
They have an extra IP address. I just don't  understand how to assign the IP to the exchange server when it is installed on a 2008 R2 server. Do I run a cable from the modem to the 2nd WAN port to use a public IP or do I use a subnet from the firewall?
0
 
IntMediaNetCommented:
depending on your firewall you can google instruction on how to 1 to 1 NAT your public IP address to your internal private IP address of the exchange server.
0
 
Albatross1953Author Commented:
The directions say that a chosen IP address ( in this case the server ) would route directly to the Internet (through the firewall) . The MS Server & the Exchange Server are the same unit so they use the same IP address. Am I missing something there?
0
 
IntMediaNetCommented:
you keep the internal address of the server 192.168.1.52 (what ever private IP address scheme you have chosen - then in your firewall you assign a static NAT (Network Address Translation) form your external IP address that the world can see and point it to the internal address of your server. limiting the communication of course to ports 25, 80 and 443
0
 
Albatross1953Author Commented:
I couldn't verify this. After following all instructions, it still mismatched. I finally had GoDaddy host the exchange & they had the same trouble. Then there was an "aha" moment when the tech said, "Oh. wait a minute. Now it should work."
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now