Solved

Problem with exchange 2010 certificates

Posted on 2015-01-24
39
276 Views
Last Modified: 2015-02-26
I have recently taken over a site where the customer has a SBS 2011 server, I need help with configuring the exchange certificate correctly as exchange is not one of my strong points.  Their remote users access the server via outlook anywhere and according to the customer, this worked up until the point that the original certificate expired and someone tried to install a new one.  Now users get messages that a secure connection can’t be established with the server webmail.company.info and that the certificate was signed by an unknown authority and users remotely connecting via outlook anywhere can no longer receive mail.

Also picked up the following error in the event logs:

Log Name:   Application
Source:   MSExchangeTransport
Date:  12/8/2014 5:42:15 AM
Event ID: 12014
Task Category: TransportService
Level:  Error
User:          N/A
Computer:      company-SERVER.company.local

Description:
Microsoft Exchange could not find a certificate that contains the domain name company-server.company.local in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Windows SBS Internet Receive COMPANY-SERVER with a FQDN parameter of company-server.company.local. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

I ran the Get-ExchangeCertificate |FL command and got the following certificates:

AccessRules :
CertificateDomains : {company-SERVER.test.local}
HasPrivateKey : True
IsSelfSigned: False
Issuer             : CN=company-company-SERVER-CA
NotAfter           : 12/8/2015 10:07:45 PM
NotBefore          : 12/8/2014 10:07:45 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 10F3915100000000000D
Services           : None
Status             : Valid
Subject            : CN=COMPANY-SERVER.company.local
Thumbprint         : F426E9B5558FDA259E9E185F4116E81F6ADCB27A

AccessRules        :
CertificateDomains : {webmail.company.info, company-server.company.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=company-COMPANY-SERVER-CA
NotAfter           : 12/7/2016 6:22:50 PM
NotBefore          : 12/8/2014 6:22:50 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 1025A37500000000000C
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.company.info, OU=IT, O="COMPANY ", L=GB, S=GB, C=BW
Thumbprint         : 387BBB9343E5A5CE8E991FBA23A076FAF9A48033

AccessRules        :
CertificateDomains : {webmail.company.info, www.webmail.company.info}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy
                     .com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/20/2015 9:12:01 AM
NotBefore          : 12/3/2014 12:59:05 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 27F94E99762465
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=webmail.company.info, OU=Domain Control Validated
Thumbprint         : 479BC33A8F42359F2A91D7FD78D7172E354EEAE7

AccessRules        :
CertificateDomains : {company-COMPANY-SERVER-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=company-COMPANY-SERVER-CA
NotAfter           : 2/12/2018 12:40:41 AM
NotBefore          : 2/12/2013 12:30:41 AM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 0C28FE7932B425A746697A285BE6CE41
Services           : None
Status             : Valid
Subject            : CN=company-COMPANY-SERVER-CA
Thumbprint         : AAF032CDAD7DF8B92E4E4F622FB6A38591AA5307

I noticed there are 2 certificates, one from Godaddy and one which looks like a self-issued certificate both with services for SMTP,IMAP and POP.  And the self-issued with the addition of IIS is this correct to have 2 certificates with the same services running?  

Should the Godaddy certificate also have IIS enabled and include the company-server.company.local as one of its certificate domains?

Should i remove the self issued certificate or the Godaddy one?

How would I resolve this issue to get both the local users and the remote users connecting with no problems?
0
Comment
Question by:Botsasc
  • 22
  • 11
  • 4
39 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40568612
Most implemenations of Exchange now require two certificates. A self signed one for the server's real name and a trusted certificate.
Furthermore, for the trusted certificate to work correctly, it needs to be enabled with the SBS wizard.
For the SBS wizard to work, the host name used needs to match the one on the SSL certificate.
It seems like webmail has been used, which isn't best practise - it should be remote.example.com.

Therefore you have two options.
1. Run the wizards with SBS to change everything to webmail.example.com, that will mean using advanced settings. Once the wizards for setup are complete, run the SSL wizard and choose the existing GoDaddy Certificate.
2. Get a new certificate for remote.example.com - a UC, aka multiple domain type certificate. Generate a new request in Exchange 2010 for remote.example.com, including Autodiscover.example.com as one of the additional names (no other names required - which includes the root - example.com which Exchange puts in by default). Then complete the request in Exchange and use the SSL wizard to enable it.

Once you have done either of those, in EMS, run new-exchangecertificate (no other switches) to generate a new SMTP certificate.
Finally remove the old certificates with remove-exchangecertificate.

http://semb.ee/ssl

Simon.
0
 

Author Comment

by:Botsasc
ID: 40569188
Hi Simon,

Thanks for your comments and help, from the list of certificates i don't see any record of Autodiscover.company.info, will running the wizard correct this?  

Should the Autodiscover.company.info  be on the trusted certificate or the self-signed one?  And what services should be assigned to which?

I will try the first option you mention, have checked and it appears that the wizard was already run to change everything to mail.company.info.  So i'll try and run the ssl and choose the existing GoDaddy cert.

You mentioned running the new-exchangecertificate command after this, am i correct in saying that this will create a new self-signed certificate?  Will this automatically also create the domain names as well as he autodiscover.comapny.info?  

Then i delete the other self signed ccessRules        :
CertificateDomains : {webmail.company.info, company-server.company.local}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=company-COMPANY-SERVER-CA
NotAfter           : 12/7/2016 6:22:50 PM
NotBefore          : 12/8/2014 6:22:50 PM
PublicKeySize      : 2048
RootCAType         : Enterprise
SerialNumber       : 1025A37500000000000C
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.company.info, OU=IT, O="COMPANY ", L=GB, S=GB, C=BW
Thumbprint         : 387BBB9343E5A5CE8E991FBA23A076FAF9A48033

is that correct?  Sorry for all the question but just want to be sure that i don't make a bigger mess as one of the reasons the other guys lost the contract.
0
 

Author Comment

by:Botsasc
ID: 40574767
I have added the trusted certificate via the wizard, ran the new-exchangecertificate command and deleted the old certificate with thumbprint 387BBB9343E5A5CE8E991FBA23A076FAF9A48033.  No longer get the untrusted message when accessing OWA.

The certificates now look like this:

AccessRules        :
CertificateDomains : {company-SERVER, company-SERVER.company.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=company-SERVER
NotAfter           : 1/28/2020 10:40:24 AM
NotBefore          : 1/28/2015 10:40:24 AM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 1F30F629D33F2BB84ECC114410A73806
Services           : SMTP
Status             : Valid
Subject            : CN=company-SERVER
Thumbprint         : B0C8C09B4FE73E452DCF8C9E2A656B08695973BA

AccessRules        :
CertificateDomains : {webmail.company.info, www.webmail.company.info}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy
                     .com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 11/20/2015 9:12:01 AM
NotBefore          : 12/3/2014 12:59:05 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 27F94E99762465
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.company.info, OU=Domain Control Validated
Thumbprint         : 479BC33A8F42359F2A91D7FD78D7172E354EEAE7

Outlook anywhere authentication is set to basic.

Problem I'm now having is getting the outlook anywhere to work.  I'm trying to configure this on my outlook from outside of the network.  The process seems to run fine, please see screenshot doc attached then bombs out.
Screenshots.docx
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40574775
The SBS wizard does not include Autodiscover information.
Therefore if you don't want to use SRV records for Autodiscover, you need to create an SSL request within Exchange, complete the request in Exchange, but then run the SSL wizard in the SBS console to install the certificate.
Furthermore you will need to have a UC type certificate, rather than a regular single name certificate.

The self signed certificate will be for internal traffic only and will have the internal name of the server only.

Outlook Anywhere really needs Autodiscover to be working to setup correctly. Therefore you either need to change the certificate or setup SRV records.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40574796
Hi Simon,

Please bear with me here, so what you saying is that i would have to get a new certificate from Godaddy in this case that includes the autodiscover.company.info as one of the alternate names?  That's if i don't want to setup the SRV records?  Which i take it should be done by an ISP and not on the SBS.

Also can't resolve autodiscover.company.info on my domain should i add a record in dns for this?
0
 

Author Comment

by:Botsasc
ID: 40574868
ran the Microsoft connectivity test and on the SRV got the following result as shown in attachment.

Did an nslookup for srv records and got the following:

_autodiscover._tcp.company.info    SRV service location:
          priority       = 20
          weight         = 1
          port           = 443
          svr hostname   = webmail.company.info

webmail.company.info       internet address = x.x.x.x
>
connectivity-test.PNG
0
 

Author Comment

by:Botsasc
ID: 40574988
Fix my network picked up the following issues.  Should i run it to try and repair the last 2?
Fix-my-network.PNG
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40575325
You don't need Autodiscover.example.com on your internal network unless you have clients on your internal network that are using your Exchange server which are NOT members of your domain.
However without Autodiscover.example.com as an additional name on the certificate it wouldn't work anyway.

If you have SRV records in place, then the host name on the SRV record needs to match the common name on the SSL certificate.

As for the fix my network wizard - configuring the router - I wouldn't worry about. DNS using forwarders, that depends on what forwarders you are using. The other two, again it depends if you have made configuration changes. Component ID 3 is an error with IIS configuration for Outlook Anywhere.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40575885
Thanks Simon,

I'll try and run the fix my network wizard first to see if it sorts out those issues and fixes the IIS error.

But will also purchase another certificate.
0
 

Author Comment

by:Botsasc
ID: 40579302
Have purchased a new certificate with autodiscover added as an alternate name and installed onto the server.  Removed the other GoDaddy certificate.

Verified in OWA that certificate being used shows the san's.

But still cant connect from outside.
Certificates-30.01.15.docx
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40585592
Hi there,

Do you still get the original error about "connection can’t be established with the server webmail.company.info" Can you give us an exact error.

I assume one of the SANS in the new certificate is webmail.company.info, or whatever name you used in the new certificate.

Is there an ISA server or a TMG server functioning as a reverse proxy?

Does OWA work with no warnings?

What version of Outlook are they using?

You may want to check the msstd settings outlined here:

https://support.office.microsoft.com/en-us/article/Use-Outlook-Anywhere-to-connect-to-your-Exchange-server-without-VPN-ae01c0d6-8587-4055-9bc9-bbd5ca15e817?CorrelationId=80c7ab50-5969-4f66-930f-48b54a208553&ui=en-US&rs=en-001&ad=US


(The STARTTLS error is less critical, since TLS is only opportunistic, I'm ignoring that for the moment)
0
 

Author Comment

by:Botsasc
ID: 40585635
Hi Carol,

Yes that's correct one of the SANS is webmail.company.info, and was so with the original GoDaddy certificate then Simon mentioned that autodiscover,company.info should also be on the certificate so got a new certificate issued with autodiscover as well.

There is no ISA or TMG server but there is an endian firewall that does the smtp relaying.

Versions of outlook vary between 2007 to 365.  Funny thing is user with Outlook running on an apple says he was able to connect previously albeit having to ignore certificate errors, where pc users couldn't haven't tested again since added the certificates correctly.

I have included the error message when i try and create the account.


Will have a look at the article you sent and let you know.

Kind regards,
Doc2.docx
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40585885
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40585909
Did you install the certificate with the wizard in the SBS console?
If not, then you need to do it that way for everything within SBS to work correctly.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40585915
I haven't yet tested that, as the client is a bit out of town.  They have remote users who won't be able to bring their laptop/pcs in due to geographical reasons.

So what i've been trying to do was connect as a user not on the domain, just with a internet connection.
0
 

Author Comment

by:Botsasc
ID: 40585920
Hi Simon,

Have installed with the SBS wizard.  There was an intermediate certificate i had to do first in IIS as per GoDaddy instructions then assigned new trusted certificate using the wizard.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40585925
Create a test account and run it through the Microsoft test site at http://exrca.com/
See what that flags, particularly around the Autodiscover functionality.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40585986
Hi Simon,

Please see results of the test run.

In the Pg2 there iscertificate that points to eastview.dedi.melbourne.co.uk have no idea what this!
connectivity-test--Pg1.PNG
connectivity-test--Pg2.PNG
connectivity-test--Pg3.PNG
connectivity-test--Pg4.PNG
connectivity-test--Pg5.PNG
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40589992
The certificate you are seeing is most likely coming from your web host. That is because the Autodiscover process tries to use the root of your domain (https://example.com/Autodiscover/Autodiscover.xml) as the first step.
It then attempts the others.

Did you put Autodiscover.example.com in to the certificate? If so it appears from that test you don't have the host name in your public DNS. You need to get your DNS sorted out.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40590479
Hi Simon,

Below is the current certificate that i just purchased with the autodiscover.company.info in it.  By the host name are you referring to the webmail.company.info?

svr records give following:

_autodiscover._tcp.company.info    SRV service location:
          priority       = 20
          weight         = 1
          port           = 443
          svr hostname   = webmail.company.info

webmail.company.info       internet address = x.x.x.x

If i do a nslookup of the hostname webmail.company.info it resolves correctly and the public ip corresponds with what is indicated in the svr record.

AccessRules        :
CertificateDomains : {webmail.company.info, www.webmail.company.info, www.company.info, autodiscover.company.info, remote.company.info}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy
                     .com, Inc.", L=Scottsdale, S=Arizona, C=US
NotAfter           : 1/29/2016 5:20:39 PM
NotBefore          : 1/29/2015 5:20:39 PM
PublicKeySize      : 2048
RootCAType         : ThirdParty
SerialNumber       : 0C0D5E35E9CF884F
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=webmail.company.info, OU=Domain Control Validated
Thumbprint         : 171485CA430730067613B1C759FF5F96FA223F84
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40590763
If you have Autodiscover as one of the host names on the certificate, then you don't need an SRV record. Just get the A record for Autodiscover.example.com configured to point to the Exchange server's external IP address and remove the SRV record.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40597775
Thanks Simon, will try and get the ISP details so that i can ask then to remove the SRV record and add the autodiscover A record.
0
 

Author Comment

by:Botsasc
ID: 40602792
Hi Simon,

I have added a A record for autodiscover.company.info and deleted the SRV record from the public DNS.

I am still not able to connect to the exchange server from outlook get the following popups (See attached popup).

Reran the connectivity test and have included as attachments.
popup.rtf
connectivity-test2--Pg1.PNG
connectivity-test2--Pg2.PNG
connectivity-test2--Pg3.PNG
connectivity-test2--Pg4.PNG
connectivity-test2--Pg6.PNG
connectivity-test2--Pg5.PNG
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40602898
Just looking at your DNS entries, which seem a bit strange.
nslookup returns:

nfds.info  5.159.228.225
webmail.nfds.info 41.75.4.10

https://nfds.info: serves the eastview.melbourne.co.uk certificate
https://webmail.ndfs.info serves your Godaddy certificate

my guess is that the root of the problem is your DNS entries

The nfds.info domain points to this netblock:

inetnum:        5.159.228.224 - 5.159.228.231
netname:        MELBOURNE-CUST-ORBI
descr:          See AS39451 for contact details
country:        GB
admin-c:        RG6069-RIPE
tech-c:         RG6069-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-MELBOURNE
source:         RIPE # Filtered

All the rest points here
inetnum:        41.75.4.0 - 41.75.4.255
netname:        OPQNET
descr:          OPQNET - Business Wireless
country:        BW
admin-c:        SA3-AFRINIC
tech-c:         SA3-AFRINIC
status:         ASSIGNED PA
mnt-by:         OPQ-MNT
source:         AFRINIC # Filtered
parent:         41.75.0.0 - 41.75.15.255
0
 

Author Comment

by:Botsasc
ID: 40602913
Hi carol,

Looks like i somehow missed blocking the name somewhere, didn't want it getting out to the WWW but if it helps resolve the issue....

We are currently using the webmail.company.info to access the email via owa and everything else. SBS is setup this way, the MX records are setup this way and so is the ssl cert on the server I'm really not sure where that record for the company.info refers to as it is not something we are even managing.

i can see from the outlook that it is making a connection with the server because when it comes back with Microsoft general box as in screenshot3 attached it showing the name of the sbs server as .local which it is discovering on it's own.
Screenshots3.docx
0
 
LVL 16

Expert Comment

by:Carol Chisholm
ID: 40602944
Well it is your public domain, anyone can look up that information.
Simon is better at SBS and autodiscover than me but I'd say the rogue IP for company.info and that alien certificate are getting in the way at some stage.
Outlook Anywhere opens various different connections to Exchange and Active directory. I can also see you have some legacy Exchange 2007 stuff in there, but it probably does not matter.

The connectivity verifier won't work until you correct the (I think spurious) dns entry

nfds.info  5.159.228.225

Or is this an address you use for something?
0
 

Author Comment

by:Botsasc
ID: 40602958
Thanks for your valuable input Carol i really appreciate all the help.

I have asked the client what this is referring to and if it is still in use hopefully he will get back to me soon.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40603253
Do you have Autodiscover.example.com in the external DNS records?
If not, then you need to do that first.

You then need to ask the hosting company to turn off Autodiscover for your domain.
The way that Autodiscover works is that it will query https://example.com/Autodiscover/Autodiscover.xml first (why I have no idea), and when that fails it will then move on to the next one (https://autodiscover.example.com/Autodiscover/Autodiscover.xml). Therefore you need to make the first one fail, which only your hosting company can do.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40603332
Hi Simon,

I added that in yesterday and removed the SRV record as per your previous suggestion.  So autodiscover.company.info is now resolving to the SBS servers external IP.

If i were to create a A record for example.com that points to the SBS external IP would that work, as per Carol's previous comment i'm just trying to confirm if that entry is still valid with the customer.
 Thanks.
0
 

Author Comment

by:Botsasc
ID: 40605103
I have asked the host company and they say there is no such feature to turn off autodiscover for the domain or am i asking it wrongly? and can only be done on the exchange server and since they don't deal with the exchange they can't assist.

The company.info domain seems to point to their web server so it' doesn't look like i can change this to point at my SBS server.
0
 

Author Comment

by:Botsasc
ID: 40605644
How can i test my SBS 2011 server to make sure that IIS and autodiscover are working correcty?
0
 

Author Comment

by:Botsasc
ID: 40607589
I finally managed to get to site, connected my non-domain joined laptop to network and tried setting up outlook with autodiscover, had a slightly different experience said it was trying to connect with encrypted connection which failed and then prompted me to click next to try with unencrypted which also failed without asking for credentials.  I was however able to join with manual configuration.  Server name as: webmail.company.info which after entering credentials changed to company-server.company.local and was able to open outlook fine.

Brought back to office and wouldn't connect, entered the proxy settings as in attachment, restarted outlook and was able to connect.  Only thing now is outlook changes the name in the proxy and when you open and close again the connection can't be made, until you re-enter the webmail.company.info and restart outlook.  Why is it changing this back?
13.02.15.docx
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40607680
The response from the host company doesn't surprise me.
A lot of hosts do not even know the feature is there - it was put in by the main control panel provider.
If you browse to https://example.com/Autodiscover/Autodiscover.xml you will probably get something back, which shows the feature is being used.

You could also run a test through the Microsoft test site at http://exrca.com/ - use a test account.

As for your last test, unfortunately I don't open docx files off the internet as that is a security risk. The settings will probably be changing via the internal Autodiscover. They come from how you have Outlook Anywhere configured within Exchange.

However I say the same thing again that I have said before, you need to get the DNS sorted out. That means getting Autodiscover.example.com added to the domain and the SRV record removed.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40607799
Hi Simon,

I had done  that on the 10th, added autodiscover.company.info and removed the SRV records as per your first suggestions.

When i navigate to that URL it first prompts me to accept the untrusted certificate then redirects to https://cpanelemaildiscovery.cpanel.net/autodiscover/autodiscover.xml.  Then i eventually get "The requested URL /autodiscover/autodiscover.xml was not found on this server." message.

Have re-added it as a pdf hope that's better?
Kind regards,
13.02.15.pdf
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40607813
That shows that Autodiscover is enabled on the web server/control panel and the host needs to turn it off.
First line support may not know how, but it needs to be done.

As for the Outlook Anywhere configuration, that will be set from the settings on the server itself. You need to ensure they are correct.

Simon.
0
 

Author Comment

by:Botsasc
ID: 40623933
Will try and see if i can win with getting this turned off.

I ran the following in EMS
[PS] C:\Windows\system32>Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri


Identity                       : company-SERVER
AutoDiscoverServiceInternalUri : https://webmail.company.info/autodiscover/autodiscover.xml

All looks correct, is there somewhere else that it has
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
ID: 40624395
As long as that host name resolves internally to the Exchange server and your clients are members of the domain, that is all that needs to be set.

Simon.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now