Solution for Exchange cert in a disparate split brain environment

I have a split brain DNS in a small business environment. e.g internal DNS SLGCOM.local exterla SLGCOMLiive.com. Future certificates are not going to support this leading issues in Exchange .

How would I approach this? Do I have to completely change my internal domain and DNS structure or is there a workaround?
LVL 4
pchettriIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
you use the same certificate; publish your URLs with the external name
all clients connect using the external name

Configure Exchange Services for the Autodiscover Service
https://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396
0
Will SzymkowskiSenior Solution ArchitectCommented:
All you need to do is the following...
- create a new internal DNS AD Integrated Zone for SLGCOMLiive.com
- add your Host A record for mail.domain.com
- Configure your Internal and External URL's for Exchange to use https://mail.domain.com/..... for all virtual directories

Then when users connect internally or externally they will be using the same fqdn and not the server name for internal virtual directories.

Will.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pchettriIT DirectorAuthor Commented:
Hi Seth...
I do not have issue with Certificates. I am using old certificate which is valid till 2015. New certificates do not support split brain setup. My question is different than certificate application. I know how the autodiscovery part of process. I am just worried about the issue I might get into when I renew my certificate which will not support split brain and requires changes in Domain naming structure.
You could find cert related article in godaddy and Digicert.
Thanks
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

pchettriIT DirectorAuthor Commented:
0
pchettriIT DirectorAuthor Commented:
As suggested by Will does creating DNS zone would help in this case? or would it better to setup internal CA to address this question.
Setting another DNS zone looks like easier solution but is it actually the correct fix for upcoming exchange certificate issue for non registered local domain name.

??????????
0
Will SzymkowskiSenior Solution ArchitectCommented:
Installing an Internal Root Cert authority involves a lot of work and you need someone to manage this service as well. ADCS is not a "set-it and forget it". Creating an Internal Zone for your External DNS name space is in fact the more appropriate method. As stated, you would then use the same internal and external URL's in Exchange.

Will.
0
pchettriIT DirectorAuthor Commented:
For new zone I would have to add hostA record as mail.SLGCOMLiive.com.  In other words, one that shows on external URL for CAS OWA property. Our inbound name on MX record is different than OWA URL due to the implementation on mail filtering from McCafe. Mx records shows address offered by Mcafe.
0
Will SzymkowskiSenior Solution ArchitectCommented:
What do you have currently on your Exchange External URL's?

Will.
0
pchettriIT DirectorAuthor Commented:
0
Will SzymkowskiSenior Solution ArchitectCommented:
Right, so creating a Zone on your internal DNS server for slgcomlive.com and adding a HOST A record for mail and giving it the IP of our internal CAS or CAS load balanced IP if you are in fact load balancing.

Will.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.