We have a single Exchange 2010 server on domainA.local
It HAD a NAT entry in the firewall for exchange01.domainA.local to exchange01.publicIP.com using ALL services.
The problem was that exchange01 was unable to reach any device in domainB.local (another domain we have in the same data center).
Our theory was that the NAT forced all traffic to change the IP to the publicIP.com address and screwed up internal routing. To test, we changed the NAT from ALL services to only ports 25, 587,443 and ICMP.
Now, exchange01 can reach domainB.local all day long but internal WiFi users can't get email on their ActiveSync configured smartphones. It DOES work if they are on 4G LTE.
- All internal Outlook Clients
- All external Outlook Clients
- All external smartphone/tablet connections
- All internal OWA site connections
-All external OWA site connections
What DOESN'T WORK:
- All internal Activesync connections
I don't think this is DNS. When I ping exchange01.domainA.local, I get replies and it resolves to the right IP address. The name resolution is the same for internal/external OWA connections.
From an internally connected smartphone, I CAN get to the OWA site (exchange01.publicIP.com) but it just won't do it on ActiveSync apps.
I know that something is somehow being blocked by limiting my ports from ALL down to 25, 587, 443 and ICMP, but I can't imagine what it would be since ActiveSync uses 443.