Need help with network configuration for Exchange (newbie)

Hello everyone,

I'm new here and I'm facing an issue in my Exchange configuration.

I'm trying to set up Exchange 2016 in my company.
I'm a dev engineer so i'm not really good in network configuration (NAT, DNS (A, MX)..) i'm a newbie..

Actually mails are managed by our domain provider, and what I need to do is to install and configure Exchange Server 2016 in the company network.

I got an Active Directory server, which is the DNS server aswell.
I have installed Exchange 2016 on a separated Windows Server 2016 which is in the domain.

I created my user in Exchange Server, and i'm abble to send/recieve mail with this user as long as i'm in the domain.. from outside i can't configure outlook to reach my Exchange server..
I'm also able to connect with this user into OWA (https://webmail.humandata.fr) when i'm into the entreprise network, but from internet i'm not abble to reach this URL (http or https).

My public IP is 178.21.xx.xx
My DNS Configuration (Domain Provider) :


My internal Exchange Server IP is 192.168.102.68 (static)
My NAT configuration (ISP) :


Maybe i have a conflict between mail managed by my domain provider and Exchange, but I don't want to stop mail service from domain provider, I need to check if everything is working with Exchange before

Is everything seems to be good in my configuration?
I can provide you more information if you need, and more details.

Thanks a lot guys, to take time to read this, and maybe to help me :)

Paul Merle.
Paul MerleProject ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Martin MillerCTOCommented:
Paul,

Let's start simple...

When I hit the url, https://webmail.humandata.fr, get the following, as shown in the image belwo. It appears you may not have a valid SSL certificate.

ee-url.png
Paul MerleProject ManagerAuthor Commented:
Hello Martin,

Thanks for your fast feedback :)

To be clear, i did not configure any SSL, I think this SSL is an autosigned by Exchange server..
And I don't really know how to valid it.

Thanks,
Paul MerleProject ManagerAuthor Commented:
Yes it's an autosigned SSL Certificate. (As you may have guessed SRV-EXCHANGE is my Exchange Server in the domain)

Autosigned Certificate
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

Martin MillerCTOCommented:
You will want a commercial SSL certificate, dedicated CNAME for  webmail.humandata.fr, or a star certificate for *.humandata.fr.

e.g. purchase from a trusted provider, e.g. GoDaddy.com, Verisign, etc... not sure who is preferred for your .fr domain.
Paul MerleProject ManagerAuthor Commented:
Thanks for your answer, am I forced to buy one?

To be honnest, "webmail.humandata.fr" is only used for OWA (if I understand) and i'm not going to use it everyday.
I just want to be able to configure Outlook 2016 from outside the enterprise.

Thanks,
Martin MillerCTOCommented:
Are you the ONLY user for https://webmail.humandata.fr ?

If yes, then create a self-signed SSL certificate. There are many HOWTO's on the internet, I found this one, using openssl, on Linux... the process is the key part to understand.

https://www.akadia.com/services/ssh_test_certificate.html
Paul MerleProject ManagerAuthor Commented:
I'll not be the ONLY user to use https://webmail.humandata.fr , we are 3 in the company, so we can be 3 to use it.
But if Outlook works fine, we maybe never have to use the OWA (https://webmail.humandata.fr)

Thanks,
Paul MerleProject ManagerAuthor Commented:
I created an self-signed SSL using openssl, but i'm not able to add it on the Exchange server.
But in the ECP i cant create a self-signed SSL Certificate, I've done It, but i got the same error :
2018-03-30_17h31_30.png
Martin MillerCTOCommented:
Paul,  about halfway through the following page at this link, https://www.digicert.com/csr-creation-ssl-installation-exchange-2016.htm

You will see HOWTO install your SSL Certificate on Exchange 2016

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Paul MerleProject ManagerAuthor Commented:
OK thanks for your help,

I have to go now, but i'll be able to check that soon (i hope next week).
I'll be back :)

A lot of thanks for your patience and your efficiency.
Paul MerleProject ManagerAuthor Commented:
Hello,

I'm back :)

My URLs seems to be good :
Exchange-URLs.png

I dont want to turn off Mail service from my host provider until Exchange server is up and working fine. My Host provider are using "mail.humandata.fr" as mail server, so I decided to use "webmail.humandata.fr" for my Exchange, I'm alone in the domain at the moment, I dont want to lost mail service for other users untill my Exchange server is up, but in some case when I try to send mail to users who are not in Exchange, I got a "mail delivery failure" error from the Exchange server... even if they are using "mail.humandata.fr" which are not pointing to my Exchange server... u can see my NAT & DNS configuration:
NAT-Configuration-ISP.pngDNS-Configuration-HostProvider.png
I don't understand why i got "Mail delivery failure" from Exchange for users who are using "mail.humandata.fr".. It seems like I'm missing something but I do not know what :(

Thanks for your help,

Regards.
Paul MerleProject ManagerAuthor Commented:
Hello Martin,

It's OK now, i bought an SSL certificate (Wildcard) for my domain i changed the MX records from my domain provider and everything seems to be good.

Thank you for the time you spend on my issue.
Have a nice day,

Regards.

Paul Merle.
Martin MillerCTOCommented:
To turn of MAIL while you migrating, you can just remove the MX records from DNS. When you are ready, add the MX records.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.