OWA won't load internally - DNS resolves as expected

Hi All,

I have an odd problem which I just can't see to figure out for the life of me! I'll give the scenario below:

  • Exchange 2013 Server OWA doesn't work using the FQDN of mail.server.com unless done from the exchange server itself.
  • Browsing to the IP loads the OWA page
  • DNS all resolves to the correct IP address and NS lookup also works correctly.
  • Works perfectly fine externally

If everything wasn't resolving as expected I'd definitely blame DNS but due to the odd nature of all the records resolving as expected I'm not too sure.

Any help would be appreciated.

Kind Regards,
Dom
Dominic BuckleySystems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MichelangeloSystem Administrator / PostmasterCommented:
Exchange 2013 Server OWA doesn't work using the FQDN of mail.server.com unless done from the exchange server itself.
What exactly is the error/message you get?
0
zvitamConsultantCommented:
The problem is in the DNS. the FQDN should be resolved to the internal IP when used internally. You have to use split brain DNS to resolve your issue.

 see the following article:
Use DNS Policy for Split-Brain DNS Deployment
0
Dominic BuckleySystems EngineerAuthor Commented:
What exactly is the error/message you get?

In IE I get the below:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

In Chrome I get the below:


This site can’t be reached
mail.server.com unexpectedly closed the connection.
Try:

Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_CLOSED

The problem is in the DNS. the FQDN should be resolved to the internal IP when used internally. You have to use split brain DNS to resolve your issue.

The FQDN does resolve to the internal IP. I stated that DNS resolution is correct in my main post but any other advice would be appreciated.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

zvitamConsultantCommented:
Your issue is a common issue and the solution is split-brain DNS even though it appears to resolve correctly.
0
Dominic BuckleySystems EngineerAuthor Commented:
Your issue is a common issue and the solution is split-brain DNS even though it appears to resolve correctly.

Could you possibly explain this to me? I took a look at your link but struggled to find where to begin. I'd like to understand the problem properly first.

I'd assume because mail.server.com resolves to the internal exchange address that it should work correctly, being that bindings and certificates are correct?
0
MichelangeloSystem Administrator / PostmasterCommented:
Point is, it depends also on your network conf.  The url you are using resolves to the public IP of your exchange, which may not be reachable from within your network. In this case, you need to resolve the internal IP of your exchange using the same url thus you would need a split dns. If the issue is internal vs external dns resolution, have a look and this to double check your settings http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/

In all other cases, more info is needed such as network topology.
0
Dominic BuckleySystems EngineerAuthor Commented:
Just to clarify, it looks as though it's already configured as it should be (I could be wrong)? Please see attached image of DNS.

DNS Config
0
MichelangeloSystem Administrator / PostmasterCommented:
Are your internal clients on the same network of the exchange server which I assume is 192.168.4.52 ?
Have a look at:
- local firewall: does it allow connections from 192.168.x range?
- the article i posted above: are you Exchange configuration URLs set up correctly?
0
Dominic BuckleySystems EngineerAuthor Commented:
Are your internal clients on the same network of the exchange server which I assume is 192.168.4.52 ?
Have a look at:
- local firewall: does it allow connections from 192.168.x range?
- the article i posted above: are you Exchange configuration URLs set up correctly?

Something so basic that I forgot to check... We have different subnets and it seems to be an issue with communication between the VLANS that the subnets are configured to.

For example -

Majority of PCs are on 192.168.40.x (including DNS servers)

Exchange server is on 192.168.4.x

I can access OWA when on another machine within the 192.168.4.x network but not the 192.168.40.x

Gives me something to check out and definitely pointed me in the right direction! Thanks Michel.
0
Dominic BuckleySystems EngineerAuthor Commented:
Turns out MASQing wasn't enabled on the inter-vlan routing rule so it was trying to pass back through the same port and the server was sending a reset packet.

After enabling MASQing on the inter-VLAN rule the problem seems to be resolved.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.