Dominic Buckley
asked on
OWA won't load internally - DNS resolves as expected
Hi All,
I have an odd problem which I just can't see to figure out for the life of me! I'll give the scenario below:
If everything wasn't resolving as expected I'd definitely blame DNS but due to the odd nature of all the records resolving as expected I'm not too sure.
Any help would be appreciated.
Kind Regards,
Dom
I have an odd problem which I just can't see to figure out for the life of me! I'll give the scenario below:
- Exchange 2013 Server OWA doesn't work using the FQDN of mail.server.com unless done from the exchange server itself.
- Browsing to the IP loads the OWA page
- DNS all resolves to the correct IP address and NS lookup also works correctly.
- Works perfectly fine externally
If everything wasn't resolving as expected I'd definitely blame DNS but due to the odd nature of all the records resolving as expected I'm not too sure.
Any help would be appreciated.
Kind Regards,
Dom
The problem is in the DNS. the FQDN should be resolved to the internal IP when used internally. You have to use split brain DNS to resolve your issue.
see the following article:
Use DNS Policy for Split-Brain DNS Deployment
see the following article:
Use DNS Policy for Split-Brain DNS Deployment
ASKER
What exactly is the error/message you get?
In IE I get the below:
This page can’t be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.
In Chrome I get the below:
This site can’t be reached
mail.server.com unexpectedly closed the connection.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_CLOSED
The problem is in the DNS. the FQDN should be resolved to the internal IP when used internally. You have to use split brain DNS to resolve your issue.
The FQDN does resolve to the internal IP. I stated that DNS resolution is correct in my main post but any other advice would be appreciated.
Your issue is a common issue and the solution is split-brain DNS even though it appears to resolve correctly.
ASKER
Your issue is a common issue and the solution is split-brain DNS even though it appears to resolve correctly.
Could you possibly explain this to me? I took a look at your link but struggled to find where to begin. I'd like to understand the problem properly first.
I'd assume because mail.server.com resolves to the internal exchange address that it should work correctly, being that bindings and certificates are correct?
Point is, it depends also on your network conf. The url you are using resolves to the public IP of your exchange, which may not be reachable from within your network. In this case, you need to resolve the internal IP of your exchange using the same url thus you would need a split dns. If the issue is internal vs external dns resolution, have a look and this to double check your settings http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/
In all other cases, more info is needed such as network topology.
In all other cases, more info is needed such as network topology.
ASKER
Are your internal clients on the same network of the exchange server which I assume is 192.168.4.52 ?
Have a look at:
- local firewall: does it allow connections from 192.168.x range?
- the article i posted above: are you Exchange configuration URLs set up correctly?
Have a look at:
- local firewall: does it allow connections from 192.168.x range?
- the article i posted above: are you Exchange configuration URLs set up correctly?
ASKER
Are your internal clients on the same network of the exchange server which I assume is 192.168.4.52 ?
Have a look at:
- local firewall: does it allow connections from 192.168.x range?
- the article i posted above: are you Exchange configuration URLs set up correctly?
Something so basic that I forgot to check... We have different subnets and it seems to be an issue with communication between the VLANS that the subnets are configured to.
For example -
Majority of PCs are on 192.168.40.x (including DNS servers)
Exchange server is on 192.168.4.x
I can access OWA when on another machine within the 192.168.4.x network but not the 192.168.40.x
Gives me something to check out and definitely pointed me in the right direction! Thanks Michel.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.