Category Archives: DNS

08.27.12
by

Exchange 2010 – Handling different Internal and External Domain Names


One of the issues I ran into with a recent migration from Exchange 2003 to Exchange 2010 was dealing with DNS Namespaces.

The company domain was not the same as the external domain name. Example:

Internal: mail.domain.local
External: mail.domain.com

When you purchase your exchange SSL certificate this may not be a problem. Just make sure you add your local url and server name into the pool with your certificate and all will be fine.

The problem comes when your internal domain name matches someone else’s external domain. The issuing certificate company will not be able to authenticate a certificate for you based on another domain that is not owned by you.

This in itself can cause some nightmares with the internal url structure for Exchange 2010.

Exchange 2010 uses a plethora of url’s to determine where everything is. This all wraps up into what is called Autodiscover.

To find these url’s in your exchange install use these commands in the ESM:

get-AutodiscoverVirtualDirectory

get-ClientAccessServer
get-webservicesvirtualdirectory
get-oabvirtualdirectory
get-owavirtualdirectory
get-ecpvirtualdirectory
get-ActiveSyncVirtualDirectory

each listing can have a specific setting for internal and external url.

What kind of problems can I run into?

First and foremost the problem I ran into was you could not access Automatic Replies via outlook.

“The automatic reply settings cannot display because the server is currently unavailable. Try again later”

To troubleshoot this the first thing you want to do is test your email auto-configuration via outlook. Hold the Ctrl button down and right-click the Outlook icon in the desktop tray to access the option.

This nifty little feature can definitely point you in the right direction. Once you run this be sure to uncheck GuessSmart and Secure GuessSmart Authentication. Enter your account password and let her rip. When the process is done running you will be presented with some output.

This output will list your internal and external urls along with any directories that have been setup.
The key here is the AutoDiscoverService.

In my case it pointed externally to https://mail.domain.com/, a lot of my urls were pointing there. From inside our organization there was no way to access this url because our internal domain name was different then our external one.

So how do we fix this?

“Split-Brain” DNS.

Split-brain DNS is a Domain Name System (DNS) configuration method that enables proper name resolution of local resources from both inside and outside of your local network.

The idea is to resolve and external dns records internally and trick Exchange autodiscover services into  thinking that the domain you listed on your SSL Certificate resolves.

How to Create a Forward Lookup Zone

To create a new forward lookup zone:

    1. Start the DNS snap-in. To do this, click Start, point to Administrative Tools, and then click DNS.

 

  • Click the DNS Server object for your server in the left pane of the console, and then expand the server object to expand the tree.

 

 

  • Right-click Forward Lookup Zones, and then click New Zone. The New Zone Wizard starts. Click Next to continue.

 

 

  • Click Primary zone to create a master copy of the new zone. Click Next.

 

 

  • In the Name box, type the name of the zone (for example,external.com, and then click Next.

 

NOTE: This name is typically the same as the DNS suffix of the host computers for which you want to create the zone.

 

  • On the Zone File page, accept the default file name for the new zone file, and then click Next.

 

 

  • Click Next.

 

 

  • Click Finish.

 

 

The new zone is listed under Forward Lookup Zones in the DNS tree.

Next we add a record for a DNS (A) Record for webmail and point it internally to our Exchange 2010 Server. This will allow the Autodiscover services to work the way they were intended. This fixes the Out of Office and the Auto Configuration.

How to Create a Host Record

To create a host or “A” record:

    1. Start the DNS snap-in.

 

  • Click the DNS Server object for your server in the left pane of the console, and then expand the server object to expand the tree.

 

 

  • Expand Forward Lookup Zones.

 

 

  • Under Forward Lookup Zones, right-click the zone that you want (for example, example.com), and then click New Host (A).

 

 

  • In the Name (uses parent domain name if blank) box, type the name of the host that you want to add. For example, if you want to add a host record for a Web server, type www.

 

 

  • In the IP address box, type the IP address of the host that you want to add. For example, type 192.168.0.100.

 

 

  • Select the Create associated pointer (PTR) record check box, and then click Add Host. You receive a message similar to the following:
    The host record www.example.com was successfully created.

    Click OK.

 

 

  • When you are finished adding hosts, click Done.

 

 

Note: If you have websites externally that also use the same domain name, Example: http://www.external.com. You will also need to create a blank (A) record, and a www (A) record to point to the external address for those sites. Otherwise you will no longer be able to access your external website internally.

By doing this all of your configurable urls for Exchange 2010 can be the same. This reduces the risk that one or more of your Outlook options stop working.

Did this article help you? Let me know!!

Questions? Drop me a line!