Exchange Server 2013 internal and external DNS records

Similar Messages

• Setup internal and external DNS namespaces best practice

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly
  or companydomain.com then create a subdomain corp?
  Thanks in advanced.
  William Lee
  Honf Kong

  Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
  able to run on the same DNS server (using Microsoft Windows DNS servers)?
  Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
  MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
  if the external namespace is companydomain.com.  How shall this be setup?  Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
  What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
  My own recommendation is to use .local for internal zone and .com for external one.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow

  Dear Experts,
  I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.  
  The registered domain name is e.g.  contoso.com. 
  a. What should I use as domain name on AD? contoso.com or contoso.local
  b. Is it recommended to have two different servers  for AD and Exchange?
  c. What should be my connector settings for mail flow?
  d. how can I set 2 email servers in company for load balancing?

  Hi,
  a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
  b, Recommended that installing AD
  and Exchange Server on two separate
  Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
  c, Found some articles for your reference:
  Configure Mail Flow and Client Access
  http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
  Configuring Outbound Mail Flow in Exchange Server 2013
  http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
  d, Load Balancing
  http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Exchange server 2013 send and received issue

  Hi Support,
  I have install Exchange Server 2013 with server 2012 ( my domain not resisted but mail send & received in local for practice then live ) but few days back some changes in dns and ecp and mail stop sending and receiving. how to verify my exchange server
  2013 working fine. Please give the step check perpoes.     

  dear Pardeep, you said it was working fine then you did some DNS changes..
  i would suggest you best troubleshooting step is to go to exrca.com and perform the tests and from there we take it up.
  Secondly you can verify your config from the below link.
  http://www.techieshelp.com/exchange-2013-step-by-step-configuration/        
  in DNS you need to make sure you have atleast MX and A record done for your server having email services installed.
  for ECP... i would we would take this later lets check the mail sending and receiving first. use the above links
  MARK AS USEFUL/ANSWER IF IT DID
  Thanks
  Happiness Always
  Jatin

• Meeting Place Web Servers ( Internal and External )DNS and IP Addressing

  For the Meetingplace 8.5 what will be the IP addresses of the Internal Web Server ( Internal IP's from the same subnet as of the CUCM) and for the External one interface from the internal network subnet ( CUCM subnet)  and the other Public IP address?
  How we will be mapping the DNS FQDN for these IP addresses?
  Do we need to have one internal DNS server and the other place in the DMZ?

  Hi Ali,
  You need two Web Server one Internal and one External. While configuring you internal web server you also add external if external particpants are allowed or not.
  For internal web server you want to make sure it's on the same subnet so internal particpants can access that one. For external you need to make sure the IP configured on external one is either natted ip or public ip so that when they type the external domain name it resolves to this external server ip address.
  Let me know if you have more questions.
  HTH
  Arun

• Exchange Server 2013 migration and high avalability

  Hello,
  We are using Office 365 online and will be migrating onto an in-house Exchange Server 2013 on a new Windows Server box.
  I have two questions:
  1. What is the best way to migrate everything from the Office 365 to the in house server? Do I setup a hybrid environment and then move the mailboxes and then remove the hybrid environment?
  2. What is the best way to setup high availability for the in-house Exchange server? I found out that in order to setup Exchange 2013 as high availability it needs to run on Windows server 2012 STD or Windows server 2008 Enterprise.
  Please let me know and provide links to step by step instructions if possible.
  Thank you, Karel
  Thank you. Karel Grulich, MCSE, SBS

  Hi Karel,
  Thank you for your question.
  In addition Ed’s suggestion, moving mailbox form Exchange online to Exchange on premise could be refer to the following link:
  https://technet.microsoft.com/en-us/library/jj906432(v=exchg.150).aspx
  Exchange 2013 high availability could be referred by the following link:
  https://technet.microsoft.com/en-us/library/dd638137(v=exchg.150).aspx
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Exchange Server 2013: Internal Certificate Issue

  Dear All,
  I have MS Exchange 2013 with domain name: Exchange.local (fqdn: ex001.exchange.local).
  I had created the accepted domain for xyz.com. I bought the Wildcard Certificate for *xyz.com. I had issued the certificate to my MS Exchange server.
  External/Internet users: they can setting up and connected with MS Outlook
  but I had problem with internal. when I setup account to MS Outlook. it failed and cannot connected to MS Exchange server because invalid ex001.exchange.local.
  Do you have best solution and commend on this issue for internal users?
  BR,
  KH
  [email protected]

  Hi khemarin,
  Did you set correctly the internal url´s for the services?
  For Autodiscover URL:
  If you are using a single server or all servers are in the same AD site, then the following commands can be used: 
  Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalUri https://mail.example.net/autodiscover/autodiscover.xml
  However if you are using multiple servers in multiple AD sites, then you need to set the commands as per the box below, replacing "CAS-Server" with the real name of the server that holds the CAS role. 
  Set-ClientAccessServer -Identity "CAS-Server" -AutodiscoverServiceInternalUri https://mail.example.net/autodiscover/autodiscover.xml
  For Webservices URL:
  As with Autodiscover, if you are using a single server then the following commands can be used:
  Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://mail.example.net/ews/exchange.asmx -ExternalUrl https://mail.example.net/ews/exchange.asmx
  However if you are using multiple servers, then you need to set the commands as per the box below, replacing "CAS-Server" with the real name of the server that holds the CAS role. 
  Set-WebServicesVirtualDirectory -Identity "CAS-Server\EWS (Default Web Site)" -InternalUrl https://mail.example.net/ews/exchange.asmx -ExternalUrl https://mail.example.net/ews/exchange.asmx
  For Outlook Anywhere URL:
  Right click on the Client Access Server and choose Properties. Click on the tab Outlook Anywhere and adjust the URL to match the external name on the SSL certificate.
  You should also need to check OAB Virtual Directory on IIS and see if it is enabled for SSL.
  And you should have a Split DNS in this case.
  I hope it helps.
  David Paris Vicente

• Exchange Server 2013 backup and restoration question

  Good afternoon
  I am wondering if I can pick people's brains here if that's not too much trouble.
  I have recently implemented an Exchange 2013 environment with 3 servers (two multi-role CAS & MBX physical machines, and one further virtual CAS server). Everything is working correctly and mail-flow is fine. My question relates to backup and restoration
  procedures. I am running a single Database Availability group with the two multi-role servers members of the this group and I have one Mailbox Database on the DAG, passive on one member and active on the other. Failover has been tested and this is functioning
  as expected.
  The backup environment I have implemented is as follows. I have utilized a separate Microsoft DPM 2012 server that runs a nightly Bare Metal backup on both multi-role servers with a retention range of 14 days and I have protected the DAG using DPM with a
  nightly full-express backup and 4 hourly syncs on one of the multi-role servers. Furthermore the Mailbox Database is protected, again nightly with a copy-backup.
  I am confident I know what to do should the mailbox database become corrupted or lost or need to be restored for one reason or another (it would just be a case of restoring the backed up mailbox database using DPM to a pre-created recovery database), what
  I am not quite so sure on is what I would do should I lose one or both of the multi-role CAS and MBX servers (the third CAS I am not so worried about as it is not used for incoming mail flow from the internet and we really only use it for ECP as we did not
  want to expose this to the internet). I wonder what process should follow to restore my Exchange servers (I know how to perform the Bare Metal recoveries using WSB) and what configuration would be required after restoring the Bare Metal backups.
  I know this is a reasonably long question but if anyone has any advice for me I would appreciate it greatly in the unlikely event something goes horribly wrong with my Exchange environment.
  Thanks in advance

  Hi,
  Yes, Most of the configuration settings are stored in AD. Mail data and personal related data are store in Mailbox DB. We just need to take consideration of these two points.
  Thanks,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Internal and External Drive Recording Sequences

  I have a QIP 7232 MR DVR (500 MD internal drive) with an eSata 1T WD drive attached.  This external drive is one of those specified by VZ for this application.  The system operates according to specifications and performs quite well.  Just thought I'd pass along a recent observation about where content is recorded on the system.
  As is well known, a setup like mine will record content to the external drive preferentially until it is full.  When that happens, the system will record content on the internal drive.  However evidently that's not always the case, as I learned recently while recording  the French Open tennis tournament.
  The program is being broadcast on Tennis channel HD, ESPN2, NBC, and probably a few other channels.  I have chosen to record as much of the tournament as possible using the "Record Series" option for all channels.  This results in quite a bit of recording time, somewhere in the neighborhood of 14 plus hours per day (20 hours a day on selected weekend days).  That's almost more tennis than I can stand to watch, but so be it.
  What I noticed is that the system does not in fact record exclusively to the external drive until it is full, but instead records some of the material to the internal drive well before the external drive is exhausted.  This is the first time I've observed this behavior since setting up the equipment.
  Some of the recordings are 9 hours long, so it appears that the system is taking that into account somehow and trying not to get into a situation with insufficient space on the external drive.  However when this recording pattern was first observed, my external drive was showing about 80 hours HD content and roughly 53 % used capacity.  It's possible that at some time during the last few days there actually was much more recorded material on the external drive and it defaulted to the internal drive for that reason.  If that's the case, I did not notice it at the time, but in any case I don't recall ever seeing an indication of higher than approximately 73% on the external drive.  I make it a practice to record selected material to DVD if I want to hold it permanently.
  As I said all's working well but I just thought I'd pass along this apparently anomalous behavior.

  Hi armond_in_nj,
  Thanks for the info. I have no personal experience with this, but Walrus has an interesting post regarding his experience with this issue. Thought you might be interested.
  http://forums.verizon.com/t5/FiOS-TV-Technical-Assistance/Fios-external-DVR-storage-sequence/m-p/559...
  Find this post helpful, informative or just something you agree with? Click the red ‘thumbs-up’ button.
  Did this post solve your problem? Click the green ‘Accept as Solution’ button.

• Need information about Exchange server 2013 CU5

  Hello,
  Can anyone implemented Exchange Server 2013 CU5. I need feedback about this patch. Basically i will going to deploy this patch after getting best feedback.
  I'm waiting for your feedback.
  Thanks,
  Parvez

  Hello,
  Since the Exchange Server 2013 CU5 just be released, there is no detailed technet article or exchange team blog to verify some issues during installation. But I see a MCC who update a member in a DAG, there is no problem. If there are some issues, you
  can check the setup logs or event logs.
  Based on my known, if your environment meets exchange server 2013 prerequisites, and you follow the exchange server 2013 installation process, there should be problem.
  I recommend you deploy the patch on test environment firstly, and then apply it on production environment.
  Cara Chen
  TechNet Community Support

• Upgrade Exchange server 2013 to CU7 error

  Dear Microsoft Team
  I have Exchange server 2013 SP1 and upgrade it to CU5 it is working normal
  But wen I try to Upgrade it to CU7 I got this error massage
  Error:
  The following error was generated when "$error.Clear();
            $maxWait = New-TimeSpan -Minutes 8
            $timeout = Get-Date;
            $timeout = $timeout.Add($maxWait);
            $currTime = Get-Date;
            $successfullySetConfigDC = $false;
            while($currTime -le $timeout)
              $setSharedCDCErrors = @();
              try
                Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
                $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
                if($successfullySetConfigDC)
                  break;
                Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
              catch
                Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
              Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
              Start-Sleep -Seconds 30;
              $currTime = Get-Date;
            if( -not $successfullySetConfigDC)
              Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
          " was run: "System.Exception: Unable to set shared config DC.
     at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
     at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
     at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
     at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
     at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
  Best Regards
  Rawa Zangana

  Hi Rawa Zangana,
  According to the error message, it seems that the Global Catalog not reachable from DC.
  Please perform following steps.
  1. Port 3268 listened on DC.
  2. Enable Global Catalog role on all DCs.
  3. Restart Exchange Server 2013 CU5.
  4. Check whether Event 2080 found on all DCs, Event 2080 means that AD connectivity works fine.
  5. Repeat CU7 installation.
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Recieve Connectors Exchange Server 2013 CU5

  Hello,
  I am running Exchange Server 2013 CU5, and the receive connector keeps timing out. The problem only exists after the server has been running for somewhere between 2 to 3 hours. After reboot all will work for the 2 to 3 hours and then we stop getting emails.
  If I run the Microsoft Connectivity test it returns error code 1, time out error, reboot the server and all is fine again for a while. I have tried deleting the receive connector & re-creating it as both a Hub connector and a frontend connector and it
  makes no difference. The fault originally occurred why I was running Exchange server 2013 Std, I they upgraded to SP1 then to CU5 in an effort to resolve the issue, but this did not work. Any suggestions would be welcome as I have no idea on what to try next.
  Thanks
  Curly

  The following error is what I get when I do an "Inbound SMTP Email" test. For the first hour after a reboot it will pass the test with no errors then sometime after the first hour I get the following message. Out going Emails work fine all the time just
  incoming. I have created a [email protected] email address, you are more than welcome to use for testing purpose. Also Thankyou for your assistance in this matter as I am at a loss on what maybe the problem so once again
  Thankyou.
  Attempting to send a test email message to @pvte.com.au
  using MX pvte.com.au.
  Delivery of the test email message failed.
  Additional Details
  The server returned status code -1 - The operation has timed out.
  Exception details:
  Message: The operation has timed out.
  Type: System.Net.Mail.SmtpException
  Stack trace:
     at System.Net.Mail.SmtpClient.Send(MailMessage message)
     at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()
  Elapsed Time: 100012 ms.

• Exchange server 2013 upgrade

  Hi Guys,
  My current version is "Microsoft Exchange Server 2013 RTM" and I would like to upgrade it to CU1. But I could
  see that this is a major upgrade and it would cause some AD permission changes and schema update. I  also have an RD server and also a SharePoint server connected to the same AD. So, I'm a bit hesitant to do the upgrade an I fear that the permission changes
  would cause access problems to the users in RD server and SharePoint server.
  Could someone shed some light on this? Also, would there be any issues with this CU1 update? Could someone share the steps to perform this upgrade? The Mailserver and ClientAccess roles are configured on the same machine.

  Hi Nash Burns,
  According to the Exchange Team Blog (http://blogs.technet.com/b/exchange/archive/2013/04/02/released-exchange-server-2013-rtm-cumulative-update-1.aspx),
  CU1 grants Exchange Servers to make changes on msExchActiveSyncDevices class on
  inetOrgPerson objects.
  Another change in CU1 is about Monitoring Mailboxes.
  Before CU1, Monitoring Mailbox are created in default "<domain root>/Users" container. With CU1, Monitoring Mailboxes will be created in the "Exchange System Objects/Monitoring Mailboxes" container.
  In my organization, CU1 update didn't change any permissions on my RDS servers.
  One question : why don't you apply directely SP1?

• Exchange 2013 DNS for internal and external domain

  Hi All,
  I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
  We have an Active Directory domain myinternaldomain.net, and we have a public domain
  mypublicdomain.com and we have setup email policy to have
  mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
  mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
  hardware LB is out of scope due to budget constrains.
  We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
  that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
  Thanks

  Hi Sccmnb,
  You can easily achieve this using split DNS.
  Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
  Reverse proxy server IP.
  Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
  The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
  SN= mail.mypublicdomain.com
  SAN= autodiscover.mypublicdomain.com
  You don't need to have the active directory domain name present in the certificate.
  Additional  to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
  Some additional Info:
  *Internal vs. External Namespaces
  Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
  based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
  This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
  Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
  *Managing Certificates in Exchange Server 2013 (Part 2)
  *Nice step by step article
  Designing a simple namespace for Exchange 2013
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Exchange server 2013 - cannot send / receive external emails - we can access owa -we can send/receive internal emails

  Exchange server 2013 in Windows server 2012 VM
  It was working fine then start the issue.
  Firewall is managed externally and the last report said:
  "I checked the firewall logs, which shows traffic being allowed through port 25 from 10.10.10.10 to 4.28.237.225: Log Number 116 Last Activity 2014-08-28 23:48:33 Status [accept] Src 10.10.10.10 Dst 4.28.237.225 Service SMTP Policy ID 1 Src Port 64081
  Dst Port 25 While I showed one log, there were multiple log entries showing the same: traffic being accepted through port 25 from 10.10.10.10 to 4.28.237.225.
  Can you verify that the mail server is set up so as to allow port 25? "
  Today I was able to telnet the server from home: successfully 
  220 DTALL-EXCSRV002.DTC.dualtemp.com Microsoft ESMTP MAIL Service ready at Sat, 30 Aug 2014 16:31:16 -0400 ehlo 250-DTALL-EXCSRV002.DTC.dualtemp.com Hello [70.44.124.141] 250-SIZE 37748736 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-X-ANONYMOUSTLS
  250-AUTH NTLM 250-X-EXPS GSSAPI NTLM 250-8BITMIME 250-BINARYMIME 250-CHUNKING 250 XRDST
  Also the receive - send connectors seems ok
  Mx record point to Microsoft protection:
  dualtemp-com.mail.protection.outlook.com.
  Again, OWA is able to access and send/receive emails internal but never external even no bounceback  just it never arrive.
  Help me please. This is my first admin chaos...

  Hi,
  Is there any update with your issue?
  If the CAS and Mailbox servers are collocated on the same server, the SMTP Receive connection for the Transport service will listen on 2525 instead of 25. If you install the CAS and Mailbox on the same server, please make sure that port 2525 is open.
  For more information about Exchange 2013 mail flow, here is a blog for your reference.
  Exchange 2013 Mail Flow Demystified…Hopefully
  http://blogs.technet.com/b/rischwen/archive/2013/03/13/exchange-2013-mail-flow-demystified-hopefully.aspx
  Hope this can be helpful to you.
  Best regards,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Amy Wang
  TechNet Community Support