DNS Configuration for Exchange 2013
I have a stand alone server 2012 with AD, DHCP, DNS and Exchange on it and started getting DDoS attacks
I installed a firewall had to change the subnet of the server from 10.0.0.0/24 to 192.168.1.0/24 and after re-configuring the Servers IP, DHCP and DNS found that I had no incoming email. (invalid Security Certificate)
I found that mail traffic was directed to the Router instead of Exchange and being rejected with the routers security certificate. I have since fiddled with the DNS so many times I don't know what is right and wrong
Anyone have any ideas where I have gone wrong what is in the tables that shouldn't be there and what is missing.
email address is user.mail.domain.com
Geotrust SSL Security Certificate is mail.domain.com autodiscover.domain.com server01.domain.com
**Forward lookup for domain.com
Same as parent SOA
[28]server01.domain.com, hostmaster.domain.com
Same as parent NS
server01.domain.com
Same as parent NS
ns1.domain.com
Same as parent NS
ns2.domain.com
Same as parent MX
[10]mail.domain.com
Same as parent MX
[20]mail.domain.com
server01 MX [10]mail.domain.com
Same as parent HostA
192.168.1.10
Same as parent HostA
139.130.XXX.YYY
server01 HostA
192.168.1.10
mail HostA 192.168.1.10
mail HostA 139.130.XXX.YYY
localhost HostA
127.0.0.0
Properties SOA ns1.domain.com 139.130.XXX.YYY
ns2.domain.com 139.130.XXX.YYY
server01.domain.com 192.168.1.10
**Forward lookup for mail.domain.com
Same as parent SOA
[1]server01.domain.com, hostmaster.domain.com
Same as parent NS
server01.domain.com
Same as parent HostA
192.168.1.10
Same as parent HostA
139.130.XXX.YYY
Properties of SOA server01.domain.com
192.168.1.10
**Reverse Lookup
1.168.192.in-addr.arpa
Same as parent SOA
[1]server01.domain.com, hostmaster.domain.com
Same as parent NS
server01.domain.com
Same as parent NS
ns1.domain.com
192.168.1.10 PTR
domain.com
192.168.1.10 PTR
mail.domain.com
OWA and Outlook 2013 work incoming and outgoing from within the subnet, both internal emails and external emails
But users off site can't log in to outlook 2013 and get blocked with OWA by invalid security certificate.
**Testconnectivity.microsoft.com results
autodiscover failed
resolved host domain.com successful with both correct IP addresses returned
Port 443 open
SSL Certificate incorrect it is the routers Certificate not the Geotrust certificate.
**This is the real issue, and I can't figure out why
Thanks Alan
Thanks Luke
Yes you are right , I get alternate WAN and LAN Ip addresses when I flushdns
I suspected I had additional entries ans/or wrong entries in the DNS Zones
i reformatted to show up in columns in the post
I hope you can point out which are wrong
**Forward lookup for domain.com
Same as parent----- SOA----[28]server01.domain.com, hostmaster.domain.com
Same as parent----- NS -----server01.domain.com
Same as parent----- NS -----ns1.domain.com
Same as parent----- NS -----ns2.domain.com
Same as parent----- MX -----[10]mail.domain.com
Same as parent----- MX -----[20]mail.domain.com
server01-------------- MX----- [10]mail.domain.com
Same as parent----- HostA --192.168.1.10
Same as parent----- HostA --139.130.XXX.YYY
server01-------------- HostA --192.168.1.10
mail --------------------HostA-- 192.168.1.10
mail --------------------HostA-- 139.130.XXX.YYY
localhost-------------- HostA --127.0.0.0
Properties SOA --ns1.domain.com 139.130.XXX.YYY
----------------------ns2.domain.com 139.130.XXX.YYY
----------------------server01.domain.com 192.168.1.10
**Forward lookup for mail.domain.com
Same as parent----- SOA------[1]server01.domain.com, hostmaster.domain.com
Same as parent----- NS--------server01.domain.com
Same as parent -----HostA---192.168.1.10
Same as parent -----HostA---139.130.XXX.YYY
Properties of SOA server01.domain.com
192.168.1.10
**Reverse Lookup
1.168.192.in-addr.arpa
Same as parent----- SOA-----[1]server01.domain.com, hostmaster.domain.com
Same as parent----- NS-------server01.domain.com
Same as parent----- NS-------ns1.domain.com
192.168.1.10-------- PTR------domain.com
192.168.1.10-------- PTR------mail.domain.com
do I need an autodiscover record?
I setup 2 forward lookup zones domain.com and mail.domain.com
From memory the mail.domain.com was for external access but I don't think that was how it turned out
Thanks
Similar Messages
-
Certificate configuring for exchange 2013 and office 365 hybrid deployment
Please advise on what digital certificate requirements for hybrid deployment and to configure it.
Hi sphilip,
If you want to deploy AD FS with Single Sign-On(SSO), we need use certificate to establish secure trust between on-premises Exchange 2013 and Office online.
We can use and configure a trusted third-part CA within all on-premises Exchange 2013 Mailbox and Client Access servers to ensure secure mail transport, more details about
Office 365 Hybrid Configuration Certificate Planning, for your reference:
http://blogs.technet.com/b/neiljohn/archive/2011/08/25/office-365-hybrid-configuration-certificate-planning-adfs-exchange-web-services-owa-oa.aspx
Best Regards,
Allen Wang -
Configuring Lync Server 2013 to be a partner Application for Exchange 2013
Hello Guys,
I just want to share my experience while configuring Lync server 2013 to be a partner Application for exchange 2013 sever.
As mentioned on technet you need to run Configure-EnterprisePartnerApplication.ps1 script that ships with Exchange 2013.
But when I tried to run the script as described on the technet article, I found it always fails with " the accepted domain is not valid"
I have checked my accepted domains many times and i found that there's no issues with my configured accepted domain.
So I started to review the script to find the issue and I found that the script was configured as below
$acceptedDomains = Get-AcceptedDomain ;
if ($acceptedDomains -eq $null)
WriteError ("There is no accepted domain so user can not be created.")
$acceptedDomain = $acceptedDomains[0].Name;
if($UseDomainController -eq $true)
$user = New-MailUser -Name $username -DomainController $DomainController -ExternalEmailAddress $username@$acceptedDomain;
set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true -DomainController $DomainController
else
$user = New-MailUser -Name $username -ExternalEmailAddress $username@$acceptedDomain;
set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true;
which is totally wrong as below:
firstly it makes $AcceptedDomain variable to equal the Name of the accepted domain.
Not all customers configure the name of the Accepted Domain to be the Domain Name.
Secondly it makes $AcceptedDomain variable to equal the name of the first Accepted Domain.
The first domain may be not the default Accepted Domain.
So I have configured the script as below
$acceptedDomains = Get-AcceptedDomain | ? {$_.Default -eq "True"} ;
if ($acceptedDomains -eq $null)
WriteError ("There is no accepted domain so user can not be created.")
$acceptedDomain = $acceptedDomains.DomainName;
if($UseDomainController -eq $true)
$user = New-MailUser -Name $username -DomainController $DomainController -ExternalEmailAddress $username@$acceptedDomain;
set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true -DomainController $DomainController
else
$user = New-MailUser -Name $username -ExternalEmailAddress $username@$acceptedDomain;
set-mailuser -Identity $user.Identity -HiddenFromAddressListsEnabled $true;
I hope This help.
Thanks
Ahmed FouadHi,
This is helpful, thanks for sharing.
Best regards,
Belinda Ma
TechNet Community Support -
Is smb 3.0 already supported for exchange 2013
Hello,
We are looking to deploy exchange 2013. We have a netapp storage and vmware environment.
I was wondering if smb 3.0 is already supported for exchange 2013. I read in a blog of 2012 that it wasn't supported at the time. We would like to use it instead of a iscsi lun.Hi,
Based on my knowledge, it is still not supported for Exchange 2013 up to now.
Here is an article for your reference, please refer to the "Exchange storage requirements" section.
Exchange 2013 Virtualization
http://technet.microsoft.com/en-us/library/jj619301.aspx#BKMK_Prereq
Another related article for your reference.
Exchange 2013 Storage Configuration Options
http://technet.microsoft.com/en-us/library/ee832792(v=exchg.150).aspx
Best regards,
Belinda
Belinda Ma
TechNet Community Support -
What is best recommendstion for DNS LB for lync 2013 Edge servers
What is best recommendation for DNS LB for lync 2013 Edge servers ?. We have F5 LB for edge and want to decide if we can go with DNS base LB for Edge servers.
Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.comIt will be better to Use Hardware Load balancing (F5).
If you choose to use DNS load balancing for a pool but still need to implement hardware load balancers for traffic such as HTTP traffic, the administration of the hardware load balancers is greatly simplified. For example, configuring the hardware load balancer
will be simpler as it will only manage the HTTP and HTTPS traffic, while all other protocols will be managed by DNS load balancing
Also for more info., you can check below links
http://technet.microsoft.com/en-us/library/gg615011.aspx
http://technet.microsoft.com/en-us/library/gg398634.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali -
Enable legacy public folders for Exchange 2013 prior to migration?
We're about ready to migrate to Exchange 2013 from 2010. We have a public folder database on 2010 that users can't see once migrated to 2013. If I run through the commands according to the technet article "Configure legacy public folders where user
mailboxes are on Exchange 2013 servers" (https://technet.microsoft.com/en-us/library/dn690134(v=exchg.150).aspx), will users who's mailboxes are still on Exchange 2010 be able to see these public folders?I know they've made alot of changes recently in how legacy public folders are handled in Exchange 2013 (mostly CU7), but I haven't had to do anything more than just setting the proper public folder database on the Exchange 2013 databases.
That being said, looking over the article you are not doing any moves, and it looks eerily similar to this blog post:
http://blogs.technet.com/b/exchange/archive/2014/11/07/on-premises-legacy-public-folder-coexistence-for-exchange-2013-cumulative-update-7-and-beyond.aspx
So I don't think this would hurt Public Folder access for your users in your legacy environment.
Did you deploy CU7? If so, then do what both articles say. If not try using Set-MailboxDatabase -Identity <2013 db name> -PublicFolderDatabase <PF DB NAME>
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread -
Running setup.exe for Exchange 2013 does nothing
Hi All,
Unable to find this issue anywhere else, please excuse if it's a duplicate of another issue.
Basically, I have a new 2008 R2 server setup, added it to a domain, and want to install Exchange 2013 on this new server. There are no Exchange servers anywhere on the domain.
The server is fully up to date, including .Net 4, and looking for updates results in zero new updates found.
When I run setup.exe for Exchange 2013, a command prompt appears for less than a second, then closes, then nothing else happens.
Did a fresh reboot before trying to install, and after waiting about 20 minutes to see if anything happened after the vanishing command prompt, rebooted again, tried again, same result.
There is nothing called Exchange anywhere on the server that I can find, no setup logs or anything, and I am totally stumped.
Thanks in advance for any advice.
MichaelHello,
Exchange 2013 need to be installed on windows server 2008 R2 SP1. If you use windows server 2008 R2 SP1, I sugegst you check if there is any exchange server via ADSIEDIT.
CN=Configuration,DC=Domain ->CN=services ->CN=Micorosft Exchange ->CN=Organization ->=Administrative Groups ->CN=Exchange Administrative Group ->CN=Servers
Here is the article for your reference.
Exchange 2013 Prerequisites
http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx#WS2008R2SP1
If you have any feedback on our support, please click
here
Cara Chen
TechNet Community Support -
It is there an alternative to the Test-SystemHealth powershell cmdlet for Exchange 2013?
Hello
The Powershell cmdlet Test-SystemHealth, that was available on Exchange 2010, is no longer available on Exchange 2013.
Test-SystemHealth cmdlet gathered data about the Microsoft Exchange system and analyzed the data according to best practices.
Are there any alternatives to this for Exchange 2013?
Thanks!Haven't really played with it too much, but check out Get-ServerHealth
http://technet.microsoft.com/en-us/library/jj218703(v=exchg.150).aspx
Looks to have replaced Test-SystemHealth. -
SP1 for Exchange 2013 install failed on me with ECP virtual directory issues:
Error:
The following error was generated when "$error.Clear();
$BEVdirIdentity = $RoleNetBIOSName + "\ecp (name)";
$be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
if ($be -eq $null)
new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
. "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
" was run: "The virtual directory 'ecp' already exists under 'server/name'.
Parameter name: VirtualDirectoryName".
Error:
The following error was generated when "$error.Clear();
$BEVdirIdentity = $RoleNetBIOSName + "\ECP (name)";
$be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
if ($be -eq $null)
new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
. "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
" was run: "The operation couldn't be performed because object 'server\ECP (name)' couldn't be found on 'DC0xx.domain.com'.".
Error:
The following error was generated when "$error.Clear();
$BEVdirIdentity = $RoleNetBIOSName + "\ECP (name)";
$be = get-EcpVirtualDirectory -ShowMailboxVirtualDirectories -Identity $BEVdirIdentity -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
if ($be -eq $null)
new-EcpVirtualDirectory -Role Mailbox -WebSiteName "name" -DomainController $RoleDomainController;
set-EcpVirtualdirectory -Identity $BEVdirIdentity -FormsAuthentication:$false -WindowsAuthentication:$true;
set-EcpVirtualdirectory -Identity $BEVdirIdentity -InternalUrl $null -ExternalUrl $null;
. "$RoleInstallPath\Scripts\Update-AppPoolManagedFrameworkVersion.ps1" -AppPoolName:"MSExchangeECPAppPool" -Version:"v4.0";
" was run: "The operation couldn't be performed because object 'server\ECP (name)' couldn't be found on 'DC0xx.domain.com'.".
!! And now transport service won't start and mail is unavailable !!
Any help would be appreciated.
I have removed the ecp site from default site and attempting to rerun SP1 now. I do not have high hopes. :(Hi,
Thanks for your response.
From the error description, you need to manually remove the ECP with IIS manager in both the Default Web Site and the Exchange Back End firstly. And then continue the upgrade to check the result.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support -
Best Practice Analyzer for Exchange 2013
Greetings,
I have upgraded the messaging infrastructure from Exchange 2007 to Exchange 2013.
I want to test the Health of the system through ExBPA for Exchange 2013.
But i don't find any setup for Exchange 2013 like it was in 2010.
I went through an article by Office365 community, according to which for In-premises Exchange also we need to have office 365 account (can use trial account also) to get the downloader file for ExBPA 2013.
http://community.office365.com/en-us/w/deploy/office-365-best-practices-analyzer-for-exchange-server-2013.aspx
But to run the setup the servers needs to be connected to internet.
And, i don't want to expose my environment to internet in any condition.
Somebody, please suggest me if there is any setup available so that i can install directly without exposing to internet.
Thanks in advance.
Best Regards,
K2Welcome to Exchange 2013.
Exchange Server 2013 doesn't come with ExBPA for health check. This might help
http://exchangeserverpro.com/powershell-script-health-check-report-exchange-2010/
Apart from that you can run these commands too
Get-ServerHealth -Identity Exchange2013ServerName
Test-ServiceHealth
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com Twitter:
LinkedIn:
Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
EXMON "exchange server user monitor" for Exchange 2013?
Hello,
it Looks like EXMON is not supported for Exchange 2013. Is this correct or can i use it with Server 2012 R2 and Exchange 2013 (CU6++) ?
Is there any alternative to check high log growth rate to see which user is responsable for this?
Thanks for Feedback.
best,
MartinHi Martin,
Yes, ExMon is not supported for exchange 2013.
Except the suggestion above, here is an exclusive application for you reference, it could retrieve statistics for all or selected mailboxes in a specified database and server, it may give you some help:
Exchange Server Mailbox Statistics Tool - v1.6.2
The tool retrieves mailbox statistics which includes Folder Count, Total Items, Associated Items, Deleted Items, Total Items Size, Deleted Items Size, Oldest Item Date, Newest Item Date, Items Age, Mailbox Age and Quota details. It also includes an additional
option named "Archive Statistics Planner" which will let you search mailboxes and provide statistics report with specific dates.
Best regards,
Niko Cheng
TechNet Community Support -
BPA for Exchange 2013 still in beta!?
Exchange 2013 is over 2 years old.
Is Microsoft ever going to release a BPA for their flagship messaging platform that's NOT in beta?Hi,
At present, there is only a beta of Best Practices Analyzer for Exchange 2013 available. If you want to get the latest information about it, please pay attention to the Exchange blog.
For your convenience:
http://blogs.technet.com/b/exchange/
Hope this can be helpful to you.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support -
PowerGUI Powerpack for Exchange 2013
Is there a powerpack that can be added to the powerGUI script editor for scripting in exchange 2013?
Hi,
Based on my search, currently, there is no official document about
PowerGUI Powerpack for Exchange 2013.
However, we can connect to Exchange server using remote shell.
For more details about this, please refer to the following article.
https://technet.microsoft.com/en-us/library/dd335083(v=exchg.150).aspx
Hope this is helpful to you.
Best regards,
Belinda Ma
TechNet Community Support -
Transport agent for Exchange 2013
Hello!
I write transport agent for Exchange 2013 and I have two questions:
1. How I can determine is AD OU of recipient different from OU of sender?
2. How I can change routing of message from internal to external for such recipient.
Thanks in advance1. You can't get that information from within a Transport Agent directly so you need to either use LDAP to lookup the sender (which from a performance point of view isn't a wonderful idea) or some form of cache etc.
2. You can use a routing override to do this see
http://blogs.technet.com/b/appssrv/archive/2009/08/26/how-to-control-routing-from-your-own-routing-agent.aspx for an example
Cheers
Glen -
While applying todays security update for exchange 2013 (KB3040856) there was a power issue (sad story) and the update was interrupted halfway through. A bunch of service were left deactivated and I beleive I brought them back.
At this point the exchange admin center brings me to the login and when I do login, I get an enable to display page msg after the login.
I have an ActiveSync error log "cannot access the mailbox because the mail box server is disconnected" translated from french.
I also have ASP.NET 4.0 error "MapiExceptionMdbOffline"
What could be the next step in fixing this if it is at all possible ? I am not an expert in cmdlet but can manage if pointed in the right direction.
Any help would be greatly appreciated.
Thank you.I ran update KB3040856, and it disabled all Exchange services, and a few others besides (IIS and filtering). I ran the test-servicehealth cmdlet and eventually got all the services set to automatic and all running.
This is really a stupid thing for an update to do, what is going on? Exchange 2013 is trouble enough already, we really do not need this sort of agro.
Maybe you are looking for
-
Trying to add a new calendar to Mountain Lion iCal
I have two Macs using 10.6.8 and if I add a calendar to iCal on either Mac I have the choice of adding a calendar (or Calendar Group) "On My Mac" or in my "CalDev Calendars". I do have most of my calendars syncing via CalDev to my server. When I go
-
Append data into the file in application server
Hi Friends, I have an issue where i have a job which has three different stepst for same program. If i run the job the program will create a file in the application server and append the other two steps in the same file without overwriting the file o
-
Wifi Greyed Out on my iPhone 6+ with ios 8.1
Guys! My wifi toggle switch is greyed out. It happened few days after I have used my brand new iPhone 6 plus. I tried hard reset, restore backup and restore iPhone but guess what, nothing works. Can someone please help before I walk in to Apple servi
-
Plugins don't appear in after effects, I followed all the instructions?
I am using Adobe After Effects CS5.5, and I recently tried to install some Video Copilot plugins. I followed the installation instructions and copied them to the plugins folder, but the plugins do not appear in the drop down menu. Here are some pictu
-
Data Execution Protection option in Windows 2003
Does anyone know if enabling the Data Execution Protection option in Windows 2003 will have any negative effect on a SAP system?