Exchange 2013 DNS Records

Similar Messages

• Exchange 2013 DNS for internal and external domain

  Hi All,
  I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
  We have an Active Directory domain myinternaldomain.net, and we have a public domain
  mypublicdomain.com and we have setup email policy to have
  mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
  mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
  hardware LB is out of scope due to budget constrains.
  We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
  that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
  Thanks

  Hi Sccmnb,
  You can easily achieve this using split DNS.
  Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
  Reverse proxy server IP.
  Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
  The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
  SN= mail.mypublicdomain.com
  SAN= autodiscover.mypublicdomain.com
  You don't need to have the active directory domain name present in the certificate.
  Additional  to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
  Some additional Info:
  *Internal vs. External Namespaces
  Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
  based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
  This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
  Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
  *Managing Certificates in Exchange Server 2013 (Part 2)
  *Nice step by step article
  Designing a simple namespace for Exchange 2013
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• 2012 r2 -Microsoft Exchange 2013 DNS timed out

  I just installed Microsoft Exchange 2013 on my 2012 r2 server. I just installed all of the Roles &features, then I went to my fire walls and then I disabled them (temporarily). I configuring my IP addressing, DNS Ip address and a dns suffix. Now I
  can't access my Exchange via browser so I did some trouble shooting and sure enough I can't ping my DNS address. I can ping my IP address though. If anyone has any suggestions that would help then let me know. Thank you for any responses!

  Hi Dallen,
  >>Now I can't access my Exchange via browser so I did some trouble shooting and sure enough I can't ping my DNS address.
  It is not a hyper-v issue , it's more like a network problem .
  First , I would suggest you to disable firewall in DNS server for troubleshotting .
  If firewall is truned off then you still can not ping the DNS server , you may check if the exchange server can ping other IP address in your LAN to check network conectivity .
  If they are in different subnet ,you may try to check the configuration of the router .
  Any further information please feel free to let us know .
  BestRegards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Lync 2013 DNS records

  Hello,
  Have been working on my Lync 2013 deployment for a while and until today I am still not quite sure about some DNS entries, especially confused by MS planning tool DNS Report. Here is my setup:
  2013 enterprise, 3 FE servers in a pool (lyncpool01.domain.local), 3 BE SQL servers, 1 WAC server in a farm  (wacfarm.domain.local) , Kemp HLB (cswebint.domain.local and wacfarm.domain.local), TMG server as reverse proxy and 1 edge server ( lyncedge01.domain.local)
  in a pool ( lyncedgepool.domain.local)
  sip domain name: domain.com
  Please help to clarify, in "domain.com" zone on my internal DNS server
  1) lyncdiscoverinternal.domain.com:
  MS planning tool does not have it in DNS report. Should I point it to lyncpool.domain.local as a CNAME record, or 3 A records pointing to the FE servers, or point to the reverse proxy server external DMZ address?
  2) _sipinternaltls._tcp.domain.com
  MS planning tool says pointing to lyncpool01.domain.local, should I point it to sip.domain.com?
  3) cswebint.domain.local and cswebext.domain.com
  Should I point both to the VIP of the kemp HLB?
  4) lyncdiscover.domain.com
  Should I create 3 A records pointing to the FE servers, or one CNAME record pointing to lyncpool01.domain.local?
  Thanks in advance.

  Let me see if I can help you make sense of what you have:
  1. LyncDiscoverInternal
  You don't really need this record as lyncdiscoverinternal just will re-direct you back to lyncdiscover.
  2. _sipinternalts
  This should be in your internal DNS SRV records point to lyncpool.
  3.  Are you using your Kemps for HLB for all Lync services and/or Lync Web Services?
  I'm going to guess below without knowing:
  cswebext = your external DNS A record for Lync Web Services connectivity point to your reverse proxy solution.  If that is the Kemp in this case, then the DMZ VIP.
  cswebint = you internal DNS A record for Lync Web Services.  This would point to you internal VIP.
  4. LyncDiscover
  This should be an external DNS A record pointing to your reverse proxy, which is the same external VIP as cswebext.
  Hope this helps,
  Please “Vote As Helpful” and/or “Mark As Answer” if this post helped you. Thanks!
  Adam Curry, UC Consultant, Unify Square Inc. (Blog,
  Twitter)
  Looking for Lync Users Groups in your area? Check out
  Lync Users Group

• Exchange 2013 mailflow and the Hosts file

  Hello!
   Recently I expirienced the issue with missing messages ( http://social.technet.microsoft.com/Forums/en-US/20745ec5-e311-4bc0-b1bd-aff3f7c82fd1/missing-messages?forum=exchangesvradmin ) and although that thread is not answered yet I would like
  to clarify the following:
  1) Exchange Server is working properly for day1 and day2
  2) Day3: Sent messages begin to disappear
  Resolution: I add my Exchange Server to the hosts file (on the Exchange Server machine), restarted the server and the mailflow was restored.
  192.168.1.2 Mail
  192.168.1.2 Mail.Test.Local
  Test: Right after deleting Exchange Server records from Hosts and restarting the server the mailflow gets disrupted again.
  Q1: Is it a bug?
  Q2: If it's a bug why my Exchange has been working fine for day1 and day2?
  Thank you in advance,
  Michael

  Hello all!
  Here's my post that describes the issue:
  http://social.technet.microsoft.com/Forums/exchange/en-US/20745ec5-e311-4bc0-b1bd-aff3f7c82fd1/missing-messages?forum=exchangesvradmin
  There're two servers (VMs): Domain Controller and Exchange 2013. As I have no internet connection in my test environment only internal mail go missing.
  Regarding Hosts file: as those post is still not answered I just did what MS support recomended for resolving Exchange 2013 DNS issue (there're a lot of posts regarding it here on technet) and it helped...
  But it's nonsense - my DNS is up and running, it was running on Day1, Day2 and  Exchange could use it successully, but starting with the Day3 Exchange Server can't use the same DNS server? Why??? 
  Regards,
  Michael

• Exchange 2013 SP1: messages still stuck in Drafts folder

  Hello!
  The second question on Exchange 2013SP1 that I asked when I was working with Exchange 2013:
  New lab setup: a Windows 2012R2 DC (server1) + Exchange 2013SP1 (server2). Exchange 2013SP1 installation completed successfully. I created three mailboxes: [email protected], [email protected], [email protected]
  Now when I'm trying to send a message (from user1 to user, for example) it gets stuck in the Drafts folder.
  I manually set up my DNS server in ECP:
  as described here: http://thoughtsofanidlemind.com/2013/03/25/exchange-2013-dns-stuck-messages - but the problem persists.
  And this problem
  "On every single installation / that I’ve done of Exch 2013 in multiple labs, when set as a single mailbox server, messages have never been able to leave the “drafts” folder. Not a single instance where it worked correctly. Messages
  leaving a mailbox, destined to the exact same server do not route, let alone use any send-connector to leave the organization.
  Now, take it to the next step, and install a second mailbox server. The very second that services finish installing, and AD replication (if using multiple sites) settles down, mail-flow on the first server starts working absolutely flawlessly. Whatever
  changes are done to AD from the second mailbox server being installed in regards to mailflow, it completely resolves the issues of the first server holding onto the messages."
  ...is exactly the same as mine...but in Exchange 2013 SP1 ( Messages leaving a mailbox, destined to the exact same server do not route).
  Can anybody from MS tell me if it's a bug or by design??? I've NEVER had an Exchange installation without this issue...
  Thank you in advance,
  Michael

  Hi,
  I have never come across such a situation in my labs(all roles install in a single server), and there is no Microsoft documentation mentioned this issue.
  In addition, Microsoft does not oppose the Exchange installed on a single server(although not recommend).
  I recommend you check if all the exchange services are running, and try to restart Exchange Mailbox Transport Submission & Exchange Mailbox Assistants services.
  Hope this helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• Exchange 2013 Retention Root Folders Only

  We are currently migrating from 2007 to 2013. Our retention is 30 days on the inbox only, using the Root Folder Only powershell script. Most users have 10-50 subfolders under the inbox that are not included in retention due to the root folder only switch.
  Since Microsoft does not support root folder only switches in 2013, they have told me that I can have the users create and tag a single subfolder, which from there they can move all other subfolders into it. The tag would be No Delete (68 years).
  Is there a way to automate this, or do it for the users? Is there a 3rd party software that I can use to either automate, or run my retention with? I've been told that I can't ask the users to handle this themselves. 
  Thanks, 
  B
  All my life I wanted to be somebody. I guess I should have been more specific. -- The Covert Comic

  Hi,
  In Exchange 2013, messaging records management (MRM) is performed by using retention tags and retention policies, managed folders introduced in Exchange 2007 aren't supported. Retention tags do not support the BaseFolderOnly switch added to Managed Folders
  in Exchange 2007.
  I'm afraid the available way is to have the users create and tag a single subfolder just as what you mentioned above.
  Best regards,
  Belinda
  Belinda Ma
  TechNet Community Support

• Exchange Server 2013 internal and external DNS records

  I recently installed Exchange Server 2013 and I've register a pubic ip too for exchange server. How can I create internal DNS as well MX record for my Exchange server to send and receive internet mails. It's my first time configuring exchange for a organization.
  registered domain name=====np.bbcmediaaction.org
  public ip=====202.166.212.221

  Hi,
  For external mail flow, we need the following DNS records: MX records for the domain part of the external recipient, A records for the destination messaging servers. For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/bb676467(v=exchg.150).aspx
  Additionally, to ensure external mail flow works well, we also need to configure send connector.
  For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx   
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Exchange 2013 CAS DNS Round robin Public DNS Record

  Dear All,
    If I am going to use DNS round robin as CAS redundancy. How should I map the public DNS record? Do I need to map 2 public IP for 2 CAS server to the mail domain? THanks
  Best Regards,
  Elroy

  Dear Elroy
  I am not sure about the success rate of your implementations but yes if it is round robin what you require you need add 2 ip addresses.
  Suggestion:
  Why don't you implement a CAS with a load balancer and then you can map the Public IP to the one IP on the Load Balancer.
  Good Luck.

• DNS Requirements in Exchange 2013: Which RR's to create & what do they do?

   
  Hi Experts, I had been primarily a RHEL guy in the past. Currently, I have 3 Node (All-in-one) Exchange 2013 DAG (all 3 nodes are virtualized in Hyper-V 2012 and are a part of HyperV2012
  Cluster). In DNS, I have created 3 A records for mail.domain.com which resolve to to the Public IP addresses (MAPI IP address) of all 3 CAS servers. And I have also enabled Outlook anywhere. OWA internally is working fine.
  I would like to know: what else do I need to do in DNS (& elsewhere in EAC) to get Outlook 2013 (MAPI/CDO client) & OWA work from both within & outside the corporate network (via
  the internet). I mean, in terms of additional Resource records in DNS, SRV records, MX records, new zones, URL settings of each server for each service, virtual directory changes etc. I am not sure which all RR's in DNS would be needed, how they should be
  set & what purpose each of them would server.
  A simplified (but detailed) explanation would be better because I have never dealt with Outlook anywhere before.  Would be great if experts could point me to relevant blogs & online
  resources that contain valid examples of accomplishing the same.  Thanks in advance.
  Regs,
  Rahul

  Yes Steve, that is how all Load Balancers are supposed to work but somehow it is not working for me.
  However, could you please help me understand if my DNS settings are perfect:
  DNS
  A records:
  100.10.10.200 (LB VIP): mail.domain.com
  100.10.10.200   autodiscover.mail.com
  100.10.10.20   email.domain.com
  (1st Exchange MAPI IP address)
  100.10.10.21   email.domain.com (2nd
  Exchange MAPI IP address)
  100.10.10.22   email.domain.com (3rd
  Exchange MAPI IP address)
  There is 1 MX record : mail.domain.com & there is no SRV record.
  The virtual directories are set to email.domain.com (internal
  URL) & mail.domain.com (external URL) for Outlook Anywhere to work. So, right now I am able to access email.domain.com (virtual directories Internal URL) but not mail.domain.com (virtual directories external URL) because 100.10.10.200
  as a VIP service is DOWN in Kemp.
  Please suggest.
  Regards, Rahul

• Exchange 2013 CAS - Round Robin DNS not working properly

  I have exchange 2013 server (2MB, 2CAS) server. I created two dns records for mail.test.com, autodiscover.test.com pointing to my two CAS servers.
  But the problem is if i switched of one cas server, client outlook not connecting automatically to other CAS server. By restarting the outlook also its not working. By restarting the system or running the command ipconfig /flushdns in command prompt, it
  working.
  is there any configuration iam missing, please advice how to achieve decent load balancing in Exchange 2013 CAS without going for third party Loadbalancer...

  I have exchange 2013 server (2MB, 2CAS) server. I created two dns records for mail.test.com, autodiscover.test.com pointing to my two CAS servers.
  But the problem is if i switched of one cas server, client outlook not connecting automatically to other CAS server. By restarting the outlook also its not working. By restarting the system or running the command ipconfig /flushdns in command prompt, it
  working.
  is there any configuration iam missing, please advice how to achieve decent load balancing in Exchange 2013 CAS without going for third party Loadbalancer...
  If a CAS role server is down or unable to service clients, you have to remove it from  DNS round-robin consideration manually. There is no health check with DNS round-robin unlike a true load balancer.
  Also, I would set the TTL to a low value for the CAS servers in the round-robin.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Exchange 2013 Migration from 2010 Test (Shared split DNS)

  Hi
  Im testing a migration from Exchange 2010 to 2013. I have tried to run a single DNS name to both servers, so externally mail.test.com resolves to the external IP and that NAT's to the new Exchange 2013. Then internally mail.test.com resolves both to EXC13
  and EXC10 ip adresses (Round Robin).
  I have moved some mailboxes to 2013. If the IP resolves to the new Exchange and i try to login to a mailbox on the old server i get redirected as im supposed to. If the IP resolves to the old Exchange and i try to login with a mailbox on the new server i
  get:
  A server configuration change is temporarily preventing access to your account. Please close all Web browser windows and try again in a few minutes. If the problem continues, contact your helpdesk.
  Should this be possible, or do i need to change the intarnal URL on all virtual directories on the old server to the local netbios name or what to do?

  You should never use the server name in any of the URLs.  You should use either a CNAME or a load-balanced VIP with a generic name like mail.company.com or webmail.company.com.  Then you just point this name to the new server.  If
  you're currently using a server name, it's about time to change that first before trying to switch to Exchange 2013.
  Curently im using a generic name, mail.test.com. But that's just a normal A record on the internal DNS. So i cannot use that on both?

• Exchange 2013 Reverse dns setup

  I recently migrated from SBS to Standard Windows servers with exchange 2013 and I'm having a heck of a time fighting spam. Mailflow is working fine, and we setup spam fighter exchange module which is catching most of the spam. However, it is missing some
  that are spoofing our domain name with addresses that do and don't exist. I've read that the best way to stop this is to setup spf filtering and to do this you should setup reverse dns ptr records so you don't get blacklisted. The directions are rather confusing.
  They say to setup a ptr record with your mail server's ip address. Here are my questions...
  Do I have to set this up on both my dns and my service providers dns?
  I currently have a A record and a ptr record pointing to the internal ip address on my internal dns server with the actual server name, but no records pointing to remote.domain.com.
  Do I need to create additional A and PTR records using the External IP and remote.domain.com?
  Right now my mx record points to mail.domain.com, but all of our connectors use remote.domain.com. Should the mx be changed to remote.domain.com?
  Thanks for any help.

  I've read that the best way to stop this is to setup spf filtering and to do this you should setup
  reverse dns ptr records so you don't get blacklisted
  Some antispam products to a reverse lookup on your IP address to make sure it matches the entry in the forward lookup zone. It does this to check that your server
  is not spoofing the server name.
  This won't necessarily prevent getting blacklisted (especially if you are sending spam), but it is definitely recommended for your mail architecture.
  Do I have to set this up on both my dns and my service providers dns?
  You will need to set this up on your Service Provider's DNS, as they will
  technically own the IP address, and lease it to you.
  Best practice is to have reverse lookup zones for your internal subnets in your internal DNS as well.
  But this is not so much a spam related thing, as just a good idea.
  Right now my mx record points to mail.domain.com, but all of our connectors use remote.domain.com.
  Should the mx be changed to remote.domain.com?
  This depends what these are used for. As you have come from an SBS environment, I'm guessing that both
  of these names resolve to the same public IP address. If this is the case, you can leave the MX records as they are. If this is not the case, let me know and we'll discuss it later.
  Let's say that you have a server called
  mbx.contoso.com internally with an IP of
  192.168.0.1. Externally, this server is known as mail.contoso.com
  and has an IP address of 123.123.123.123.
  In this case, you would do two things:
  On your internal DNS server(s), create a reverse lookup zone for
  192.168.0.0 and create a PTR record for
  mbx.contoso.com with the IP of 192.168.0.1. This may already be done from when you set up Active Directory initially
  Contact your ISP, and ask them to setup a
  PTR record for mail.contoso.com for the IP
  123.123.123.123

• Exchange 2013 Split DNS, how to get WAN clients to use public Split DNS IP when inter-office link is DOWN?!

  Hello,
  I have an Exchange 2013 deployment and a LAN/WAN setup, we have many small remote WAN linked offices that can resolve to the Exchange Server's internal IP.
  Outlook clients in remote WAN offices work fine as long as the link is UP since the Split Brain DNS for Exchange will resolve the internal clients to the internal IP of the Exchange server, Outlook connects up without issues.
  However, in the event of loosing connection to our remote sites, they will no longer be able to resolve to the internal Exchange IP, but they still have a backup public internet that they can use. So should the inter-office connectivity fail we have it setup
  so clients in remote offices can still browse the internet, etc.
  However, their Outlook fails to connect because it has a cached DNS record for our Split Brain Exchange DNS setup and tries to resolve it to its internal IP, instead of refreshing the cache and grabbing the public IP of the Exchange server since now they
  would be resolving it over the public internet.
  Is there anything I can do with my existing configuration to allow the client to pick up the public IP of the Split DNS setup when our inter-office connection is down and the client is no longer able to use the internal IP they have cached for Exchange?
  I guess I could lower the TTL on the DNS record to something like 1 minute so it does not cache the DNS record / IP for long? Is this the best approach?

  http://public.wsu.edu/~brians/errors/lose.html
  I would suggest that the best approach is to either improve the reliability of the WAN link or to configure DNS to always use the Internet path.  You might want to work with your network guy, perhaps there's a way to have your gateways automatically
  switch to an Internet VPN backup when the WAN link is down or something like that.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Configuring IIS and DNS for Exchange 2013 running on Second Win2012 R2 Server

  Hi Folks,
  I have a Windows 2012 R2 Server with Essentials role and I'm running a Hyper-V instance of Windows 2012 R2 with Exchange 2013 installed joined to domain.  I have been through the wizards and the Exchange Server deployment wizard but I'm stuck with configuring
  DNS records correctly.
  Currently I can browse to https://remote.contoso.com externally and internally which works as expected but not https://remote.contoso.com/owa or any other Exchange pages.  All I get is 404 - File or directory not found.  However if I browse
  internally to https://exchangeserver.domain.local/owa it works. So I'm guessing 404 is coming from the DC server not the exchange server.  Hence I think its DNS.
  Although I have noticed that IIS is on the DC and the Exchange server, showing different Sites.  Does this have anything to do with the issue at hand.  Also the guides are not perfectly clear on how to add the DNS CNAME records.
  Would someone be so kind as to point me in the right direction.
  Thank you 

  Hi Jatin,
  It turned out to be a little more involved in the end.  I had to call Microsoft in the end.  ARRconfig wasn't running correctly and after creating a new certificate it was able to run successfully.  I'm waiting for the detailed report which
  will hopefully explain the issue with Bindings between the two IIS on Essentials and Exchange 2013 which was also and issue.
  Then I had an issue trying to connect Outlook clients to Exchange.  The resolution for this was:
  Created new SAN certificate with issued to name as “mail.pinewoodonline.co.uk” using the CA server
  OutlookProvider EXCH and EXPR value was not set
  Set OutlookProvider EXCH and EXPR value as “msstd:mail.pinewoodonline.co.uk” by running the below command
  Set-OutlookProvider EXPR -Certprincipalname msstd:mail.pinewoodonline.co.uk
  Set-OutlookProvider EXCH -CertPrincipalName msstd:mail.pinewoodonline.co.uk
  All seems good now.  I will post the report as soon as I get it.  This took 6 hours on the phone to Microsoft.  Wasn't easy.
  Thanks
  Brandan