Same internal and external domain names - AGAIN!

Hi all-
Like many of you, I am confronting the problem of having the same FQDN for both my Active Directory domain and Internet domain. For the sake of discussion, let's call the domain rlh.com.
I need to access an externally-hosted website on the rlh.com domain. The site is coded exclusively to use rlh.com and NOT
www.rlh.com. Therefore, the old trick of adding a static www A record on my internal DNS server will not work.
It looks like another option is to install IIS on my DC and then configure some type of forwarding to the external site. While this might work, frankly, I don't want IIS on my DC. It's a DC, not a web server.
Yet a third option, correct me if I'm wrong, looks to be using some type of "split DNS." Though I have not read the particulars (yet) of this solution, I am suspicious of it causing DNS inefficiencies.
All of these solutions look to me to be workarounds. I am preparing to install a new DC (upgrading from 2003 to 2008 R2) and want to FIX the problem, not work around it. That said, it looks like I have two options:
1. Rename my existing 2003 AD domain using rendom
2. Install the new 2008 R2 DC with the new domain name, setup domain trust between the old and new domains, and then use ADMT.
Can someone please comment on my logic here? Does anyone have experience with both of the two options? Is one less painful than the other?
As I preparatory step, I have migrated from my onsite Exchange 2003 server to Office 365. Exchange is no longer present in my organization, though some slight "remnants" may remain in Active Directory. Other than Exchange, I have a
Hyper-V host, 2 SQL Servers, and 3 RDS servers present in my environment.
Thanks.

I realized this was answered, but I would like to add the following comprehensive blog on this subject.
Can't Access Website with Same Name (Split Zone or no Split Brain)
Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM 1278 0
Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by
http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
http://blogs.msmvps.com/acefekay/2009/09/03/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name/
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Similar Messages

How to Setup RDS custom property when internal and external domain name space is different

Hi All
I am setting up RDS for customer
My internal domain name is domain.local and my external domain is domain.com
I came across below PowerShell cmdlets on some blogs because my internal and external name space are different
Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty “use redirection server name:i:1 `n alternate full address:s:remote.domain.com”
In above command, remote.domain.com points to which host?
Is it pointing to RD Session Broker
OR
Pointing to RD Session Host servers
I am not sure what above command will do exactly ?
Any help will be highly appreciated
Thanks Best Regards Mahesh

Hi,
It all depends who is accessing the RDS Solution.
If you have a large BYOD or large number of external users, it would be better to use a public certificate.
Have a look at the following script which will simplyfy the configuration of the RDSH hosts with certificates.
http://ryanmangansitblog.com/2014/05/20/rds-2012-rdsh-certificate-deployment-script/
You can use a custom RDP property to hide the Session host names.
Have a look at the following article on configuring certificates:
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
Ryan Mangan | Ryanmangansitblog.wordpress.com | Help keep the forums tidy, if this has helped please mark it as an answer

Exchange 2013 DNS for internal and external domain

Hi All,
I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
We have an Active Directory domain myinternaldomain.net, and we have a public domain
mypublicdomain.com and we have setup email policy to have
mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
hardware LB is out of scope due to budget constrains.
We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
Thanks

Hi Sccmnb,
You can easily achieve this using split DNS.
Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
Reverse proxy server IP.
Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
SN= mail.mypublicdomain.com
SAN= autodiscover.mypublicdomain.com
You don't need to have the active directory domain name present in the certificate.
Additional to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
Some additional Info:
*Internal vs. External Namespaces
Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
*Managing Certificates in Exchange Server 2013 (Part 2)
*Nice step by step article
Designing a simple namespace for Exchange 2013
Regards,
Satyajit
Please“Vote As Helpful”
if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

CRM2015 IFD Internal and External Domains

I am trying to setup CRM2015 with IFD. My internal domain is xr.local and external domain name is somethingelse.com. When going through the directions and searching through the forums I see similar questions regarding with no real information on the possibility.
Am I able to set this up to support 2 different domains and where might I find some guidance to do so?
Thanks...
GY

Hi David,
Yes. the above setup should "do the trick" as the servers you put with blank DNS entry should be excluded in the NRPT table.
You can confirm this by running at the client: netsh name show polocy
at command line and see something like:
Settings for da.domain.com
Certification authority                 :
DNSSEC (Validation)                     : disabled
DNSSEC (IPsec)                          : disabled
DirectAccess (DNS Servers)              :
DirectAccess (IPsec)                    : disabled
DirectAccess (Proxy Settings)           : Use default browser settings
Settings for .domain.com
Certification authority                 :
DNSSEC (Validation)                     : disabled
DNSSEC (IPsec)                          : disabled
DirectAccess (DNS Servers)              : 1234:1234:1234:3333::1
DirectAccess (IPsec)                    : disabled
DirectAccess (Proxy Settings)           : Bypass proxy
So in this scenario the .domain.com is using the DA while the specific entry (da.domain.com) is set as exclude and have emptry DNS ...
Hope this helps,
Ophir.

DNS Forwarding Same Internal and External Zone

Hi,<o:p></o:p>
So we have decided that we want our internal domain to be the same as our external domain e.g. domain.uk. I understand that split DNS can be used
to fulfil this requirement but is it possible to set up a forward so if the DNS entry is not available in the internal zone it will forward onto one of our external name servers where it can resolve?<o:p></o:p>
We are basically trying to avoid having to add the entry on both external and internal DNS servers for it to resolve. So far I have added the external name servers to
the forwarders and disabled root hints which didn’t work. I’ve tried to add a conditional forwarder but it says the zone already exists. It seems the only to achieve the internal resolution is by creating the DNS entry both internally and externally.<o:p></o:p>
Does anyone know if this is the case? It seems strange that you couldn’t point the DNS to another external name server for resolution? <o:p></o:p>
Any help would be appreciated.<o:p></o:p>

You must ask in networking forum
https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverNIS&filter=alltypes&sort=lastpostdesc

Lync Implementation with different internal and external domain sync

Hello Experts,
Having Windows 2012r2 with Lync 2013 frontend and Edge 2012 server on Win2012. Internal domain name is test.local and Internet domain name is : tgroup.com. Internally all the clients are able to sync with frontend
server using [email protected] or [email protected] Internal CA and External Digicert works fine. But only problem is with external clients who want to communicate through edge server.
Edge server has 3 LAN ip address (nat with public IP), 10.10.10.2, 10.10.10.3, 10.10.10.4 and another Internal network interface which has ip 10.10.20.3
which uses that to communicate with front-end.
How to achieve this ? We dont have reverse proxy configured and we have only two servers.
Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

The reverse proxy is used to publish URL's like the meet and dialin url, the address book url and the lync mobile client (smart phones and tablets) urls. This doesn't impact the external desktop user access as thats via the edge server. There is more to
it than that but for the sake of keeping this simple lets stick to that for now.
As far as SIP domains go. Think of your Lync users as having a SIP address similar to email addresses. You wouldn't have a user with an internal email address but with a different external email address. In fact best practice is to have the Lync SIP address
match the email address.
My reccomendation is to use the ttgoup.com as a sip domain and not the test.local
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Lync Sorted blog

Using Mac Mini server, DNS, static IP, and external domain name

Greetings!
I need to know the direction to take in order to use my domain name for the great features offered in the mac mini server, while having local and public access to my server with security.
I am trying to do the following on my new mac mini server:
-Set up DNS (myserver.private)
I have a static IP I want to use for all this with my ISP
-ftp access
-ichat ([email protected])
-email ([email protected])
-ical etc. ([email protected])
-my work website(mydomain.com) with public access!
-host websites(other domains)
I need to know the direction to take in order to use my domain name for these features. I have a domain name with godaddy, and I am happy with keeping it with them, however, how to I make my external domain name work on my private server with public access is the question?
Thank you,
Daniel G

[Read this|http://labs.hoffmanlabs.com/node/1436] as a start; you're basically going to decide if you want to use NAT or not; if you have enough public static IP addresses to avoid the disaster that's NAT. If you want to use NAT (and few reasonable folks want to, but sometimes we have to), then you get to run your own DNS services internally, and establish public DNS and power-forwarding at a (preferably server-grade) firewall. With NAT, you end up with split DNS, and that's covered in the cited document.
ps: it's easier to [use sftp|http://labs.hoffmanlabs.com/node/942]; while that shares three letters with ftp, it avoids most of the problems of ftp.

Internal and external domain problem

Host: oserver. sbsrv. local (internal address)
Version: 10.1.2.0.2
Installation Type: Portal and Wireless
I have installed the oracle portal and works well in the internal network.
The problem:
When I try to access from public domain (www.mycompany.com) i get the welcome page from application server (fine) ,but if I press the link (log on to Oracle Application Server Portal) it redirects me to the internal address (http://oserver.sbsrv.local/portal/page?_pageid=0,1&_dad=portal&_schema=PORTAL)
I edit httpd.conf (Apache) and i change the line from ServerName oserver.sbsrv.local to ServerName www.mycompany.com and i get something like, that : ??????: ??? ???? ?????? ? ???? ????????????? ??????? ??? ?? ???? ??????
Question:
How can I map the internal domain: oserver. sbsrv. local (IP 192.168. xx. xx) with public domain www. mycompany. com (IP 62. x. x. x) ?
thanks.
Message was edited by:
user543368

I did this 3 or 4 years ago and set up the Web-Cache to act as a reverse proxy. There is a paper on Metalink that explains how to set it up but I do not have the Doc ID.
Also check out the White Paper that illustrates a different method. "Expose your Intranet Portal to the
Outside World in a Secured Manner
(aka. A Secured Inside/Outside Portal)" see http://www.oracle.com/technology/products/ias/portal/pdf/admin_security_1014_secured_inside_outside.pdf
BG...

Using internal and external host names

I am trying to configure portal to work with machines in the internal network and outside world. Is there a way to do it?
Dolf-Jan
null

Dolf-Jan,
To add additional aliases that the portal and login server will recognize, add the new alias as a new Partner Application on the login server, and then use the 3 parameters that it generates (site id, site token, encryption key) - to invoke the ssodatax script, located in the ORACLE_HOME/portal30/admin/plsql directory (if you're using the Early Adopter Release, replace "portal30" with "webdb30"). ssodatax is used to add multiple aliases on the portal side. Another script, ssodatan, is used to add a single alias for a new installation:
ssodatan = sso data for New installation
ssodatax = sso data for eXisting installation
Run ssodatax with no parameters to see the calling syntax.
To administer the login server, click on "Login Server Administration" under the "Administer" tab of the Portal administrator's home page.
You will also need to configure the apache listener properties ServerName and NameVirtualHost for both hostnames.
Regards,
Jerry

Same usernames, internal vs. external domains, conflict when usingWebAccess

Currently running GW 8.0.2hp2 on NetWare 6.5sp8.
We have a single domain and single post office, and a single WebAccess
and single GWIA gateway. We about 25 external domains setup to allow
using external users' e-mail addresses our in internal corporate address
books and distribution lists following the procedure outlined here:
http://www.novell.com/documentation/...a/a2zvyc4.html
The problem is that one of my internal users in our corporate domain/PO
has the same userid as a user in one of the external domain/PO's. So,
for example, their e-mail addresses are:
[email protected]
[email protected]
Everything works except that my internal user cannot use GW WebAccess.
Trying to login to WebAccess results in the following error:
"Please login again. You may have typed your name or password
incorrectly. Remember that your user name must be unique."
If I either change my internal user's GroupWise userid, or if I delete
or rename the external user's userid, then my internal user can login
into WebAccess without a problem. So this does appear to be due to
non-unique username's. The WebAccess is seeing the internal and
external user names, and not allowing my internal user to login.
Is there a work around for this since the users are in separate domains
and PO's, or do I need to just rename my internal user's account? I
have no control over the external user's e-mail address, so I can't
rename their userid.
Is there a way to keep the "default WebAcess" gateway from looking at
external domain's for user account authentication? I have tried setting
up a class of service in the WebAccess gateway to deny access to the
external domain, and that hasn't worked either.
Thanks,
-Greg
former e-mail for posting:
[email protected]

I knew I should have looked a little longer.
http://www.novell.com/support/kb/doc.php?id=7006447
Thanks,
-Greg
On 1/7/2013 12:38 PM, Greg N. wrote:
> Currently running GW 8.0.2hp2 on NetWare 6.5sp8.
>
> We have a single domain and single post office, and a single WebAccess
> and single GWIA gateway. We about 25 external domains setup to allow
> using external users' e-mail addresses our in internal corporate address
> books and distribution lists following the procedure outlined here:
>
> http://www.novell.com/documentation/...a/a2zvyc4.html
>
>
> The problem is that one of my internal users in our corporate domain/PO
> has the same userid as a user in one of the external domain/PO's. So,
> for example, their e-mail addresses are:
>
> [email protected]
> [email protected]
>
> Everything works except that my internal user cannot use GW WebAccess.
> Trying to login to WebAccess results in the following error:
>
> "Please login again. You may have typed your name or password
> incorrectly. Remember that your user name must be unique."
>
> If I either change my internal user's GroupWise userid, or if I delete
> or rename the external user's userid, then my internal user can login
> into WebAccess without a problem. So this does appear to be due to
> non-unique username's. The WebAccess is seeing the internal and
> external user names, and not allowing my internal user to login.
>
> Is there a work around for this since the users are in separate domains
> and PO's, or do I need to just rename my internal user's account? I
> have no control over the external user's e-mail address, so I can't
> rename their userid.
>
> Is there a way to keep the "default WebAcess" gateway from looking at
> external domain's for user account authentication? I have tried setting
> up a class of service in the WebAccess gateway to deny access to the
> external domain, and that hasn't worked either.
>
> Thanks,
> -Greg
>
former e-mail for posting:
[email protected]

Setup internal and external DNS namespaces best practice

Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local) able to run on the same DNS server (using Microsoft Windows DNS servers)?
MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com if the external namespace is companydomain.com. How shall this be setup? Shall I create my ADDS domain as corp.companydomain.com directly
or companydomain.com then create a subdomain corp?
Thanks in advanced.
William Lee
Honf Kong

Is external name space (e.g. companydomain.com) and internal name space (e.g. corp.companydomain.com or companydomain.local)
able to run on the same DNS server (using Microsoft Windows DNS servers)?
Yes, it is technically feasible. You can have both of them running on the same DNS server(s). Just only your public DNS zone can be published for external resolution.
MS said it is highly recommended to use a subdomain to handle internal name space - say corp.companydomain.com
if the external namespace is companydomain.com. How shall this be setup? Shall I create my ADDS domain as corp.companydomain.com directly or companydomain.com then create a subdomain corp?
What is recommended is to avoid having a split-DNS setup (You internal and external DNS names are the same). This is because it introduces extra complexity and confusion when managing it.
My own recommendation is to use .local for internal zone and .com for external one.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password

Internal and external facing applicaitons on same infrastructure

I'm looking for suggestions on the best way to architect an apex production environment where you may have two or three apps open to the public and 10 or more for internal access only. All of the apps (regardless of public or private) are running on the same APEX instance, DB, app tier and web tier.
We are using the APEX Listener on Weblogic for the app tier with an OHS webserver and Load Balancer in front of everything.
The Load Balancer houses all of our certificates and has the ability to perform iRules to make more friendly urls.
Our approach is to assign each app (ie https://someurl.com/apex/f?p=APPID) a static IP from the load balancer and then firewall public/private based on APPID to prevent internal only apps from being reached outside the network.
Unfortunately the iRule friendly url rewrite isn't able to mask the APPID from the URL (https://someurl.com/apex/f?p=200) which currently allows anyone the ability to change the APPID parameter of the URL and cycle through all the apps regardless of the firewall rule in place to prevent it from being publicly accessible.
For example, if we have the following apps deployed and the only one which is allowed open to the internet is app 100, the url rewrite isn't able to mask APPID of 100 (or the APP Alias if used).
Publicly accessible:
https://someurl.com/apex/f?p=100 (192.168.25.100)
Internal only access:
https://somedifferenturl.com/apex/f?p=200 (192.168.25.200)
https://anotherurl.com/apex/f?p=250 (192.168.25.250)
https://subdomain.someurl.com/apex/f?p=300 (192.168.25.300)
I could navigate to the publicly accessible url https://someurl.com/apex/f?p=100 and change the APPID for one of (200,250,300) and still access those apps which should not be open to the internet.
from the internet browsing directly to https://somedifferenturl.com/apex/f?p=200 or https://anotherurl.com/apex/f?p=250 or https://subdomain.someurl.com/apex/f?p=300 would all result in a page not found error since their ip's are not accessible directly from the internet.
What is the best practice to overcome the above scenario and utilize shared infrastructure for internal and external facing applications? Is mod_rewrite my only other option to accomplish this setup and bypass the load balancer?

Hi Jeff,
I'm not sure if this is the ideal recommendation, but I know of a way you could block the "internal-only" applications from being accessed externally.
1) Create a function which inspects the CGI environment variables, e.g., HTTP_HOST, HTTP_PORT, etc. Using this information, you determine if the request is emanating from an internal server name or an external server name.
2) Create an authorization scheme which returns FALSE if the host/port/other CGI isn't what you expect.
3) Apply this authorization scheme to every application you wish to keep from an external site.
I know this isn't ideal, as you have to add this to every "internal-only" application. And if you forget an application, then this application suddenly becomes available on the Internet. But it's one way. If all of the applications are in the same workspace, you could define this authorization scheme in one application and subscribe to it from the other applications.
Joel
P.S. From SQL Commands, you can see all of the CGI environment variables at your disposal using:
begin
owa_util.print_cgi_env;
end;

Use Same URL for Internal and External Access for CRM 2015 IFD

I have setup a CRM2015 server for IFD access.
ADFS and CRM are on separate servers.
CRM server all roles
ADFS 2.0 server.
Using the internal URL I am able to access CRM without entering my details (as expected)
Using the external URL I am authenticated by ADFS as expected and can sign in.
We have an internal domain domain.local
We have an external domain domain.com (the certificate is for *.domain.com)
We have a DNS zone created internally for domain.com.
CRM URLs
internal : internalcrm.domain.com
External : externalcrm.domain.com
I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and
password. What is the best way to do this?
I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.
Thanks

So fair warning, what you're asking for isn't really a supported deployment method of CRM.
That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.
Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.
The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

Unable to activate internal and external urls at the same time

Hi,
We have Configured EBS R12 in DMZ setup as described in Figure F-9 of metalink note 380490.1 ,Option 2.4: Using Reverse Proxy with no External Web Tier.
refering to 726953.1 Case History: Implementing a Reverse Proxy Alone in the DMZ Configuration - R12.
but Not able to activate internal and external urls at the same time in this configuration. Only the node where last autoconfig was run getting activated as web node.
When trying to accees the url of the other node it gets redirected to the url (where autoconfig is last run).and for this error observed is Error Code:502 Proxy Error.The specified Secure Sockets Layer (SSL) port is not allowed.(12204).
For both external and internal services are UP.opmn status is live no error.
Using Apache as reverse proxy.
EXTERNAL Reverse proxy settings:
s_login_page http://LONWEB01.process.com:81/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
INTERNAL Middle Tier settings:
s_login_page http://stprojapp01.test.com:8005/OA_HTML/AppsLogin
<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">YES</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">YES</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">YES</TIER_NODE>
<TIER_FORMSDEV oa_var="s_isFormsDev">YES</TIER_FORMSDEV>
<TIER_NODEDEV oa_var="s_isConcDev">YES</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>
Are we missing anything....
Thanks & Regards

Hi,
Finally it's resolved...Following is the solution thought to share in the forum:
The configuration of the E-Business Suite environment for DMZ requires profile options hierarchy type to be set
to SERVRESP.
To change the profile options hierarchy type values to SERVRESP, execute the following SQL script as
shown below:
sqlplus / @/patch/115/sql/txkChangeProfH.sql SERVRESP
After successfully completing the above sql script, run Autoconfig in all nodes to complete the profile options configuration.
It's resolved after doing this..

How to configure AD on windows 2012 server for Exchange 2013 internal and external email flow

Dear Experts,
I have to configure exchange 2013 on Windows server 2012 STD. Company has registered Static IP addresses and can get the MX record pointing to any of this Static IP.
The registered domain name is e.g. contoso.com.
a. What should I use as domain name on AD? contoso.com or contoso.local
b. Is it recommended to have two different servers for AD and Exchange?
c. What should be my connector settings for mail flow?
d. how can I set 2 email servers in company for load balancing?

Hi,
a, I suggest use contoso.com as domain name. It is convenient to add urls into our certificate for internal and external mail flow.
b, Recommended that installing AD
and Exchange Server on two separate
Servers. If Exchange Server downed unfortunately, it can prevent AD server from crushing at the same time.
c, Found some articles for your reference:
Configure Mail Flow and Client Access
http://technet.microsoft.com/en-us/library/jj218640(v=exchg.150).aspx
Configuring Outbound Mail Flow in Exchange Server 2013
http://exchangeserverpro.com/configuring-outbound-mail-flow-in-exchange-server-2013/
d, Load Balancing
http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
Hope it is helpful
Thanks
Mavis
Mavis Huang
TechNet Community Support

Same internal and external domain names - AGAIN!

Similar Messages

Maybe you are looking for