exchange server dns names question
Hi,
We have a small organization in which our Exchange 2007 server is installed on a single server. All roles, including Edge Transport is on this single server.
the dns names for this server are as follows:
mail.domain.com (provided by our ISP)
autodiscover.mail.domain.com (provided by our ISP)
mail.subdomain.domain.com (on our subdomain's dns server)
autodiscover.mail.subdomain.domain.com (on our subdomain's dns server)
mail (netbios name)
The email address syntax is user@mail.domain.com
We will be deploying exchange server 2010 soon, in which we will have one server for the Edge Transport and a second server for all the other roles. My question is, can I give the Edge Transport server the same dns names as the above?
If so, how will outlook clients, iPhone clients, etc. automatically connect to the client access server, which will have a different dns name? Also, will I need to populate the SAN certificate with the name(s) of the server with client
access role as well?
Thanks!
-sul
June 10th, 2010 8:22pm
First, do you really need the subdomain names? It will simplify your certificate if you don't have them. You could configure DNS so that all your clients use the root domain's names.
You can use the same names on the Edge if you have a split-brain DNS.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"Sul" wrote in message news:43e15dad-a739-4172-9b0a-5f687678af8c...
Hi,
We have a small organization in which our Exchange 2007 server is installed on a single server. All roles, including Edge Transport is on this single server.
the dns names for this server are as follows:
mail.domain.com (provided by our ISP)
autodiscover.mail.domain.com (provided by our ISP)
mail.subdomain.domain.com (on our subdomain's dns server)
autodiscover.mail.subdomain.domain.com (on our subdomain's dns server)
mail (netbios name)
The email address syntax is user@mail.domain.com
We will be deploying exchange server 2010 soon, in which we will have one server for the Edge Transport and a second server for all the other roles. My question is, can I give the Edge Transport server the same dns names as the above?
If so, how will outlook clients, iPhone clients, etc. automatically connect to the client access server, which will have a different dns name? Also, will I need to populate the SAN certificate with the name(s) of the server with client
access role as well?
Thanks!
-sul
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
June 11th, 2010 6:46am
First, do you really need the subdomain names? It will simplify your certificate if you don't have them. You could configure DNS so that all your clients use the root domain's names.
You can use the same names on the Edge if you have a split-brain DNS.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Ed, thank you for your response.
The reason we currently have the subdomains listed in the certificate is because when we enter mail.domain.com as the exchange server name in outlook client, it automatically changes the field to mail.subdomain.domain.com. I assumed
that if we were to leave out the mail.subdomain.domain.com from the certificate, then we would run into problems in this current case, correct?
To use the split-brain DNS, could we have the edge server as a standalone server with the dns mail.domain.com and autodiscover.mail.domain.com (not part of the AD subdomain at all)? Is this okay to do? i.e.: for internal
clients in our subdomain, we point mail.domain.com to the internal exchange server with all the other roles?
Thanks!
June 14th, 2010 8:01pm
Hi,
If we have Edge Server and CAS server,then MX record should point to Edge Server, A record point to CAS server.
So I think we need to have one domain name for MX record for Edge Server ,that should be mail.domain.name.
A record for CAS server, we need to use this record to find the CAS server when client try to connect to CAS server, so I think you can use autodiscover.mail.domain.com as A record for CAS, thus we will use
https://autodiscover.mail.domain.com/owa to access OWA mailbox.
More information to share with you:
Understanding the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb124251.aspx
Regards,
Xiu
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2010 6:38am
You don't need a certificate for Outlook MAPI access. You need a certificate for access to Offline Address Book, Free/Busy (Availability), and Out of Office since those come from Web Services, but those URLs come from settings you
control by PowerShell commands like Set-OABVirtualDirectory and
Set-WebServicesVirtualDirectory.
You can name the Edge server whatever you want irrespective of what you name the internal servers.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"Sul" wrote in message news:6655ee7b-11b4-40aa-9f65-6b950b4d829f...
First, do you really need the subdomain names? It will simplify your certificate if you don't have them. You could configure DNS so that all your clients use the root domain's names.
You can use the same names on the Edge if you have a split-brain DNS.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Ed, thank you for your response.
The reason we currently have the subdomains listed in the certificate is because when we enter mail.domain.com as the exchange server name in outlook client, it automatically changes the field to mail.subdomain.domain.com. I assumed
that if we were to leave out the mail.subdomain.domain.com from the certificate, then we would run into problems in this current case, correct?
To use the split-brain DNS, could we have the edge server as a standalone server with the dns mail.domain.com and autodiscover.mail.domain.com (not part of the AD subdomain at all)? Is this okay to do? i.e.: for internal
clients in our subdomain, we point mail.domain.com to the internal exchange server with all the other roles?
Thanks!
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
June 15th, 2010 6:43am
You don't need a certificate for Outlook MAPI access. You need a certificate for access to Offline Address Book, Free/Busy (Availability), and Out of Office since those come from Web Services, but those URLs come from
settings you control by PowerShell commands like Set-OABVirtualDirectory and
Set-WebServicesVirtualDirectory.
You can name the Edge server whatever you want irrespective of what you name the internal servers.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
Ed, thanks again for your response. I'm a bit of a newbie, so this great info!
Another non certificate related dns issue I need some advice on has to do with autodiscovery. Currently the exchange server, which as both edge transport and CAS/Hub roles, is assigned mail.domain.com and autodiscover.mail.domain.com.
When I migrate CAS/Hub roles to a new server, does autodiscover.mail.domain.com need to be assigned to the new CAS/Hub server instead?
Thanks!
-s.
Free Windows Admin Tool Kit Click here and download it now
June 15th, 2010 6:22pm
Hi,
If we have Edge Server and CAS server,then MX record should point to Edge Server, A record point to CAS server.
So I think we need to have one domain name for MX record for Edge Server ,that should be mail.domain.name.
A record for CAS server, we need to use this record to find the CAS server when client try to connect to CAS server, so I think you can use autodiscover.mail.domain.com as A record for CAS, thus we will use
https://autodiscover.mail.domain.com/owa to access OWA mailbox.
More information to share with you:
Understanding the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb124251.aspx
Regards,
Xiu
Xiu,
thank you for your response. Just so I understand correctly, currently, my exchange server has edge transport AND CAS roles on the SAME server. This server is assigned mail.domain.com AND autodiscover.mail.domain.com. I will now build
a new server and migrate the CAS and hub roles into this new server and assign it the name autodiscover.mail.domain.com, correct?
Thanks!
-sul.
June 15th, 2010 8:40pm
Yes, of course.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"Sul" wrote in message news:b681d724-9807-4da6-91cf-2fe8bf3fa02c...
You don't need a certificate for Outlook MAPI access. You need a certificate for access to Offline Address Book, Free/Busy (Availability), and Out of Office since those come from Web Services, but those URLs come from
settings you control by PowerShell commands like Set-OABVirtualDirectory and
Set-WebServicesVirtualDirectory.
You can name the Edge server whatever you want irrespective of what you name the internal servers.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
Ed, thanks again for your response. I'm a bit of a newbie, so this great info!
Another non certificate related dns issue I need some advice on has to do with autodiscovery. Currently the exchange server, which as both edge transport and CAS/Hub roles, is assigned mail.domain.com and autodiscover.mail.domain.com.
When I migrate CAS/Hub roles to a new server, does autodiscover.mail.domain.com need to be assigned to the new CAS/Hub server instead?
Thanks!
-s.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
June 16th, 2010 3:21am