Announcement

Collapse
No announcement yet.

Outside access to Exchange Server 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Outside access to Exchange Server 2003

    I need help providing remote access to our Exchange 2003 server. The system setup is as follows:

    Domain Host is hosting company's domain ... www.mydomain.com
    Domain Host MX record points to public IP for Exchange Server ... 60.50.40.30

    Exchange server is located in a private domain ... mail1.mydomain.local
    Exchange server is installed and running and seems to be working fine (inbound and outbound)
    Reverse DNS records were added by ISP so that mail could be delivered to AOL
    60.50.40.30 points to mail1.mydomain.local

    The problem is, when I try to configure Outlook on a computer that is not connected to the private domain, the Exchange Server name always resolves to the mail1.mydomain.local address. When Outlook tries to connect to mail1.mydomain.local it cannot resolve the name.

    Thanks for any help/suggestions.

    Randy

  • #2
    Re: Outside access to Exchange Server 2003

    Are you sure that you have your MX records pointing to an IP address?
    If you do then that isn't valid, it should be to a host. MX records cannot be an IP address.

    The behaviour you are seeing in Outlook is to be expected. Outlook will resolve to the server's real name. If for remote access you are using RPC over HTTPS then you have to enter additional information in the relevant box in Outlook. That is where you put the external server information.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Outside access to Exchange Server 2003

      One way to get it to work is by creating different views for your domain mydomain.com in your public and private DNS.

      On your ISP's DNS server setup a record mail1.mydomain.com pointing to your public IP of your Exchange server.

      On your local DNS server for create a new zone for mydomain.com and add an A record for mail1.mydomain.com pointing to your internal private address.

      Then configure Outlook to use mail1.mydomain.com as the host for ROH. Your users can then connect from either your private network or across the internet.

      I don't know if that's the way the MS boffins do it but it works for me.

      On the MX side, you should have the hostname listed of your exchange server
      Code:
             IN MX 10 mail1.mydomain.com.
       mail1 IN A 60.50.40.30
      for reverse DNS, 60.50.40.30 should NOT point to mail1.mydomain.local, it should point to mail1.mydomain.com - hope that was a mistake.

      -Indie
      Last edited by indie285; 26th February 2008, 22:25.

      Comment


      • #4
        Re: Outside access to Exchange Server 2003

        The fix above will deal with the use of RPC over HTTPS internally, or the initial resolution of the server by Outlook, it will not fix the problem I believe the original poster is seeing with Outlook changing the server name to the server's real name. That is by design and its behaviour cannot be changed.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Outside access to Exchange Server 2003

          Thanks for the replies ....

          To correct something with my original post, the MX record does point to the host mail1.mydomain.com and the A record for mail1 points to 60.50.40.30 ... sorry to have mistyped that.

          indie285 brought up a point about the reverse DNS pointing 60.50.40.30 to mail1.mydomain.local, which it does. Is this incorrect? It seems to have fixed our problems with sending email to AOL. I'm guessing it should point to mail1.mydomain.com ?? Please advise before I have our ISP change those records.

          Simon - you commented about Outlook changing the server name to the real name by design. If this is the case, this will keep me from using this solution. Is there another or better way for me to provide Outlook access? I have OWA available to our users, but many travel and want to take their emails on the plane with them.

          Thanks for your help.

          Randy

          Comment


          • #6
            Re: Outside access to Exchange Server 2003

            For SMTP the MX record mail1.mydomain.com resolves to the IP address of your MTA, that IP address has to resolve to the same host name. It's one of the basic checks for spamming... Some ISP's require you to have reverse DNS setup and will reject it otherwise, looks like AOL doesn't bother checking that they resolve to each other! (mail1.mydomain.com -> 60.50.40.30 -> mail1.mydomain.com)

            Your hostname mail1.mydomain.local is the same as a private IP address, it's non-resolveable on the internet and should be for the above reason.

            As for your original problem, do you have entry for mail1 in your local DNS? Using the *.local domain will work on the private network but not from the internet unless your users connect over a VPN. If you go with the method I suggested it'll work both ways fine.

            When configuring your exchange profile you set "Microsoft Exchange Server" to the real name of your exchange server (server.mydomain.local?) and under "exchange proxy settings" set it to https://mail1.mydomain.com & msstd:mail1.mydomain.com and use Basic Auth. On the security tab select the Encrypt option. It will then all work.

            -Indie

            Comment


            • #7
              Re: Outside access to Exchange Server 2003

              Indie & Simon -

              Life is good !!! Thanks for all of your help with this. I fixed my reverse DNS error, created a new zone for mydomain.com and then implemented RPC over HTTPS. It works great and is exactly what I needed.

              Thanks again.

              Randy

              Comment

              Working...
              X