windows server 2012 / exchange 2013 split dns

Discussion in 'Windows Server' started by hammie123, Jul 11, 2014.

  1. hammie123

    hammie123 MDL Novice

    Jul 11, 2014
    2
    0
    0
    Hello,

    I have a question about the way my windows server 2012 resolves the internal and external addresses. Right now I have an intern domain: yyy.example.local, external domain: yyy.example.com. I have an exchange certificate for my external domain yyy.example.com and that is working fine for the exchange users. When the users approach exchange internally they receive an error because the certificate name doesn't match the internal address which is logical.
    My question is: How can I let my internal address redirect to my external address. So when users approach Exchange internal they will receive the right external address without any errors. I've tried the options below, but this does the opposite. It will link my external address to my internal.

    1. create new forward NON-AD Zone on DNS server for the external name of the mail server that is on your cert: remote.yyy.org

    2. go into the new zone, make a new A record, the name is blank and put IP as internal mail server.

    3. Go into Exchange Admin GUI and go to server section - virtual directories - change the website to the external name: remote.yyy.org/xxx

    4. you can not change autodiscover from GUI - open shell and put in: Get-ClientAccessServer | set-ClientAccessServer -AutoDiscoverServiceInternalUri remote.yyy.org/autodiscover/autodiscover.xml CONFIRM: Get-ClientAccessServer | ft name,AutoDiscoverServiceInternalUri

    5. In server section of GUI, double click on server, go to outlook anywhere section, change both internal and external to what is on cert: remote.yyy.org

    6. I made sure the PC I was testing on had the DNS settings of the server I added the new zone to

    Do you guys have any suggestions?
     
  2. trasher255

    trasher255 MDL Member

    Jul 26, 2009
    116
    16
    10
  3. hammie123

    hammie123 MDL Novice

    Jul 11, 2014
    2
    0
    0
    Ok, so I managed to change the Autodiscover URL pointing it to the external URL, so Outlook will connect with the right certificate. If I delete and re-add the outlook profile, the certificate error won't pop-up and everything works fine. My question now is: I am dealing wth 50+ users. Does this mean every single user has to delete his outlook account and re-add it? This is a big amount of work, not to mention the time Outlook needs to sync everything back again (over 50gb worth of data).


    Is there a way to do this faster and more effective?


    thnx