Our internal DNS has for example Mail.abc.com pointing to the internal IP of the mail
Externally it points to our public ip. Internal and external work fine on the same name. For DNS internally we create a zone called, mail.abc.com another zone called autodiscover.abc.com and another zone called remote.autodiscover.com with a records pointing to the internal. Make sure you don't create another mail A record inside your mail.abc.com domain space or you get mail.mail.abc.com, create a blank name A record with your internal IP. This way our www, and other records will be queried to our public DNS like normal and we don't have to micro manage internal DNS namespace. For a single domain, we usually use mail, remote, autodiscover .abc.com on a single 5 name cert from certificatesforexchange for like 50.00 bucks a year. Works on 2003(single), 2007 and 2010 with no issues. -----Original Message----- From: Brian Desmond [mailto:[email protected]] Sent: Wednesday, August 04, 2010 8:05 PM To: NT System Admin Issues Subject: RE: Exchange 2010 Certificate Issue As long as split DNS is setup right and the config work (particularly around Autodiscover) is done you shouldn't need to do that. Thanks, Brian Desmond [email protected] c - 312.731.3132 -----Original Message----- From: S Powell [mailto:[email protected]] Sent: Wednesday, August 04, 2010 4:55 PM To: NT System Admin Issues Subject: Re: Exchange 2010 Certificate Issue when they try to access OWA internally they have the Cert issue correct? are they trying to access owa.domain.com or internal.machine.name ? we had to make sure that our cert had both names. Google.com Learn it. Live it. Love it. On Wed, Aug 4, 2010 at 13:03, Cameron <[email protected]> wrote: > Greetings all, > We currently have a new Exchange 2010 Server running on W2K8r2. > Clients running mix of IE 7/8 > When they try and run OWA, they get an error that "The security > certificat presented by this website was issued for a different > websites address". If you click "Continue to this website (not > recommended) everything works as it should. > > It seems that the self signed certificate is not in the trusted root > CA. We do have a GoDaddy cert for external and it seems to be working fine. > > I've looked at instructions that show how to export the cert, create > the file and then explain how to import it into the Trusted Root CA, > but it fails and tells me that it can't create a PKCS #12 file. > > I'm pretty sure that there has to be an easy answer to this as the > users are *complaining" about the error. > > > As always, TIA! > Cameron > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
