none
small business server email access

    Question

  • I can't seem to set up access to the email on the server from a remote computer, or smart phone. I think the problem is in dns but not sure and the forums just push me around, exchange people say it a sbs problem. that just goes to show not many know how to solve the problem.

    I just reloaded the whole server 2008 including exchange 2007, mail flows to the server and from the server and internal to the organization. users can't connect to email when out side the network, owa does not work no does the rww.

    please don't tell me about connecting to a pop3 email source out side the of the network, that is something i could care less about

    thanks


    John

    Sunday, June 17, 2012 3:08 AM

Answers

  • I should say that SBS needs to 'agree' to that A record. (though this also should be pretty obvious)

    Before implementing SBS: What do I want the public name of SBS to be?

    When running the wiz: I will now implement that public name on SBS.

    _personally_ I think 'remote.etc' is just as valid as any other name, and SBS uses it by default.

    Using 'mail.etc' for your mail server (MX) was never more than 'convention' anyway, and due to 'computer precision' it is only _people_ who think 'mail2' is similar to 'mail', from a computer perspective it is as different as 'some_awful_name'.

    Everything will work with the server addressed by 'remote.etc' and it is as close to default as possible, whether 'self signed' or '3rd party' certification is used.

    The basic fact is: It's just a name that needs to exist in public DNS. 'something_really_stupid_and_gawdawfully_complex.in_an_unrelated_domain.in_some_other_TLD' is just as valid. 

    Sunday, June 17, 2012 5:55 AM
  • Well this is closed and not fixed. time to do the deed, and rebuild the server. if the mail could get out of the server this might be a good solution but the transport function is so hosed and broken.

    John

    Thursday, June 21, 2012 10:26 PM

All replies

  • for EAS (Exchange Active Sync) _all_ an SBS network needs is a properly configured SBS and port forwarding of PUBLIC_IP:443 (that's port 443 on your public IP) to the SBS.

    If you are using a 'self signed certificate' there are various ways to get it onto the phone. Windows Phone 7.5 (Mango) being one of the more difficult, in that it takes about 5 minutes.

    Do you have some _name_ pointing to your (hopefully, but not necessarily) static Public IP?

    Do you have port 443 forwarded to SBS?

    When you attempt to browse https://Public_Name, what error do you get?

    EDIT: that HTTPS test should be done from outside the LAN.


    • Edited by SuperGumby Sunday, June 17, 2012 3:33 AM
    Sunday, June 17, 2012 3:32 AM
  • port 443 is open, i am using a self signed certificate. not trying to connect a win phone. using andriod and i phone

    Do you have some _name_ pointing to your (hopefully, but not necessarily) static Public IP? not sure what you mean hear, DNS record??

    browse to https:// Public_Name gets a 404 error, I can browse to all sort of places on the internet from the server, using firefox as browser.

    what dns records are needed?


    John

    Sunday, June 17, 2012 3:46 AM
  • _IF_ you have run the appropriate wizards on SBS ('connect to internet' & 'setup your internet address', SBSConsole), and accepted defaults, then the A record in _public_ DNS should be for remote.my_choice.whatever (remote.company.com).

    SBS should have set up similar record as a _zone_ in SBS DNS (so that company.com is still resolved publicly but remote.company.com uses local resolution).

    _IF_ when running the 'setup your internet address' wiz you had instead chosen to do an 'advanced' installation, you may have chosen an alternate (to remote.etc) name that addresses SBS publicly. This name would also/instead need to be added to public DNS.

    During 'setup your internet address' you are offered a choice of allowing SBS to manage your public records (via an SBS integrated DNS provider) or to do so yourself (not an SBS integrated DNS provider), which did you choose?

    Sunday, June 17, 2012 4:09 AM
  • ran wizards,i have dns part of my server, i manage my public records.

    how do i get my dns records into the public space


    John

    Sunday, June 17, 2012 4:14 AM
  • if you wish for SBS to act as the DNS server publicly YOU'RE ON YOUR OWN BUDDY.

    Anyone wishing to implement a public facing DNS server should not need assistance doing so.

    Sunday, June 17, 2012 4:18 AM
  • you took me up to a place where i could solve my issue, i had not planned on a totally public dns. all i want is for my users to get there mail on a smart phone


    John

    Sunday, June 17, 2012 4:23 AM
  • then all you need is to ask your Public DNS host to add an A record to public DNS which points to your public IP.

    normally: remote.public_name_space

    EDIT: and depending on 'self signed' vs '3rd party'certificate, you may need to get the cert on the phone. (iPhones are just about the easiest, they can be told to accept any cert)


    • Edited by SuperGumby Sunday, June 17, 2012 4:27 AM
    Sunday, June 17, 2012 4:26 AM
  • that might just fix the problem, will let you know tomorrow

    John

    Sunday, June 17, 2012 5:11 AM
  • I should say that SBS needs to 'agree' to that A record. (though this also should be pretty obvious)

    Before implementing SBS: What do I want the public name of SBS to be?

    When running the wiz: I will now implement that public name on SBS.

    _personally_ I think 'remote.etc' is just as valid as any other name, and SBS uses it by default.

    Using 'mail.etc' for your mail server (MX) was never more than 'convention' anyway, and due to 'computer precision' it is only _people_ who think 'mail2' is similar to 'mail', from a computer perspective it is as different as 'some_awful_name'.

    Everything will work with the server addressed by 'remote.etc' and it is as close to default as possible, whether 'self signed' or '3rd party' certification is used.

    The basic fact is: It's just a name that needs to exist in public DNS. 'something_really_stupid_and_gawdawfully_complex.in_an_unrelated_domain.in_some_other_TLD' is just as valid. 

    Sunday, June 17, 2012 5:55 AM
  • Well this is closed and not fixed. time to do the deed, and rebuild the server. if the mail could get out of the server this might be a good solution but the transport function is so hosed and broken.

    John

    Thursday, June 21, 2012 10:26 PM