none
Post install tasks exchange 2016, explanation request RRS feed

Answers

  • Hi,

    For internal users, we use internal DNS server to resolve host names to internal IP addresses. If you don't set the related DNS records, and want to access external IP address from internal machines, it will occur loopback error and fail. Since this issue is more related with network side, and if you want to know more about this, you can go to Network Infrastructure Servers forum for more suggestions.

    For you issues about certificates, the self-signed certificates or certificates issued by an internal CA cannot be automatically trusted by client computers and mobile devices, they need to be manually added to the trusted root certificate store on all client computers and devices. For reference: Digital certificates and encryption in Exchange Server

    Additionally, since you use mail.domian.com for URLs, you should add this host name in the certificate. 

    If the certificate issue persists, you can ask this question in the forum with more details. More people will notice it.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, August 2, 2019 10:00 AM
    Moderator

All replies

  • Hi Alain,

    We have helped you cover your domain name, please don't forget to cover your personal information next time.

    Do you mean why CNAME records are needed?

    CNAME records will bring some convenience when the servers' IP addresses are changed. You can just use A records and don't use CNAME records. 

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, July 22, 2019 7:30 AM
    Moderator
  • There is already public dns resolution to a public address for Mail.contoso.com/owa.contoso.com. The question is why add a local cname record to add a link to a local name instead of just using the public one?

    Alain Bourgeois

    Monday, July 22, 2019 8:18 AM
  • As is mentioned above, you don't have to use CNAME records. If you want to use mail.contoso.com or owa.contoso.com for internal URL, you can just use A records.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, July 24, 2019 9:28 AM
    Moderator
  • the question is : why add an address such as  mail.contoso.com in a private dns zone as it is our public fix WAN ip address, registered in public dns?

    Alain Bourgeois

    Wednesday, July 24, 2019 7:47 PM
  • Hi,

    If you use mail.contoso.com for internal URLs, then you have to add the related A records to point the specific server. The internal DNS records will be used when you use internal URLs.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, July 26, 2019 10:12 AM
    Moderator
  • Yes, but the question is: why not use public DNS resolution on wan IP? Is it just to avoid passing through wan connection?

    Alain Bourgeois

    Friday, July 26, 2019 7:58 PM
  • Hi,

    Do you mean why the public DNS record points to the public IP instead of the internal IP?

    Public IP addresses can be accessed over the Internet, internal IP addresses are allocated to allow organizations to create their own private network and cannot be accessed directly by outside devices. So we need public DNS records to find our servers from the Internet.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, July 31, 2019 7:14 AM
    Moderator
  • I agree, but the question has to be taken the other way round, I repeat:

    from doc:

    -----------------------------------------------------

    Stage 5: configure internal url's: it is written:

    ---

    Depending on your configuration, you'll need to configure your private DNS records to point to the internal or external IP address or FQDN of your Mailbox server. Examples of recommended DNS records that you should create are described in the following table:

    FQDN DNS record type Value
    Mail.contoso.com CNAME Mailbox01.corp.contoso.com
    Owa.contoso.com

    CNAME

    Mailbox01.corp.contoso.com

    ---

    The question is

    Why do we need private dns records? Why do we need to set an extra "private" resolution for mail.domain.com , different than the public one, although the public one works? mail.domain.com is in public dns, so works also locally.

    KR.


    Alain Bourgeois

    Wednesday, July 31, 2019 8:28 PM
  • I don't know if it is related, I added mail.domin.com to private dns, nslookup mail.domain.com resolved to internal server.domain.com (alias on name).

    When connecting to exchange using outlook I get:

    

    I thought autosigned caeryficate was enough for the first month, it seems not to be enough.

    But what worst is is the last x: "the name on the certificate is not valid or doesn't match the site's name. This is the exchange auto-signed certificate". Do I have to add the local name to it? Any hint to understand this? (log detail)

    KR.


    Alain Bourgeois

    Thursday, August 1, 2019 10:07 PM
  • Hi,

    For internal users, we use internal DNS server to resolve host names to internal IP addresses. If you don't set the related DNS records, and want to access external IP address from internal machines, it will occur loopback error and fail. Since this issue is more related with network side, and if you want to know more about this, you can go to Network Infrastructure Servers forum for more suggestions.

    For you issues about certificates, the self-signed certificates or certificates issued by an internal CA cannot be automatically trusted by client computers and mobile devices, they need to be manually added to the trusted root certificate store on all client computers and devices. For reference: Digital certificates and encryption in Exchange Server

    Additionally, since you use mail.domian.com for URLs, you should add this host name in the certificate. 

    If the certificate issue persists, you can ask this question in the forum with more details. More people will notice it.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, August 2, 2019 10:00 AM
    Moderator
  • Hi,

    Just checking in to see if above information was helpful. If you have solved your problem, could you share with us? Maybe it will help more people with similar problems. 

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, August 8, 2019 9:28 AM
    Moderator