Say I have domain.com and its hosted externally. I add an exchange server and, I add an external record pointing to my server called mail.domain.com and it points to my external IP. I ALSO want to be able to access my server using the internal IP instead of going through my firewall and back in. (This is called split DNS)
Split DNS = I have 2 DNS zones, one external and one internal for the same domain. The issue is that you have to manage both zones individually (even if you only need one specific host record)
And alternative method is to create a zone JUST for that one host name.
Here are the directions to create a domain and same as parent A record
Open DNS on your DC, right click Forward Lookup Zone, and select New Zone
Now you have split DNS for the single host name only.
We have seen a recent rash of issues with Exchange MMC after April 11 updates, this is due to a .net change in the latest updates.
This issue is very specific to a system with
.NET Framework 3.5 Service Pack 1
.NET Framework 2.0 Service Pack 2
Windows Vista Service Pack 2 or Windows Server 2008 Service Pack 2
April 11 windows updates. (Specifically 2449742 or 2446709)
This problem occurs when the broken version of Hotfix 979744 is installed on your computer, and when security update 2449742 or 2446709 (part of security bulletin MS11-028) is installed in the affected environments, this problem generates the issues that are described in the "Symptoms" section.
Here is the story, I was building a Lab so I could test Domain secure connections between exchange 2010 Orgs. I issued a cert to both servers from a CA in domain 1, and imported CA root cert to the trusted roots of both servers. Then when I tried to activate services or use MTLS on my connectors I got the following error.
The Certificate Status Could not be determined Because the revocation check failed
Here are the steps I took (with a some help) and got my servers talking and CRL checking working.
Installed and configured the 2008 Online Responder on my CA
netsh winhttp set proxy proxy-server="http=myproxy:8080;https=sproxy:8080" bypass-list= "*.foo.com"
Note: I finally I found that I had an issue with my TMG server when routing across it (even though it was supposed to not be filtered) I moved my VM to the same networks (i.e. Both on 192.168.10.x) and then I was able to get it working…
Still need to figure out why TMG was breaking it, Conversely I did get it working with ISA 2006 without issue, I will update this post when I figure out the issue with TMG.
Remember the days when you could open ESM click on the mail store and see all the mailbox sizes? then you could sort them with a click and know which users to go have a discussion with about mail usage? Where did that go in Exchange 2010\2007?
You can use powershell to gather all that info and export it to a CSV
You get the following error:
Set-EmailAddressPolicy : The recipient policy “Default Policy” with mailbox man
ager settings cannot be managed by the current version of Exchange Management C
onsole. Please use a management console with the same version as the object.
At line:1 char:23
+ Set-EmailAddressPolicy <<<< “Default Policy” -IncludedRecipients AllRecipien
Inter NIC = IP: ISP assigned Gateway: ISP assigned, DNS: null
Getting Started Wizard
Configure Network Settings
Be sure to add the additional route for the LAN network behind the back-end server. This also adds the internal LAN network to the Internal Network object(networking\networks), and adds a static route for the Internal network as well (Networking\routing tab)
In my case I have a dynamic IP in my lab, but this would be your ISP provided IP
At this point you should have routing connectivity to the domain.
Configure System Settings
I make sure mine is connected to the domain (just makes permissions easier) You can join the domain here
Define Deployment options
This is a preference but for this Lab I disable all updates or NIS updates
Remote Access Wizard (again preference But I limit config as this is a publishing lab not client access)
This one can make troubleshooting difficult if configured any other way
Error: The queue in ‘Mailbox Database” database already contains a move request for ‘User name’, while AD reports the mailbox as not being moved. It is possible that someone created this move request recently, while targeting a different domain controller, and AD replication did not yet occur. You can examine this move request by running ‘Get-MoveRequestStatistics -MoveRequestQueue ‘Mailbox Database ‘ -MailboxGuid 02egha76-a9e5-430c-brb7-cdegrt15ee1f -IncludeReport | fl’. If you believe this to be an abandoned move request, you can remove it by running ‘Remove-MoveRequest -MoveRequestQueue ‘Mailbox Database’ -MailboxGuid 02egha76-a9e5-430c-brb7-cdegrt15ee1f.
If you had a failed move and now when you try to move the mailbox you get the error above, you can follow the direction in the error to resolve.