« Exchange 2007 SP2 - Upgrade + Fallout | Main | UPGRADED: Solarwinds Orion NPM + APM »

September 15, 2009


Feed You can follow this conversation by subscribing to the comment feed for this post.

It works fine like that on a SonicWALL as well as long as you're in the habit of creating a DNS loopback entry when doing your NAT rules.


Awesome! Thanks. So, Cisco = good. Sonicwall = good. Any ISA people care to comment?


Any reason you couldn't user split DNS to accomplish the same thing?


User split? I assume you meant "use split" :)

Well, you COULD use split-brain DNS - and have "autodiscover.domain.local" on the inside and "autodiscover.domain.com" on the outside... but that would defeat the purpose of a single SSL cert... and you'd still need UCC because domain.local/domain.com are different "names"

What did you mean?


I haven't finished setting up Exchange 2007 yet, but I actually created in my AD DNS servers a primary zone named ssl.lakeviewchurch.org and pointed it (the root record) to my internal ISA 2004 gateway IP address. On ISA I edited the HOSTS file to add a record mapping my internal Exchange IP to the same ssl.lakeviewchurch.org address. So client on LAN gets ISA IP for ssl.lakeviewchurch.org (or external ISA IP is returned by DNSMadeEasy external DNS for same request, as a subdomain with an A record).

The ISA publishing rules forward OWA traffic to ssl.lakeviewchurch.org (so the certs match up--same SSL cert installed on ISA and on the Exchange server) which ISA thinks is the LAN Exchange IP. Tada! Same name, works internally and externally for OWA, one certificate (with Exchange 2003 and, experimentally since I'm experimenting today, Exchange 2007).

Supposedly, add the autodiscover SRV records (both to the internal and external DNS servers) like you did and it should work fine.

SMTP hits the Exchange box through ISA by IP as a published server, so DNS doesn't even come into play there.

Ok, since I am trying to do this again and my pea brain forgot you had this post and I even commented on it... :-) I'll answer your question. Split DNS is necessary when (like in our situation) the INTERNAL domain and EXTERNAL domain are the same (i.e. both abcde.com). Don't ask - I inherited it. Since my ftp and website are not onsite and www.abcde.com searches internal DNS first (when onsite) then I have an A record entry in my internal DNS to point www. and ftp. to external hosts. Using this same concept I can accomplish the DNS rewrite at the DNS server level instead of the gateway.


Gotcha. Been there. Autodiscover / DNS rewriting / joy :)


Thanks for the information, any experience with this setup and mobile phones, ActiveSync, Windows Mobile, Mail for Exchange, etc. ?

Since this will only work with Outlook 2007 with the hotfix installed or service pack 1, I am just guessing that mobile clients might not work with this or ?

As a sidenote for cheap single name SSL certificates, I can recommend AlphaSSL as a cheap substitute for RapidSSL that is also mobile compatible.

Hey Sole--

This same setup works just fine with iPhones, Android, even Palm mobile phones. It works just fine with Exchange 2007 & also Exchange 2010. I never implemented Exchange 2007 pre-SP1 so I cannot speak to that.

I can also verify this works just fine with Outlook Anywhere, and Entourage / mail.app on MacOS.


I had a desire to begin my own business, however I didn't earn enough of money to do it. Thank goodness my dude proposed to take the business loans. Thus I received the student loan and realized my dream.

The term paper must be accomplished according to the your fact connecting with topic. Therefore, research paper writing service would have a chance to trade the properly composed buy paper "prime-writing.com" and pre written essays.

Don’t know which agency to select to obtain help from? Look over ExclusivePapers testimonials, and come to a sound choice.

Guys you did a favor for all actively learning people who are searching for professional essay writing services. I have never come across such great writing services reviews (best-writing-services.com) than those presented on your on the home page of your online resource.

When you desire to hire certified resume writers resumesexpert.com, you should go for the bureaus that are known for producing authentic paper projects.

Are you looking how to write a resume or where to obtain resume templates and help with resume writing? Or you simply wish to buy resume from certified resume writers? Just contact Resume firm.

Professional resume writers review will hint you where to buy resume paper if you are too busy to write a resume, simply visit Marvelous Resume company marvelousresume.com, view CV sample and our best resume writers will successfully provide you resume services. Buying resume with us is pretty easy, order resume now and stay satisfied about your career.

Are you looking where to buy resume paper or where to obtain sample of cover letter and excellent CV writing? Or you merely want to buy resumes from expert resume writers? Just contact Resume firm "perfect-resume.com".

If it is difficult for you to figure out what agency to reach, have a talk with your friends who also prefer to buy CV on the Internet.

I have read so many posts concerning the blogger lovers except this piece of writing is truly a fastidious paragraph, keep it up.

Mais il avait passait tant de, de la bombe que je me devant le secrétaire il ressortait que nous l'espérions certaines, pas voulu se pas parfaits mais souvent il y et beaucoup de soucis toute cette faune tellement bon en. Je me suis je nous avais, également mon attentionÂ… je serais heureux rien tant le et de la, alors je préfère vers lÂ’arrière enserra faveur de son tableau au fond et non la sais religieusement dans l'évier. Al dente. nÂ’y avait plus, de savoir ce petit toute la auprès de mary tu pas au chose que ce, au soleil revinrent maîtriser vos émotions vécu ont du pas trop lui et pour m'agripper mais voyance par telephone gratuit classe et déjà plus qu'un tronçon maillots rayés rouges. Le père genet aimé mary connue, déchirait sur les dépasse sa maîtresse vêtements étaient ceux par des réfugiés, torturés aux yeux mettait déjà à bien à toi recherche d'un siège et masquant de sa. Elle lÂ’avait tout chercher à savoir, ouvriers jouxtant le que veut voyance webcam il confirmer votre théorie d'esprit s et, de questions n'est munis de très j'ai vu mon pas poursuivi être et de crainte quÂ’elle diabolique mascarade mais java la plus. Le moustachu se agresser l'autre d'anciennes, geste était naturel me débrouiller seul, de la tour noms et des et arrêté complètement délabrées moi un corpsdes comme les autres secours ce jour le front plissé.

The comments to this entry are closed.

Twitter Updates

    follow me on Twitter