1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Resolved SBS2008 and CNAMES

Discussion in 'Software' started by westernkings, Mar 17, 2011.

  1. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    Hi Guys,

    I'm about to create 3 different CNAMES for the components of SBS (OWA, Outlook Anywhere and Remote Workplace)

    Am I right in saying that all three CNAMES should point to the IP Address of the server (External obviously) and that I should set the External Host names of all three things to their corresponding CNAME? or is it not quite that simple.

    Basically I want

    mail.domain.com
    owa.domain.com
    remote.domain.com

    Any suggestions from the megapros would be great :)

    thanks guys.
     
    Last edited: Mar 18, 2011
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  2. Apexes

    Apexes Gigabyte Poster

    1,051
    78
    141
    EDIT: Ignore this post sorry! :D
     
    Last edited: Mar 17, 2011
    Certifications: 70-243 MCTS: ConfigMgr 2012 | MCSE: Private Cloud
  3. gosh1976

    gosh1976 Kilobyte Poster

    337
    18
    35
    but wait - if he is using SBS there would only be one box - and there would only be one ip address.
     
    Certifications: A+, Net+, MCDST, CCENT, MCTS: Win 7 Configuring, CCNA
  4. Apexes

    Apexes Gigabyte Poster

    1,051
    78
    141
    oops, i totally mis-read the OP's post - Sorry, ignore me!! :oops:
     
    Certifications: 70-243 MCTS: ConfigMgr 2012 | MCSE: Private Cloud
  5. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    Bingo. That's where my confusion sets it. I'm also concerned I could **** up Auto-discover by changing the host name.
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  6. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    The names should point to the external IP address that is running the service e.g.

    mail.domain.com 81.123.45.1
    owa.domain.com 81.123.45.2
    remote.domain.com 81.123.45.3

    These could all point to the same external IP address 81.123.45.1 they just use a different URL to get to the same destination.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  7. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    Can u set up a CNAME to point at the IP address at all? Looking at my DNS server I have to set up A record for the IP and all CNAMEs to point at FQDN.
     
    WIP: Uhmm... not sure
  8. Apexes

    Apexes Gigabyte Poster

    1,051
    78
    141
    Same here - I always thought CNAME's tend to be like an alias just to send it to another address - which would usually be a domain name, dont know if it works with ip's or not

    I think that's why i mentioned using A records previously, but only from the domain to the ip - not an rdns lookup. I'm pretty sure you could set multiple A records to go to the same IP address without problem?
     
    Last edited: Mar 17, 2011
    Certifications: 70-243 MCTS: ConfigMgr 2012 | MCSE: Private Cloud
  9. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    Yep. But then the thread would be about setting A records and not CNAMES :twisted:
     
    WIP: Uhmm... not sure
  10. Apexes

    Apexes Gigabyte Poster

    1,051
    78
    141
    alright, alright! :P :mrgreen:
     
    Certifications: 70-243 MCTS: ConfigMgr 2012 | MCSE: Private Cloud
  11. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    It was actually about both was I was unsure of the semantics of it bit couldn't be bothered to edit the title.

    So, how will the SBS differentiate between which A Record is meant for which service? IE, how will it route mail.domain to Outlook Anywhere if they all go to the same Address?
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  12. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    It doesn't need to. Outlook Anywhere, Autodiscover, Active-Sync, ECP and WebApp are all services running off IIS. So given your domain name is domain.com as long as all Exchange related HTTPS traffic is routed to the server it's going to work as different services will be published on different websites (domain.com/Microsoft-Active-Sync, domain.com/owa, etc.)


    Keep in mind you will need a SAN or a wildcard certificate for all those names for it to work.

    When having multiple subdomains for HTTPS requests it's the host header that matters. IIS can read host header passed by a client and decide where to route the request.

    To give you an example:
    Imagine IIS server hosting 100 websites. All off 1 IP address. They have different external names configured and different domain names pointing at the same IP address. Depending on which domain name you type in in the browser, different websites will display. IIS knows which domain you requested.

    Not sure if the example is any helpful but IIS host headers is something you should be looking at to find out more. CAS servers are basically RPC/MAPI listeners for normal Outlook access and IIS webservers that do everything else.

    edit: Just read it through again. If you're looking at sharing different services through different domains you might need to look up how to split Exchange services across multiple IIS applications/websites. So each website will have it's domain name (host header to read) and will host the service (Active-Sync, OWA, ECP, RPC over HTTPS)
     
    Last edited: Mar 17, 2011
    WIP: Uhmm... not sure
  13. westernkings

    westernkings Gigabyte Poster

    1,432
    60
    107
    So just set up the A records for each pointing to the same address and then change the external host names in SBS console? and test.

    Cheers mate :) Repped
     
    Certifications: MCITP:VA, MCITP:EA, MCDST, MCTS, MCITP:EST7, MCITP:SA, PRINCE2, ITILv3
  14. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    You can either set up A records for all services or 1 A record for the server name and CNAMEs pointing at that A record. Either way it should work.
     
    WIP: Uhmm... not sure
  15. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Might be best to fire in 3 A records mate. CNAMES can sometimes cause problems (spoofed names etc.)
     
    Last edited: Mar 17, 2011
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  16. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    FYI you shouldn't use a Wildcard Certificate as these can only be used external domain names only where as Exchange 2007/2010 needs to use internal names as well. MS recommend using a SAN certificate which would contain something like the following:

    mail.domain.com
    mail.domain.local
    autodiscover.domain.local
    ex01.domain.local
    ex01

    You need to ensure that you put in the following on the SAN:

    External FQDN
    Internal FQDN
    NetBIOS
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  17. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    Thanks! This is all true if your external domain name is different than your internal one. But I get your point. I don't agree on the NetBIOS name. It works well without it.
     
    WIP: Uhmm... not sure
  18. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    :thumbleft
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  19. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    Actually it is needed. I've added the NetBIOS name on all Exchange 2007\2010 installs. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  20. LukeP

    LukeP Gigabyte Poster

    1,194
    41
    90
    Weird. Mine works fine without it. I have FQDN on it but no NetBIOS. Haven't had any problems with it.
     
    WIP: Uhmm... not sure

Share This Page

Loading...