MX records between two forests
Hello Technet
I'm about to give up configuring MX records for my exchange servers in, in my test lab. I've tried different things, read articles and so on. Some explains how to set ip for your ISP, some says you dont need a-records etc. I have a feeling, it should be
quite simple..but I cannot get it to work.
So can You help figure it out?
Scenario:
Forest1:
primary.first.lcl
DC1AF1/10.1.0.1
EX1AF1/10.1.0.7
connector settings and mx record
Forest2:
secondary.second.lcl
DC1AF2/10.2.0.1
EX1AF2/10.2.0.7
Can you see any major mistake, or do I miss some steps.
best regards
Jesper Vindum, Denmark
November 9th, 2011 6:15pm
Hi Jesper,
Per your description, you have a test lab, and there are there are two forests, each forest have one exchange email system, and you want the two email system could send email to each other.
1. Confirm all the exchange server have receive connector,
2. please confirm the network between the two forests could ping each other successfully
3. what is DNS server you configured on EX1AF1, if it is DC1AF1, please add a MX record for the other forest exchange.
4. please use telnet the other forest exchange server in the forest1, confirm you could telnet the EX1AF2 server's 25 port
Do the same procedures for forest2.
If you have any confused, please feel free let me know.
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if
a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2011 2:56am
Hello Gavin-Zhang
1. All exchange servers has the default receive connector
2. All servers can ping each other by FQDN
3. Preferred DNS on EX1AF1 is 10.1.0.1/DC1AF1. The bottom part of the screenshot above, shows the mx connector, on a dc in forest1, pointing to EX1AF2, in the foreign forest. If it is created properly, I dont know :)
4. Both exchange servers can telnet to each other, using port 25
best regards
Jesper Vindum, Denmark
November 10th, 2011 8:20am
See this -
http://social.technet.microsoft.com/Forums/en-AU/exchange2010/thread/9d4bdf4b-a202-491f-a6c1-fd99cff9cbe4
Forget DNS/MX records and use a smarthost instead in each Exch Org with the correct namespace.Sukh
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2011 6:50pm
Hi Jesper,
Sukh's suggestion also could be a method.
Can you ping EXAF2 on the DC1AF1, could you please post the record (MX and A) you added on the DNS server, then we could confirm whether they are proper.
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if
a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
November 10th, 2011 9:31pm
Hi
Sukh828, I tried to use smarthost, but the only way I could get it work, was when I used annonymous access.
Gavin-Zhang, I can ping all the way around, but only with FQDN. About the MX question. For now I didn't create an A-record, only a MX record. See Screenshot below. If I create an A-record, it will take the domain name of the first domain, so ex1af2.primary.first.lcl.
Will that be correct? That server is located in secondary.second.lcl.
best regards
Jesper Vindum, Denmark
Free Windows Admin Tool Kit Click here and download it now
November 11th, 2011 2:04pm
What's wrong with that?Sukh
November 11th, 2011 2:17pm
Sukh828, I would wish there was some sort of security, guess there isnt when annonymous access is allowed :) Please have in mind, this is a testlab. And my goal is to understand the different parts in the exchange topic.
best regards
Jesper Vindum, Denmark
Free Windows Admin Tool Kit Click here and download it now
November 11th, 2011 2:37pm
It is secure with anonymous, that's doesnt mean anyone can relay via your exchange server, it means Exchange will receive email from anyone, for e.g on the internet receive connector, this is used so that a company can accept email from anyone on the internet.
This is default.Sukh
November 11th, 2011 2:45pm
For the receive connector, permission groups, you will have to select anonymous users, it is not default.
best regards
Jesper Vindum, Denmark
Free Windows Admin Tool Kit Click here and download it now
November 11th, 2011 3:35pm
For the receive connector, permission groups, you will have to select anonymous users, it is not default.
best regards
Jesper Vindum, Denmark
Exchange 2010 supports opportunistic TLS. If the sending server does as well, then the SMTP traffic will be encrypted. Dont confuse authentication with encryption :)
November 11th, 2011 4:24pm
Hi Jesper,
As normal we select anonymous users.
If we want to use TLS between two forests, we need do more configuration, please refer to below:
http://technet.microsoft.com/en-us/library/bb123546.aspx
http://blogs.technet.com/b/exchange/archive/2006/10/04/3395006.aspx
Note,
1. if you have MX record on the DNS server, such as:
domain2.com -> ex1af2.domain2.com
You should also have a A reocrd as below:
ex1af2.domain2.com -> "IP address" of the ex1af2 server
2. we just use the TLS between the special partners's forest and use the special connector
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your
question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 13th, 2011 10:25pm
Gavin-Zhang's threadsView
Profile
Zhang,
1. in your MX example, the exchange server are located in domain 2. But how would you add a a/mx record for computer in another domain. Fx. ex1af1.
As I see it, if you add the a record for ex1af1, in domain2, it will obtain the domain name of that, even if it belongs to domain1.
2. Ok, so by default any session is encrypted. Any way to verify that?
And, thanks for your support, I appreciate that. For each reply, I get a better understanding of how it works :)
best regards
Jesper Vindum, Denmark
November 18th, 2011 8:23pm
Hi Jesper,
For your second question, please refer to below:
http://technet.microsoft.com/en-us/library/bb691338.aspx
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if
a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 20th, 2011 10:45pm