Hello Technet I'm about to give up configuring MX records for my exchange servers in, in my test lab. I've tried different things, read articles and so on. Some explains how to set ip for your ISP, some says you dont need a-records etc. I have a feeling, it should be quite simple..but I cannot get it to work. So can You help figure it out? Scenario: Forest1: primary.first.lcl DC1AF1/10.1.0.1 EX1AF1/10.1.0.7 connector settings and mx record Forest2: secondary.second.lcl DC1AF2/10.2.0.1 EX1AF2/10.2.0.7 Can you see any major mistake, or do I miss some steps. best regards Jesper Vindum, Denmark

Hi Jesper, Per your description, you have a test lab, and there are there are two forests, each forest have one exchange email system, and you want the two email system could send email to each other. 1. Confirm all the exchange server have receive connector, 2. please confirm the network between the two forests could ping each other successfully 3. what is DNS server you configured on EX1AF1, if it is DC1AF1, please add a MX record for the other forest exchange. 4. please use telnet the other forest exchange server in the forest1, confirm you could telnet the EX1AF2 server's 25 port Do the same procedures for forest2. If you have any confused, please feel free let me know. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hello Gavin-Zhang 1. All exchange servers has the default receive connector 2. All servers can ping each other by FQDN 3. Preferred DNS on EX1AF1 is 10.1.0.1/DC1AF1. The bottom part of the screenshot above, shows the mx connector, on a dc in forest1, pointing to EX1AF2, in the foreign forest. If it is created properly, I dont know :) 4. Both exchange servers can telnet to each other, using port 25 best regards Jesper Vindum, Denmark

See this - http://social.technet.microsoft.com/Forums/en-AU/exchange2010/thread/9d4bdf4b-a202-491f-a6c1-fd99cff9cbe4 Forget DNS/MX records and use a smarthost instead in each Exch Org with the correct namespace.Sukh

Hi Jesper, Sukh's suggestion also could be a method. Can you ping EXAF2 on the DC1AF1, could you please post the record (MX and A) you added on the DNS server, then we could confirm whether they are proper. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Sukh828, I tried to use smarthost, but the only way I could get it work, was when I used annonymous access. Gavin-Zhang, I can ping all the way around, but only with FQDN. About the MX question. For now I didn't create an A-record, only a MX record. See Screenshot below. If I create an A-record, it will take the domain name of the first domain, so ex1af2.primary.first.lcl. Will that be correct? That server is located in secondary.second.lcl. best regards Jesper Vindum, Denmark

What's wrong with that?Sukh

Sukh828, I would wish there was some sort of security, guess there isnt when annonymous access is allowed :) Please have in mind, this is a testlab. And my goal is to understand the different parts in the exchange topic. best regards Jesper Vindum, Denmark

It is secure with anonymous, that's doesnt mean anyone can relay via your exchange server, it means Exchange will receive email from anyone, for e.g on the internet receive connector, this is used so that a company can accept email from anyone on the internet. This is default.Sukh

For the receive connector, permission groups, you will have to select anonymous users, it is not default. best regards Jesper Vindum, Denmark

For the receive connector, permission groups, you will have to select anonymous users, it is not default. best regards Jesper Vindum, Denmark Exchange 2010 supports opportunistic TLS. If the sending server does as well, then the SMTP traffic will be encrypted. Dont confuse authentication with encryption :)

Hi Jesper, As normal we select anonymous users. If we want to use TLS between two forests, we need do more configuration, please refer to below: http://technet.microsoft.com/en-us/library/bb123546.aspx http://blogs.technet.com/b/exchange/archive/2006/10/04/3395006.aspx Note, 1. if you have MX record on the DNS server, such as: domain2.com -> ex1af2.domain2.com You should also have a A reocrd as below: ex1af2.domain2.com -> "IP address" of the ex1af2 server 2. we just use the TLS between the special partners's forest and use the special connector Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Gavin-Zhang's threadsView Profile Zhang, 1. in your MX example, the exchange server are located in domain 2. But how would you add a a/mx record for computer in another domain. Fx. ex1af1. As I see it, if you add the a record for ex1af1, in domain2, it will obtain the domain name of that, even if it belongs to domain1. 2. Ok, so by default any session is encrypted. Any way to verify that? And, thanks for your support, I appreciate that. For each reply, I get a better understanding of how it works :) best regards Jesper Vindum, Denmark

Hi Jesper, For your second question, please refer to below: http://technet.microsoft.com/en-us/library/bb691338.aspx Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.