MX records between two forests
Hello Technet I'm about to give up configuring MX records for my exchange servers in, in my test lab. I've tried different things, read articles and so on. Some explains how to set ip for your ISP, some says you dont need a-records etc. I have a feeling, it should be quite simple..but I cannot get it to work. So can You help figure it out? Scenario: Forest1: primary.first.lcl DC1AF1/10.1.0.1 EX1AF1/10.1.0.7 connector settings and mx record Forest2: secondary.second.lcl DC1AF2/10.2.0.1 EX1AF2/10.2.0.7 Can you see any major mistake, or do I miss some steps. best regards Jesper Vindum, Denmark
November 9th, 2011 6:15pm

Hello Gavin-Zhang 1. All exchange servers has the default receive connector 2. All servers can ping each other by FQDN 3. Preferred DNS on EX1AF1 is 10.1.0.1/DC1AF1. The bottom part of the screenshot above, shows the mx connector, on a dc in forest1, pointing to EX1AF2, in the foreign forest. If it is created properly, I dont know :) 4. Both exchange servers can telnet to each other, using port 25 best regards Jesper Vindum, Denmark
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2011 8:20am

See this - http://social.technet.microsoft.com/Forums/en-AU/exchange2010/thread/9d4bdf4b-a202-491f-a6c1-fd99cff9cbe4 Forget DNS/MX records and use a smarthost instead in each Exch Org with the correct namespace.Sukh
November 10th, 2011 6:50pm

Hi Jesper, Sukh's suggestion also could be a method. Can you ping EXAF2 on the DC1AF1, could you please post the record (MX and A) you added on the DNS server, then we could confirm whether they are proper. Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 10th, 2011 9:31pm

Hi Sukh828, I tried to use smarthost, but the only way I could get it work, was when I used annonymous access. Gavin-Zhang, I can ping all the way around, but only with FQDN. About the MX question. For now I didn't create an A-record, only a MX record. See Screenshot below. If I create an A-record, it will take the domain name of the first domain, so ex1af2.primary.first.lcl. Will that be correct? That server is located in secondary.second.lcl. best regards Jesper Vindum, Denmark
November 11th, 2011 2:04pm

What's wrong with that?Sukh
Free Windows Admin Tool Kit Click here and download it now
November 11th, 2011 2:17pm

Sukh828, I would wish there was some sort of security, guess there isnt when annonymous access is allowed :) Please have in mind, this is a testlab. And my goal is to understand the different parts in the exchange topic. best regards Jesper Vindum, Denmark
November 11th, 2011 2:37pm

It is secure with anonymous, that's doesnt mean anyone can relay via your exchange server, it means Exchange will receive email from anyone, for e.g on the internet receive connector, this is used so that a company can accept email from anyone on the internet. This is default.Sukh
Free Windows Admin Tool Kit Click here and download it now
November 11th, 2011 2:45pm

For the receive connector, permission groups, you will have to select anonymous users, it is not default. best regards Jesper Vindum, Denmark
November 11th, 2011 3:35pm

For the receive connector, permission groups, you will have to select anonymous users, it is not default. best regards Jesper Vindum, Denmark Exchange 2010 supports opportunistic TLS. If the sending server does as well, then the SMTP traffic will be encrypted. Dont confuse authentication with encryption :)
Free Windows Admin Tool Kit Click here and download it now
November 11th, 2011 4:24pm

Gavin-Zhang's threadsView Profile Zhang, 1. in your MX example, the exchange server are located in domain 2. But how would you add a a/mx record for computer in another domain. Fx. ex1af1. As I see it, if you add the a record for ex1af1, in domain2, it will obtain the domain name of that, even if it belongs to domain1. 2. Ok, so by default any session is encrypted. Any way to verify that? And, thanks for your support, I appreciate that. For each reply, I get a better understanding of how it works :) best regards Jesper Vindum, Denmark
November 18th, 2011 8:23pm

Hi Jesper, For your second question, please refer to below: http://technet.microsoft.com/en-us/library/bb691338.aspx Regards! Gavin TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 20th, 2011 10:45pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics