Email....what to do part2 :)

Discussion in 'Windows Small Business Server' started by maxian, May 15, 2005.

  1. maxian

    maxian Guest

    OK, you all have me talked into and pumped about my using the SBS Exchange.
    I have a few more questions. Mainly the infrastructure of the network.

    Main Office
    1. Business static ip with Road Runner.
    2. Netgear FWAG114 router/firewall
    a. router is handling the DHCP
    b. DNS is pointing to Road Runner
    c. VPN running with office in Dallas and my Home
    3. SBS Server 2003 Standard.
    a. DNS is pointing to the servers LAN address : 192.168.1.103

    Dallas Office (no server)
    1. SBC DSL Business Static IP
    2. Netgear router FWAG114
    a. DHCP running on router
    b. VPN hitting the Main office router
    c. they are not logging into the server, but they do have user accounts
    on the server. They are using the server drives and the Companyweb. (They
    would be lost with out this)

    A couple of questions:
    1. With the main office setup...after I get the A record pointing to the
    static IP address and the MX record pointing to the A record is Exchange
    going to work with the SBS server DNS pointing to its own Local address?

    2. Will the Dallas office be able to setup their mail accounts using
    exchange even if their computers are not part of the domain?

    I'm sure more question will come. :) I'm kinda scared to change
    anything...it has been working really well since last July.

    Thanks again for all who answered my question on Saturday. This site has
    been the most helpfull site for me on the internet. Thank you so much guys!!!
     
    maxian, May 15, 2005
    #1
    1. Advertisements

  2. 1. Yes DNS on a DC always points to itself. DNS to outside is handled by
    forwarders or root hints.

    2. The Dallas mail can be handled one of two ways. If they want continuous
    connection the best way is to setup Outlook over Http. The other way is OWA
    if they prefer to stay local with their Outlook..
     
    Frank McCallister SBS MVP, May 15, 2005
    #2
    1. Advertisements

  3. maxian

    Gary Karasik Guest

    If the remote users are using Outlook 2003, they can connect directly to
    Exchange via RPC-over-HTTP. If they aren't using Outlook 2003, the can
    connect Outlook directly to Exchange by VPNing into the server as opposed to
    VPNing into the router. For this to work you'll need to set up RAS on the
    server and forward PPTP through the firewall. Takes several steps to set it
    up, but my users love being able to use Outlook directly. It's also fairly
    simple to set up DHCP on the server instead of on the router (with a one-NIC
    setup there can be only one DHCP). The remote users don't need to be part of
    the domain to use Outlook under this arrangement, although all of my remote
    users use the domain name as the workgroup name.

    GaryK
     
    Gary Karasik, May 15, 2005
    #3
  4. maxian

    maxian Guest

    Thanks again for all the advice!!!!
    --
    j mager
    IT ACT Houston - ACT Dallas


     
    maxian, May 15, 2005
    #4
  5. maxian

    maxian Guest

    Mr. McCallister,

    If I set up the Dallas office on HTTP email connection would the address
    for the email be http://domain.local and then what file it is stored in.
    Or am a clueless on this also? :)

    Thanks
    --
    j mager
    IT ACT Houston - ACT Dallas


     
    maxian, May 15, 2005
    #5
  6. maxian

    maxian Guest

    Thanks! They have outlook 2003. If I go with the http setup does it act the
    same as if you were part of the domain?

    Again thanks!
    --
    j mager
    IT ACT Houston - ACT Dallas


     
    maxian, May 15, 2005
    #6
  7. Please call me Frank

    Follow the instructions carefully on the configure Outlook via the Internet
    Link on the RWW login page. The email address for the User will be
    [email protected] as usual. There is a point in the setup where you do enter the
    domain.local but that is not the email address.

    --
    Frank McCallister SBS MVP
    COMPUMAC
     
    Frank McCallister SBS MVP, May 15, 2005
    #7
  8. maxian

    maxian Guest

    Boy, I was not very clear on my last email.

    I was looking at the setup of outlook on the clients computer. When going
    into the new email acount setup you are given a choice of
    Exchange,Pop3,Imapi,Http.....

    Do I select HTTP? If so there is a http address you type in. That's where
    I was coming up with http://domain.local address.

    Thanks for the help.




    --
    j mager
    IT ACT Houston - ACT Dallas


     
    maxian, May 15, 2005
    #8
  9. That is correct. All clients on that server should be getting their
    DHCP requests handled by the server and they should be getting the DNS
    of the SBS server. Where you may get an issue - and I am not sure
    because you don't say - is where are the client PCS on this? Are they
    on the same segment as the router - i.e, the router is the default
    gateway for clients, and you have only one nic in the SBS server)? If
    so, turn off the DHCP on the router, and ensure DHCP is switched on on
    the SBS server and the SBS server is giving out the router address as
    the default gateway and the SBS address as the DNS server. Run the
    connect to the Internet wizard to ensure that the SBS DNS server is
    set up to use correct forwarders in the DNS server.
    Yes. You must not change the internal record, we are talking about
    the external record hosted at your ISP or nameserver provider. You
    will also need to allow port 25 through to the private address of the
    SBS box.
    Yes. If they are connected via the VPN, then this will work.
    Depending on how the VPN is set up, it may be safer to allow Outlook
    over HTTP, because the data over the link is encrypted. If the VPN is
    IPSEC, then they can just use Outlook and connect to the Exchange
    server directly (they will be asked for user cridentials as they are
    not on the domain).

    Thanks.
    Andrew.
     
    Andrew Hodgson, May 15, 2005
    #9
  10. maxian

    Gary Karasik Guest

    Thanks! They have outlook 2003. If I go with the http setup does it act
    Yes. After you've set up the hardware, run CEICW and generate a self-signed
    certifictat. I've found that this all works better if, once it's configured
    on each client, I start Internet Explorer and go to
    http://YourExternalServerIP/rpc and install the offered certificate. Once
    the certificate is installed, you'll see a "Page can't be displayed" screen.
    This is normal, as there is no RPC page. After that, you should be able to
    connect, and it works great, exactly as though you were hard-wired to
    Exchange.

    GaryK
     
    Gary Karasik, May 15, 2005
    #10
  11. maxian

    maxian Guest

    Thanks for the info.

    The pcs have the gateway pointed towards the router and the SBS has one nic.
     
    maxian, May 15, 2005
    #11
  12. If you've run the Configure Email and Internet Connection wizard (CEICW)
    (Connect to the Internet link on the To Do List) be sure to check the option
    to allow Outlook over the Internet. You or the users should be able to
    connect to the SBS server using https://fqdn/remote and login to Remote Web
    Workplace there you should have a link for Configure Outlook via the
    Internet which will give you step by step instructions on how to setup
    Outlook 2003 with RPC over HTTP on the client.

    As far as the DNS stuff goes that largely depends on things like a) will
    your ISP or someone else be hosting the DNS records for your Internet
    registered domain name? b) is your AD domain name the same or different
    from your registered Internet domain name?

    BTW, you mentioned that they are not logging into the domain but are
    accessing file shares/companyweb.. so they are authenticating against the
    SBS server so be sure to have the appropriate number of SBS CALs.



    --

    Hope that helps,
    David Copeland
    Microsoft Small Business Server Support

    This posting is provided "AS IS" with no warranties, and confers no rights.


    SBS Newsgroups:

    SBS v4.x: microsoft.public.backoffice.smallbiz
    SBS 2000: microsoft.public.backoffice.smallbiz2000
    SBS 2003: microsoft.public.windows.server.sbs
     
    David Copeland [MSFT], May 15, 2005
    #12
  13. maxian

    Alex H Guest

    Alex H, May 15, 2005
    #13
  14. maxian

    maxian Guest

    Thanks!!!

    I will double check and make sure we have enought CALs. I think we do but I
    will check.

    Just want to say, this place rocks!!! I week worth of searching for
    information is taken care of in one to two days. Just Awesome!!!

    I'm going to get this changed over...wish me luck!!!

    Thanks again!!!

    --
    j mager
    IT ACT Houston - ACT Dallas


     
    maxian, May 15, 2005
    #14
  15. maxian

    maxian Guest

    Andrew, I just read your post again. I missed the rest of the info you put
    down. Sounds like this is going to work for me. I'm kinda worried about
    changing the DHCP to the server, just because everything is working so good.
    Is this something that must be done?

    Thanks for everything.
     
    maxian, May 15, 2005
    #15
  16. maxian

    maxian Guest

    <b) is your AD domain name the same or different
    The AD domain is different then the registered domain. Is this going to be
    a problem?

    Thanks!


    j mager
    IT ACT Houston - ACT Dallas


     
    maxian, May 15, 2005
    #16
  17. maxian

    Gary Karasik Guest

    Why is it that I have to type https://myextentalserver/rpc?

    You don't have to if everything works. I've had several workstations that
    wouldn't authenticate. I googled the problem and came across this
    suggestion, tried it, and it worked.

    GaryK
     
    Gary Karasik, May 15, 2005
    #17
  18. The reason I said this is because I didn't know if the router was
    giving out the DNS server as the SBS server - if it is not doing that
    then yes this needs changing, because your SBS clients are not looking
    at the active directory resources for the majority of their records
    which is not a good idea.

    If your DNS servers on the client machines are set to the router or
    your isp nameservers then this needs changing.

    Thanks.
    Andrew.
     
    Andrew Hodgson, May 15, 2005
    #18
  19. it's a simple way of requesting and installing the certificate.
     
    SuperGumby [SBS MVP], May 15, 2005
    #19
  20. Actually, that will make it easier.. For example..
    Contoso.com being the Internet domain
    Contoso.local being the AD Domain

    The MX and A records would go into the Contoso.com forward lookup Zone in
    DNS and point to an A record that would resolve to the SBS server's Internet
    IP address (assuming having email delivered for Contoso.com directly to the
    SBS server)
    Contoso.com
    MX record mail.contoso.com
    mail A record x.x.x.x

    where x.x.x.x is the server's external IP address (or IP that is passing the
    traffic back to the SBS server)

    Likely that the Contoso.com DNS zone would be hosted by the ISP.

    Just need to make sure that when you run the CEICW that you specify the
    Internet domain for the email domain.. (in this example would be the
    contoso.com) This will set Exchange's default recipient policies such that
    the primary SMTP address will be @contoso.com which will be applied to the
    users. This will then become the user's reply to address when they send
    email. For example, userA would have an email address of

    --

    Hope that helps,
    David Copeland
    Microsoft Small Business Server Support

    This posting is provided "AS IS" with no warranties, and confers no rights.


    SBS Newsgroups:

    SBS v4.x: microsoft.public.backoffice.smallbiz
    SBS 2000: microsoft.public.backoffice.smallbiz2000
    SBS 2003: microsoft.public.windows.server.sbs

     
    David Copeland [MSFT], May 15, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.