DNS Settings for OWA in Active Directory

By andrewkonosky ·
We currently have OWA setup on our server with our MX records configured so that external users can access Outlook Web Access via (points to our in-house exchange server) and internal users just use https://server-name/exchange.

I have several VPN users that are getting confused because when they connect to the VPN, the external link no longer works and they have to use the internal link. I've tried both enabling and disabling the VPN as the default gateway in the advanced TCP/IP settings in for VPN connection, but that doesn't seem to fix my problem either way.

How would I go about adding DNS records on our Server 2003RC2 domain controller to redirect internal requests for to the IP address of our server so that everyone can just remember one link?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

you don't

by CG IT In reply to DNS Settings for OWA in A ...

VPN is a secure tunnel to the private network. Once connected, users are on the private network just like workstations that are in the office.

What you can do is have VPN users connect like external users. There ya go.

The real question is why are VPN users trying to use OWA when they should just be getting their mail via their Outlook mail client program.

Collapse -


by Nimmo In reply to DNS Settings for OWA in A ...

Just as stated above once a user is connected to the network via a VPN it is as if they are on the local LAN so they don't need to use external DNS to access their email.

A good idea would be to configure their Outlook to use Outlook over the internet, doing this will allow users to receive their company email in Outlook even if they aren't connected to the VPN.

Collapse -


by christianshiflet In reply to DNS Settings for OWA in A ...

You need to create an A-record entry under Forward Lookup Zones for "mail" that points to the appropriate IP address. This way the address works both internally and externally, eliminating user confusion.

Let me know if that helps or you have further questions. Thanks.

Collapse -

MX record

by Nimmo In reply to Re: DNS

In your local forward lookup zone your A record should be the server.domain not because you dont want internal requests going out and comming back in just for a local connection to the exchange server.

The External A record that is already setup is sufficent.

A good idea is to instead of havig users connect via the VPN just to get email, why not configure Outlook over the internet.

Collapse -

Re: MX record

by christianshiflet In reply to MX record

I think his point was that having different addresses for contacting OWA inside versus outside the office was confusing some users. In order to allow using, for example, from within your LAN and off site your internal DNS server needs a forward lookup to know what IP address inside the LAN it should point to much like the external record works when off the LAN. It works as an internal alias and does not forward any traffic off of the LAN.

Collapse -

MX record

by Nimmo In reply to Re: MX record

Exactly my point you need a forward lookup to the internal mail servers address not the external domain address for local users to access Exchange. (local DNS is local)

You DNS zone that you modify to allow remote access wether it be OWA, remote access etc.. is done at the ISP level.

You simply login to your account and create the appropiate record.

If you create a record on your server pointing to an external address i.e., how are external users going to find the record when they are external?

Only local users are going to have access to the DNS, (unless they are using a VPN and even then they use the server.local address, that is why you create a record like server.local for internal users.

Collapse -

Re: mx record

by christianshiflet In reply to MX record

The OP was asking how to add an internal DNS entry that would allow access to the mail server, both on the LAN and from the Internet, using the same address ( My suggestion was to add an entry on the internal DNS server for their external domain to point to the internal (LAN) IP address with a name of "mail". That way when a user on the LAN (local) types in the local DNS server will direct them to the local IP address w/o ever hitting the WAN. Since external users are already using the address from the Internet, I would assume the external MX record already exists with the ISP.

External users will access the external DNS entry and hit the external IP address. LAN users will access the internal DNS entry and hit the internal IP address. All by entering the same address with DNS (internal or external, depending on the source) properly forwarding LAN and WAN traffic as needed.

Collapse -

MX record

by Nimmo In reply to Re: mx record

I have missread you on your first post I was under the impression you were saying to point the record for the internal users to the external domain name.

So my point was that if you do this your going to be sending requests out the domain then back to the mail server.

With the A record you are creating it will can only be the same as the external domain if the internal domain has the same name.

Because when you create the A record it will be appended with the internal domain name, if not you will need to create a new forward lookup zone.

Just a bit off topic but why do internal domain users need to use OWA anyway?

Collapse -

here's a technet article on managing OWA

by CG IT In reply to DNS Settings for OWA in A ...

Related Discussions

Related Forums