SBS 2003 - Required DNS Records?

Major_Disaster · 24 Nov 2009 at 19:05

Hey,

Im trying to setup a test version of SBS 2003 R2, using VMware Workstation 7 (Windows 7 x64 is the host).

I set up the SBS VM with the, say, domain.local. The domain that i want to use with this (for email, VPN and RWW) is domain.co.uk. On the host where domain.co.uk is hosted, i have setup the following DNS records:

I have gone through the install fine, i then went on to using the configuartion wizards to set up email, VPN and RWW. In the connect to internet and email wizard, i created the web server certificate as: servername.domain.co.uk

I have set up appropiate port forwarding rules in my router (Netgear DG834PN).

First of all, do the DNS records look correct? Do i need any more?

Can someone explain, the @ in the MX record (and the @ in the A record)?

Further, i do not see understand if i have to have my mail.domain.co.uk match my servername.domain.co.uk - does that make sense?

Sorry for the confusing question, please ask anything that i didnt make clear.

Cheers

DustyMiller · 24 Nov 2009 at 19:39

Right fordt things first.

The @ is a wild card, which basically says anything not explicitly defined goes to the @ address.

your mx record needs to point to the public IP address on your router, which has thhe SMTP port forward rule set to point to your email server. Again the @ is a wild card, as you can have multiple routes each with their own costs for fail over.

DustyMiller · 24 Nov 2009 at 19:40

in your config delete the mail entry, from the first section, and add it to the thrid, where you add mx records for your host.

Major_Disaster · 24 Nov 2009 at 20:02

Appreciate the response. Understand the @ now, i think!

As i understand it, however, i need an MX record pointing to my mailserver, and then an A record for the mail server resolving to an IP address... which is what i have?

Its just that i cant get RWW to work, and its starting to really grind my gears!

DustyMiller · 24 Nov 2009 at 20:35

are your forwarding port 4125 to the server, that is the RWW session. You can also add 3389 for the RDP session to the internal server.

you only need one MX record for the mail to work, the rest is for other traffic, mail servers llok for MX records, not A records.

malman · 25 Nov 2009 at 16:11

when you ran the wizard it would have asked for the external dns name of your server.

so you need an A record in your dns of servername.domain.co.uk otherwise you will get certificate errors other than the self signed ones you will get anyway

on your router you need to forward 25,443 and 4125 to the internal ip of the server from your public IP. For pptp vpn you need 1723 and GRE or a pptp application proxy forward on the router to you internal IP

you should then be able to go to https://servername.domain.co.uk/remote and get the RWW login page 4125 is only needed when it launches the remote desktop items.

https://servename.domain.co.uk/exchange will get you directly to Outlook Web Access

Major_Disaster · 25 Nov 2009 at 17:59

Thanks for the replies.

Thats exactly what im confused about, in the CEICW, where you are asked to create a web server certificate - what is the FQDN of my sever?

For example, looking at this guide, mail.sbstest.com is used as the FQDN to create the certificate, but earlier in the same guide the name of the server is set as "SBS" - so shouldnt they use sbs.sbstest.com for example, or is the FQDN that i choose in a way completely arbitrary, as long as i have an A record to match?

I have forwarded the ports (and it still doesnt work, but i want to get this clear first). So, sorry for being dense, but do i need:

Server Name: servername
Local Domain: domain.local
Internet Domain: domain.co.uk
CIECW FQDN: servername.domain.co.uk
MX record: servername.domain.co.uk
A record: servername.domain.co.uk pointing to External IP

And finally, could i have all the above settings, but say change the MX record to: mail.domain.co.uk and then have a matching A record, so, for example email would be routed through mail.domain.co.uk and RWW etc would be servername.domain.co.uk

Sorry for being so long winded!

malman · 25 Nov 2009 at 18:13

in a word YES

example I tend to use portal.domain.co.uk for remote web / owa etc and mail.domain.co.uk for smtp server.

I take it you have waited for the DNS records to become live (can take a while)

http://www.kloth.net/services/nslookup.php
enter the fqdn of the server in the domain box and it should resolve to the public address of your router - if it does I would be checking the port forward is setup correctly

Major_Disaster · 25 Nov 2009 at 19:34

Thanks for bearing with me. Im going to setup as you reccomend and then wait for the DNS to propogate over the next 24 hours. So, to confirm, once and for all!

Server Name: servername
Local Domain: domain.local
Internet Domain: domain.co.uk
CIECW FQDN: portal.domain.co.uk
MX record: mail.domain.co.uk
A record: mail.domain.co.uk pointing to External IP
A record: portal.domain.co.uk pointing to External IP

Is that correct? Sorry for pulling teeth!

Edit: I have a attached a screenshot of the DNS control panel to make doubley sure. 78.xxx.xxx.xxx is the external IP of the router (195.xxx.xxx.xxx is the IP used for web hosting - which is unrelated to any of this).

malman · 26 Nov 2009 at 13:38

as dustymiller said dump the @ MX record then underneath enter what you need

hard to say what that particular control panel requires but

domain.co.uk. (note the dot on the end - some control panels will add if missing) 10 (priority) mail.domain.co.uk (a record defined earlier)

should do the trick

Major_Disaster · 26 Nov 2009 at 22:40

Hey,

I cant seem to get rid of the @ in the MX record - even if i leave the field blank a @ is automatically inseted when i update the DNS.

I think ive already got what you say (including the dot).

The problem is if i enter portal.domain.co.uk, or send an email to domain.co.uk i get a message logged in the router's interface along the lines of:

Thu, 2009-11-26 22:38:59 - TCP Packet - Source:192.168.0.2,55695 Destination:78.***.***.***,443 - [HTTPS rule match]

Thu, 2009-11-26 20:10:07 - TCP Packet - Source:144.82.100.156,47888 Destination:78.***.***.***,25 - [SMTP rule match]

So the requests are reaching the router, but either the browser says "The connection has timed out" or no email is ever received.

Whats going on?

DustyMiller · 27 Nov 2009 at 07:43

Have you got a port forward rulel set on the router to forward the SMTP packets on to your email servers internal IP address ???

malman · 27 Nov 2009 at 11:18

Looks like the port forward rules aren't right/working. you are testing the protal.domain.co.uk from the internal network and some routers won't loop back through the port forward engine but yours looks like it is as you are getting log entries so it should work

http://www.networkactiv.com/PIAFCTM.html
thats a packet sniffer - quite small and should run on the server ok. run it and see if the packets make it to your server

Major_Disaster · 27 Nov 2009 at 12:18

Hey guys,

I really appreciates all the help but I finally managed to crack it! I was going crazy because I knew my port forwarding rules were set up correctly, so I simply went to a previous snap shot of the vm (before I ran CEICW) and ran it once more and suddenly every thing worked! Looks like rerunning the wizard over and over isn't the thing to do!

On a side note, just curious about how I would go
about setting up some dns so users could type:

owa.domain.co.uk and being sent to portal.domain.co.uk/reomote
rww.domain.co.uk and being sent to portal.domain.co.uk/exchange

Can this be done? Does it require CNAMEs?

Thanks again for all your help. Much appreciated.

malman · 2 Dec 2009 at 12:10

no can't be done with cnames alone. There are a couple of ways of doing it but if you are using https then it can't be done with host headers so requires 2 or 3 IP addresses

one for each host name portal,owa,rww

There is a link to the OWA page on the RWW page already though. If you want peopl to go directly to the OWA page I normally send them a favourite/bookmark