Exchange 2010 SP1 Multi-Tenant (Step 3 of 3)

Submitted by jdixon on Fri, 05/13/2011 - 5:08pm
Printer-friendly versionPDF version
Exchange 2010

Configuring Mailflow

 

Here is the issue. If you use DNS to route your mail then you will have a problem with sending emails between organizations. In order to make this work you must create a send connector that routes the traffic to and from the organizations. Another way to solve this problem is to use a smart host:

New-SendConnector -Name "Internet" -Usage "Custom" -AddressSpaces "SMTP:*;1" -IsScopedConnector $false -SmartHosts x.x.x.x,x.x.x.x -DNSRoutingEnabled $false -SmartHostAuthMechanism "None" -UseExternalDNSServersEnabled $false -SourceTransportServers "Exchange Server"

New Send Connector

 

Receive Connector:

 

Now we must tick the Anonymous box on the default receive connector so internet users can send to the Exchange Server:

Set-ReceiveConnector -PermissionGroups 'AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers' -Identity 'LABDCEX\Default LABDCEX'

Receive Connector

 

Setting External FQDN

 

Our next step will be to make sure we put the external FQDN on all of the virtual directories.

 

OWA:

Set-OwaVirtualDirectory -Identity "owa (default web site)" -ExternalUrl https://mail.exchange.lab/owa

 

ECP:

Set-EcpVirtualDirectory -Identity "ecp (default web site)"  -ExternalUrl https://mail.exchange.lab/ecp

 

Active Sync:

Set-ActiveSyncVirtualDirectory -identity "microsoft-server-activesync (default web site)" -ExternalUrl https://mail.exchange.lab/Microsoft-Server-Activesync

 

OAB:

Set-OabVirtualDirectory -identity "oab (default web site)" -ExternalUrl https://mail.exchange.lab/oab

 

 

AutoDiscover:

Now autodiscover is a little different with a multi-tenant deployment. The issue is you will have multiple domain names. Now we all know that autodiscover uses SSL certificates and we don’t want to buy a SSL certificate for every domain name we host.

Luckily there are two alternatives. One is you can use SRV records, and the other is autodiscover redirect. SRV records do have a problem though. Some devices may not check SRV records when trying to discover the email settings. I wasn’t able to get this to work on my iPhone, and Outlook 2007 requires a patch in order to make this work.

Your best bet is just to go with autodiscover redirect.

 

Bookmark/Search this post with

Submitted by ingram on Tue, 09/13/2011 - 12:17pm.

Here is a Microsoft Article that has descriptions of all the options to the New-SendConnector command:

http://technet.microsoft.com/en-us/library/aa998936.aspx

Use this a reference when creating your send connector, as you will likely have to modify the example.

Submitted by Tenant Backgrou... (not verified) on Mon, 10/29/2012 - 3:58am.

Very shortly this web site will be famous among all blogging and site-building viewers,
due to it's nice articles or reviews

Submitted by Jason Huebel (not verified) on Mon, 12/19/2011 - 3:07pm.

You mention autodiscover redirects, but don't provide a link to any additional information. Can you provide a link to TechNet information about Autodiscover Redirection?

Submitted by jdixon on Mon, 12/19/2011 - 6:15pm.

Here is a good link: http://technet.microsoft.com/en-us/library/bb310764.aspx 

 

Short version:

  • Configure autodiscover in hosted exchange for external address. Lets assume you put in: https://autodiscover.domain.com/autodiscover/autodiscover.xml
  • In IIS on another server (not exchange) create a new website or a folder called autodiscover. Create a blank file called autodiscover.xml in that folder. Lets call this server autodiscoverredirect.domain.com.
  • Disable HTTPS on that webserver
  • Configure IIS to redirect request to https://autodiscover.domain.com/autodiscover/autodiscover.xml
  • Create A-HOST record for autodiscoverredirect.domain.com to point to your new website IP
  • For each client create a CNAME record for autodiscover to point to autodiscoverredirect.domain.com

 

CNAME examples:

autodiscover.client1.com -> autodiscoverredirect.domain.com
autodiscover.client2.com -> autodiscoverredirect.domain.com

 

The client will query everything using HTTPS and then fall back to HTTP. This is why you must have HTTPS off on the new webserver. So when it hits the new web server using HTTP it will then be redirected back to your actual exchange server.

 

Note:

Exchange 2010 /hosting articles are out of date. DO NOT install and use /hosting unless you already have. Microsoft released SP2 which support ABP [Address Book Policies] that will allow you do what /hosting does pretty much. The /hosting switch will no longer be supported when Exchange 2010 goes. Migrating from /hosting to SP2 is difficult and I personally have not done it yet. It requires a forest migration..

I would just stay away from /hosting

Submitted by garth on Thu, 10/11/2012 - 5:45pm.

I can't get mail.client1.com to go to its own secured OWA site unless I manually enter "https://mail.client1.com/owa".
It just goes to my https://lab.exchange.com/owa site which works for login but, I'd rather it wasn't presented, and instead showed the client's HTTPS OWA address.

I'd like to make it so that by default when you enter mail.client1.com it redirects to the HTTPS OWA website. Is there any way to do that perhaps?

Post new comment

Like this article?? Check out these:

Exchange 2010 SP1 Multi-Tenant (Step 1 of 3)
Exchange 2010 SP1 Multi-Tenant (Step 2 of 3)
Removing an Organization (Remove-Organization)
Creating Tenants for Exchange 2010 SP2 Multi Tenant

User login

Did you find this tutorial useful?

To assist with the bills and the author's time, please consider making a donation. Any amount helps:

Privacy Policy

support @ itswapshop . com