This is mainly to clarify what DNS records we need to implement Active Sync.
I have read the Deployement Guide a few times, looked at the examples, but I'm still not getting it.
We have a wildcard SSL cert for one of our domains that is used by several sites
using various Host names (A records) e.g apple.domainA.com, orange.domainA.com, etc
We plan to use the MailEnable Protocol site (in IIS7.5 )for this ActiveSync implementation,
configure it to use SSL, and give it a host name using this wildcard SSL cert and give it a domainA host header.
We have 5 domains using one Post Office in MailEnable.
Can I create one A (Host) record to use by both AutoDiscover and ActiveSync (e.g. eas.domainA.com) ?
Then when I create the SRV record does it point to that same Host ?
Or do I need separate A records (Host) for AutoDiscover and ActiveSync ?
If so then which of those Host names would I use for the SRV record ?
How do I point the other 4 domains I have to work with ActiveSync? What additional DNS records
will I need to create ?
Thanks,
Dan
DNS Records for Active Sync
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Re: DNS Records for Active Sync
This explains in detail as to what should be done:
http://msdn.microsoft.com/en-us/library ... =exchg.80)
Basically, you should configure as many autodiscovery vehicles as possible... but some of them obviously are not practical
SRV records are the simplest way to go, because once you have set up SSL and autodiscovery for an IIS web site, you can just create new SRV records for other domains. The problem with SRV records is that some older or non-compliant devices might not use that approach and may attempt to resolve by parsing the domain name and prepending autodiscover, etc (ie the "Perform text manipulations on the domain of the email address" method outlined in the article).
ie: setup a host record for http://autodiscover.maildomainname under the protocols site as well.
Ideally you would also create an SSL binding, but doing so will require a seperate IP per cert (and in a multi-tennant environment, thats unlikely unless you increase the rent).
Again though, to do it 'by the book' you should create autodiscover.domain host (A records) as well... but most devices use SRV just fine, so it should be enough.
Furthermore, the autodiscovery response can also point at a common activesync enabled SSL host (which is normally the same host as the autodiscover host).
Given what you have described, it seems appropriate to do this:
1. Configure an SSL host binding for https://eas.domainname under the Protocols web site.
2. also configure a host binding for http://autodiscover.domainname under the Protocols web site
3. If possible (given IP address/cert limitations), also configure an SSL host binding for https://autodiscover.domainname under the Protocols web site. As mentioned, doing this for SSL typically means burning an IP address and certificate - so its not viable in many cases.
4. For each domain you are hosting, create an SRV record that points to eas.domainname (needs to be SSL)
5. Ensure that mailenable answers autodiscovery requests to https://eas.domainname/Microsoft-Server-ActiveSync (using the EAS management utility)
http://msdn.microsoft.com/en-us/library ... =exchg.80)
Basically, you should configure as many autodiscovery vehicles as possible... but some of them obviously are not practical
SRV records are the simplest way to go, because once you have set up SSL and autodiscovery for an IIS web site, you can just create new SRV records for other domains. The problem with SRV records is that some older or non-compliant devices might not use that approach and may attempt to resolve by parsing the domain name and prepending autodiscover, etc (ie the "Perform text manipulations on the domain of the email address" method outlined in the article).
Yes, you should do this as a minumum. (But as the reference suggests above, it is best to also use the other methods as well).Can I create one A (Host) record to use by both AutoDiscover and ActiveSync (e.g. eas.domainA.com) ?
Then when I create the SRV record does it point to that same Host ?
ie: setup a host record for http://autodiscover.maildomainname under the protocols site as well.
Ideally you would also create an SSL binding, but doing so will require a seperate IP per cert (and in a multi-tennant environment, thats unlikely unless you increase the rent).
No, with the SRV approach, only a single SSL host/binding under IIS. You simply point the SRV records at that host.Or do I need separate A records (Host) for AutoDiscover and ActiveSync ? If so then which of those Host names would I use for the SRV record ?
Again though, to do it 'by the book' you should create autodiscover.domain host (A records) as well... but most devices use SRV just fine, so it should be enough.
Furthermore, the autodiscovery response can also point at a common activesync enabled SSL host (which is normally the same host as the autodiscover host).
Given what you have described, it seems appropriate to do this:
1. Configure an SSL host binding for https://eas.domainname under the Protocols web site.
2. also configure a host binding for http://autodiscover.domainname under the Protocols web site
3. If possible (given IP address/cert limitations), also configure an SSL host binding for https://autodiscover.domainname under the Protocols web site. As mentioned, doing this for SSL typically means burning an IP address and certificate - so its not viable in many cases.
4. For each domain you are hosting, create an SRV record that points to eas.domainname (needs to be SSL)
5. Ensure that mailenable answers autodiscovery requests to https://eas.domainname/Microsoft-Server-ActiveSync (using the EAS management utility)
Regards, Andrew
Re: DNS Records for Active Sync
Thanks for the response...
I get it ...
Thanks,
Dan
I get it ...
Thanks,
Dan