DNS Records for Active Sync

aram
Posts: 26
Joined: Mon Aug 01, 2011 4:43 pm

DNS Records for Active Sync

Postby aram » Tue Jun 19, 2012 7:48 pm

This is mainly to clarify what DNS records we need to implement Active Sync.
I have read the Deployement Guide a few times, looked at the examples, but I'm still not getting it.

We have a wildcard SSL cert for one of our domains that is used by several sites
using various Host names (A records) e.g apple.domainA.com, orange.domainA.com, etc

We plan to use the MailEnable Protocol site (in IIS7.5 )for this ActiveSync implementation,
configure it to use SSL, and give it a host name using this wildcard SSL cert and give it a domainA host header.
We have 5 domains using one Post Office in MailEnable.

Can I create one A (Host) record to use by both AutoDiscover and ActiveSync (e.g. eas.domainA.com) ?
Then when I create the SRV record does it point to that same Host ?

Or do I need separate A records (Host) for AutoDiscover and ActiveSync ?
If so then which of those Host names would I use for the SRV record ?

How do I point the other 4 domains I have to work with ActiveSync? What additional DNS records
will I need to create ?

Thanks,
Dan

MailEnable
Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Re: DNS Records for Active Sync

Postby MailEnable » Wed Jun 20, 2012 5:20 am

This explains in detail as to what should be done:
http://msdn.microsoft.com/en-us/library ... v=exchg.80)

Basically, you should configure as many autodiscovery vehicles as possible... but some of them obviously are not practical

SRV records are the simplest way to go, because once you have set up SSL and autodiscovery for an IIS web site, you can just create new SRV records for other domains. The problem with SRV records is that some older or non-compliant devices might not use that approach and may attempt to resolve by parsing the domain name and prepending autodiscover, etc (ie the "Perform text manipulations on the domain of the email address" method outlined in the article).

Can I create one A (Host) record to use by both AutoDiscover and ActiveSync (e.g. eas.domainA.com) ?
Then when I create the SRV record does it point to that same Host ?

Yes, you should do this as a minumum. (But as the reference suggests above, it is best to also use the other methods as well).
ie: setup a host record for http://autodiscover.maildomainname under the protocols site as well.
Ideally you would also create an SSL binding, but doing so will require a seperate IP per cert (and in a multi-tennant environment, thats unlikely unless you increase the rent).

Or do I need separate A records (Host) for AutoDiscover and ActiveSync ? If so then which of those Host names would I use for the SRV record ?


No, with the SRV approach, only a single SSL host/binding under IIS. You simply point the SRV records at that host.
Again though, to do it 'by the book' you should create autodiscover.domain host (A records) as well... but most devices use SRV just fine, so it should be enough.

Furthermore, the autodiscovery response can also point at a common activesync enabled SSL host (which is normally the same host as the autodiscover host).

Given what you have described, it seems appropriate to do this:

1. Configure an SSL host binding for https://eas.domainname under the Protocols web site.
2. also configure a host binding for http://autodiscover.domainname under the Protocols web site
3. If possible (given IP address/cert limitations), also configure an SSL host binding for https://autodiscover.domainname under the Protocols web site. As mentioned, doing this for SSL typically means burning an IP address and certificate - so its not viable in many cases.
4. For each domain you are hosting, create an SRV record that points to eas.domainname (needs to be SSL)
5. Ensure that mailenable answers autodiscovery requests to https://eas.domainname/Microsoft-Server-ActiveSync (using the EAS management utility)
Regards, Andrew

aram
Posts: 26
Joined: Mon Aug 01, 2011 4:43 pm

Re: DNS Records for Active Sync

Postby aram » Mon Jun 25, 2012 5:35 pm

Thanks for the response...
I get it ...
Thanks,
Dan

Who is online

Users browsing this forum: No registered users and 1 guest