Lets see what are the Public DNS records we need to Configure for Exchange 2013/Exchange 2016 (Client Access / mail flow / Autodiscover)
Create A record – Mail.CareExchange.in
and point to the Exchange 2013 Server or Exchange 2016 Server .
If the server is load balanced – You will have to point to the VIP (Virtual IP of the load balancer)
Which will be the internet facing server for your Webmail and all other URLs
Create a A Record – autodiscover.careexchange.in
and point to the Exchange 2013 Server or Exchange 2016 Server .
If the server is load balanced – You will have to point to the VIP (Virtual IP of the load balancer)
Which will be the internet facing server for your Webmail and all other URLs
Which will serve your outlook and Active Sync phones to send configuration settings automatically.
Create a MX record – and point to the A record you created above for small businesses
Which will serve your mail flow
if you are going to use any Cloud based anti – spam or Anti-Spam Appliances . you will have to point it to their DNS Records or your Anti-spam Appliances.
Required Public IPs – 1
Required Public IPs with One Anti-Spam Server – 2
Ports need to be Opened on the firewall
Ports for HTTPS – 443
Port for Mail flow – 25
POP3 – port 110
IMAP – port 143
SMTP – port 25
HTTP – port 80
Secure IMAP (IMAP4-SSL) – port 585
IMAP4 over SSL (IMAPS) – port 993
Secure POP3 (SSL-POP) – port 995
Secure SMTP (SSMTP) – port 465 | Exchange specifically does not support SMTPS (implicit TLS)
Updated – Download as Excel Sheet
Note :
If you want to Split Mail flow and Outlook Web App URL. you can also do that .
You can have outlook web app and other URL’s has mail.careexchange.in
and for mail flow you can have mx.careexchange.in
by doing this – the advantage you can re route your mail flow anytime without disturbing anything .
For Reference :
Lets see a practical scenario on create DNS records with one of the public DNS providers
HOST A records – mail.testcareexchange.biz
HOST A records – autodiscover.careexchange.biz
MX Records – Testcareexchange.biz
Note : Mail is delivered to the mail exchange server with the lowest preference number (highest priority)
Thank you .
Hope the article was informative 
){kind=link}
hey,
i have windows NLB for 2 exchange 2013 Cas servers with one virtual ip, inside. and one public ip from out side. will it work fine as i want to point port 443 and 25 to single Vip..i am using hardware firewall only.
your quick response will be highly admire.
regards
movi
It will Work With Single VIP too .
Dear satheshwaran,
I installed exchange 2013 and configured well. I can access OWA and mobile outlook, but desktop outlook client with 2013, 2016 always prompted enter user name and password ( credentials). Even I checked and clear credentials manager from the system.
Will you advise what will be the most possibility to resolve this issue..
Have you setup an auto-discover record and outlook anywhere setting?
Shouldn’t an SPF record also be included? Great post, helped simplify my diagram 🙂
Yes , Its optional.
Will Included it .
Hi,
We are setting Note 10,000 Note users to migrate to Exch2013 hosted using Quest. I am wondering that Quest cannot migrate data directly to exchange (hosted) because when objects created with Quest they are not supported by default.
How we go about migrate from 3rd party to exchange hosted ?
thank you in advance
sanong
If you are planning for hosted exchange. Service providers will have integration with hosted exchange and migration tools.
So its going to work with ease . As Services providers control panel can understand migration tools.
Hello,
Thanks for the post. We have multiple smtp domains, do i need to add autodiscover cname record for each smtp domain on external dns ?
You should check for SRV method or Autodiscoverredirect method.
Autodiscover redirect method is recommended . but it requires an additional public IP.
search Autodiscoverredirect in website. you can see the Multi-tenant article.
Thank you.
i am facing a problem of SMTP eror in our exchange server 2013,i am not receiving mails from other mails(gmail,hotmail……) what i do plz tell me the solution i am wating
other external domains are working ? ,
hi:
external mails not receiving in my exchange server 2013 plz guide what is the problem
Things to check
Specific MX properly.
Port 25 should be open.
Accepted domain is added.
Free space in the mailbox with proper email address
Hi Manoharan,
I’m trying to follow the configuration of an exchange server that I implemented at home.
-I Do not have a public IP, I lean on a service Dynamc dns, for ex: home.ns0.net and it is updated with my dynamic ip.
-I Have been a public DNS name exchangehome01.net on a service provider so I can link the Dynamic DNS service to the public records that I will create.
When you say:
Create A record – Mail.CareExchange.in
and point to the Exchange 2013 Server
in my case Exchange Server is over the dynamicdns service home.ns0.net so I cant’ create a Record A that point on Exchange Server because the record A support only Ip Address, I have to link the record A to the name home.ns0.net which is the DynDns service.
Is there a solution for that, and after this first configuration how can I proceed?
What about newly introduced DKIM and DMARC?how do we add them?
pls for the A record in the public dns is the local IP address oe the public ip address
thanks
First of all very thankful to you for posting the above information.
I have setup exchange server 2013((xyz.local) in my local internal server ip 192.168.1.10 and i want access exchange server externally with “xyz.com”.
Can you please let me know the procedure for where can i add my external domain xyz.com in exchange server and which records i need to create in public DNS server and how to map to local internal exchange server..
I am writing the step wise procedure to configure the external dns setup if u find any mistake please rectify it
my public DNS is http://www.xyz.com registred by godaddy.com and have static ip from ISP as 182.76.93.1
1} I need to port forward the below ports from static ip 182.76.93.1 to my local exchange server local ip 192.168.1.10
Ports for HTTPS – 443
Port for Mail flow – 25
POP3 – port 110
IMAP – port 143
SMTP – port 25
HTTP – port 80
Secure SMTP (SSMTP) – port 465
Secure IMAP (IMAP4-SSL) – port 585
IMAP4 over SSL (IMAPS) – port 993
Secure POP3 (SSL-POP) – port 995
2) To access the godaddy.com controal pane and create a host A record http://www.xyz.com.com and associate the static ip 182.76.93.1 to it.
3) then i create a MX record mail.xyz.com associate it with A record.
4) For outlook anywhere i create a A host record owa.xyz.com 182.76.93.1.
This step is ok for external dns setup or anything else is needed.or do i need create DNS records in my local DNS server xyz.local.
Create in accepted domain in ECP – make it authoritative.
Hi Satheshwaran,
I wonder if you would help me. My internal domain is named Wynbergallen.org. (Not local :()
I have installed exchange 2013 on a server called mailserver. Outgoing mail works fine.
I want to direct mail To the exchange server using one of our external domain names, also called Wynbergallen.org. Mailserver has a static external ip.
Can this setup work and if yes, what mx entries , A host records etc need to be configured??
I’m lost and have no idea whatsoever now.
Create a A record called — Mail.Wynbergallen.org pointing to your public IP
Now point your MX to Mail.Wynbergallen.org with Lesser priority(Lesser takes precedence.)
Hi
I implemented Exch Svr 2013, and everything was well configured, and I ve got a public IP of which I have added as an A record to our Corp Web Svr Cpanel DNS, the MX entry was correctly set and mails are dropping in.
but my problem is that we can not connect to the server with a client (mobile or PC) outside our domain ie (office network) using outlook or any other mail client software. once outlook tries to connect, it keep showing username and password errror.
Pls what can I do?
Make sure certificates are configured
http://www.careexchange.in/configuring-3rd-party-ssl-exchange-certificate-in-exchange-2013/
Make sure Outlook anywhere is configured
http://www.careexchange.in/how-to-configuretroubleshoot-exchange-2013-outlook-anywhere-with-outlook-2013/
any idea what software to install for best anti spam and antivirus on the exchange 2013 server. i don’t want a cloud solution. i just want a software i can install on the server to scan for spam and viruses locally to go very quick and to keep all the mail to my own server
Cisco Iron Port – Trend Micro IMSVA virtual Appliance (Not for Large 1500+ Environments) decent products.
Hi,
On my Exchange Server 2013 I can send and receive internally. However, when I send externally, it is sent from the mail (even under the sent folder) but the end user doesn’t receive it. I have also tried to send from my personal gmail account to the mailbox but I get a bounce back. So, internally everything is fine, whereas externally I am having problems. I NEED YOUR HELP PLEASE!
THANKS IN ADVANCE
Check you have a valid send connector (Dropping to internet or a Smart host). Make sure your Port 25 works from External world. Make sure MX is configured properly.
the public DNS is very confusing and you simplified it very well, many thanks for the article
Thank you Ahmed
I would add a reverse mx recorded as well.
Or revervse ptr.
Companies are blocking email without this.
you can request your IP provider to do that . but its not the case all the times.
Hi Satheshwaran Manoharan,
I have on-primise Exchange 2013 server with DAG configured with two copies. Inbound mails which flow through email security. I have firewall TP LInk and two ISPs one is comcast and other one is AT&T. Now the problem is I want to have Hight availability on ISP, like one ISP goes down other must take over and we must recieve and send mails.
Naveen
Have 4 Mx . 2 on each ISP. same priority , Round robin,
You have to use solutions like F5 GTM . and point Name servers to this to achieve the same. (disadvantage of this is Solutions like anti-spam may not work properly as all source emails will be from f5 ip.
Hi Expert
I have on-primise Exchange 2013 server with DAG configured with two copies. Inbound mails which flow through email security. I have firewall TP LInk and two ISPs one is comcast and other one is AT&T. Now the problem is I want to have Hight availability on ISP, like one ISP goes down other must take over and we must recieve and send mails.
Naveen
Hi
I added accepted domain on my exchange control panel “ecp”
I want to know how to configure the new accepted domain in public DNS server. what records I have to add.
I have a problem that when someone send email to the newly added domain, he get error message says no such a user or user unknown
Hi
I added accepted domain on my exchange control panel “ecp”
I want to know how to configure the new accepted domain in public DNS server. what records I have to add.
I have a problem that when someone send email to the newly added domain, he get error message says no such a user or user unknown
Hi Satheshwaran Manoharan,
My queston is far from this topic, but it is related to exchange server 2010 or 2013. Since I am a be ginner, i would like to ask on how to purchase license of exchange server. Is it the license per device or per user of exchange server? What is the difference of both licenses?
CAL based.
Number of Users.
Hi Satheshwaran Manohram,
I have configured new exchange server 2016 in my organization.
My question is that which types of record will have to create on godady public DNS lets suppose my domain name is veltestdc.in and external Public IP address is 185.154.3.109.
its need to be create record for the smtp,IMAP and POP separately?
Your valuable reply on above will be greatly appreciated.
MX and A record will take care everything.
for POP if you want to use as Pop.careexchange.in then you need to create a A record seperately.
to simplify you can use mail.careexchange.in for everything . which simplify your life.has pop imap not used much nowadays.
Many Thanks or your valuable response.
Can we use Self sign certificate for OWA,Outlook anywhere and auto discover/active sync?
Yes. But Makes life very hard.
External SSL makes life a lot easier.
Getting the cert assigning on each device not a easy task at all.
Good morning,
I just setup an exchange 2013 CU15 but was unable to send outbound mail
Create Send Connector.
Good evening, I would be grateful if you could me out. I just set up exchange server 2013 CU15. The configuration is below:
Mailbox and Client Access on same server: 10.0.0.20
Edge Server : 10.0.0.14
Edge transfer already synchronized with the client access/mailbox server successfully.
I still find it difficult to send mail outside. Do I still need a create a SEND Connector despite the fact that there is an Edge Synchronization (which has already create two send connectors on the client access/mailbox server.
Also how do I setup Public and Internal DNS Records?
Thanks
On a subscribed Edge Transport server, the default Receive connector is configured to listen for connections from internal Mailbox servers in the subscribed Active Directory site and anonymous connections from the Internet. After the message is categorized by the Transport service on the Edge Transport server, the message is queued locally for delivery to the Internet by using the dedicated Send connector that’s created during the Edge Subscription.
https://technet.microsoft.com/en-us/library/aa998825(v=exchg.150).aspx
Edge Subscriptions should be sufficient.
Hi,
We have two cas server and two mailbox server. we have two ISP in our data center. The exchange service published through one ISP. (both the ISPs configured in our domain PTR records). we need to use another ISP as a backup link (two MX records) for mail send and receive. Is it possible? if yes plz share the details.
Two ISPs, Two Mx Records , Two Public Ips. Read about MX preference.
Thank you for the insightful article. We are changing the domain name due to a rebrand. running exchange 2013 and AD 2008. Any tips to go with
Accepted Domain
Email Address Policies.
Mailboxes which are not applied with Email Address Policies.
Autodiscover Record in the certificate.
This is what i can think of.
Hai,
I am a beginner to exchange, I have a doubt regarding sending mails to external. In created a free domain and hosted that domain. Now advice me on where I should create the DNS files either on exchange server or in the place where I hosted my domain. And how to point it to my exchange server… Expecting your support. Thanks
Hai Everybody,
My doubt is regarding DNS records, for example I configured a exchange server and bought a domain and published it. Now query is regarding on how to point my server to external domain. For this purpose did I need to configure edge transport.
You need a public IP and DNS from your hosting Domain Provider ( Public DNS)
Thanks for your valuable answer. I have only dynamic public IP because I am using BSNL broadband. And kindly advice the records that needed to be created in Public DNS.
If this is just for testing and learning . Check http://dyn.com/dns/
Definitely believe that which you stated. Your favorite reason appeared to be on the web the
simplest thing to be aware of. I say to you, I certainly get
irked while people consider worries that they
just don’t know about. You managed to hit the nail upon the top and also defined out the
whole thing without having side-effects , people could take a signal.
Will likely be back to get more. Thanks
Hi,
I am hoping you can help me out with this scenario. I have Server 2012 R2 on my host PC. The Server is a Domain Controller with “domain name.local”. I recently installed Exchange 2013 and after installation “https://server_name.domain _name/ecp” will default to OWA, and all login fails with either error 500 or invalid username or password.
“https://server_name/ecp have the same result.
1. How can I gain access to ECP
2. Can a .local domain work with Exchange Server ?
Thanks.
yes it should work with .local.
Hi Sateshwaran,
I have impletemented MS Exchange 2013 I am trying to create new Send Connector but it is not appearing please reply how to solve this issue
Check in PowerShell . Get-SendConnector
Our exchange server is hosted in different domain and we would like our internal clients to access it or get their outlook clients connected through the public DNS, the problem is we can only resolve to the internal exchange server not to the public IP so my question is how i can point my DNS server to resolve the external exchange sever to the public DNS, another point, if I put my primary forwarder on the DNS server to the public google DNS, i can resolve the external exchange server to the public DNS. But I can’t reolve it if I return it my forwarders to the internal DNS severs IPs. Please guide me on how to fix this issue.
Our domain name is : a.b.c.com
exchange server name: mail.g.c.com
Our exchange is hosted in our parent domain, out of our internal network.
in our child domain we have an internal DNS which is where i want to create a pointer or record for the Public IP of the exchange sever.
In our DNS Sever we don’t have a forwarder to our exchange domain but it’s coming to us as an integrated AD forwarder from parent so when i want to create an a record , it will craete it attached to the inetranl domain name : mail.g.c.com.a.b.c.com but i want to create a record like this only mail.g.c.com
How I can do that?
Create a New Zone. As you wish.
dear bro,
I’m using Microsoft Exchange 2013. When I sent to other Email address (eg;gmail,Hotmail). my email always going to spam box. how can I do? Thanks for you help 🙂
Add SPF Record.
Check for Blacklists of your Public IP.
I’m trying to create a lab with 4 dag members, i have godaddy. I have configured external URL’s and virtual directories on the exchange servers… what do I need to do at the registrar? When I do MX lookup on my domain it doesn’t see the IP address of the A Record
you have to Update in GOdaddy DNS.
Dear Sir,
we have a problem in exchange server 2013 i have register domain name & configure DNS MX record mail come from outside
but not send in outside like gmail
Very good post.
I love it when folks ?ome together and share views. Great website,
stick ?ith ?t!
Hi Satheshwaran,
I see the above article is very much helpful in setting up exchange org.
I have done complete setup as best practices given above. I have Public DNS hosted in Bigrock.in.
In my lab setup.. incoming and outgoing mail flow is working within exchange org and also to and fro external mail domain like gmail, yahoo etc…
I am using DDNS noip.org which is taking care of my dynamic public IP.
The only problem I see is .. I am not able to access OWA link https://mail.xyz.com/owa from internet but works in intranet. I do have SSL third party certificate with mail.xyz.com and autodiscover.xyz.com SAN entries installed on exchange 2016 server for IIS,SMTP,POP,IMAP services.
Appreciate you help on this with what configuration I am missing .
Hi Satheshwaran,
I see the above article is very much helpful in setting up exchange org.
I have done complete setup as best practices given above. I have Public DNS hosted in Bigrock.in.
In my lab setup.. incoming and outgoing mail flow is working within exchange org and also to and fro external mail domain like gmail, yahoo etc…
I am using DDNS noip.org which is taking care of my dynamic public IP.
The only problem I see is .. I am not able to access OWA link https://mail.xyz.com/owa from internet but works in intranet. I do have SSL third party certificate with mail.xyz.com and autodiscover.xyz.com SAN entries installed on exchange 2016 server for IIS,SMTP,POP,IMAP services.
Appreciate you help on this with what configuration I am missing .
I have the same issue
Hello sir please can you tell me how you configure your ddns no-ip because I still can not find the video in the Internet. I need a slow learner explanation…. Thank you
Dear satheshwaran,
I installed exchange 2013 and configured well. I can access OWA and mobile outlook, but desktop outlook client with 2013, 2016 always prompted enter user name and password ( credentials). Even I checked and clear credentials manager from the system.
Will you advise what will be the most possibility to resolve this issue..