Trying to bring MAPI online. DNS and WWW issue.
Question asked by Jeff Davis - 7/22/2020 at 11:53 AM
Unanswered
So we have decided to move towards MAPI. In moving that direction I went from having one domain on server to a split domain to try to get MAPI working.  So far I have not gotten the MAPI working because I am stuck with DNS and WWW issues.

Oringially, We have a company website hosted on networksolutions.  We also hosted the email with them.  But because of rising email space costs and wanting to have a exchange type server with funtionality of calendar and such we decided to bring email inhouse a couple years back with Smartermail.  Our people like Outlook here, so we went with EAS addon. It has been pretty easy to work with and has pretty much just ran without many issues.

Well after some recent upgrades to SmarterMail and the fact that SmarterTools has decided to no longer supporting/troubleshooting EAS issues related to Outlook on desktop. The reason for this change in their policy is because Microsoft has ended support for EAS connections to Outlook altogether.

You can read more about it here -



So we have started to bring MAPI online. Unfortunately I have hit some challenges with the local and external DNS.  I was hoping someone might be able to help me to clear up the issues. 

hosted domain - www.straughntrout.com
internal domain - stanet.internal

It was running fine with just that with EAS and Outlook, include Lets'Cypt.

But then when I started to move toward setup MAPI I was unable to get the MAPI to work.  In working with the DNS, I decided to try to setup split DNS to help route the correct domin locally.  Fast forward, at this point I have been able to get MAPI to put up a Login and a password for authentication, but would not authentication.

I have tried just about everything that I can think of to get the DNS correct, but I am now knocking my head on the wall at this point.

I have currently have the following -
Windows Server 2019 Standard
SmarterMail Enterprise Version - 100.0.7459.31221
DNS - (split)
internal (local split) - stanet.internal
internal (ext split) - straughntrout.com
hosted domain - www.straughntrout.com

I will attach a couple of pictures to help for visual.
Thanks,
Jeff

7 Replies

Reply to Thread
1
Urs Replied
Hi Jeff

mail. is an A record, so means you should query MX only for the plain domain straughntrout.com
mail.straughntrout.com will then be the reply.

For the autodiscover stuff I did following:
- create a SRV record for your main mailserver
- check that either autodiscover.xydomain.com does not resolve at all or set the host name in mailserver and have a valid certificate for autodiscover.xydomain.com too
If you have several domains on same mailserver you would need a let's encrypt cert for each name then.

You can generate a let's encrypt cert with max. 100 names in it, so i.e. you can make up to 33 domains with each 3 names like
- autodiscover.xymailserver.ch


If you use wacs(https://www.win-acme.com/ ) you can use such command
wacs.exe --target iis --siteid 2 --host-pattern xymailserver.com,xzmailserver.com,autodiscover.*.*,webmail.*.*, --acl-fullcontrol "network service,administrators" --emailaddress tech@mydomain.ch --accepttos

make sure first add host headers in IIS site bindings before running wacs and using correct SiteID
Check https://www.win-acme.com/reference/cli for more parameters

regards Urs
0
Heimir Eidskrem Replied
Urs,
Going off topic but following your comment.

33 domains using the setup as mentioned.
I assume we can add another IP to the server and do another 33 the same way as you mentioned.

We are in the transition to a new server with ver 17.


1
Urs Replied
Hello Heimir

guess that should be possible and then define those domains to run on additional ip and set all bindings for it.

I did plan another strategy, as the mailserver seems only for its own SSL bindings to need a SSL cert:
- create a neutral mailserver site for all those small domains not requiring a own site url(make sure autodiscover. does not resolve at all for them and only use a SRV record, otherwise you will get invalid certificate warnings)
- create only for the real mailserver names a certificate, so I can have up to 99 additional separate server names
- for autodiscover. and webmail. etc. created additional separate certificates which will be used then for IIS bindings only

But it is allways some try and error with it, as still many things are open to fix in new release.
SM Team seems working really hard on it... currently I am not sure if I will really switch in next weeks to new release.

good luck
0
Heimir Eidskrem Replied
Urs,
Thank you for answering.
Have you made your solution work with Outlook 2019, Iphones, and android too?

Tried that but it seems fail autodisocovery on several devices.


2
Urs Replied
As told - there still seem several issues, i.e. with actual build I get now
"The EXCH provider section is missing from the Autodiscover" response when testing over https://testconnectivity.microsoft.com/tests/exchange ;
And the section really isn't there in output - waiting now for ticket response.

And there are some other issues like MAPI folders not showing in localized language etc.

And I also get the "Array dimensions exceeded supported range." with actual 7503 build.

So I am still sorting out all things to get finally a consistent running config.
Hope SM Team makes good progress, but for now I am not ready to move my customers there, they would kill me with tickets...


0
Jason Earle Replied
Following. Any updates?

Jason Earle

IT Systems Administrator
JCL Investments Inc. | https://www.jclinc.ca
0
Urs Replied
Hi Jason
there is another thread with SM response.
Looks SM implementation is little bit different and MS tester will always fail.


regards Urs

Reply to Thread