Changes that the IAMW makes

Article
04/14/2009

Updated: March 10, 2009

Applies To: Windows SBS 2008

Domain Name Service (DNS)

External DNS

When you run the Internet Address Management Wizard (IAMW), if you choose I want the server to manage the domain name for me, the following Internet DNS records are created by the wizard and are registered at the partner registrar.

Host (A) resource record. Maps the remote.<YourDomainName>.com Web site to the IP address of the external network adapter on your router.
Mail exchanger (MX) resource record. Maps the e-mail domain name (@<YourdomainName>, for example @contoso.com) to the host (A) resource record. This directs the e-mail that is sent to users on your network to the external IP address on your router.
Text (TXT) resource record. Used to define Sender Policy Framework (SPF) information. For information about SPF, see “The Sender ID Framework: An Overview and Implementation Update” at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=135500).
Service location (SRV) resource record. Used with Outlook 2007 and Exchange Server 2007 in conjunction with the AutoDiscover service. The SRV resource record (_autodiscover._tcp.FQDN) points to the host (A) resource record on port 443. For information about service location (SRV) resource records, see “A new feature is available that enables Outlook 2007 to use DNS Service Location (SRV) records to locate the Exchange Autodiscover service” at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=135503).

If you choose I want to manage the domain myself, you must manually create and maintain these records with your DNS registrar.

Internal DNS

When you run the IAMW, the Forward lookup zone is created locally in Windows SBS 2008 and points to remote.<YourDomainName>.Extension with the following records:

Start of authority (SOA) resource record. Points to the internal fully qualified domain name (FQDN) of the server that is running Windows SBS 2008, for example server.contoso.local.
Name service (NS) resource record. Points to the FQDN of the server that is running Windows SBS 2008.
Host (A) resource record Points to the IP address of the server that is running Windows SBS 2008.

Dynamic DNS

To keep external DNS records up-to-date, Windows SBS 2008 connects to the partner registrar that is hosting the domain name and the DNS records, and then it uses the Dynamic DNS Client service to query the IP address of the external domain. If the IP address has changed, the service uses the new IP address in a second call to update the host (A) resource record for the domain.

After the Windows SBS 2008 installation finishes, the Dynamic DNS Client service is inactive until you run the IAMW to configure your domain. After the wizard finishes, the service is set to automatic, and it queries the registrar every 10 minutes by default.

The Dynamic DNS Service ensures that the following are true:

The host (A) resource record points to the correct IP address.
The mail exchanger (MX) resource record points to the correct e-mail domain.
The text (TXT) resource record is configured as if it was the IAMW wizard.
The service location (SRV) resource record _autodiscover._tcp.FQDN points to the correct host (A) resource record.

If the IP address does not change in 20 days, the service refreshes itself at the registrar. This ensures that the registrar does not shut down dynamic DNS updates without your knowledge.

Note

If you have a static IP address, you can disable this service.

For more information about DNS in Windows Server 2008, see “Windows Server 2008 DNS Server” at the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=135702).

External naming conventions

Windows SBS 2008 uses a remote naming convention that prefixes remote to the domain name—for example, remote.contoso.com.

By default, IAMW configures remote applications, such as Outlook Web Access, Remote Web Workplace, virtual private networking, and the ActiveSync® technology, using the remote naming convention remote.<YourDomainName>.
By default, the self-signed certificate that is created when you run the IAMW uses the remote naming convention remote.<YourDomainName>.

Web applications

When you run the IAMW, the values of the Windows SBS 2008 Web application host headers are configured with your chosen domain name. A leaf SSL certificate is created and bound to the Web applications site on port 443 and bound to the Windows Sharepoint® Services site on port 987.

For example, if your remote FQDN is remote.constoso.com and the external DNS records are correct, you access the following resources as follows:

Outlook Web Access: https://remote.contoso.com/owa
Remote Web Workplace: https://remote.contoso.com/Remote
Internal Web site: https://remote.contoso.com/:987

Terminal Services Gateway

Terminal Services Gateway (TS Gateway) is configured to use the SSL certificate that the IAMW creates.

Exchange Server

The Internet Send and Receive Connector banners are stamped with your domain name.
The URLs for Outlook Web Access, ActiveSync, and the Outlook Address Book virtual directories are configured with your domain name.
An Accepted Domain and Email-Address Policy is created by using your domain name.
An SSL certificate is configured for IMAP4, POP3, Web, and SMTP access. This is the same certificate that is bound to the Web applications and the Windows Sharepoint Services sites, and that is used by TS Gateway.

Certificate distribution

The first time you run the IAMW, a certificate distribution package is created for deployment to non-domain joined client computers and mobile devices.