Rename the FQDN of default receive connector

Article
2012-05-30

Question

_{Wednesday, May 30, 2012 10:43 PM}

I need to rename the FQDN of each default receive connector locted in hubcas1server and hubcas2 server

when I rename the receive connector I had this error

If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "HC01.mydomain.local", the NetBIOS name of the transport server "HC01", or $null.

so I knew that i must deselect the exchange server authentication method in order to rename the receive connector

so i need to know what is the usage of exchange server authentication and its purpose in order to be able to determine the consequences of removing this option ,i didn't find the an article that explains the usage of every authentication method in the understanding receiving connector in tecknet

i need someone to told me how to rename the fqdn of the receive connector ,in addition what is the purpose of each authentication method in the receive connector ,for what does the receive connector use the authentication

our company topology is

I have two network load balanced exchange server with hub and CAS server roles hubcas1,hubcas2
and two clustered exchange servers with mailbox role.mb1,mb2
exchange version : exchange 2010.

hubcas1 contains a default connector and client connector the same as hubcas2

the default receive connector configuration for both are listed below :

AuthMechanism: Tls, Integrated, BasicAuth, BasicAuthRequireTLS,Exchan

geServer
Banner: 220 mail.mydoamin.com
Bindings : {:::25, 0.0.0.0:25}
Fqdn : hubcas1.mydoamin.local
PermissionGroups: AnonymousUsers, ExchangeUsers, ExchangeServers,ExchangeLegacyServers
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner : 220 mail.mydomain.com
Bindings : {:::25, 0.0.0.0:25}
Fqdn : hubcas2.mydomain.local
PermissionGroups : AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

All replies (10)

_{Thursday, May 31, 2012 12:03 AM ✅Answered | 2 votes}

From the cmdlet documentation:

Don’t modify the FQDN value on the default Receive connector Default <Server Name> that's automatically created on Hub Transport servers. If you have multiple Hub Transport servers in your Exchange organization and you change the FQDN value on the Default <Server Name> Receive connector, internal mail flow between Hub Transport servers fails.

http://technet.microsoft.com/en-us/library/bb125140.aspx

If you want a different banner to show up, create a new receive connector that is used for non-Exchange SMTP.

Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

_{Friday, June 1, 2012 6:19 AM ✅Answered | 1 vote}

hi,

Yes, you should not change the fqdn on your receive connector. The FQDN is just used to Authentication. Why you want to change it? Any specify reason?

But if you really want to do that. I think you can enter your MX record.

hope can help you

thanks,

CastinLu

TechNet Community Support

_{Thursday, May 31, 2012 12:42 AM}

what about making 2 internal receive connectors 9n hubcas1 and hubcas2 with the following configuration:

internal connector for hub cas1

AuthMechanism : Tls, Integrated, BasicAuth, ExchangeServer
Banner : 220 mail.mydomain.com
Bindings : {:::25, 0.0.0.0:25}
Fqdn : hubcas1.mydomain.local
PermissionGroups : ExchangeUsers, ExchangeServers, ExchangeLegacyServers
RemoteIPRanges : 17.1.1.22 where it is the ip of hubcas2

internal connector for hub cas2

AuthMechanism : Tls, Integrated, BasicAuth, ExchangeServer
Banner : 220 mail.mydomain.com
Bindings : {:::25, 0.0.0.0:25}
Fqdn : hubcas2.mydomain.local
PermissionGroups : , ExchangeUsers, ExchangeServers, ExchangeLegacyServers
RemoteIPRanges : 17.1.1.21 where it is the ip of hubcas1

or create 2 receive connectors with internet usage on both servers hubcas1 & hubcas2 as listed below

AuthMechanism: Tls, Integrated, BasicAuth, BasicAuthRequireTLS,Exchan

geServer
Banner: 220 mail.mydoamin.com
Bindings : {:::25, 0.0.0.0:25}
Fqdn : mail.mydoamin.com
PermissionGroups: AnonymousUsers, ExchangeUsers, ExchangeServers,ExchangeLegacyServers
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

AuthMechanism : Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer
Banner : 220 mail.mydomain.com
Bindings : {:::25, 0.0.0.0:25}
Fqdn : mail.mydomain.com
PermissionGroups : AnonymousUsers, ExchangeUsers, ExchangeServers, ExchangeLegacyServers
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}

then edit the default receive connector on both server hubcas1 and hubcas 2

as follow:

internal connector for hub cas2

waiting your kind feedback

_{Thursday, May 31, 2012 4:35 AM}

I don't understand what you're trying to do. RemoteIPRanges is the list of IP addresses of servers that are allowed to connect to the Exchange Hub Transport server through the connector.

Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

_{Monday, June 11, 2012 7:33 AM}

I need to rename the FQDN because it is displayed in the response of ehlo command ,and the fqdn is the name of the hubcas server and I don't want anyone to know the name of the server .

I already change the banner but the fqdn of the receive connector is displayed in response of ehlo command

unfortunately I couldn't change the FQDN of the default rceive connector because of the following error

I must deselect the exchange server authentication to rename it but I did that the internam mail flow would be affected

so I decided to create another internet receive connector

_{Monday, June 11, 2012 3:05 PM}

You could add an additional NIC to the computer (or maybe just an additional IP address), configure it so that it doesn't register in DNS, create a new receive connector configured how you want it, and change the default receive connector to listen only on the original IP address.

Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

_{Sunday, March 10, 2013 4:37 PM}

Ed Crowley,

Sorry to bring this up from the dead but I have a server with a dual NIC card, how would I configure it so that the only thing it is used for is external SMTP received mail?

Do I enable the second NIC and just give it an unused IP like 192.168.1.3, then on my router firewall access rules send all SMTP port 25 to 192.168.1.3?

Then do I change in exchange on the network tab of the default receive connector to only receive from the IP address of my DC/ExchangeServer/CAS/DNS/DHCP such as 192.168.1.2?

Also, if I wanted to test this without using my second NIC how do you add an additional IP address?

OR, since I only have one physical server handling all rolls/DNS/DHCP/ExchangeServer can I turn off the Exchange Server authentication on the authentication tab? Is this needed to block external malicious servers from connecting to exchange?

Thanks,

smg.tech

_{Monday, March 11, 2013 2:11 AM}

On Sun, 10 Mar 2013 16:37:29 +0000, smg.tech wrote:

>Sorry to bring this up from the dead but I have a server with a dual NIC card, how would I configure it so that the only thing it is used for is external SMTP received mail?

You mean you want to use the 2nd port on the NIC, or that you have two

NICs?

>Do I enable the second NIC and just give it an unused IP like 192.168.1.3, then on my router firewall access rules send all SMTP port 25 to 192.168.1.3?

That looks right.

Make sure the 2nd NIC isn't configured to register in DNS. You can do

the DNS change manually. The 1st NIC (the one you're using now) should

be at the top of the binding order, too.

>Then do I change in exchange on the network tab of the default receive connector to only receive from the IP address of my DC/ExchangeServer/CAS/DNS/DHCP such as 192.168.1.2?

That depends on what you want to use the default receive connector. If

you already have SMTP clients, or other Exchange servers, that send

e-mail to this server you'll want to restrict the remote IP ranges to

just your internal LAN IP networks. Leave the new receive connector

with the default (unrestricted) remote iP address ranges.

>Also, if I wanted to test this without using my second NIC how do you add an additional IP address?

Adding a 2nd IP address to the existing NIC is possible, but if that

NICs automatically registering in DNS you may be in for a problem or

two.

>OR, since I only have one physical server handling all rolls/DNS/DHCP/ExchangeServer can I turn off the Exchange Server authentication on the authentication tab? Is this needed to block external malicious servers from connecting to exchange?

I'd use the 2nd NIC and a 2nd Receive Connector. Give the new receive

connector the proper FQDN, too.

Rich Matheisen

MCSE+I, Exchange MVP

Rich Matheisen MCSE+I, Exchange MVP

_{Monday, March 11, 2013 5:24 PM}

I am using the second port on the NIC, it shows as a second connection in the View Network Connections folder.

I set it all up as I explained above but I did not receive mail, do I have to restart the exchange transport service or anything?

thanks,

smg.tech

_{Tuesday, March 12, 2013 12:23 AM}

Why not just create two different receive connectors limiting the remote ips to just local ips for the default and then for the internet receive connector allow all ips. While both receive connectors listening on the same ip?

Share via

Rename the FQDN of default receive connector

Question

All replies (10)

Additional resources