Exchange 2013 Initial Configuration Settings: How to change the FQDN on the Default Frontend receive connector (Part 9)

Exchange 2013 logo

In part 9 of this mini-series, I’ll look at how to configure the Fully Qualified Domain Name (FQDN) of the Default Frontend receive connector in Exchange 2013.

Firstly a warning: Don’t modify the FQDN value on the default Receive connector Default that’s automatically created on Mailbox servers. If you have multiple Mailbox servers in your Exchange organization and you change the FQDN value on the Default Receive connector, internal mail flow between Mailbox servers fails.

In a single Mailbox server environment to change the Default Frontend receive connector FQDN follow the steps below.

Firstly using Telnet to connect to the Exchange server’s external FQDN we can see the following:

telnet mail.oxfordsbsguy.com 25It returns the internal server and domain name, now this may be undesirable to expose your internal server name to external clients.telnet response from OX-EXCH1.ad.oxfordsbsguy.com




Exchange Admin Center

1. In the Exchange admin center (https://localhost/ecp) click mail flow on the left hand side, click receive connectors, and then click the Default Frontend servername, finally click edit.

Exchange 2013 - ECP - mail flow - receive connectors

2. If you click scoping and scroll to the bottom, and change the FQDN to match the external FQDN and click save you’ll receive the following Error Message:

If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server “OX-Exch1.ad.oxfordsbsguy.com”, the NetBIOS name of the transport server “OX-EXCH1”, or $null.

Default Frontend Receive Connector - Scoping - FQDN - error - if the authmechanism attribute on a receive connector contains the value ExchangeServer you must set the FQDN3. So first we’ll click the security from the left hand menu, and uncheck the Exchange Server authentication check box.

Default Frontend Receive Connector - Security - uncheck Exchange Server authentication4. Now go to the scoping from the left hand menu, scroll to the bottom of the window and update our FQDN. Then click save.

Default Frontend Receive Connector - Scoping - FQDN5. Use telnet to confirm the setting has been applied correctly.

telnet response from mail.oxfordsbsguy.com

Exchange Management Shell

To perform the same tasks in the Exchange Management Shell we’ll use Get-ReceiveConnector and Set-ReceiveConnector.

  1. First letsuse Get-ReceiveConnector to view all the receive connectors.

get-receiveconnector2. Next let’s drill down into the Default Frontend OX-EXCH1 connector. Get-ReceiveConnector -Identity “OX-EXCH1\Default Frontend OX-EXCH1” | fl

You can see highlighted the two settings we are interested in.

get-receiveconnector -identity receiveconnectoy format-list3. Now we’ll make some changes to the receive connector. First we’ll change the Authmechanism to remove the ExchangeServer Authentication.

Set-ReceiveConnector -identity “OX-EXCH1\Default Frontend OX-EXCH1” -AuthMechanism Tls, Integrated, BasicAuth, BasicAuthRequireTLS

Then we’ll modify the FQDN.

Set-ReceiveConnector -identity “OX-EXCH1\Default Frontend OX-EXCH1” -Fqdn mail.oxfordsbsguy.com

set-receiveconnector -identity -authmechanism -fqdn4. A final quick check with Get-ReceiveConnector -Identity “OX-EXCH1\Default Frontend OX-EXCH1” | fl

get-receiveconnector -identity receiveconnectoy format-list 2

In this post I’ve shown you how to change the FQDN of the Default Frontend receive connector using the Exchange admin center and the Exchange Management Shell.

I’m uncertain whether I would recommend this or not. In a single Exchange server environment it might be useful to hide your internal server FQDN, but nowadays most email systems we setup go through a third party anit-spam gateway service, so remote mail servers never directly speak to our mailserver (as long as you have your external firewall configured to only receive smtp from the anti-spam gatway). They will send mail to the anti-spam gateway which will then forward it to our Exchange server, and likewise when Exchange sends an email it is sent to the anti-spam gateway, before going on to the receiving mail server.

The other potential issue I can see if that if you make the changes above and your organisation grows, when you add a second Exchange server you may run into internal mail flow issues.

Useful resources:

Technet

For the other articles in this series please go to:

Related Posts

0 thoughts on “Exchange 2013 Initial Configuration Settings: How to change the FQDN on the Default Frontend receive connector (Part 9)

  1. John Hunter

    Thanks for your article, I noticed that you didn’t re enable exchange authentication?

    Your article is relevant to me as we have purchased SSL cert for our internet domain and our outlook users see security popups stating that there is a miss match our local exchange server which is .local is not the same as our .co.uk

    Do I need to do this procedure on all the connectors?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *