So do you believe that these guys using another namespace made them not be able to use RPC over HTTPS. I am also planning on having this service implemented to complement on the OWA SSL service. These are the service I fear might not work if I used a different namespace. Can anyone clarify. Regards Thomas Kamire Systems Engineer Kenya Airways Ltd Ext.: +254 (20) 6422311 Tel: +254 722 483253 / 499884 -----Original Message----- From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Monday, March 07, 2005 5:29 PM To: [ExchangeList] Subject: [exchangelist] RE: Windows 2003 Active Directory http://www.MSExchange.org/ Yeah don't use the .local as one of my clients did and now their RPC over HTTP is broken for good. So listen to what Steve and John are saying and you will be in good hands. Andrew -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Monday, March 07, 2005 7:35 AM To: [ExchangeList] Subject: [exchangelist] RE: Windows 2003 Active Directory http://www.MSExchange.org/ DO NOT USE ".local" AS THE TLD. That is not a valid private use TLD: http://www.windowsitpro.com/Article/ArticleID/44818/44818.html "John Savill InstantDoc #44818 John Savill's FAQ for Windows A. Companies often use a .local or .pvt TLD to name an AD tree. However, as I explain shortly, it's better to use a standard naming method--for example, create a name by using a subdomain of your company's DNS address space (e.g., if your company's DNS domain is ntfaq.com, you could name your AD tree ads.ntfaq.com). When you use this method, though, you must remember that the DNS information for the AD tree is hosted on internal DNS servers, not on your external DNS servers. This means that external users can't see information about your internal infrastructure because external users can access only the external DNS server, which has no information about your internal infrastructure. Alternatively, if you want to create a second-level name for your AD domain, reserve another name--for example, ntfaq.net--but don't set your AD domain to the same name as your external name, to avoid causing confusion in name resolution. If you're determined to use a nonstandard TLD in your domain name, avoid the use of .local or .pvt because they aren't reserved. Instead, use one of these reserved top-level domains: .test .example .invalid .localhost You can find more information about these names in Internet Engineering Task Force (IETF) Request for Comments (RFC) 2606. Remember, if you use these nonstandard DNS names, you can't obtain certificates from a third-party Certificate Authority (CA), which might cause problems for your organization." By the way, in using Windows Server 2003 AD, you can setup your domain as internal.example.moc and in DNS point the root domain example.moc at the external DNS server. That way, your internal DNS server will be responsible for internal.example.moc and all other example.moc queries will be sent to the configured external server. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: thomas.kamire@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx DISCLAIMER: This message and any attachments are confidential and may be legally privileged or otherwise protected from disclosure. Although the necessary precautions have been taken, Kenya Airways does not accept legal responsibility for any damage whatsoever that is caused by viruses being passed or for the contents of this message. This message, and any attachments, are intended solely for use by the named addressee. If you are not the intended recipient, you must not copy them or disclose their contents to any other person. If you have received this message in error, please notify the sender by return e-mail and delete any attachments accompanying it immediately. "PLEASE NOTE THAT OUR OPERATOR NUMBER HAS CHANGED TO - +254-20-642 2000"