I wouldn't say that it was "retracted", but it is not considered best practice anymore; no more than empty forest roots; or the presumption that a domain is a security boundary.
<http://technet2.microsoft.com/windowsserver/en/library/4bb9f469-df87-4830-9 6a8-b28ec71bafa91033.mspx?mfr=true> The original guidance is still available at a number of 3rd party sites, but not on any Microsoft site, as far as I can find. However, there are plenty of MSFT whitepapers and KB articles that use .local as a forest root suffix. I'll raise it on the next Supportability call with the PG. I don't know if it'll make the cut at this point in the cycle though. In regards to the SBS recommendations, I know just who to talk to. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: Kevin Miller [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 5:08 PM To: MS-Exchange Admin Issues Subject: RE: Exchange 2007 and SSL certs for internal and external use I don't that it was ever official Subscribed, or retracted. Michael b., can you bring this up in the MVP forums and see we can have Nino make a blog post, or get someone to make one? ~Kevinm WLKMMAS powered by 3Sharp, Always WLKMMAS What is your Zombie Plan? -----Original Message----- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 13, 2008 1:03 PM To: MS-Exchange Admin Issues Subject: Re: Exchange 2007 and SSL certs for internal and external use Not very well though, since it has lingered for years - evn to this day. Was the an "official" retraction? I see .local in my spam filters HELO log all the time. I reject the sessions. On Tue, May 13, 2008 at 3:18 PM, Kevin Miller <[EMAIL PROTECTED]> wrote: > > > > > Somewhere, but we retracted that after a short period of time... > > > > > ~Kevinm WLKMMAS > > powered by 3Sharp, Always WLKMMAS What is your Zombie Plan? > > > > > > From: Barsodi.John [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 13, 2008 11:35 AM > > > To: MS-Exchange Admin Issues > Subject: RE: Exchange 2007 and SSL certs for internal and external use > > > > > > Wasn't it in early MS guidance for 2000 or perhaps it was 2003, that you use > .local? The concept of split DNS was relatively new, if I remember > correctly. > > > > > > From: Michael B. Smith [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 13, 2008 11:26 AM > To: MS-Exchange Admin Issues > Subject: RE: Exchange 2007 and SSL certs for internal and external use > > > > Interestingly, I just installed SBS 2003 R2 for a new customer yesterday, > and the SBS installation wizard actually suggested .local! I was surprised. > > > > Regards, > > > > Michael B. Smith > > MCSE/Exchange MVP > > http://TheEssentialExchange.com > > > > > From: Don Ely [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 13, 2008 11:47 AM > To: MS-Exchange Admin Issues > Subject: Re: Exchange 2007 and SSL certs for internal and external use > > > > Why ".local"? > > > On Tue, May 13, 2008 at 8:43 AM, Oliver Marshall > <[EMAIL PROTECTED]> wrote: > > > > We looked at a wildcard cert but that wont work as our internal domain is a > .local and externally we are a .com. > > > > The users connection settings are pre-filled by Outlook 2007. Is this > editable in AD so that we are able to change the server FQDN they connect > to? > > > > > > From: Sam Cayze [mailto:[EMAIL PROTECTED] > Sent: 13 May 2008 16:19 > > > > To: MS-Exchange Admin Issues > > Subject: RE: Exchange 2007 and SSL certs for internal and external use > > > > > Another way might be a 'wildcard certificate'. One that handles > *.domain.com, www.domain.com, domain.com, mail.domain.com, etc. A little > more spendy though... > > > ________________________________ > > > From: Don Ely [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 13, 2008 10:07 AM > To: MS-Exchange Admin Issues > Subject: Re: Exchange 2007 and SSL certs for internal and external use > > Split DNS > > > On Tue, May 13, 2008 at 7:41 AM, Oliver Marshall > <[EMAIL PROTECTED]> wrote: > > > > Hi chaps, > > > > I have an Exchange 2007 server here on which we have setup an SSL > certificate (in the name of mail.mydomain.com). This works great for users > outside using Outlook 2007s Outlook Anywhere feature. However, internal > users get a warning stating that the SSL cert name doesn't match the server. > It's not the biggest issue, but it's...untidy. > > > > What's the best way to handle this? Obviously I can only attach one SSL cert > to the Default site in IIS on the Exchange box and the internal domain > (mydomain.local) is sufficiently different from the external one > (mydomain.com) that we can't get an SSL cert to cover both. > > > > Is there a way to create a new IIS site that still points at the same > exchange folder structure as the current Default Site but that is set to > accept a different hostname? That way I could have one site for the internal > users hitting blue-server.mydomain.local and one for the external users > hitting mail.mydomain.com and attach a correct cert to both. > > > > Can this be done ? > > > > Olly > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~