Solved

OWA on two servers in the one organization

Posted on 2003-10-22
6
822 Views
Last Modified: 2008-02-01

I have recently installed another exchange 2000 server into a company's organization. This means they have two servers. They currently access the server via outlook web access whilst based at home using this URL http://mail.careconnect.org.au/exchange. This works fine, and will access the exchange server cc-exchange (192.168.1.2)

My question is, how do I configure the exchange environment, so that users that have their mailboxes residing on the new exchange server cc-filesrv (192.168.1.7) can access it using OWA. I am in the process of running exmerge, in order to phase out the old exchange server, as the current Information store is corrupt. I am unable to move users onto the new server until OWA has been installed.

The organization is as follows. I have a PIX firewall in place with an external IP address of 61.95.13.2. After looking at the config I have noticed there are a couple of lines that need to be mentioned in this query.

access-list 120 permit tcp any any eq www
static (inside, outside) tcp 61.95.13.2 www 192.168.1.2 www netmask 255.255.255.255 0 0

What this tells me is that OWA is allowed in using port 80 (www) to the exchange server 192.168.1.2

I have since added a couple of lines on my own. Not sure if it is correct, but I think it is.

access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

When I type in the URL http://mail.careconnect.org.au:82/exchange, it cind of connects, so I think the networking part of it is correct. I am not sure if the above way is the best practice. Please feel free to comment

After entering that URL, the authentication dialog box comes up. (I assume this has something to do with IIS). This is where I am stuck. I am hopeless on IIS. But it will not accept the credentials. On top of all this, the page redirects to the older server (drops port 82) and asks for credentials.

Is there something I need to do on the new server with IIS? Please help, as I cannot migrate any users until the new server is accessible via OWA

Thanks
0
Comment
Question by:brendanlee123
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9604356
OWA is installed by default in E2K, all you need to do is redirect the firewall traffic to the new server. If you cahnge the http port, public folders may not be accessible.

The master server in the exchange org answers with the OWA page and IIS auth settings. Migrate the users, change the IP address that OWA traffic is directed to, it will work.  

D
0
 

Expert Comment

by:Dracul
ID: 9604418
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks
0
 

Author Comment

by:brendanlee123
ID: 9604475
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks

Sorry I was logged in as a collegue. Back on as me now
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9606362
If the Exchange servers are in the same AG and domain, as you're suggesting, then the login authenticates in AD, and the user is connected to his mailbox. Make your IIS look like the current server. At some point, the new server will need to become the RG master, you can change that in the ESM. I'll be back later today if you need further info, or if someone else can chime in, time for me to go to work....

D
0
 

Author Comment

by:brendanlee123
ID: 9611025
The servers are in the same administrative group (AG) and domain. Ok so if the administrator mailbox resides on server 2 (new server) that should make no difference. You are saying the authentication comes from AD. Howcome when I log in as Administrator at URL http://mail.careconnect.org.au/exchange, it does not work??? The administrator mailbox resides on the new server.
I know at some point I need to make the new server the bridgehead server. I don't know what RG master is and ESM. Please explain. Can you tell me if what I have done on the firewall is correct. Also if you can explain exactly what I need to do in IIS. As I said I do not have any IIS experience.
access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

Even thought I have added another port, are you saying I still should only use the URL
http://mail.careconnect.org.au/exchange, and the system should be intelligent enough to locate the mailbox.

Thanks
0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 250 total points
ID: 9611432
http://support.microsoft.com/default.aspx?scid=kb;en-us;290341

http://support.microsoft.com/default.aspx?scid=kb;en-us;311422

and I quote:
"By default, Exchange 2000 virtual roots (HTTP Virtual Servers/Directories) in Active Directory have the msExchLogonMethod attribute set to 3. This maps to the LogonMethod value in the Internet Information Services (IIS) metabase, which is populated by the Exchange 2000 directory service to metabase process. This value defines the rights that are required to authenticate against an IIS resource. IIS defaults this value to 0, but Exchange 2000 defaults this value to 3."

In short, you're on the right path.

Change the RG master role:
http://support.microsoft.com/default.aspx?scid=kb;en-us;239556

Your router and firewall settings are a little beyond my expertise, but I would think that internal DNS would need to recognize this machine as "mail" before you can repoint this URL. Check you internal DNS records, you have a host record that points to "mail", you'll need to repoint that too, when the mailbox moves and public folder moves are finished.

David

0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now