Solved

OWA on two servers in the one organization

Posted on 2003-10-22
6
829 Views
Last Modified: 2008-02-01

I have recently installed another exchange 2000 server into a company's organization. This means they have two servers. They currently access the server via outlook web access whilst based at home using this URL http://mail.careconnect.org.au/exchange. This works fine, and will access the exchange server cc-exchange (192.168.1.2)

My question is, how do I configure the exchange environment, so that users that have their mailboxes residing on the new exchange server cc-filesrv (192.168.1.7) can access it using OWA. I am in the process of running exmerge, in order to phase out the old exchange server, as the current Information store is corrupt. I am unable to move users onto the new server until OWA has been installed.

The organization is as follows. I have a PIX firewall in place with an external IP address of 61.95.13.2. After looking at the config I have noticed there are a couple of lines that need to be mentioned in this query.

access-list 120 permit tcp any any eq www
static (inside, outside) tcp 61.95.13.2 www 192.168.1.2 www netmask 255.255.255.255 0 0

What this tells me is that OWA is allowed in using port 80 (www) to the exchange server 192.168.1.2

I have since added a couple of lines on my own. Not sure if it is correct, but I think it is.

access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

When I type in the URL http://mail.careconnect.org.au:82/exchange, it cind of connects, so I think the networking part of it is correct. I am not sure if the above way is the best practice. Please feel free to comment

After entering that URL, the authentication dialog box comes up. (I assume this has something to do with IIS). This is where I am stuck. I am hopeless on IIS. But it will not accept the credentials. On top of all this, the page redirects to the older server (drops port 82) and asks for credentials.

Is there something I need to do on the new server with IIS? Please help, as I cannot migrate any users until the new server is accessible via OWA

Thanks
0
Comment
Question by:brendanlee123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9604356
OWA is installed by default in E2K, all you need to do is redirect the firewall traffic to the new server. If you cahnge the http port, public folders may not be accessible.

The master server in the exchange org answers with the OWA page and IIS auth settings. Migrate the users, change the IP address that OWA traffic is directed to, it will work.  

D
0
 

Expert Comment

by:Dracul
ID: 9604418
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks
0
 

Author Comment

by:brendanlee123
ID: 9604475
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks

Sorry I was logged in as a collegue. Back on as me now
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9606362
If the Exchange servers are in the same AG and domain, as you're suggesting, then the login authenticates in AD, and the user is connected to his mailbox. Make your IIS look like the current server. At some point, the new server will need to become the RG master, you can change that in the ESM. I'll be back later today if you need further info, or if someone else can chime in, time for me to go to work....

D
0
 

Author Comment

by:brendanlee123
ID: 9611025
The servers are in the same administrative group (AG) and domain. Ok so if the administrator mailbox resides on server 2 (new server) that should make no difference. You are saying the authentication comes from AD. Howcome when I log in as Administrator at URL http://mail.careconnect.org.au/exchange, it does not work??? The administrator mailbox resides on the new server.
I know at some point I need to make the new server the bridgehead server. I don't know what RG master is and ESM. Please explain. Can you tell me if what I have done on the firewall is correct. Also if you can explain exactly what I need to do in IIS. As I said I do not have any IIS experience.
access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

Even thought I have added another port, are you saying I still should only use the URL
http://mail.careconnect.org.au/exchange, and the system should be intelligent enough to locate the mailbox.

Thanks
0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 250 total points
ID: 9611432
http://support.microsoft.com/default.aspx?scid=kb;en-us;290341

http://support.microsoft.com/default.aspx?scid=kb;en-us;311422

and I quote:
"By default, Exchange 2000 virtual roots (HTTP Virtual Servers/Directories) in Active Directory have the msExchLogonMethod attribute set to 3. This maps to the LogonMethod value in the Internet Information Services (IIS) metabase, which is populated by the Exchange 2000 directory service to metabase process. This value defines the rights that are required to authenticate against an IIS resource. IIS defaults this value to 0, but Exchange 2000 defaults this value to 3."

In short, you're on the right path.

Change the RG master role:
http://support.microsoft.com/default.aspx?scid=kb;en-us;239556

Your router and firewall settings are a little beyond my expertise, but I would think that internal DNS would need to recognize this machine as "mail" before you can repoint this URL. Check you internal DNS records, you have a host record that points to "mail", you'll need to repoint that too, when the mailbox moves and public folder moves are finished.

David

0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXCH2013 reports 4 39
Exchange Server 2007 to 2013 Migration 13 59
Office 365: Hybrid Migration from Exchange (Retention Policies) 22 86
exchange 16 47
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question