Solved

OWA on two servers in the one organization

Posted on 2003-10-22
6
830 Views
Last Modified: 2008-02-01

I have recently installed another exchange 2000 server into a company's organization. This means they have two servers. They currently access the server via outlook web access whilst based at home using this URL http://mail.careconnect.org.au/exchange. This works fine, and will access the exchange server cc-exchange (192.168.1.2)

My question is, how do I configure the exchange environment, so that users that have their mailboxes residing on the new exchange server cc-filesrv (192.168.1.7) can access it using OWA. I am in the process of running exmerge, in order to phase out the old exchange server, as the current Information store is corrupt. I am unable to move users onto the new server until OWA has been installed.

The organization is as follows. I have a PIX firewall in place with an external IP address of 61.95.13.2. After looking at the config I have noticed there are a couple of lines that need to be mentioned in this query.

access-list 120 permit tcp any any eq www
static (inside, outside) tcp 61.95.13.2 www 192.168.1.2 www netmask 255.255.255.255 0 0

What this tells me is that OWA is allowed in using port 80 (www) to the exchange server 192.168.1.2

I have since added a couple of lines on my own. Not sure if it is correct, but I think it is.

access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

When I type in the URL http://mail.careconnect.org.au:82/exchange, it cind of connects, so I think the networking part of it is correct. I am not sure if the above way is the best practice. Please feel free to comment

After entering that URL, the authentication dialog box comes up. (I assume this has something to do with IIS). This is where I am stuck. I am hopeless on IIS. But it will not accept the credentials. On top of all this, the page redirects to the older server (drops port 82) and asks for credentials.

Is there something I need to do on the new server with IIS? Please help, as I cannot migrate any users until the new server is accessible via OWA

Thanks
0
Comment
Question by:brendanlee123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9604356
OWA is installed by default in E2K, all you need to do is redirect the firewall traffic to the new server. If you cahnge the http port, public folders may not be accessible.

The master server in the exchange org answers with the OWA page and IIS auth settings. Migrate the users, change the IP address that OWA traffic is directed to, it will work.  

D
0
 

Expert Comment

by:Dracul
ID: 9604418
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks
0
 

Author Comment

by:brendanlee123
ID: 9604475
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks

Sorry I was logged in as a collegue. Back on as me now
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9606362
If the Exchange servers are in the same AG and domain, as you're suggesting, then the login authenticates in AD, and the user is connected to his mailbox. Make your IIS look like the current server. At some point, the new server will need to become the RG master, you can change that in the ESM. I'll be back later today if you need further info, or if someone else can chime in, time for me to go to work....

D
0
 

Author Comment

by:brendanlee123
ID: 9611025
The servers are in the same administrative group (AG) and domain. Ok so if the administrator mailbox resides on server 2 (new server) that should make no difference. You are saying the authentication comes from AD. Howcome when I log in as Administrator at URL http://mail.careconnect.org.au/exchange, it does not work??? The administrator mailbox resides on the new server.
I know at some point I need to make the new server the bridgehead server. I don't know what RG master is and ESM. Please explain. Can you tell me if what I have done on the firewall is correct. Also if you can explain exactly what I need to do in IIS. As I said I do not have any IIS experience.
access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

Even thought I have added another port, are you saying I still should only use the URL
http://mail.careconnect.org.au/exchange, and the system should be intelligent enough to locate the mailbox.

Thanks
0
 
LVL 24

Accepted Solution

by:
David Wilhoit earned 250 total points
ID: 9611432
http://support.microsoft.com/default.aspx?scid=kb;en-us;290341

http://support.microsoft.com/default.aspx?scid=kb;en-us;311422

and I quote:
"By default, Exchange 2000 virtual roots (HTTP Virtual Servers/Directories) in Active Directory have the msExchLogonMethod attribute set to 3. This maps to the LogonMethod value in the Internet Information Services (IIS) metabase, which is populated by the Exchange 2000 directory service to metabase process. This value defines the rights that are required to authenticate against an IIS resource. IIS defaults this value to 0, but Exchange 2000 defaults this value to 3."

In short, you're on the right path.

Change the RG master role:
http://support.microsoft.com/default.aspx?scid=kb;en-us;239556

Your router and firewall settings are a little beyond my expertise, but I would think that internal DNS would need to recognize this machine as "mail" before you can repoint this URL. Check you internal DNS records, you have a host record that points to "mail", you'll need to repoint that too, when the mailbox moves and public folder moves are finished.

David

0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question