OWA on two servers in the one organization


I have recently installed another exchange 2000 server into a company's organization. This means they have two servers. They currently access the server via outlook web access whilst based at home using this URL http://mail.careconnect.org.au/exchange. This works fine, and will access the exchange server cc-exchange (192.168.1.2)

My question is, how do I configure the exchange environment, so that users that have their mailboxes residing on the new exchange server cc-filesrv (192.168.1.7) can access it using OWA. I am in the process of running exmerge, in order to phase out the old exchange server, as the current Information store is corrupt. I am unable to move users onto the new server until OWA has been installed.

The organization is as follows. I have a PIX firewall in place with an external IP address of 61.95.13.2. After looking at the config I have noticed there are a couple of lines that need to be mentioned in this query.

access-list 120 permit tcp any any eq www
static (inside, outside) tcp 61.95.13.2 www 192.168.1.2 www netmask 255.255.255.255 0 0

What this tells me is that OWA is allowed in using port 80 (www) to the exchange server 192.168.1.2

I have since added a couple of lines on my own. Not sure if it is correct, but I think it is.

access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

When I type in the URL http://mail.careconnect.org.au:82/exchange, it cind of connects, so I think the networking part of it is correct. I am not sure if the above way is the best practice. Please feel free to comment

After entering that URL, the authentication dialog box comes up. (I assume this has something to do with IIS). This is where I am stuck. I am hopeless on IIS. But it will not accept the credentials. On top of all this, the page redirects to the older server (drops port 82) and asks for credentials.

Is there something I need to do on the new server with IIS? Please help, as I cannot migrate any users until the new server is accessible via OWA

Thanks
brendanlee123Asked:
Who is Participating?
 
David WilhoitConnect With a Mentor Senior Consultant, ExchangeCommented:
http://support.microsoft.com/default.aspx?scid=kb;en-us;290341

http://support.microsoft.com/default.aspx?scid=kb;en-us;311422

and I quote:
"By default, Exchange 2000 virtual roots (HTTP Virtual Servers/Directories) in Active Directory have the msExchLogonMethod attribute set to 3. This maps to the LogonMethod value in the Internet Information Services (IIS) metabase, which is populated by the Exchange 2000 directory service to metabase process. This value defines the rights that are required to authenticate against an IIS resource. IIS defaults this value to 0, but Exchange 2000 defaults this value to 3."

In short, you're on the right path.

Change the RG master role:
http://support.microsoft.com/default.aspx?scid=kb;en-us;239556

Your router and firewall settings are a little beyond my expertise, but I would think that internal DNS would need to recognize this machine as "mail" before you can repoint this URL. Check you internal DNS records, you have a host record that points to "mail", you'll need to repoint that too, when the mailbox moves and public folder moves are finished.

David

0
 
David WilhoitSenior Consultant, ExchangeCommented:
OWA is installed by default in E2K, all you need to do is redirect the firewall traffic to the new server. If you cahnge the http port, public folders may not be accessible.

The master server in the exchange org answers with the OWA page and IIS auth settings. Migrate the users, change the IP address that OWA traffic is directed to, it will work.  

D
0
 
DraculCommented:
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
brendanlee123Author Commented:
So what I have done on the firewall is correct?

How come when I log into the OWA, and if the mailbox does not reside on the old server, I cannot access the email.

As I said before, I am moving users over slowly to the new box. I need OWA working for both servers, until the old one is phased out.

If I type the URL http://mail.careconnect.org.au/exchange how does this link access the users that I have migrated.

You have not told me if what I have done is right. Do I need to make any changes to IIS or the firewall

Thanks

Sorry I was logged in as a collegue. Back on as me now
0
 
David WilhoitSenior Consultant, ExchangeCommented:
If the Exchange servers are in the same AG and domain, as you're suggesting, then the login authenticates in AD, and the user is connected to his mailbox. Make your IIS look like the current server. At some point, the new server will need to become the RG master, you can change that in the ESM. I'll be back later today if you need further info, or if someone else can chime in, time for me to go to work....

D
0
 
brendanlee123Author Commented:
The servers are in the same administrative group (AG) and domain. Ok so if the administrator mailbox resides on server 2 (new server) that should make no difference. You are saying the authentication comes from AD. Howcome when I log in as Administrator at URL http://mail.careconnect.org.au/exchange, it does not work??? The administrator mailbox resides on the new server.
I know at some point I need to make the new server the bridgehead server. I don't know what RG master is and ESM. Please explain. Can you tell me if what I have done on the firewall is correct. Also if you can explain exactly what I need to do in IIS. As I said I do not have any IIS experience.
access-list 120 permit tcp any any eq 82
static (inside, outside) tcp 61.95.13.2 82 192.168.1.2 www netmask 255.255.255.255 0 0

Even thought I have added another port, are you saying I still should only use the URL
http://mail.careconnect.org.au/exchange, and the system should be intelligent enough to locate the mailbox.

Thanks
0
All Courses

From novice to tech pro — start learning today.