2003 Server, ISA & Exchange

Posted on 2005-04-03
Medium Priority
Last Modified: 2011-04-14
I have an exisitng Win 2003 Enterprise Server in place acting as AD Controlor, Web Server, File Server, Print Server & VPN Server.  I have an addition 2003 Enterprise Server that I want to USe as an Exchange Server and ISA Irewall.  Is this possible?

If so, great :), can I get some tips on how to begin and if not would it be possible to place Exchange on my eisting server, etc.
Question by:mikemaner
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 17

Expert Comment

ID: 13693278
I see no reason you should not use the second server to put your ES on.

Personally I wouldn't put ISA on it - I prefer separate firewall appliances. Having not used ISA I can't really comment on using it in this manner.

Give you a backup Domain Controller too.

LVL 57

Expert Comment

by:Mike Kline
ID: 13694519

Take a look at this page,  the describe various scenarious for using Exchange and ISA on the same box.


This is another good paper


So you should be able to put it on the same box, our security team is on the same wave lengthy as comley, we use hardware firewalls but ISA has come a long way and I think it will continue to gain acceptance.

LVL 39

Expert Comment

ID: 13694916
invaluable resources for doing things like this


personally, i am not opposed to having ISA on the same box as exchange - it isnt ideal, but it looks like there wouldnt be too much load on these servers anyway (as you are making them do quite alot)

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 51

Accepted Solution

Netman66 earned 2000 total points
ID: 13703796
While not technically impossible to run this scenario, it's not ideal.  Your ISA should be edge protection for everything.  Installing Exchange on the firewall introduces it's own set of issues.  You'll need to server publish the Exhange installation and if your mail server is compromised, then so is your firewall.

The most secure setup would be using ISA in a 3-leg configuration - LAN, DMZ and Public facing interfaces.  Place the Web server and VPN server in the DMZ, put Exchange on the DC inside.  Although it isn't the greatest setup (since Exchange is better on a member server for security) and it will require one more server, you are better protected.

ISA 2004 is a fine product - I use it.  It is remarkably well put together in terms of being able to server publish using Wizards to make it fool-proof.  It does cause a bit of a headache to first configure since it is entirely locked down, but it works good.  One word of advice - do not install it on a DC - it's not supported by Microsoft in this configuration.  I have the installation on a DC and it was incredibly difficult to define rules since there must be rulesets for internal to localhost and back for normal client-server communication - trust me, it's a ton of work to configure correctly without opening up everything.

Think carefully about security before making any decisions.



Author Comment

ID: 13709251
Just so I am clear, you would suggest putting Exchange on the existing DC and ISA on another machine at the edge of the network  Isa should be on 2003 server install but not acting as a DC?  Is all that correct?
LVL 51

Expert Comment

ID: 13711051
Yes, it would be the lesser of two evils anyway!

If Exchange ran on your DC it wouldn't be a perfect setup, but at the very least it won't be exposed on the edge of your LAN.  It can easily be publish via ISA on the member server.


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question