OWA 2003 Access denied from outside the network (part 2)

Read the first post here: http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21311661.html

Quick background of what has happened:

* Two servers, xA and xB. (both w2k3 server + exchange2k3 std)
* xA is the OWA server and users on xA has access to OWA outside the network.
* xB is a secondary exchange server which uses xA as the incoming exchange server. Mailbox users on xB cannot access OWA because outlook.mail.com redirects them to an internal website xB.ADdomain.org

Temporary SOLUTION:
* Sembee recommended that I put up a Exchange 2003 Front End, xC, server and leave the xA and xB as the backends.

* Installed the Front End server clicking the front-end checkbox.
* Redirected firewall to look at xC server.

* How do I set this up correctly?
* Do I have to disable any services on the existing servers?
* What should be the correct configurations on the servers so both xA and xB users will have access to emails outside the network?

Thanks in advnace. Putting all my points that I have available.
Who is Participating?
opps, stand corrected.

xA and xB are on Exchange2k3 SP1 while xC is witout SP1, installing it now and will let you know
The front end will act as a proxy to the two backend servers using the RPC protocol.  This will allow you to use OWA and RPC over HTTP.   Once a front end server is setup, OWA should be removed from the other two servers.  Then SSL should be setup for the frontend which should have OWA running.

If you remove OWA (via shut down of IIS or removal of the virtual server from the web server) then the Front-End / Back-end scenario will not work.

If you stand up server xC and set it up as the front-end (and changed DNS to point to it), and your servers are Exchange 2003 SP1 then you are set.  Leave all the other services be.  If you really want to, you can setup an SMTP connector and your MX records so that mail routes to/from it.  However, that's an entirely different topic.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

...and definitely setup your SSL on the front-end server.
So should SSL be on xA or xB ?

Also xA is currently on Exchange 2k3 SP1 while the other two are non SP1, does that matter?
kitkit201Author Commented:
Even more stuff... the xC server is Windows 2000 Server, not 2003.. should I be worried?
Umm, follow Sembee's recommendation to setup xC as an Exchange 2003 front-end.
Remember, in just about every MSFT document for Exchange, they recommend upgrading the front-end servers first and then the Exchange servers.  Thus, if your back-ends are Exchange 2003 SP1, then the front-end servers should be Exchange 2003 SP1.

kitkit201Author Commented:
Alright, 12 days later, we got our new Outlook front-end (called xC) and it is installed with Windows Server 2003 and Exchange 2003 SP1 with the latest updated patches from Windows Update...

I am following the Microsoft Document "Exchange 2003 Front-End, Back-end Topology" which can be found: http://www.microsoft.com/downloads/details.aspx?FamilyID=E64666FC-42B7-48A1-AB85-3C8327D77B70&displaylang=en but my problem is this.

Under HTTP Virtual Server (I presume I am suppose to set up one, from the documents, but I could be wrong) with the name titled "bohoho.com (front-end)". Within that properties, I have enabled "Forms based Authentication" , no compression and under General Tab, Advanced, I have 3 entries, "all with Unassigned IP address", TCP port 80. The hostnames are different though: weboutlook, weboutlook.bohoho.com and a (blank) hostname

My question is, in the Microsoft documentation, it says to put the FQDN, and hostname.. so I am wondering does it want the '/exchange' suffix AND/OR the 'http://' prefix at the beginning of the weboutlook.bohoho.com address or not?

Thanks in advance,

Increasing points to 460..
kitkit201Author Commented:
Well, apparently, I cannot put in any ":" or "/" so that cancels out that idea.

I'm stumped on this part of the document, page 54.

".... 3.      Click Advanced, and then add host headers that define all the names a client might use to contact this front-end server. ..."

What hostnames or anything should I be putting in? the machine's name, and what is the FQDN for? Externally?

Another question:
"If you know SSL will be used to connect to this front-end server, you may want to configure a specific IP address for the virtual server."

I have set up SSL, but how do I force it to connect via SSL?
kitkit201Author Commented:
Well, I guess the dilemma I am facing is as follows:

xA is currently the OWA server, so access to the outside is fine. However, I'm puzzled as to what I need to do now, that xA needs to be demoted to being a back-end server, what services, settings etc, need to be taken to get into that state.

Likewise followup question is what I need to do to xB and xC..

kitkit201Author Commented:
Anyone can help?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.