[Last Call] Learn how to a build a cloud-first strategyRegister Now


OWA 2003 Access denied from outside the network (part 2)

Posted on 2005-05-12
Medium Priority
Last Modified: 2008-03-03
Read the first post here: http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21311661.html

Quick background of what has happened:

* Two servers, xA and xB. (both w2k3 server + exchange2k3 std)
* xA is the OWA server and users on xA has access to OWA outside the network.
* xB is a secondary exchange server which uses xA as the incoming exchange server. Mailbox users on xB cannot access OWA because outlook.mail.com redirects them to an internal website xB.ADdomain.org

Temporary SOLUTION:
* Sembee recommended that I put up a Exchange 2003 Front End, xC, server and leave the xA and xB as the backends.

* Installed the Front End server clicking the front-end checkbox.
* Redirected firewall to look at xC server.

* How do I set this up correctly?
* Do I have to disable any services on the existing servers?
* What should be the correct configurations on the servers so both xA and xB users will have access to emails outside the network?

Thanks in advnace. Putting all my points that I have available.
Question by:kitkit201
  • 5
  • 3
  • 2
  • +1
LVL 13

Expert Comment

ID: 13990946
The front end will act as a proxy to the two backend servers using the RPC protocol.  This will allow you to use OWA and RPC over HTTP.   Once a front end server is setup, OWA should be removed from the other two servers.  Then SSL should be setup for the frontend which should have OWA running.

LVL 24

Expert Comment

ID: 13991145
If you remove OWA (via shut down of IIS or removal of the virtual server from the web server) then the Front-End / Back-end scenario will not work.

If you stand up server xC and set it up as the front-end (and changed DNS to point to it), and your servers are Exchange 2003 SP1 then you are set.  Leave all the other services be.  If you really want to, you can setup an SMTP connector and your MX records so that mail routes to/from it.  However, that's an entirely different topic.
LVL 24

Expert Comment

ID: 13991149
...and definitely setup your SSL on the front-end server.
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.


Expert Comment

ID: 13991784
So should SSL be on xA or xB ?

Also xA is currently on Exchange 2k3 SP1 while the other two are non SP1, does that matter?

Accepted Solution

kitster510 earned 1000 total points
ID: 13992053
opps, stand corrected.

xA and xB are on Exchange2k3 SP1 while xC is witout SP1, installing it now and will let you know

Author Comment

ID: 13992226
Even more stuff... the xC server is Windows 2000 Server, not 2003.. should I be worried?
LVL 24

Expert Comment

ID: 13993388
Umm, follow Sembee's recommendation to setup xC as an Exchange 2003 front-end.
Remember, in just about every MSFT document for Exchange, they recommend upgrading the front-end servers first and then the Exchange servers.  Thus, if your back-ends are Exchange 2003 SP1, then the front-end servers should be Exchange 2003 SP1.


Author Comment

ID: 14079711
Alright, 12 days later, we got our new Outlook front-end (called xC) and it is installed with Windows Server 2003 and Exchange 2003 SP1 with the latest updated patches from Windows Update...

I am following the Microsoft Document "Exchange 2003 Front-End, Back-end Topology" which can be found: http://www.microsoft.com/downloads/details.aspx?FamilyID=E64666FC-42B7-48A1-AB85-3C8327D77B70&displaylang=en but my problem is this.

Under HTTP Virtual Server (I presume I am suppose to set up one, from the documents, but I could be wrong) with the name titled "bohoho.com (front-end)". Within that properties, I have enabled "Forms based Authentication" , no compression and under General Tab, Advanced, I have 3 entries, "all with Unassigned IP address", TCP port 80. The hostnames are different though: weboutlook, weboutlook.bohoho.com and a (blank) hostname

My question is, in the Microsoft documentation, it says to put the FQDN, and hostname.. so I am wondering does it want the '/exchange' suffix AND/OR the 'http://' prefix at the beginning of the weboutlook.bohoho.com address or not?

Thanks in advance,

Increasing points to 460..

Author Comment

ID: 14080112
Well, apparently, I cannot put in any ":" or "/" so that cancels out that idea.

I'm stumped on this part of the document, page 54.

".... 3.      Click Advanced, and then add host headers that define all the names a client might use to contact this front-end server. ..."

What hostnames or anything should I be putting in? the machine's name, and what is the FQDN for? Externally?

Another question:
"If you know SSL will be used to connect to this front-end server, you may want to configure a specific IP address for the virtual server."

I have set up SSL, but how do I force it to connect via SSL?

Author Comment

ID: 14080198
Well, I guess the dilemma I am facing is as follows:

xA is currently the OWA server, so access to the outside is fine. However, I'm puzzled as to what I need to do now, that xA needs to be demoted to being a back-end server, what services, settings etc, need to be taken to get into that state.

Likewise followup question is what I need to do to xB and xC..


Author Comment

ID: 14131999
Anyone can help?

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month18 days, 10 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question