OWA 2003 Access denied from outside the network (part 2)

Posted on 2005-05-12
Last Modified: 2008-03-03
Read the first post here:

Quick background of what has happened:

* Two servers, xA and xB. (both w2k3 server + exchange2k3 std)
* xA is the OWA server and users on xA has access to OWA outside the network.
* xB is a secondary exchange server which uses xA as the incoming exchange server. Mailbox users on xB cannot access OWA because redirects them to an internal website

Temporary SOLUTION:
* Sembee recommended that I put up a Exchange 2003 Front End, xC, server and leave the xA and xB as the backends.

* Installed the Front End server clicking the front-end checkbox.
* Redirected firewall to look at xC server.

* How do I set this up correctly?
* Do I have to disable any services on the existing servers?
* What should be the correct configurations on the servers so both xA and xB users will have access to emails outside the network?

Thanks in advnace. Putting all my points that I have available.
Question by:kitkit201
    LVL 13

    Expert Comment

    The front end will act as a proxy to the two backend servers using the RPC protocol.  This will allow you to use OWA and RPC over HTTP.   Once a front end server is setup, OWA should be removed from the other two servers.  Then SSL should be setup for the frontend which should have OWA running.
    LVL 24

    Expert Comment

    If you remove OWA (via shut down of IIS or removal of the virtual server from the web server) then the Front-End / Back-end scenario will not work.

    If you stand up server xC and set it up as the front-end (and changed DNS to point to it), and your servers are Exchange 2003 SP1 then you are set.  Leave all the other services be.  If you really want to, you can setup an SMTP connector and your MX records so that mail routes to/from it.  However, that's an entirely different topic.
    LVL 24

    Expert Comment

    ...and definitely setup your SSL on the front-end server.

    Expert Comment

    So should SSL be on xA or xB ?

    Also xA is currently on Exchange 2k3 SP1 while the other two are non SP1, does that matter?

    Accepted Solution

    opps, stand corrected.

    xA and xB are on Exchange2k3 SP1 while xC is witout SP1, installing it now and will let you know

    Author Comment

    Even more stuff... the xC server is Windows 2000 Server, not 2003.. should I be worried?
    LVL 24

    Expert Comment

    Umm, follow Sembee's recommendation to setup xC as an Exchange 2003 front-end.
    Remember, in just about every MSFT document for Exchange, they recommend upgrading the front-end servers first and then the Exchange servers.  Thus, if your back-ends are Exchange 2003 SP1, then the front-end servers should be Exchange 2003 SP1.


    Author Comment

    Alright, 12 days later, we got our new Outlook front-end (called xC) and it is installed with Windows Server 2003 and Exchange 2003 SP1 with the latest updated patches from Windows Update...

    I am following the Microsoft Document "Exchange 2003 Front-End, Back-end Topology" which can be found: but my problem is this.

    Under HTTP Virtual Server (I presume I am suppose to set up one, from the documents, but I could be wrong) with the name titled " (front-end)". Within that properties, I have enabled "Forms based Authentication" , no compression and under General Tab, Advanced, I have 3 entries, "all with Unassigned IP address", TCP port 80. The hostnames are different though: weboutlook, and a (blank) hostname

    My question is, in the Microsoft documentation, it says to put the FQDN, and hostname.. so I am wondering does it want the '/exchange' suffix AND/OR the 'http://' prefix at the beginning of the address or not?

    Thanks in advance,

    Increasing points to 460..

    Author Comment

    Well, apparently, I cannot put in any ":" or "/" so that cancels out that idea.

    I'm stumped on this part of the document, page 54.

    ".... 3.      Click Advanced, and then add host headers that define all the names a client might use to contact this front-end server. ..."

    What hostnames or anything should I be putting in? the machine's name, and what is the FQDN for? Externally?

    Another question:
    "If you know SSL will be used to connect to this front-end server, you may want to configure a specific IP address for the virtual server."

    I have set up SSL, but how do I force it to connect via SSL?

    Author Comment

    Well, I guess the dilemma I am facing is as follows:

    xA is currently the OWA server, so access to the outside is fine. However, I'm puzzled as to what I need to do now, that xA needs to be demoted to being a back-end server, what services, settings etc, need to be taken to get into that state.

    Likewise followup question is what I need to do to xB and xC..


    Author Comment

    Anyone can help?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Want to promote your upcoming event?

    Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

    Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
    Use email signature images to promote corporate certifications and industry awards.
    In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now