kitkit201
asked on
OWA 2003 Access denied from outside the network (part 2)
Read the first post here: https://www.experts-exchange.com/questions/21311661/OWA-2003-Access-denied-from-outside-the-network.html
Quick background of what has happened:
PROBLEM:
* Two servers, xA and xB. (both w2k3 server + exchange2k3 std)
* xA is the OWA server and users on xA has access to OWA outside the network.
* xB is a secondary exchange server which uses xA as the incoming exchange server. Mailbox users on xB cannot access OWA because outlook.mail.com redirects them to an internal website xB.ADdomain.org
Temporary SOLUTION:
* Sembee recommended that I put up a Exchange 2003 Front End, xC, server and leave the xA and xB as the backends.
-=-=-=-=-=-
WHAT I HAVE DONE SO FAR:
* Installed the Front End server clicking the front-end checkbox.
* Redirected firewall to look at xC server.
NEW PROBLEMS:
* How do I set this up correctly?
* Do I have to disable any services on the existing servers?
* What should be the correct configurations on the servers so both xA and xB users will have access to emails outside the network?
Thanks in advnace. Putting all my points that I have available.
K
Quick background of what has happened:
PROBLEM:
* Two servers, xA and xB. (both w2k3 server + exchange2k3 std)
* xA is the OWA server and users on xA has access to OWA outside the network.
* xB is a secondary exchange server which uses xA as the incoming exchange server. Mailbox users on xB cannot access OWA because outlook.mail.com redirects them to an internal website xB.ADdomain.org
Temporary SOLUTION:
* Sembee recommended that I put up a Exchange 2003 Front End, xC, server and leave the xA and xB as the backends.
-=-=-=-=-=-
WHAT I HAVE DONE SO FAR:
* Installed the Front End server clicking the front-end checkbox.
* Redirected firewall to look at xC server.
NEW PROBLEMS:
* How do I set this up correctly?
* Do I have to disable any services on the existing servers?
* What should be the correct configurations on the servers so both xA and xB users will have access to emails outside the network?
Thanks in advnace. Putting all my points that I have available.
K
If you remove OWA (via shut down of IIS or removal of the virtual server from the web server) then the Front-End / Back-end scenario will not work.
If you stand up server xC and set it up as the front-end (and changed DNS to point to it), and your servers are Exchange 2003 SP1 then you are set. Leave all the other services be. If you really want to, you can setup an SMTP connector and your MX records so that mail routes to/from it. However, that's an entirely different topic.
If you stand up server xC and set it up as the front-end (and changed DNS to point to it), and your servers are Exchange 2003 SP1 then you are set. Leave all the other services be. If you really want to, you can setup an SMTP connector and your MX records so that mail routes to/from it. However, that's an entirely different topic.
...and definitely setup your SSL on the front-end server.
So should SSL be on xA or xB ?
Also xA is currently on Exchange 2k3 SP1 while the other two are non SP1, does that matter?
Also xA is currently on Exchange 2k3 SP1 while the other two are non SP1, does that matter?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Even more stuff... the xC server is Windows 2000 Server, not 2003.. should I be worried?
Umm, follow Sembee's recommendation to setup xC as an Exchange 2003 front-end.
Remember, in just about every MSFT document for Exchange, they recommend upgrading the front-end servers first and then the Exchange servers. Thus, if your back-ends are Exchange 2003 SP1, then the front-end servers should be Exchange 2003 SP1.
Bob
Remember, in just about every MSFT document for Exchange, they recommend upgrading the front-end servers first and then the Exchange servers. Thus, if your back-ends are Exchange 2003 SP1, then the front-end servers should be Exchange 2003 SP1.
Bob
ASKER
Alright, 12 days later, we got our new Outlook front-end (called xC) and it is installed with Windows Server 2003 and Exchange 2003 SP1 with the latest updated patches from Windows Update...
I am following the Microsoft Document "Exchange 2003 Front-End, Back-end Topology" which can be found: http://www.microsoft.com/downloads/details.aspx?FamilyID=E64666FC-42B7-48A1-AB85-3C8327D77B70&displaylang=en but my problem is this.
Under HTTP Virtual Server (I presume I am suppose to set up one, from the documents, but I could be wrong) with the name titled "bohoho.com (front-end)". Within that properties, I have enabled "Forms based Authentication" , no compression and under General Tab, Advanced, I have 3 entries, "all with Unassigned IP address", TCP port 80. The hostnames are different though: weboutlook, weboutlook.bohoho.com and a (blank) hostname
My question is, in the Microsoft documentation, it says to put the FQDN, and hostname.. so I am wondering does it want the '/exchange' suffix AND/OR the 'http://' prefix at the beginning of the weboutlook.bohoho.com address or not?
Thanks in advance,
Increasing points to 460..
I am following the Microsoft Document "Exchange 2003 Front-End, Back-end Topology" which can be found: http://www.microsoft.com/downloads/details.aspx?FamilyID=E64666FC-42B7-48A1-AB85-3C8327D77B70&displaylang=en but my problem is this.
Under HTTP Virtual Server (I presume I am suppose to set up one, from the documents, but I could be wrong) with the name titled "bohoho.com (front-end)". Within that properties, I have enabled "Forms based Authentication" , no compression and under General Tab, Advanced, I have 3 entries, "all with Unassigned IP address", TCP port 80. The hostnames are different though: weboutlook, weboutlook.bohoho.com and a (blank) hostname
My question is, in the Microsoft documentation, it says to put the FQDN, and hostname.. so I am wondering does it want the '/exchange' suffix AND/OR the 'http://' prefix at the beginning of the weboutlook.bohoho.com address or not?
Thanks in advance,
Increasing points to 460..
ASKER
Well, apparently, I cannot put in any ":" or "/" so that cancels out that idea.
I'm stumped on this part of the document, page 54.
".... 3. Click Advanced, and then add host headers that define all the names a client might use to contact this front-end server. ..."
What hostnames or anything should I be putting in? the machine's name, and what is the FQDN for? Externally?
Another question:
"If you know SSL will be used to connect to this front-end server, you may want to configure a specific IP address for the virtual server."
I have set up SSL, but how do I force it to connect via SSL?
I'm stumped on this part of the document, page 54.
".... 3. Click Advanced, and then add host headers that define all the names a client might use to contact this front-end server. ..."
What hostnames or anything should I be putting in? the machine's name, and what is the FQDN for? Externally?
Another question:
"If you know SSL will be used to connect to this front-end server, you may want to configure a specific IP address for the virtual server."
I have set up SSL, but how do I force it to connect via SSL?
ASKER
Well, I guess the dilemma I am facing is as follows:
xA is currently the OWA server, so access to the outside is fine. However, I'm puzzled as to what I need to do now, that xA needs to be demoted to being a back-end server, what services, settings etc, need to be taken to get into that state.
Likewise followup question is what I need to do to xB and xC..
Thanks!
xA is currently the OWA server, so access to the outside is fine. However, I'm puzzled as to what I need to do now, that xA needs to be demoted to being a back-end server, what services, settings etc, need to be taken to get into that state.
Likewise followup question is what I need to do to xB and xC..
Thanks!
ASKER
Anyone can help?
http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
http://www.msexchange.org/tutorials/Exchange-2003-Http-Access-Part2.html