perinmike
asked on
Connecting Remote Servers in the same Exchange Forest
I currently have 3 Exchange Servers in my organization. There is one main server (the first exchange server in the forest) here at our headquarters. I then have 2 remote servers at different locations. We use pix firewalls for security. The way we have our firewalls configured - each of the remote servers can contact our headquarters server but they cannot contact each other. Our server at our headquarters can contact both servers. Since the 2 remote servers cannot contact each other directly, they are unable to send mail to each other.
What I would like to do is configure our main server at our headquarters to act as a bridgehead server to our remote locations. I tried this by creating 3 seperate routing groups each with one server. However I was unable to succesfully configure the 2 remote locations to talk to each other. I used the routing group connector and tried to link the 2 sites. However, when I select the routing group that one of the remote hosts is on - it only allows me to select that remote server as a remote bridgehead - not the server at our headquarters. Since the two remote servers do not have access to each other this does not work. Please explain to me how to connect everything. Do I just need to use the SMTP connector instead?
What I would like to do is configure our main server at our headquarters to act as a bridgehead server to our remote locations. I tried this by creating 3 seperate routing groups each with one server. However I was unable to succesfully configure the 2 remote locations to talk to each other. I used the routing group connector and tried to link the 2 sites. However, when I select the routing group that one of the remote hosts is on - it only allows me to select that remote server as a remote bridgehead - not the server at our headquarters. Since the two remote servers do not have access to each other this does not work. Please explain to me how to connect everything. Do I just need to use the SMTP connector instead?
ASKER
OK,
This is what I had orignally minus the SMTP connector. Two quick questions about setting up these routing groups. When I setup these Routing Groups I setup the Remote Bridgehead as HQRG right? Does that mean that all email from Site1RG and Site2RG flows via the RGC to HQRG or is it just email between these sites that flow via the RGC's? Second question - Since HQRG does have connectivity to both Site1RG and Site2RG why can't it directly send email between Site1RG and Site2RG using its setup VPN connection? Last, if I do indeed need to setup the SMTP connector to send routed email to the internet - can you let me know how to do so? Thanks so much for the help and the quick response!
This is what I had orignally minus the SMTP connector. Two quick questions about setting up these routing groups. When I setup these Routing Groups I setup the Remote Bridgehead as HQRG right? Does that mean that all email from Site1RG and Site2RG flows via the RGC to HQRG or is it just email between these sites that flow via the RGC's? Second question - Since HQRG does have connectivity to both Site1RG and Site2RG why can't it directly send email between Site1RG and Site2RG using its setup VPN connection? Last, if I do indeed need to setup the SMTP connector to send routed email to the internet - can you let me know how to do so? Thanks so much for the help and the quick response!
ASKER
Update - Tonight I have tried what you said but am obviously doing something wrong. I setup the RGC's from site to site. However when I try to email a user in Site2RG from Site1RG it never leaves Site1RG. It shows up held in the queue "messages with an unreachable destination." I would think if the RGC's were setup and working correctley the message should show held, if anywhere, in the HQRG queue. Let me know what you think. Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
...and, if you have an LST/LSA problem you have two choices:
1) Shut down all Exchange servers and then boot them back up.
2) Obtain the remonitor.exe tool from Microsoft PSS and use it to scrub the Link State Table.
1) Shut down all Exchange servers and then boot them back up.
2) Obtain the remonitor.exe tool from Microsoft PSS and use it to scrub the Link State Table.
I have a question about your network configuration.
Do you have a Site-to-Site VPN connection between the remote sites and the central site?
If the answer is yes, is there a compelling reason not to configure a Site-to-Site VPN connection between the two remote sites or configure the central PIX as a Multipoint VPN Hub and Spoke for the remote sites.
Dean
Do you have a Site-to-Site VPN connection between the remote sites and the central site?
If the answer is yes, is there a compelling reason not to configure a Site-to-Site VPN connection between the two remote sites or configure the central PIX as a Multipoint VPN Hub and Spoke for the remote sites.
Dean
ASKER
NetoMeter,
Thanks for the question. Yeah, our security policies prevent remote sites from having VPN connection to each other. That one comes from above me, so unfortunatley I can't do that. I am going to try flyguybob's suggestions later today and will post an update. Thanks again for the responses.
Thanks for the question. Yeah, our security policies prevent remote sites from having VPN connection to each other. That one comes from above me, so unfortunatley I can't do that. I am going to try flyguybob's suggestions later today and will post an update. Thanks again for the responses.
ASKER
flyguybob,
Yeah.... found a bunch of object not founds. Probably important thing to mention now that I didn't before was there was an Exchange Domain Server setup that someone uninstalled unsuccesfully. This has been a huge problem. Had to use an AD tool to clean it out. Until now, I thought that server not being deleted correctly was finally out of the way. Have a feeling some of these errors are from that server? I'm going to be working on this over the weekend so I will have a lot more info then. Thanks again for the help.
Yeah.... found a bunch of object not founds. Probably important thing to mention now that I didn't before was there was an Exchange Domain Server setup that someone uninstalled unsuccesfully. This has been a huge problem. Had to use an AD tool to clean it out. Until now, I thought that server not being deleted correctly was finally out of the way. Have a feeling some of these errors are from that server? I'm going to be working on this over the weekend so I will have a lot more info then. Thanks again for the help.
Take a look at KB82293
http://support.microsoft.com/kb/822931
You may be able to "seize" some of those roles, such as the OAB, RUS, routing group master, etc. You may have to rebuild the system folders.
http://support.microsoft.com/kb/822931
You may be able to "seize" some of those roles, such as the OAB, RUS, routing group master, etc. You may have to rebuild the system folders.
ASKER
OK -
Got it figured out. Thanks for the latest article flyguybob - but I had already done those steps and I would find out later this was not the problem. What I did was restart all the servers and the no object found errors cleared up. I then used WinRoute to find that they had the same version information. I sent an email from one remote site to the other successfully. However I found that the version information would change quickly but then not update on the other servers - then I couldn't send email between sites anymore.
Looked into this and found it was from the Mailguard funtion being turned on, on our pix firewalls. According to Microsoft this needs to be turned off. Turned it off and right away the version's updated. Appreciate all your help! Attached is the article from Microsoft on the Mailguard protocol needing to be off in case anyone else needs to reference it.
http://support.microsoft.com/kb/320027/
Got it figured out. Thanks for the latest article flyguybob - but I had already done those steps and I would find out later this was not the problem. What I did was restart all the servers and the no object found errors cleared up. I then used WinRoute to find that they had the same version information. I sent an email from one remote site to the other successfully. However I found that the version information would change quickly but then not update on the other servers - then I couldn't send email between sites anymore.
Looked into this and found it was from the Mailguard funtion being turned on, on our pix firewalls. According to Microsoft this needs to be turned off. Turned it off and right away the version's updated. Appreciate all your help! Attached is the article from Microsoft on the Mailguard protocol needing to be off in case anyone else needs to reference it.
http://support.microsoft.com/kb/320027/
Doh!
Good catch on the mailguard issues. We had that between one of our sites and one of our other sites. It does not like ESMTP, that is certain. Link state information is Port 691 in the existing site and port 25 (SMTP message) between sites (routing groups).
Thanks,
Bob
Good catch on the mailguard issues. We had that between one of our sites and one of our other sites. It does not like ESMTP, that is certain. Link state information is Port 691 in the existing site and port 25 (SMTP message) between sites (routing groups).
Thanks,
Bob
cn you please expand on how to make the connector, It seems complicated can I please have it in laymens
I don't monitor EE anymore and this post is 4 months late. You likely figured it out or found an IT pro to assist.
http://support.microsoft.com/kb/822929
There is no such thing as laymen's terms in IT, unfortunately, BUT there are how to guides. It's easy to tell someone that their AC compressor grenaded internally but when you tell them about the impeller shedding a blade, and the impeller is the pump that moves the freon, people's eyes glaze over.
http://support.microsoft.com/kb/822929
There is no such thing as laymen's terms in IT, unfortunately, BUT there are how to guides. It's easy to tell someone that their AC compressor grenaded internally but when you tell them about the impeller shedding a blade, and the impeller is the pump that moves the freon, people's eyes glaze over.
You will have to create an RGC as follows
RGC HQRG to Site1RG
RGC HQRG to Site2RG
RGC Site1RG to HQRG
RGC Site2RG to HQRG
SMTP Connector HQRG to Internet
Since there is not RPC connectivity between sites, you will want to disable public folder referrals (the little checkbox at the bottom).
So, if Site1 needs to get a message to Site2, it will go
Site1 --> HQRG --> Site2