Connecting To Exchange from external VPN Network


  I will explain my situation and hopefully someone could assist me here as time unfortunatly is a factor.

I have a server running exchange in office 1.  All the mailboxes are setup there.
i have another office, office 2.  I have a point to point VPN set up between both.

They both want the same email domain and I would like all the mailboxes to be stored in one location i.e office 1.
So I want office 2 to log onto exchange in office 1 using oulook 2003, not outlook web access.

Im wondering what is the best solution for this.

They are on differnt ip range, but are on a vpn. I read something about using RPC over http, but im not sure is that a good option and how exactly to implement it.

I have also a user with a laptop, he connects to both domains.  I would like him to receive mail in both locations and i am wondering what is the best route.


Who is Participating?

Improve company productivity with a Business Account.Sign Up

fruhjConnect With a Mentor Commented:
Your question raises some questions....

The short answer is, with a vpn between offices, anyone in office 2 should be able to access the exchange server in office 1, from outlook - if they cannot, then you have a network setup issue, not an exchange issue.

the questions raised are around your laptop user statement, and the mention of 'both domains'
If all the mail is in office 1, then there would not be another location with a mail server.
The other question is regarding domains - if you have 2 different domians, you'll want to create a trust relationship or arrange Active directory in such a way that both servers can use the same user database. (otherwise, users in office 2 will need to enter a user id and password from office 1 to get mail)
Lastly, if both offices have windows Small business Server, then those two need to be treated separately - SBS cannot take a seconday role in a domain so you can't join one to the other)

hope this helps.
You may also need to add entries into the HOSTS file on the local PC's at Office 2.  While the traffic should flow easily across the VPN, the DNS resolution of the mail server is a different story.  To do this, assuming it's Windows 2000/XP, go to C:\Windows\System32\Drivers\ETC and open the HOSTS file in that directory then add an entry for the mail server:

192.168.1.x     mailserver
cstephen100Author Commented:
Thanks for replys.

Firstly both servers are SBS 2003.  Both are setup as "Mydomain.local" so they have same domain prefix.
I can connect both networks i.e map drives etc over VPn and use iis, this by specifying the ip address.
In relation to  fruhj, should I be able to connect to exchange as normal.
In relation to Krais do I need to set what you mentioned above onto PC in office 2 connecting to exchge in office 1.
Hope im making sense.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Migrate all users onto one domain (joint them to the domain in office 1) and use the DNS server in office 1. Then configure outlook to connect to the exchange in office 1 and switch all the users in office 2 to cached mode.

If you need file or print services in office 2 then build an additional domain controller (server 2003 standard NOT SBS) on the same domain but leave the fsmo roles on the SBS server. You can also create a secondary DNS server on this box if you like to cut down on VPN traffic too.

Have a brew and enjoy a job well done.

  You have a bit of a problem in that you have 2 SBS boxes.
  Microsoft Cripples SBS by design to keep Larger companies from buying it as a low cost alternative to Server 2003. In an SBS environment, you can have only one doman, and the SBS box must be the domain controller.  

  Security in a properly configured Microsoft network is fairly straightforward - a user gets a single logon ID and password and can use that everywhere.

  In any setup with 2 SBS boxes that isn't possible. if a user wants access to both servers, they need 2 accounts - one on each.

   So the important thing to do right now, is understand the options and the trade offs.

   Since you already stated the business problem of email, we'll address that....

   ok, firstly, I didn't say it earler but you don't need RPC over http - thats for companies that want to access exchange from outlook from outside the network, and don't want to use a vpn.

   Ok if you want to do all the mail on server 1, and have users on server 2, given the additional information you provided in your reply, each server 2 user would need an account on server 1. You would configure outlook on each users machine to point to server 1 for email using 'exchange mode' (not pop3/smtp/imap)  Similar to Krais' suggestion, I'd say you'd want to put an entry in server2's DNS so that the clients on office2 can find the IP address of server 1)

  For the users who log into the office2 domain, you'll want to specify an extra feature on the outlook setup - on the 'advanced' button under the 'security' tab - I have 'Always prompt for user name and password'  - when outlook starts, they'll be prompted for an ID and password, and they can enter the server 1 id/password (Assumed is that they are logged on using the server 2 ID)

  ok so thats one way to go about it...
  another is to swap out one SBS box for a regular Server 2003 box. That would let all the users from both offices be part of the same domian, and authentication isn't an issue anymore.
you could even go a step farther and add an exchange server in office 2. a step farther from that would be to have both servers be active and deliverable on the internet (your domain would have 2 MX records one each for each server) configured properly, this would give the client redundancy as far as email goes - if one server goes down, the second will answer and hold all inbound mail (though there are much cheaper ways of doing this via 3rd party service so don't make that your primary reason for doing it.)

One last thought - the laptop user - set him up with 2 profiles for mail and have outlook prompt him each time - I have 4 profiles and this works quite well while keeping everything separate (which is desired for me)

And one last, last thought -
  If you haven't played with the MS vpn - you owe it to yourself to spend a few hours and do that first.
  My home PC is not on any domain, and when I connect to a client via MSVPN, I am automatically logged on to that remote network - during that time, my XP machine at home seemingly has 2 ID's - my local one, and the one on the remote network - I can open email, access files etc.. on the remote machine, without ever being asked for a password.
  You might find that the MS VPN opens up a 3rd option for you - it would really depend on your circumstances, but it's worth a look.
cstephen100Author Commented:
Thanks for help,

In relation to adding name to dns on server2, do I simply just go into dns manager and add ip for server 1, or do I create a dns zone?
If it is a different domain then you need to create a new zone for that domain.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.