cstephen100
asked on
Connecting To Exchange from external VPN Network
Hi,
I will explain my situation and hopefully someone could assist me here as time unfortunatly is a factor.
I have a server running exchange in office 1. All the mailboxes are setup there.
i have another office, office 2. I have a point to point VPN set up between both.
They both want the same email domain and I would like all the mailboxes to be stored in one location i.e office 1.
So I want office 2 to log onto exchange in office 1 using oulook 2003, not outlook web access.
Im wondering what is the best solution for this.
They are on differnt ip range, but are on a vpn. I read something about using RPC over http, but im not sure is that a good option and how exactly to implement it.
I have also a user with a laptop, he connects to both domains. I would like him to receive mail in both locations and i am wondering what is the best route.
Thanks
Stephen
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
Thanks for replys.
Firstly both servers are SBS 2003. Both are setup as "Mydomain.local" so they have same domain prefix.
I can connect both networks i.e map drives etc over VPn and use iis, this by specifying the ip address.
In relation to fruhj, should I be able to connect to exchange as normal.
In relation to Krais do I need to set what you mentioned above onto PC in office 2 connecting to exchge in office 1.
Hope im making sense.
Stephen
Thanks for replys.
Firstly both servers are SBS 2003. Both are setup as "Mydomain.local" so they have same domain prefix.
I can connect both networks i.e map drives etc over VPn and use iis, this by specifying the ip address.
In relation to fruhj, should I be able to connect to exchange as normal.
In relation to Krais do I need to set what you mentioned above onto PC in office 2 connecting to exchge in office 1.
Hope im making sense.
Stephen
Migrate all users onto one domain (joint them to the domain in office 1) and use the DNS server in office 1. Then configure outlook to connect to the exchange in office 1 and switch all the users in office 2 to cached mode.
If you need file or print services in office 2 then build an additional domain controller (server 2003 standard NOT SBS) on the same domain but leave the fsmo roles on the SBS server. You can also create a secondary DNS server on this box if you like to cut down on VPN traffic too.
Have a brew and enjoy a job well done.
If you need file or print services in office 2 then build an additional domain controller (server 2003 standard NOT SBS) on the same domain but leave the fsmo roles on the SBS server. You can also create a secondary DNS server on this box if you like to cut down on VPN traffic too.
Have a brew and enjoy a job well done.
Stephen,
You have a bit of a problem in that you have 2 SBS boxes.
Microsoft Cripples SBS by design to keep Larger companies from buying it as a low cost alternative to Server 2003. In an SBS environment, you can have only one doman, and the SBS box must be the domain controller.
Security in a properly configured Microsoft network is fairly straightforward - a user gets a single logon ID and password and can use that everywhere.
In any setup with 2 SBS boxes that isn't possible. if a user wants access to both servers, they need 2 accounts - one on each.
So the important thing to do right now, is understand the options and the trade offs.
Since you already stated the business problem of email, we'll address that....
ok, firstly, I didn't say it earler but you don't need RPC over http - thats for companies that want to access exchange from outlook from outside the network, and don't want to use a vpn.
Ok if you want to do all the mail on server 1, and have users on server 2, given the additional information you provided in your reply, each server 2 user would need an account on server 1. You would configure outlook on each users machine to point to server 1 for email using 'exchange mode' (not pop3/smtp/imap) Similar to Krais' suggestion, I'd say you'd want to put an entry in server2's DNS so that the clients on office2 can find the IP address of server 1)
For the users who log into the office2 domain, you'll want to specify an extra feature on the outlook setup - on the 'advanced' button under the 'security' tab - I have 'Always prompt for user name and password' - when outlook starts, they'll be prompted for an ID and password, and they can enter the server 1 id/password (Assumed is that they are logged on using the server 2 ID)
ok so thats one way to go about it...
another is to swap out one SBS box for a regular Server 2003 box. That would let all the users from both offices be part of the same domian, and authentication isn't an issue anymore.
you could even go a step farther and add an exchange server in office 2. a step farther from that would be to have both servers be active and deliverable on the internet (your domain would have 2 MX records one each for each server) configured properly, this would give the client redundancy as far as email goes - if one server goes down, the second will answer and hold all inbound mail (though there are much cheaper ways of doing this via 3rd party service so don't make that your primary reason for doing it.)
One last thought - the laptop user - set him up with 2 profiles for mail and have outlook prompt him each time - I have 4 profiles and this works quite well while keeping everything separate (which is desired for me)
And one last, last thought -
If you haven't played with the MS vpn - you owe it to yourself to spend a few hours and do that first.
My home PC is not on any domain, and when I connect to a client via MSVPN, I am automatically logged on to that remote network - during that time, my XP machine at home seemingly has 2 ID's - my local one, and the one on the remote network - I can open email, access files etc.. on the remote machine, without ever being asked for a password.
You might find that the MS VPN opens up a 3rd option for you - it would really depend on your circumstances, but it's worth a look.
You have a bit of a problem in that you have 2 SBS boxes.
Microsoft Cripples SBS by design to keep Larger companies from buying it as a low cost alternative to Server 2003. In an SBS environment, you can have only one doman, and the SBS box must be the domain controller.
Security in a properly configured Microsoft network is fairly straightforward - a user gets a single logon ID and password and can use that everywhere.
In any setup with 2 SBS boxes that isn't possible. if a user wants access to both servers, they need 2 accounts - one on each.
So the important thing to do right now, is understand the options and the trade offs.
Since you already stated the business problem of email, we'll address that....
ok, firstly, I didn't say it earler but you don't need RPC over http - thats for companies that want to access exchange from outlook from outside the network, and don't want to use a vpn.
Ok if you want to do all the mail on server 1, and have users on server 2, given the additional information you provided in your reply, each server 2 user would need an account on server 1. You would configure outlook on each users machine to point to server 1 for email using 'exchange mode' (not pop3/smtp/imap) Similar to Krais' suggestion, I'd say you'd want to put an entry in server2's DNS so that the clients on office2 can find the IP address of server 1)
For the users who log into the office2 domain, you'll want to specify an extra feature on the outlook setup - on the 'advanced' button under the 'security' tab - I have 'Always prompt for user name and password' - when outlook starts, they'll be prompted for an ID and password, and they can enter the server 1 id/password (Assumed is that they are logged on using the server 2 ID)
ok so thats one way to go about it...
another is to swap out one SBS box for a regular Server 2003 box. That would let all the users from both offices be part of the same domian, and authentication isn't an issue anymore.
you could even go a step farther and add an exchange server in office 2. a step farther from that would be to have both servers be active and deliverable on the internet (your domain would have 2 MX records one each for each server) configured properly, this would give the client redundancy as far as email goes - if one server goes down, the second will answer and hold all inbound mail (though there are much cheaper ways of doing this via 3rd party service so don't make that your primary reason for doing it.)
One last thought - the laptop user - set him up with 2 profiles for mail and have outlook prompt him each time - I have 4 profiles and this works quite well while keeping everything separate (which is desired for me)
And one last, last thought -
If you haven't played with the MS vpn - you owe it to yourself to spend a few hours and do that first.
My home PC is not on any domain, and when I connect to a client via MSVPN, I am automatically logged on to that remote network - during that time, my XP machine at home seemingly has 2 ID's - my local one, and the one on the remote network - I can open email, access files etc.. on the remote machine, without ever being asked for a password.
You might find that the MS VPN opens up a 3rd option for you - it would really depend on your circumstances, but it's worth a look.
ASKER
Hi
Thanks for help,
In relation to adding name to dns on server2, do I simply just go into dns manager and add ip for server 1, or do I create a dns zone?
Thanks
Stephen
Thanks for help,
In relation to adding name to dns on server2, do I simply just go into dns manager and add ip for server 1, or do I create a dns zone?
Thanks
Stephen
If it is a different domain then you need to create a new zone for that domain.
192.168.1.x mailserver