Solved

Connecting To Exchange from external VPN Network

Posted on 2006-06-14
7
221 Views
Last Modified: 2010-03-06

Hi,

  I will explain my situation and hopefully someone could assist me here as time unfortunatly is a factor.

I have a server running exchange in office 1.  All the mailboxes are setup there.
i have another office, office 2.  I have a point to point VPN set up between both.

They both want the same email domain and I would like all the mailboxes to be stored in one location i.e office 1.
So I want office 2 to log onto exchange in office 1 using oulook 2003, not outlook web access.

Im wondering what is the best solution for this.

They are on differnt ip range, but are on a vpn. I read something about using RPC over http, but im not sure is that a good option and how exactly to implement it.

I have also a user with a laptop, he connects to both domains.  I would like him to receive mail in both locations and i am wondering what is the best route.

Thanks
Stephen

0
Comment
Question by:cstephen100
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 12

Accepted Solution

by:
fruhj earned 500 total points
ID: 16906914
Your question raises some questions....

The short answer is, with a vpn between offices, anyone in office 2 should be able to access the exchange server in office 1, from outlook - if they cannot, then you have a network setup issue, not an exchange issue.

the questions raised are around your laptop user statement, and the mention of 'both domains'
If all the mail is in office 1, then there would not be another location with a mail server.
The other question is regarding domains - if you have 2 different domians, you'll want to create a trust relationship or arrange Active directory in such a way that both servers can use the same user database. (otherwise, users in office 2 will need to enter a user id and password from office 1 to get mail)
Lastly, if both offices have windows Small business Server, then those two need to be treated separately - SBS cannot take a seconday role in a domain so you can't join one to the other)

hope this helps.
0
 
LVL 2

Expert Comment

by:krais99
ID: 16907149
You may also need to add entries into the HOSTS file on the local PC's at Office 2.  While the traffic should flow easily across the VPN, the DNS resolution of the mail server is a different story.  To do this, assuming it's Windows 2000/XP, go to C:\Windows\System32\Drivers\ETC and open the HOSTS file in that directory then add an entry for the mail server:

192.168.1.x     mailserver
0
 

Author Comment

by:cstephen100
ID: 16907413
Hi
Thanks for replys.

Firstly both servers are SBS 2003.  Both are setup as "Mydomain.local" so they have same domain prefix.
I can connect both networks i.e map drives etc over VPn and use iis, this by specifying the ip address.
In relation to  fruhj, should I be able to connect to exchange as normal.
In relation to Krais do I need to set what you mentioned above onto PC in office 2 connecting to exchge in office 1.
Hope im making sense.
Stephen
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 5

Expert Comment

by:simonpainter
ID: 16907945
Migrate all users onto one domain (joint them to the domain in office 1) and use the DNS server in office 1. Then configure outlook to connect to the exchange in office 1 and switch all the users in office 2 to cached mode.

If you need file or print services in office 2 then build an additional domain controller (server 2003 standard NOT SBS) on the same domain but leave the fsmo roles on the SBS server. You can also create a secondary DNS server on this box if you like to cut down on VPN traffic too.

Have a brew and enjoy a job well done.
0
 
LVL 12

Expert Comment

by:fruhj
ID: 16908791
Stephen,

  You have a bit of a problem in that you have 2 SBS boxes.
  Microsoft Cripples SBS by design to keep Larger companies from buying it as a low cost alternative to Server 2003. In an SBS environment, you can have only one doman, and the SBS box must be the domain controller.  

  Security in a properly configured Microsoft network is fairly straightforward - a user gets a single logon ID and password and can use that everywhere.

  In any setup with 2 SBS boxes that isn't possible. if a user wants access to both servers, they need 2 accounts - one on each.

   So the important thing to do right now, is understand the options and the trade offs.

   Since you already stated the business problem of email, we'll address that....

   ok, firstly, I didn't say it earler but you don't need RPC over http - thats for companies that want to access exchange from outlook from outside the network, and don't want to use a vpn.

   Ok if you want to do all the mail on server 1, and have users on server 2, given the additional information you provided in your reply, each server 2 user would need an account on server 1. You would configure outlook on each users machine to point to server 1 for email using 'exchange mode' (not pop3/smtp/imap)  Similar to Krais' suggestion, I'd say you'd want to put an entry in server2's DNS so that the clients on office2 can find the IP address of server 1)

  For the users who log into the office2 domain, you'll want to specify an extra feature on the outlook setup - on the 'advanced' button under the 'security' tab - I have 'Always prompt for user name and password'  - when outlook starts, they'll be prompted for an ID and password, and they can enter the server 1 id/password (Assumed is that they are logged on using the server 2 ID)

  ok so thats one way to go about it...
 
  another is to swap out one SBS box for a regular Server 2003 box. That would let all the users from both offices be part of the same domian, and authentication isn't an issue anymore.
you could even go a step farther and add an exchange server in office 2. a step farther from that would be to have both servers be active and deliverable on the internet (your domain would have 2 MX records one each for each server) configured properly, this would give the client redundancy as far as email goes - if one server goes down, the second will answer and hold all inbound mail (though there are much cheaper ways of doing this via 3rd party service so don't make that your primary reason for doing it.)

One last thought - the laptop user - set him up with 2 profiles for mail and have outlook prompt him each time - I have 4 profiles and this works quite well while keeping everything separate (which is desired for me)

And one last, last thought -
  If you haven't played with the MS vpn - you owe it to yourself to spend a few hours and do that first.
  My home PC is not on any domain, and when I connect to a client via MSVPN, I am automatically logged on to that remote network - during that time, my XP machine at home seemingly has 2 ID's - my local one, and the one on the remote network - I can open email, access files etc.. on the remote machine, without ever being asked for a password.
  You might find that the MS VPN opens up a 3rd option for you - it would really depend on your circumstances, but it's worth a look.
0
 

Author Comment

by:cstephen100
ID: 16909428
Hi
Thanks for help,

In relation to adding name to dns on server2, do I simply just go into dns manager and add ip for server 1, or do I create a dns zone?
Thanks
Stephen
0
 
LVL 5

Expert Comment

by:simonpainter
ID: 16909880
If it is a different domain then you need to create a new zone for that domain.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now