Solved

Cannot connect to user mailbox using RPC over HTTPS

Posted on 2006-10-29
5
240 Views
Last Modified: 2010-03-06
Hi; in our organization we have 3 Exchange Servers BE1, BE2 & BE3 in 3 different locations A, B & C respectively, all of these locations are interconnected to each other through WAN links, also we have 1 Exchange Server RE1 acting as an RPC over HTTPS server in location A placed inside a DMZ, this server has a public IP Address & is accesible over the internet. We can connect from the server RE1 to all of the BE1, BE2 & BE3 server over http & https.

Now when we configure a client computer to connect through the internet to the RE1 server over the internet for email access, it works only for the users having mailboxes hosted on the BE1 exchange server, but when we configure RPC over HTTPS for a user who is having his mailbox on BE2 or BE3 server, it gives an error that the Exchange Server is not available.

ANY HELP .....?
0
Comment
Question by:hanisaif
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17829214
Almost certainly the problem is having the frontend server in the DMZ. Frontend servers do not belong in the DMZ. You should not have any firewalls between the Exchange servers. I would suggest that you move the frontend server on the production domain where it belongs.

If you don't want to expose the Exchange servers to the internet, deploy an ISA server.

This is not a problem with Exchange, but a problem with the topology of a DMZ and firewalls. When you are opening a port on a firewall you should be restricting that port to either an IP address or a subnet. If the servers are on different subnets then you cannot restrict that port down in that way. Therefore it can only communicate with one of the Exchange servers.
Bring the server inside and the only port that you need to open is 443.

Simon.
0
 

Author Comment

by:hanisaif
ID: 17905493
How about if we have the IP communication opened for these other subnets over the firewall. Would that help; only IP not TCP not UDP & by doing this what are the things that we are putting to risk.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 17908073
Whatever you do will be a fudge.
Exchange is not designed to be separated from users or other Exchange servers by a firewall. Once you accept that fact and design the site accordingly, your life will be much easier.
Whatever you consider the "benefits" of having an Exchange server in the DMZ, they will not be providing those benefits that you think they are. I have had many security consultants come to me and tell me to put the Exchange server in the DMZ, but when I ask them why, they cannot come up with a good reason to do so.
I blogged on why it was a bad idea here: http://www.sembee.co.uk/archive/2006/02/23/Exchange-in-a-DMZ.aspx

You are going to go round in circles until one of two things happen...

1. You bring the Exchange servers inside the firewall.
2. You have the firewall open so much that it is effectively useless.

Simon.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question