[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Cannot connect to user mailbox using RPC over HTTPS

Posted on 2006-10-29
5
Medium Priority
?
261 Views
Last Modified: 2010-03-06
Hi; in our organization we have 3 Exchange Servers BE1, BE2 & BE3 in 3 different locations A, B & C respectively, all of these locations are interconnected to each other through WAN links, also we have 1 Exchange Server RE1 acting as an RPC over HTTPS server in location A placed inside a DMZ, this server has a public IP Address & is accesible over the internet. We can connect from the server RE1 to all of the BE1, BE2 & BE3 server over http & https.

Now when we configure a client computer to connect through the internet to the RE1 server over the internet for email access, it works only for the users having mailboxes hosted on the BE1 exchange server, but when we configure RPC over HTTPS for a user who is having his mailbox on BE2 or BE3 server, it gives an error that the Exchange Server is not available.

ANY HELP .....?
0
Comment
Question by:hanisaif
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17829214
Almost certainly the problem is having the frontend server in the DMZ. Frontend servers do not belong in the DMZ. You should not have any firewalls between the Exchange servers. I would suggest that you move the frontend server on the production domain where it belongs.

If you don't want to expose the Exchange servers to the internet, deploy an ISA server.

This is not a problem with Exchange, but a problem with the topology of a DMZ and firewalls. When you are opening a port on a firewall you should be restricting that port to either an IP address or a subnet. If the servers are on different subnets then you cannot restrict that port down in that way. Therefore it can only communicate with one of the Exchange servers.
Bring the server inside and the only port that you need to open is 443.

Simon.
0
 

Author Comment

by:hanisaif
ID: 17905493
How about if we have the IP communication opened for these other subnets over the firewall. Would that help; only IP not TCP not UDP & by doing this what are the things that we are putting to risk.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 17908073
Whatever you do will be a fudge.
Exchange is not designed to be separated from users or other Exchange servers by a firewall. Once you accept that fact and design the site accordingly, your life will be much easier.
Whatever you consider the "benefits" of having an Exchange server in the DMZ, they will not be providing those benefits that you think they are. I have had many security consultants come to me and tell me to put the Exchange server in the DMZ, but when I ask them why, they cannot come up with a good reason to do so.
I blogged on why it was a bad idea here: http://www.sembee.co.uk/archive/2006/02/23/Exchange-in-a-DMZ.aspx

You are going to go round in circles until one of two things happen...

1. You bring the Exchange servers inside the firewall.
2. You have the firewall open so much that it is effectively useless.

Simon.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question