Exchange Server 2003 Front End Back Ende

Posted on 2009-04-19
Last Modified: 2012-05-06
Hello Everyone,

I want to configure an exchange 2003 front end back end. At the moment we only have one exchange installed on a windows server 2003 member server. Exchange server 2003 as SP2 and the Windows server as also SP2.

So as you can see in our small company there is only one exchange. How I need to proceed to create a front end back end?

I think I just need to install another exchange in another server and on the old exchange choose the option to use it only as back end.

Of course I am not sure about this never did it before. Any Idea?

I good guide line on step by step will help a lot.

Question by:daveviolante
    LVL 5

    Assisted Solution

    Attaching here a friendly share of the book
    "Front-End and Back-End Server Topology Guide for Microsoft Exchange Server 2003 and Exchange 2000 Server"
    LVL 3

    Expert Comment


    I am provoding you some more information.

    Front-End and Back-End Topology Checklist

    How to Designate a Front-End Server

    Front-End and Back-End Topology Troubleshooting.

    hope this help you.

    LVL 58

    Assisted Solution


    If you only have one back-end mailbox server, why do you need a front-end server? It will do nothing which the back-end cannot do. An FE/BE scenario is only required when you have multiple Back-End Servers and need a single connection point for OWA or RPC over HTTPS.


    Author Comment

    Thanks all for the links that shows how to configure the front end back end.

    Regarding the issue why create a front end back end is indeed related to the fact that more users about 200 more then now will access the outlook from the web. I was thinking to create another back end server for the total of 2 back end server and one front end server.

    The other reason is that the front end server should be isoleted from the permeter network where all the other server are located, this for security reason. I will aslo put the front end out of the DMZ but behind another firewall for security reason.
    LVL 8

    Assisted Solution

    In you're scenario, a FE-BE solution is required.

    If you're placing your FE on the DMZ, does that mean that you have a server on the DMZ that is hosting VMs (ESX, Hyper-V, Xen) or do you have an extra NIC on your VM host that is connected to your DMZ and that you're dedicating that NIC to your FE? I take it you don't have a physical server to use as a dedicated FE?

    LVL 58

    Expert Comment


    An FE/BE is NOT required, it's just nice to have one. You can suffice in having two back-end servers, it just adds a little complexity.

    There is no reason to place any form of Exchange Server into the DMZ. Anyone who informs you that any form of domain-joined machine or Exchange Server in the DMZ is 'safe' or 'secure' is misinformed. The DMZ is the worst location for any domain-joined machine, and no matter how much Microsoft try to say Exchange in a DMZ is a good idea, it is not. Place all Exchange servers on the internal network and open the appropriate ports (ports 25 and 443) directly to the server.

    LVL 8

    Accepted Solution

    With 1 FE and 2 BEs, that's 3 Exchange licenses. You can use Exchange Standard for the FE, but you may want to consider Exchange Enterprise for your backends if you're looking to store more than 75GB per BE (after installing SP2 and hacking the registry).

    FE on the DMZ or in the internal network are supported scenarios with documentation that deal with each.

    Have you considered going to Exchange 2007? For your company size, you'll can use the Standard edition to serve all your needs.
    LVL 58

    Assisted Solution


    A Front-End in a DMZ may be SUPPORTED, but it is by no means RECOMMENDED or SECURE. In fact, it is one of the most insecure configurations you can subject your network to.

    Rather than simply opening 2 ports directly to the Exchange Server on the LAN, you must instead open a multitude of Active Directory ports between DMZ and the LAN for Domain Controller communication; if the DMZ is compromised, an attacker now has free access to Active Directory and possibly other resources on the main network.


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    Easy CSR creation in Exchange 2007,2010 and 2013
    This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now