[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Exchange Server 2003 Front End Back Ende

Posted on 2009-04-19
Medium Priority
Last Modified: 2012-05-06
Hello Everyone,

I want to configure an exchange 2003 front end back end. At the moment we only have one exchange installed on a windows server 2003 member server. Exchange server 2003 as SP2 and the Windows server as also SP2.

So as you can see in our small company there is only one exchange. How I need to proceed to create a front end back end?

I think I just need to install another exchange in another server and on the old exchange choose the option to use it only as back end.

Of course I am not sure about this never did it before. Any Idea?

I good guide line on step by step will help a lot.

Question by:daveviolante

Assisted Solution

mfhorizon earned 400 total points
ID: 24178230
Attaching here a friendly share of the book
"Front-End and Back-End Server Topology Guide for Microsoft Exchange Server 2003 and Exchange 2000 Server"

Expert Comment

ID: 24178304

I am provoding you some more information.

Front-End and Back-End Topology Checklist

How to Designate a Front-End Server

Front-End and Back-End Topology Troubleshooting.

hope this help you.

LVL 58

Assisted Solution

tigermatt earned 800 total points
ID: 24178400

If you only have one back-end mailbox server, why do you need a front-end server? It will do nothing which the back-end cannot do. An FE/BE scenario is only required when you have multiple Back-End Servers and need a single connection point for OWA or RPC over HTTPS.

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.


Author Comment

ID: 24182871
Thanks all for the links that shows how to configure the front end back end.

Regarding the issue why create a front end back end is indeed related to the fact that more users about 200 more then now will access the outlook from the web. I was thinking to create another back end server for the total of 2 back end server and one front end server.

The other reason is that the front end server should be isoleted from the permeter network where all the other server are located, this for security reason. I will aslo put the front end out of the DMZ but behind another firewall for security reason.

Assisted Solution

aldanch earned 800 total points
ID: 24189469
In you're scenario, a FE-BE solution is required.

If you're placing your FE on the DMZ, does that mean that you have a server on the DMZ that is hosting VMs (ESX, Hyper-V, Xen) or do you have an extra NIC on your VM host that is connected to your DMZ and that you're dedicating that NIC to your FE? I take it you don't have a physical server to use as a dedicated FE?

LVL 58

Expert Comment

ID: 24197100

An FE/BE is NOT required, it's just nice to have one. You can suffice in having two back-end servers, it just adds a little complexity.

There is no reason to place any form of Exchange Server into the DMZ. Anyone who informs you that any form of domain-joined machine or Exchange Server in the DMZ is 'safe' or 'secure' is misinformed. The DMZ is the worst location for any domain-joined machine, and no matter how much Microsoft try to say Exchange in a DMZ is a good idea, it is not. Place all Exchange servers on the internal network and open the appropriate ports (ports 25 and 443) directly to the server.


Accepted Solution

aldanch earned 800 total points
ID: 24197549
With 1 FE and 2 BEs, that's 3 Exchange licenses. You can use Exchange Standard for the FE, but you may want to consider Exchange Enterprise for your backends if you're looking to store more than 75GB per BE (after installing SP2 and hacking the registry).

FE on the DMZ or in the internal network are supported scenarios with documentation that deal with each.

Have you considered going to Exchange 2007? For your company size, you'll can use the Standard edition to serve all your needs.
LVL 58

Assisted Solution

tigermatt earned 800 total points
ID: 24197600

A Front-End in a DMZ may be SUPPORTED, but it is by no means RECOMMENDED or SECURE. In fact, it is one of the most insecure configurations you can subject your network to.

Rather than simply opening 2 ports directly to the Exchange Server on the LAN, you must instead open a multitude of Active Directory ports between DMZ and the LAN for Domain Controller communication; if the DMZ is compromised, an attacker now has free access to Active Directory and possibly other resources on the main network.


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question