twinstead
asked on
want a simple redundant 'dummy' exchange server on the same network
Okay,
I'm still trying to find some help for an issue I have. I have a single exchange 2007 installation handling all roles that is working fine. I want' the least complicated availability solution I can find, because I don't have a huge need for anything sophisticated.
I have an almost exactly duplicate windows x64 server, right up to hard drive size and drives. I have purchase another copy of exchange 2007. I would like to install it on this new server and have it basically be a 'dummy' server that I can restore backups on in order to test my backups, and if God forbid something happens to my live mail server point my Outlook and OWA clients to.
So, what happens when I install exchange 2007 on this new server (with all roles together)? Will it conflict with the existing server? I really don't need the complexity of the clustering or other cool but unnecessary high-availability features of exchange 2007.
I am sitting at the installation screen where it asks me if I want a typical or custom installation. This newb at exchange is afraid to press Mr. Next Button right now.
Any advice would be helpful.
I'm still trying to find some help for an issue I have. I have a single exchange 2007 installation handling all roles that is working fine. I want' the least complicated availability solution I can find, because I don't have a huge need for anything sophisticated.
I have an almost exactly duplicate windows x64 server, right up to hard drive size and drives. I have purchase another copy of exchange 2007. I would like to install it on this new server and have it basically be a 'dummy' server that I can restore backups on in order to test my backups, and if God forbid something happens to my live mail server point my Outlook and OWA clients to.
So, what happens when I install exchange 2007 on this new server (with all roles together)? Will it conflict with the existing server? I really don't need the complexity of the clustering or other cool but unnecessary high-availability features of exchange 2007.
I am sitting at the installation screen where it asks me if I want a typical or custom installation. This newb at exchange is afraid to press Mr. Next Button right now.
Any advice would be helpful.
You can add as many servers as you want, and it wont start to effect the install as long as you keep the mailboxes on the 1st server. Its good to have that 2nd server just sat there just incase (and its even better in exchange 2010 from what I see due to having backup mailstore where it will copy databases for you making it a constant backup mail store.
ASKER
So, to clarify, by simply installing the exchange server it shouldn't be a problem, but I can't create mailboxes on it or restore mailboxes from a backup of the live server? Even if those mailboxes on the 'dummy' server aren't accessed?
You can host mailboxes, too, sure. I just read it as if you want this is as some kind of test/recovery system, in which case hosting mailboxes on it may not be the best idea.
You can restore data to it easily (even with the live data on the other server) by using recovery storage groups. For instructions see here:
http://www.petri.co.il/restoring_exchange_mailbox_recovery_storage_group_part1.htm
This is a good way of testing backups or recovering single items and mailboxes while not affecting the production system. You can of course use Recovery Storage Groups on the "live" system as well, but it may be more difficult, e.g. if you have disk space restrictions or just if you don't feel comfortable doing this on the live.
You can restore data to it easily (even with the live data on the other server) by using recovery storage groups. For instructions see here:
http://www.petri.co.il/restoring_exchange_mailbox_recovery_storage_group_part1.htm
This is a good way of testing backups or recovering single items and mailboxes while not affecting the production system. You can of course use Recovery Storage Groups on the "live" system as well, but it may be more difficult, e.g. if you have disk space restrictions or just if you don't feel comfortable doing this on the live.
ASKER
Cool. I have 1 more question if you would be so kind:
I have the backup server installed and I'm changing all the required server settings. Fairly easy, for some reason I didn't expect the other mail server to show up in the management console...I may just be an idiot though.
As far as OWA and other SSL stuff. I installed the same certificate to the backup that I did on the live server, yet can't connect to owa using ssl. Can I assume that the ssl certificates are unique to the bios name of the server they were set up for? Do I need to purchase another certificate to put on the backup server? (I would need owa immediately if the live server caught fire and melted and I had to bring this backup server into production)
I have the backup server installed and I'm changing all the required server settings. Fairly easy, for some reason I didn't expect the other mail server to show up in the management console...I may just be an idiot though.
As far as OWA and other SSL stuff. I installed the same certificate to the backup that I did on the live server, yet can't connect to owa using ssl. Can I assume that the ssl certificates are unique to the bios name of the server they were set up for? Do I need to purchase another certificate to put on the backup server? (I would need owa immediately if the live server caught fire and melted and I had to bring this backup server into production)
You can use the same SSL, you just have to connect to OWA with the FQDN but if you do that, you will go to the old server, I have moved SSLs from 1 web server to anther with no problems.
Can you clarify the question on the backup? Don't think I understand this one.
SSL certificates are bound to the server name. What is the error message you are getting?
SSL certificates are bound to the server name. What is the error message you are getting?
ASKER
There's no error message. When I take SSL off of the owa folder in IIS on the new server I can connect fine with http://. When I have SSL enabled, IE simply tells me it can't connect to the website, and chrome tells me:
SSL connection error.
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
I assumed this was because the BIOS name on the certificate was the live server. The FQDN is actually a domain I have hosted on Network Solutions that points to one of my public IPs that routs through my firewall to the live exchange server. That was the beauty; all I figured I had to do was change a simple firewall rule and direct the same FQDN to the new mail server if I had to.
SSL connection error.
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
I assumed this was because the BIOS name on the certificate was the live server. The FQDN is actually a domain I have hosted on Network Solutions that points to one of my public IPs that routs through my firewall to the live exchange server. That was the beauty; all I figured I had to do was change a simple firewall rule and direct the same FQDN to the new mail server if I had to.
OK, in this case you can keep the cert.
- make sure you have the private key for the cert on your new server
- try this: http://technet.microsoft.com/en-us/library/bb123583(EXCHG.80).aspx
- make sure you have the private key for the cert on your new server
- try this: http://technet.microsoft.com/en-us/library/bb123583(EXCHG.80).aspx
ASKER
Can you clarify what you mean by "make sure you have the private key for the cert on your new server"? When I click on view certificate in IIS I see the one I installed. As far as I know, just like the live server, all is set up properly. I don't remember it being that difficult.
Granted, what I am trying is connecting to the owa from inside my network using the bios name of the new server, because of course if I use the FQDN on the certificate I go to the live server. What I would expect to get is a certificate error that the name on the certificate doesn't match. If I get that, I'd be able to view the certificate and make sure it's using the right one. I'd then know that if I ever had to redirect the FQDM on the certificate to the new server it should work. But what I do get is a bunch of nothing, with very little clue about what is happening other than I'm sure it's an SSL issue.
So, if I can use the same certificate I've obviously hosed the OWA setup somehow.
Granted, what I am trying is connecting to the owa from inside my network using the bios name of the new server, because of course if I use the FQDN on the certificate I go to the live server. What I would expect to get is a certificate error that the name on the certificate doesn't match. If I get that, I'd be able to view the certificate and make sure it's using the right one. I'd then know that if I ever had to redirect the FQDM on the certificate to the new server it should work. But what I do get is a bunch of nothing, with very little clue about what is happening other than I'm sure it's an SSL issue.
So, if I can use the same certificate I've obviously hosed the OWA setup somehow.
That's correct, if you use it internally you will get an error, but it will still work. It's definitely good enough for a test. You will indeed get the error about the name mismatch.
Maybe I made it too complicated: If you can follow the steps as in the technet article your certificate should be fine and you have the private key. I just wanted to stress that because for a SSL to work you need the cert and the key. Usually, if you import a .pfx file you have both. If you import a .cer file you only have the certificate.
Maybe I made it too complicated: If you can follow the steps as in the technet article your certificate should be fine and you have the private key. I just wanted to stress that because for a SSL to work you need the cert and the key. Usually, if you import a .pfx file you have both. If you import a .cer file you only have the certificate.
ASKER
So obviously I've managed to not set up owa right. Crap
Well, we are almost there though :)
Did you follow the steps in the technet article and enable SSL on the virtual directories?
Did you follow the steps in the technet article and enable SSL on the virtual directories?
ASKER
Yes. Actually, when I installed Exchange it looks like it set that up. I only had to verify SSL was enbaled
ASKER
I appreciate you taking the time to help me on this!
When I go to https://myserver/owa ie8 tells me "internet explorer cannot display the webpage"
then I go to https://myserver/owa I get the same message
when I go to http://myserver/owa ie8 tells me, rightfully so, that I need to use https
when I turn SSL off on the OWA folder, http://myserver/owa gives me a logon screen.
When I telnet to port 443, I get a blinking dash, which goes back to the dos prompt when I press enter. (note that when I telnet to port 443 to the live server, I get the same blinking dash, but the enter key just puts another dash below it. when I type the cursor moves but no letters show up.)
When I go to https://myserver/owa ie8 tells me "internet explorer cannot display the webpage"
then I go to https://myserver/owa I get the same message
when I go to http://myserver/owa ie8 tells me, rightfully so, that I need to use https
when I turn SSL off on the OWA folder, http://myserver/owa gives me a logon screen.
When I telnet to port 443, I get a blinking dash, which goes back to the dos prompt when I press enter. (note that when I telnet to port 443 to the live server, I get the same blinking dash, but the enter key just puts another dash below it. when I type the cursor moves but no letters show up.)
ASKER
I meant above that when I got to https://myserver I get the same message
On your virtual directories in IIS, do you require client certificates? It's a checkbox close to the actual SSL setting.
ASKER
It's set to ignore, just like the live, working owa on the live server is. In fact, I've verified that the IIS settings on the live server are identical to the settings on the backup server.
The only clue I get is when I go to https://myserver/owa on google chrome, I get an error that says:
Error 107 (net::ERR_SSL_PROTOCOL_ERR
Otherwise on IE it just says it can't connect to the server as if there is no server there.
The only clue I get is when I go to https://myserver/owa on google chrome, I get an error that says:
Error 107 (net::ERR_SSL_PROTOCOL_ERR
Otherwise on IE it just says it can't connect to the server as if there is no server there.
The "HTTP SSL" service is running, correct?
Any hints in the event logs? If not, try the IIS log for clues.
Any hints in the event logs? If not, try the IIS log for clues.
ASKER
Yes the service is running, and there is absolutely nothing in the event logs. Where would I find the IIS log?
ASKER
I found the IIS logs. Nothing that makes any sense in there either.
In your IIS settings for the virtual directories und "Directory Security", when you click "View Certificate" - does it look OK?
I don't think this has anything to do with Exchange at this point, since even https://<yourserver> doesn't work either, this is just IIS.
I don't think this has anything to do with Exchange at this point, since even https://<yourserver> doesn't work either, this is just IIS.
ASKER
The certificate looks fine. I would agree it has to have something to do with iis, and specifically with SSL because when I turn SSL off, I can connect with http://myserver/owa
For the life of me i can't see anything wrong. Maybe the security certificate isn't transferable to another server after all?
For the life of me i can't see anything wrong. Maybe the security certificate isn't transferable to another server after all?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
You can just install Exchange with all roles and not use it, shouldn't be a problem.
To test restores you should use the recovery storage group feature. If you have public folders I would setup a public folder database on this empty server and replicate all Public Folders to it, those can be tricky to restore.