Solved

want a simple redundant 'dummy' exchange server on the same network

Posted on 2010-09-01
27
546 Views
Last Modified: 2012-05-10
Okay,

I'm still trying to find some help for an issue I have. I have a single exchange 2007 installation handling all roles that is working fine. I want' the least complicated availability solution I can find, because I don't have a huge need for anything sophisticated.

I have an almost exactly duplicate windows x64 server, right up to hard drive size and drives. I have purchase another copy of exchange 2007. I would like to install it on this new server and have it basically be a 'dummy' server that I can restore backups on in order to test my backups, and if God forbid something happens to my live mail server point my Outlook and OWA clients to.

So, what happens when I install exchange 2007 on this new server (with all roles together)? Will it conflict with the existing server? I really don't need the complexity of the clustering or other cool but unnecessary high-availability features of exchange 2007.

I am sitting at the installation screen where it asks me if I want a typical or custom installation. This newb at exchange is afraid to press Mr. Next Button right now.

Any advice would be helpful.
0
Comment
Question by:twinstead
  • 13
  • 10
  • 2
  • +1
27 Comments
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
I assume this machine is in the same domain and has a different computer name.
You can just install Exchange with all roles and not use it, shouldn't be a problem.

To test restores you should use the recovery storage group feature. If you have public folders I would setup a public folder database on this empty server and replicate all Public Folders to it, those can be tricky to restore.

0
 
LVL 15

Expert Comment

by:Dave_AND
Comment Utility
You can add as many servers as you want, and it wont start to effect the install as long as you keep the mailboxes on the 1st server. Its good to have that 2nd server just sat there just incase (and its even better in exchange 2010 from what I see due to having backup mailstore where it will copy databases for you making it a constant backup mail store.
0
 

Author Comment

by:twinstead
Comment Utility
So, to clarify, by simply installing the exchange server it shouldn't be a problem, but I can't create mailboxes on it or restore mailboxes from a backup of the live server? Even if those mailboxes on the 'dummy' server aren't accessed?

0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
You can host mailboxes, too, sure. I just read it as if you want this is as some kind of test/recovery system, in which case hosting mailboxes on it may not be the best idea.

You can restore data to it easily (even with the live data on the other server) by using recovery storage groups. For instructions see here:
http://www.petri.co.il/restoring_exchange_mailbox_recovery_storage_group_part1.htm

This is a good way of testing backups or recovering single items and mailboxes while not affecting the production system. You can of course use Recovery Storage Groups on the "live" system as well, but it may be more difficult, e.g. if you have disk space restrictions or just if you don't feel comfortable doing this on the live.
0
 

Author Comment

by:twinstead
Comment Utility
Cool. I have 1 more question if you would be so kind:

I have the backup server installed and I'm changing all the required server settings. Fairly easy, for some reason I didn't expect the other mail server to show up in the management console...I may just be an idiot though.

As far as OWA and other SSL stuff. I installed the same certificate to the backup that  I did on the live server, yet can't connect to owa using ssl. Can I assume that the ssl certificates are unique to the bios name of the server they were set up for? Do I need to purchase another certificate to put on the backup server? (I would need owa immediately if the live server caught fire and melted and I had to bring this backup server into production)

 
0
 
LVL 15

Expert Comment

by:Dave_AND
Comment Utility
You can use the same SSL, you just have to connect to OWA with the FQDN but if you do that, you will go to the old server, I have moved SSLs from 1 web server to anther with no problems.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
Can you clarify the question on the backup? Don't think I understand this one.

SSL certificates are bound to the server name. What is the error message you are getting?
0
 

Author Comment

by:twinstead
Comment Utility
There's no error message. When I take SSL off of the owa folder in IIS on the new server I can connect fine with http://.  When I have SSL enabled, IE simply tells me it can't connect to the website, and chrome tells me:

SSL connection error.

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

I assumed this was because the BIOS name on the certificate was the live server.  The FQDN is actually a domain I have hosted on Network Solutions that points to one of my public IPs that routs through my firewall to the live exchange server. That was the beauty; all I figured I had to do was change a simple firewall rule and direct the same FQDN to the new mail server if I had to.

0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
OK, in this case you can keep the cert.

- make sure you have the private key for the cert on your new server
- try this: http://technet.microsoft.com/en-us/library/bb123583(EXCHG.80).aspx

0
 

Author Comment

by:twinstead
Comment Utility
Can you clarify what you mean by "make sure you have the private key for the cert on your new server"? When I click on view certificate in IIS I see the one I installed. As far as I know, just like the live server, all is set up properly. I don't remember it being that difficult.

Granted, what I am trying is connecting to the owa from inside my network using the bios name of the new server, because of course if I use the FQDN on the certificate I go to the live server.  What I would expect to get is a certificate error that the name on the certificate doesn't match. If I get that, I'd be able to view the certificate and make sure it's using the right one. I'd then know that if I ever had to redirect the FQDM on the certificate to the new server it should work. But what I do get is a bunch of nothing, with very little clue about what is happening other than I'm sure it's an SSL issue.

So, if I can use the same certificate I've obviously hosed the OWA setup somehow.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
That's correct, if you use it internally you will get an error, but it will still work. It's definitely good enough for a test. You will indeed get the error about the name mismatch.

Maybe I made it too complicated: If you can follow the steps as in the technet article your certificate should be fine and you have the private key. I just wanted to stress that because for a SSL to work you need the cert and the key. Usually, if you import a .pfx file you have both. If you import a .cer file you only have the certificate.
0
 

Author Comment

by:twinstead
Comment Utility
So obviously I've managed to not set up owa right. Crap
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
Well, we are almost there though :)

Did you follow the steps in the technet article and enable SSL on the virtual directories?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:twinstead
Comment Utility
Yes. Actually, when I installed Exchange it looks like it set that up. I only had to verify SSL was enbaled
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
So when you go to https://<yourserver>/owa you still get the same error?
What happens when you do https://<yourserver>?

What happens when you run this command:
telnet <yourserver> 443
0
 

Author Comment

by:twinstead
Comment Utility
I appreciate you taking the time to help me on this!

When I go to https://myserver/owa ie8 tells me "internet explorer cannot display the webpage"
then I go to https://myserver/owa  I get the same message
when I go to http://myserver/owa ie8 tells me, rightfully so, that I need to use https
when I turn SSL off on the OWA folder, http://myserver/owa gives me a logon screen.

When I telnet to port 443, I get a blinking dash, which goes back to the dos prompt when I press enter. (note that when I telnet to port 443 to the live server, I get the same blinking dash, but the enter key just puts another dash below it. when I type the cursor moves but no letters show up.)
0
 

Author Comment

by:twinstead
Comment Utility
I meant above that when I got to https://myserver  I get the same message
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
On your virtual directories in IIS, do you require client certificates? It's a checkbox close to the actual SSL setting.
0
 

Author Comment

by:twinstead
Comment Utility
It's set to ignore, just like the live, working owa on the live server is. In fact, I've verified that the IIS settings on the live server are identical to the settings on the backup server.

The only clue I get is when I go to https://myserver/owa on google chrome, I get an error that says:

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Otherwise on IE it just says it can't connect to the server as if there is no server there.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
The "HTTP SSL" service is running, correct?

Any hints in the event logs? If not, try the IIS log for clues.
0
 

Author Comment

by:twinstead
Comment Utility
Yes the service is running, and there is absolutely nothing in the event logs. Where would I find the IIS log?
0
 

Author Comment

by:twinstead
Comment Utility
I found the IIS logs. Nothing that makes any sense in there either.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
Comment Utility
In your IIS settings for the virtual directories und "Directory Security", when you click "View Certificate" - does it look OK?

I don't think this has anything to do with Exchange at this point, since even https://<yourserver> doesn't work either, this is just IIS.
0
 

Author Comment

by:twinstead
Comment Utility
The certificate looks fine. I would agree it has to have something to do with iis, and specifically with SSL because when I turn SSL off, I can connect with http://myserver/owa

For the life of me i can't see anything wrong. Maybe the security certificate isn't transferable to another server after all?
0
 

Accepted Solution

by:
twinstead earned 0 total points
Comment Utility
Note that the problem in this situation was I incorrectly exported the SSL certificate from the live server to the new server. It needed to be exported to a .pfx file on the live server, then imported from a .pfx file on the backup server.

This fixed the problem. Thanks for your help Wonko
0
 
LVL 74

Expert Comment

by:Glen Knight
Comment Utility
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now