Solved

want a simple redundant 'dummy' exchange server on the same network

Posted on 2010-09-01
27
558 Views
Last Modified: 2012-05-10
Okay,

I'm still trying to find some help for an issue I have. I have a single exchange 2007 installation handling all roles that is working fine. I want' the least complicated availability solution I can find, because I don't have a huge need for anything sophisticated.

I have an almost exactly duplicate windows x64 server, right up to hard drive size and drives. I have purchase another copy of exchange 2007. I would like to install it on this new server and have it basically be a 'dummy' server that I can restore backups on in order to test my backups, and if God forbid something happens to my live mail server point my Outlook and OWA clients to.

So, what happens when I install exchange 2007 on this new server (with all roles together)? Will it conflict with the existing server? I really don't need the complexity of the clustering or other cool but unnecessary high-availability features of exchange 2007.

I am sitting at the installation screen where it asks me if I want a typical or custom installation. This newb at exchange is afraid to press Mr. Next Button right now.

Any advice would be helpful.
0
Comment
Question by:twinstead
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 10
  • 2
  • +1
27 Comments
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33580920
I assume this machine is in the same domain and has a different computer name.
You can just install Exchange with all roles and not use it, shouldn't be a problem.

To test restores you should use the recovery storage group feature. If you have public folders I would setup a public folder database on this empty server and replicate all Public Folders to it, those can be tricky to restore.

0
 
LVL 15

Expert Comment

by:Dave_AND
ID: 33581146
You can add as many servers as you want, and it wont start to effect the install as long as you keep the mailboxes on the 1st server. Its good to have that 2nd server just sat there just incase (and its even better in exchange 2010 from what I see due to having backup mailstore where it will copy databases for you making it a constant backup mail store.
0
 

Author Comment

by:twinstead
ID: 33586565
So, to clarify, by simply installing the exchange server it shouldn't be a problem, but I can't create mailboxes on it or restore mailboxes from a backup of the live server? Even if those mailboxes on the 'dummy' server aren't accessed?

0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33587126
You can host mailboxes, too, sure. I just read it as if you want this is as some kind of test/recovery system, in which case hosting mailboxes on it may not be the best idea.

You can restore data to it easily (even with the live data on the other server) by using recovery storage groups. For instructions see here:
http://www.petri.co.il/restoring_exchange_mailbox_recovery_storage_group_part1.htm

This is a good way of testing backups or recovering single items and mailboxes while not affecting the production system. You can of course use Recovery Storage Groups on the "live" system as well, but it may be more difficult, e.g. if you have disk space restrictions or just if you don't feel comfortable doing this on the live.
0
 

Author Comment

by:twinstead
ID: 33590271
Cool. I have 1 more question if you would be so kind:

I have the backup server installed and I'm changing all the required server settings. Fairly easy, for some reason I didn't expect the other mail server to show up in the management console...I may just be an idiot though.

As far as OWA and other SSL stuff. I installed the same certificate to the backup that  I did on the live server, yet can't connect to owa using ssl. Can I assume that the ssl certificates are unique to the bios name of the server they were set up for? Do I need to purchase another certificate to put on the backup server? (I would need owa immediately if the live server caught fire and melted and I had to bring this backup server into production)

 
0
 
LVL 15

Expert Comment

by:Dave_AND
ID: 33590311
You can use the same SSL, you just have to connect to OWA with the FQDN but if you do that, you will go to the old server, I have moved SSLs from 1 web server to anther with no problems.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33590318
Can you clarify the question on the backup? Don't think I understand this one.

SSL certificates are bound to the server name. What is the error message you are getting?
0
 

Author Comment

by:twinstead
ID: 33590588
There's no error message. When I take SSL off of the owa folder in IIS on the new server I can connect fine with http://.  When I have SSL enabled, IE simply tells me it can't connect to the website, and chrome tells me:

SSL connection error.

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

I assumed this was because the BIOS name on the certificate was the live server.  The FQDN is actually a domain I have hosted on Network Solutions that points to one of my public IPs that routs through my firewall to the live exchange server. That was the beauty; all I figured I had to do was change a simple firewall rule and direct the same FQDN to the new mail server if I had to.

0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33590649
OK, in this case you can keep the cert.

- make sure you have the private key for the cert on your new server
- try this: http://technet.microsoft.com/en-us/library/bb123583(EXCHG.80).aspx

0
 

Author Comment

by:twinstead
ID: 33590886
Can you clarify what you mean by "make sure you have the private key for the cert on your new server"? When I click on view certificate in IIS I see the one I installed. As far as I know, just like the live server, all is set up properly. I don't remember it being that difficult.

Granted, what I am trying is connecting to the owa from inside my network using the bios name of the new server, because of course if I use the FQDN on the certificate I go to the live server.  What I would expect to get is a certificate error that the name on the certificate doesn't match. If I get that, I'd be able to view the certificate and make sure it's using the right one. I'd then know that if I ever had to redirect the FQDM on the certificate to the new server it should work. But what I do get is a bunch of nothing, with very little clue about what is happening other than I'm sure it's an SSL issue.

So, if I can use the same certificate I've obviously hosed the OWA setup somehow.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33591436
That's correct, if you use it internally you will get an error, but it will still work. It's definitely good enough for a test. You will indeed get the error about the name mismatch.

Maybe I made it too complicated: If you can follow the steps as in the technet article your certificate should be fine and you have the private key. I just wanted to stress that because for a SSL to work you need the cert and the key. Usually, if you import a .pfx file you have both. If you import a .cer file you only have the certificate.
0
 

Author Comment

by:twinstead
ID: 33591981
So obviously I've managed to not set up owa right. Crap
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33595960
Well, we are almost there though :)

Did you follow the steps in the technet article and enable SSL on the virtual directories?
0
 

Author Comment

by:twinstead
ID: 33596859
Yes. Actually, when I installed Exchange it looks like it set that up. I only had to verify SSL was enbaled
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33596886
So when you go to https://<yourserver>/owa you still get the same error?
What happens when you do https://<yourserver>?

What happens when you run this command:
telnet <yourserver> 443
0
 

Author Comment

by:twinstead
ID: 33597620
I appreciate you taking the time to help me on this!

When I go to https://myserver/owa ie8 tells me "internet explorer cannot display the webpage"
then I go to https://myserver/owa  I get the same message
when I go to http://myserver/owa ie8 tells me, rightfully so, that I need to use https
when I turn SSL off on the OWA folder, http://myserver/owa gives me a logon screen.

When I telnet to port 443, I get a blinking dash, which goes back to the dos prompt when I press enter. (note that when I telnet to port 443 to the live server, I get the same blinking dash, but the enter key just puts another dash below it. when I type the cursor moves but no letters show up.)
0
 

Author Comment

by:twinstead
ID: 33597640
I meant above that when I got to https://myserver  I get the same message
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33597642
On your virtual directories in IIS, do you require client certificates? It's a checkbox close to the actual SSL setting.
0
 

Author Comment

by:twinstead
ID: 33598726
It's set to ignore, just like the live, working owa on the live server is. In fact, I've verified that the IIS settings on the live server are identical to the settings on the backup server.

The only clue I get is when I go to https://myserver/owa on google chrome, I get an error that says:

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Otherwise on IE it just says it can't connect to the server as if there is no server there.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33598897
The "HTTP SSL" service is running, correct?

Any hints in the event logs? If not, try the IIS log for clues.
0
 

Author Comment

by:twinstead
ID: 33599104
Yes the service is running, and there is absolutely nothing in the event logs. Where would I find the IIS log?
0
 

Author Comment

by:twinstead
ID: 33599973
I found the IIS logs. Nothing that makes any sense in there either.
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 33600020
In your IIS settings for the virtual directories und "Directory Security", when you click "View Certificate" - does it look OK?

I don't think this has anything to do with Exchange at this point, since even https://<yourserver> doesn't work either, this is just IIS.
0
 

Author Comment

by:twinstead
ID: 33627442
The certificate looks fine. I would agree it has to have something to do with iis, and specifically with SSL because when I turn SSL off, I can connect with http://myserver/owa

For the life of me i can't see anything wrong. Maybe the security certificate isn't transferable to another server after all?
0
 

Accepted Solution

by:
twinstead earned 0 total points
ID: 33639536
Note that the problem in this situation was I incorrectly exported the SSL certificate from the live server to the new server. It needed to be exported to a .pfx file on the live server, then imported from a .pfx file on the backup server.

This fixed the problem. Thanks for your help Wonko
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34680477
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell Exchange - help using invoke-command 16 59
EXCHANGE 8 30
public folder mailbox full 7 23
Mail not being received 19 28
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question