Solved

Exchange 2010 install cli command switch question

Posted on 2010-11-10
6
714 Views
Last Modified: 2012-05-10
Hi Experts,

I am preparing to install Exchange 2010 for the first time and was confused about one of the command line switches.  I am installing in Co-Exist mode.

Our current setup is an exchange 2003 server on the internal lan and an OWA frontend server on the DMZ.  I am trying to mimic this with the new install.

I am using the command:

setup.com /mode:install /roles:CA,HT,MB /EnableLegacyOutlook /LegacyRoutingServer:CurrentExchange2003Server.domain.com

I see there is also a switch /ExternalCASServerDomain.  What is this switch for?  I read on microsoft's site that it is to enable OWA via the internet, although it seems to assume that the CAS server is internet facing and that would not be the case in this instance as this is going to be the new internal mailbox server.  Is this switch only used on the CAS if it is on the DMZ and internet accessible?  

Will the current OWA server still function if this switch is left out?
0
Comment
Question by:jodonnellcbd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34104108
No Exchange sever should be installed in the DMZ apart fromthe Edge Transport server.  The switch you are referring to is the external URL used for OWA/ActiveSync.

I have to ask though, why are you using the command line?  All of this can be done much easier through the GUI install.

Also if it's only going to be a mailbox server only install the mailbox role, the others are not required if you will be installing a separate CAS server.
0
 

Author Comment

by:jodonnellcbd
ID: 34105156
demazter,

I'm using the command line becuase it seems easier than clicking through the GUI.  Either way, I need to determine what this should be used for.  

So you are saying that the Hub Transport role and the CAS server role are not required even though I need this server to be communicating with the current exchange 2003 server?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34105241
I think you need to plan your transition a bit more.

If you have an Exchange 2003 front end server this needs to be replaced with an Exchange 2010 Client Access server.  This should not be into DMZ.

If the server will just be a mailbox server then no it does not need the client access server or the hub transport role but you DO need an Exchange 2010 Hub Transport and CAS role somewhere inthe network but as above, this should be replacingthe front end server and can also be the hub transport server.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:jodonnellcbd
ID: 34105640
I'm still not quite clear on something.  Thanks for being patient with me.

You are saying that I do need the Hub Transport and CAS server roles as I thought before, so I am planning on installing them along with the mailbox role on one physical server on my internal lan.  

If the front end server is not in the DMZ, then do you allow internet traffic into your private network?  If that's the case, the DMZ sounds much more secure as internet hosts can connect to the frontend server in the DMZ and only the frontend server will be allowed to contact the server holding the mail.  If you allow an internal CAS server to communicate with internet hosts, that would allow direct attacks on your server.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 34105883
You do need the client access server and hub transport role in your network somewhere.  But if you are using a front end setup then I would make this the CAS and HT server.

Exchange servers other than edge transport are not supported in the DMZ.  With regards to the security allowing port 443 and 25 on to your private network is much more secure than all the ports exchange needs to be open from the DMZ to the private network so that it can communicate with the required services.
0
 

Author Closing Comment

by:jodonnellcbd
ID: 34217594
Thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
In-place Upgrading Dirsync to Azure AD Connect
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses
Course of the Month10 days, 11 hours left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question