Solved

Publishing OWA 2007 with TMG 2010 - Adding a second OWA listener

Posted on 2011-03-02
14
839 Views
Last Modified: 2012-06-21
I have an exchange 2003 server with some mailboxes and am adding a 2007 CAS, Hub and Mailbox server.
We have TMG on the outside and when I tried to add the listener for the new Exchange box it says I cannot have two listeners with overlapping IP addresses and or ports.
Since both have their own SSL certificates and were pointing to different servers I didn't think it would matter.
But I guess I cannot have people resolve through 443 to two different boxes?

Any advice would be helpful.
Thank you.
Pete
0
Comment
Question by:peter_ophoven
  • 8
  • 6
14 Comments
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
you will need another public Ip on the TMG
0
 

Author Comment

by:peter_ophoven
Comment Utility
So maybe my design is in question?  There has to be a way to create a new namespace or more importantly to have more than one domain / certificate / exchange mailbox on the back side of an ISA server?

We are just trying to get the 2003 mailboxes moved to the 2007 mailbox server.  We really cannot do this in a fast period of time and we were hoping to create a new name for our mailbox, certificate, but have them come through the same public IP on the TMG?  Is that not possible?
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
well all you need is one cas 2007 on a separate server and the latter will be able to proxy requests to your 2003 mailbox servers so users will not need to reach both 2007 and 2003 from outside
0
 

Author Comment

by:peter_ophoven
Comment Utility
So if I am understanding right, because right now my 2003 box is acting as a CAS server and all of my mailboxes live on 2003, and when I tried to move them to the 2007 box, I got certificate errors and connectivity errors from inside and from outside.

It seems as though my 2003 server has limitations in connecting to the 2007 mailboxes, but vice versa the 2007 box would act as a marvelous CAS server to older mailboxes, prior to migrating them to the 2007 box.

When we started testing, we were getting certificate errors when users tried to connect to the new 2007 server when we moved the mailboxes over.  
I figured it was because my certificate doesn't say anything about my 2007 server and I hadn't published anything on the TMG 2010 box to the 2007 server.

When and if I make the 2007 server the CAS server and proxy server for the 2003 mailboxes, I assume I will need a new certificate for the CAS server (being a different name than the 2003server), also, I will need the certificate to have the name of the 2003 server mailbox for OWA access, or does the 2007 truly proxy all of those requests to the mailbox server, thereby taking my need to connect to any of the routing of the 2003 box.

Phew.
0
 

Author Comment

by:peter_ophoven
Comment Utility
The real consideration for us that everyone in the whole company, all across the western seaboard is connecting via RPC over HTTPS through the 2003 server.  I was planning on moving a handful of mailboxes at a time, and then reconfiguring them to connect to the new 2007 server in their Outlook Anywhere settings.

If I make the 2007 server the CAS server proxying the 2003 mailbox server, then I would have everyone in the world trying to connect to Outlook anywhere and they would need to all change their phone, and outlook client software to the new 2007 server name, and potentially have to load a new certificate as well.

The prior setup, we would diminish the amount of downtime?  Right?
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
What you shoudl do is the following

1. Install a 2k7 CAS server, the only restriction is that it should NOT have the mailbox role installed on it or it will not work
2. Fix all the certificate problems that are a totally different issue
3. once you do this you can use the 2k7 cas for both mailboxes in 2k3 and 2k7 at this stage you can simply redirect your owa and rpc access on your firewall (tmg) from 2k3 to 2k7 cas and all clients will be working without any downtime or any configuration changes
4. migrate people by batches


0
 

Author Comment

by:peter_ophoven
Comment Utility
How can I install a 2007 CAS server with a different FQDN than the 2003 server and have my clients not need their MAPI clients configurations change?
Currently they are all pointed to the 2003.exchangeserver.local and based upon what you are saying, install the 2007 CAS server and have my 2003 server act as only the mailbox server but won't my clients configurations need to point to the new 2007 CAS server 2007.exchangeserver.local?

I understand what you saying, install the 2007 server as a CAS server only and have all clients communicating to it leaving my 2003 mailboxes alone.  Once everyone is communicating through the 2007 server for Client Access, I can then install the mailbox role on the 2007 server and migrate the user mailboxes.

I am ultimately trying to retire the 2003 box as quickly as possible.  I figure, if I create a 2007 CAS and mailbox role, and migrate the users from the 2003 to the 2007 - individually they wouldn't be using the 2003 for CAS or mailbox functions, they would be on the 2007 only.

If I create an external namespace that is different, and as you said originally setup a fresh and new public IP address, wouldn't it be prudent to just keep the CAS functions independent on each 2003 and 2007 box respectively?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 49

Expert Comment

by:Akhater
Comment Utility
>>How can I install a 2007 CAS server with a different FQDN than the 2003 server and have my clients not need their MAPI clients configurations change?
Mapi configuration will change automatically when you move the mailbox from 2k3 to 2k7

>>Currently they are all pointed to the 2003.exchangeserver.local and based upon what you are saying, install the 2007 CAS server and have my 2003 server act as only the mailbox server but won't my clients configurations need to point to the new 2007 CAS server 2007.exchangeserver.local?


No clients still on 2k3 won't need to do this, when you move a client to a 2k7 mailboxdatabase mapi configuration will change alone.
N.B.: 2k7 CAS has to be different than 2k7 Mailbox

>>I understand what you saying, install the 2007 server as a CAS server only and have all clients communicating to it leaving my 2003 mailboxes alone.  Once everyone is communicating through the 2007 server for Client Access, I can then install the mailbox role on the 2007 server and migrate the user mailboxes.

yes but your 2007 mailbox has to be on a SEPARATE server or it won't work

>>If I create an external namespace that is different, and as you said originally setup a fresh and new public IP address, wouldn't it be prudent to just keep the CAS functions independent on each 2003 and 2007 box respectively?

If you prefer but it means you will need to inform each user you migrate to 2k7 to use a new owa url
0
 

Author Comment

by:peter_ophoven
Comment Utility
You keep saying the mailbox server and cas server have to be different on 2007.  Why?  We are a small institution with a 100 or so users.  We designed everything to be on one server...hub, cas, and mailbox.  All the documentation says its okay.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
Because exchange 2007 cannot proxy requests to 2003 mailbox server if it is hosting CAS and Mailbox together
0
 

Author Comment

by:peter_ophoven
Comment Utility
Oh.  Now I just feel silly.
0
 

Author Comment

by:peter_ophoven
Comment Utility
I don't suppose the 2003 server can act as the cas and mailbox and proxy for the 2007 server as a mailbox server only?
0
 
LVL 49

Accepted Solution

by:
Akhater earned 500 total points
Comment Utility
no it cannot

0
 

Author Closing Comment

by:peter_ophoven
Comment Utility
I just want to add how much of a pleasure it is to work with akhater.
Thanks for your help.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now