?
Solved

exchange 2003 front end back end

Posted on 2013-01-17
13
Medium Priority
?
1,232 Views
Last Modified: 2013-01-20
Hi
We have 2 exchange 2003 servers at two different geographical locations. Both are in the same domain and all uses have the same emaildomain. One in BE and the other in NL. Mailboxes for BE users are stored on server 1 and mailboxes for NL users ares stored on server 2.
Webmail is pointing to the server1 in BE where also RPC is configured on.
We recently removed the ISA server 2004 server in BE because of all the problems we were experiencing. We know have the following problem:
When users from BE connect to the OWA they can log on perfectly. When users from NL logon they get a page cannot be displayed error. I found on the internet that we should have a front-end server to get this working.

I tried making server1 a front end server but get an error telling me this server is already an rpc server.

Plz help
0
Comment
Question by:FlipTrip
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
13 Comments
 
LVL 7

Expert Comment

by:SvenIA
ID: 38786953
Take a look at the attached document, it may help you....

What steps did you took to configure it as a FE server? Maybe try and make the other server backend?

http://technet.microsoft.com/en-us/library/aa996083(v=exchg.65).aspx
E2k3FrontBack.doc
0
 
LVL 2

Author Comment

by:FlipTrip
ID: 38787055
I try to enable the check box 'this is a front-end' server
0
 
LVL 2

Author Comment

by:FlipTrip
ID: 38787174
@SvenIA
That link isn't going to help me. RPC is setup correctly as this is working for the users on server1 as the external DNS record is pointing directly to server 1.
Is there a way to setup server1 also to function als a front-end server so users on server 2 are redirected when logging on to server 2?

Thx
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38788710
You cannot make a server with mailboxes a frontend server.
If you have two servers with mailboxes and want a frontend server then you will need a third server (and additional Exchange licence). As you cannot purchase Exchange 2003 any longer you would have to purchase Exchange 2010 or 2013 and use downgrade rights. Or migrate to a later version of Exchange.
With Exchange 2010 you don't have frontend servers so you can have a single point of entry for servers in multiple sites and it will proxy across.

This has nothing to do with RPC over HTTP.

Simon.
0
 
LVL 2

Author Comment

by:FlipTrip
ID: 38788935
Are there other options? So it's not possible to have one OWA url for 2 exchange 2003 back end servers without a front end server? (Doesn't rpc uses the owa url?)
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 38788944
Correct - it isn't possible without a frontend server.
RPC over HTTP can use the same URL but would have the same problem. It needs a frontend server. This is on the limitations of Exchange 2003 which Exchange 2007 (and higher) resolved by having the seperate CAS role.

Simon.
0
 
LVL 2

Author Comment

by:FlipTrip
ID: 38796509
Ok I'm brakeing my head over this and I cannot find a proper manual to correctly set this up. The word document of MS is a mess.

What I have done so far:

I have done a reset of the exchange virtual directories on both my back-end servers and removed the SSL certificates in IIS.
I used this guide: http://support.microsoft.com/kb/883380 (Method 1)
I installed RPC on both my back-end servers using this guide: http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
I did a reset of my RPC registry settings using the tool from that website.

I have setup a third exchange 2003 server with SP2 and made it the front-end server. I installed RPC on the server and installed or third party SSL certificate in IIS. I tried removing the mailbox and public datastore from this server but with no luck. I adjusted the databases to not start and set the information store service to disable. SMTP is also not installed.
I configured the rpc registry keys again with the tool from the petri website.

On all 3 servers I adjusted the RPC virtual directory to require SSL.

The following errors no come up on my front end server:

Event Type:      Error
Event Source:      MSExchangeSA
Event Category:      MAPI Session
Event ID:      9175
Date:            19/01/2013
Time:            16:11:23
User:            N/A
Computer:      frontendserver
Description:
The MAPI call 'OpenMsgStore' failed with the following error:
The Microsoft Exchange Server computer is not available.  Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.
The MAPI provider failed.
Microsoft Exchange Server Information Store
ID no: 8004011d-0526-00000000

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      EXPROX
Event Category:      None
Event ID:      1001
Date:            19/01/2013
Time:            15:55:51
User:            N/A
Computer:      frontendserver
Description:
 Microsoft Exchange Server has detected that Basic Authentication is being attempted between this server and server 'server1'.  This authentication mechanism  is not secure and it is not supported between front-ends and back-ends.  If this condition persists, please verify that server 'server1' is properly  configured to use Integrated Windows Authentication for each virtual directory  used by Exchange.  After applying any changes it may be necessary to restart Internet Information  Services on both the front-end and back-end servers.  

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3031
Date:            19/01/2013
Time:            15:55:32
User:            domain\user
Computer:      frontendserver
Description:
The mailbox server [server2.domain.local] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.  For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).   For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383).   This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            19/01/2013
Time:            15:44:05
User:            domain\user
Computer:      frontendserver
Description:
Unexpected Exchange mailbox Server error: Server: [server2.domain.local] User: [user@email.com] HTTP status code: [503]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Grtz
Filip
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 38796677
"On all 3 servers I adjusted the RPC virtual directory to require SSL."
That wasn't required.

On a frontend/backend, there is no need to configure the registry keys. Just set the option in ESM, wait about 20 minutes and then it should be configured correctly.
If you are bringing SMTP traffic in via the frontend server then you should have the databases mounted.

Did you disable forms based authentication before resetting the virtual directories?

All of the errors are down to authenticaiton mismatches - hence the need to reset everything.

Simon.
0
 
LVL 2

Author Comment

by:FlipTrip
ID: 38796726
Ok, i have disbaled require ssl on the 2 backend servers for the rpc virtual directory
I disabled forms based authentication on both backend servers and did a reset of the exchange virtual directories.

Should i do a reset on my front end server as well?

No SMTP will not pass through the front end server.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 38796753
You shouldn't need to reset the frontend server.
Ensure that the patch level is the same, as it will cause problems if not. There are updated for Exchange 2003 post SP2, delivered by Microsoft Update.
A quick and dirty method to check is to look in \exchsrvr\exchweb directory. The highest version number should be the same on all servers, or at least on the frontend server. If the backend server is higher then things will not work properly.

Simon.
0
 
LVL 2

Author Comment

by:FlipTrip
ID: 38798676
Wow, thx man. I've got it working now.

Now how can I enable forms based authentication and force SSL? Do I only have to change these settings on the front end server?
Exchange and rpc virtual directory --> enable require SSL?
ESM --> servername --> protocols --> HTTP --> Enable forms based authentication?

Or also on the backend servers?

Thx
Filip
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 2000 total points
ID: 38798790
You wouldn't enforce SSL on the RPC virtual directory.
I also wouldn't do it on the Exchange virtual directories either. If you must, then only on the frontend server.
Personally I don't bother with enforced SSL - I simply don't allow port 80 from the internet.

Simon.
0
 
LVL 2

Author Closing Comment

by:FlipTrip
ID: 38798817
Everything is working now. Thanks for your help.

Grtz
Filip
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question