exchange 2003 front end back end

Hi
We have 2 exchange 2003 servers at two different geographical locations. Both are in the same domain and all uses have the same emaildomain. One in BE and the other in NL. Mailboxes for BE users are stored on server 1 and mailboxes for NL users ares stored on server 2.
Webmail is pointing to the server1 in BE where also RPC is configured on.
We recently removed the ISA server 2004 server in BE because of all the problems we were experiencing. We know have the following problem:
When users from BE connect to the OWA they can log on perfectly. When users from NL logon they get a page cannot be displayed error. I found on the internet that we should have a front-end server to get this working.

I tried making server1 a front end server but get an error telling me this server is already an rpc server.

Plz help
LVL 2
FlipTripAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
"On all 3 servers I adjusted the RPC virtual directory to require SSL."
That wasn't required.

On a frontend/backend, there is no need to configure the registry keys. Just set the option in ESM, wait about 20 minutes and then it should be configured correctly.
If you are bringing SMTP traffic in via the frontend server then you should have the databases mounted.

Did you disable forms based authentication before resetting the virtual directories?

All of the errors are down to authenticaiton mismatches - hence the need to reset everything.

Simon.
0
 
SvenIACommented:
Take a look at the attached document, it may help you....

What steps did you took to configure it as a FE server? Maybe try and make the other server backend?

http://technet.microsoft.com/en-us/library/aa996083(v=exchg.65).aspx
E2k3FrontBack.doc
0
 
FlipTripAuthor Commented:
I try to enable the check box 'this is a front-end' server
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
FlipTripAuthor Commented:
@SvenIA
That link isn't going to help me. RPC is setup correctly as this is working for the users on server1 as the external DNS record is pointing directly to server 1.
Is there a way to setup server1 also to function als a front-end server so users on server 2 are redirected when logging on to server 2?

Thx
0
 
Simon Butler (Sembee)ConsultantCommented:
You cannot make a server with mailboxes a frontend server.
If you have two servers with mailboxes and want a frontend server then you will need a third server (and additional Exchange licence). As you cannot purchase Exchange 2003 any longer you would have to purchase Exchange 2010 or 2013 and use downgrade rights. Or migrate to a later version of Exchange.
With Exchange 2010 you don't have frontend servers so you can have a single point of entry for servers in multiple sites and it will proxy across.

This has nothing to do with RPC over HTTP.

Simon.
0
 
FlipTripAuthor Commented:
Are there other options? So it's not possible to have one OWA url for 2 exchange 2003 back end servers without a front end server? (Doesn't rpc uses the owa url?)
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Correct - it isn't possible without a frontend server.
RPC over HTTP can use the same URL but would have the same problem. It needs a frontend server. This is on the limitations of Exchange 2003 which Exchange 2007 (and higher) resolved by having the seperate CAS role.

Simon.
0
 
FlipTripAuthor Commented:
Ok I'm brakeing my head over this and I cannot find a proper manual to correctly set this up. The word document of MS is a mess.

What I have done so far:

I have done a reset of the exchange virtual directories on both my back-end servers and removed the SSL certificates in IIS.
I used this guide: http://support.microsoft.com/kb/883380 (Method 1)
I installed RPC on both my back-end servers using this guide: http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
I did a reset of my RPC registry settings using the tool from that website.

I have setup a third exchange 2003 server with SP2 and made it the front-end server. I installed RPC on the server and installed or third party SSL certificate in IIS. I tried removing the mailbox and public datastore from this server but with no luck. I adjusted the databases to not start and set the information store service to disable. SMTP is also not installed.
I configured the rpc registry keys again with the tool from the petri website.

On all 3 servers I adjusted the RPC virtual directory to require SSL.

The following errors no come up on my front end server:

Event Type:      Error
Event Source:      MSExchangeSA
Event Category:      MAPI Session
Event ID:      9175
Date:            19/01/2013
Time:            16:11:23
User:            N/A
Computer:      frontendserver
Description:
The MAPI call 'OpenMsgStore' failed with the following error:
The Microsoft Exchange Server computer is not available.  Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.
The MAPI provider failed.
Microsoft Exchange Server Information Store
ID no: 8004011d-0526-00000000

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      EXPROX
Event Category:      None
Event ID:      1001
Date:            19/01/2013
Time:            15:55:51
User:            N/A
Computer:      frontendserver
Description:
 Microsoft Exchange Server has detected that Basic Authentication is being attempted between this server and server 'server1'.  This authentication mechanism  is not secure and it is not supported between front-ends and back-ends.  If this condition persists, please verify that server 'server1' is properly  configured to use Integrated Windows Authentication for each virtual directory  used by Exchange.  After applying any changes it may be necessary to restart Internet Information  Services on both the front-end and back-end servers.  

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3031
Date:            19/01/2013
Time:            15:55:32
User:            domain\user
Computer:      frontendserver
Description:
The mailbox server [server2.domain.local] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.  For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).   For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383).   This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            19/01/2013
Time:            15:44:05
User:            domain\user
Computer:      frontendserver
Description:
Unexpected Exchange mailbox Server error: Server: [server2.domain.local] User: [user@email.com] HTTP status code: [503]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Grtz
Filip
0
 
FlipTripAuthor Commented:
Ok, i have disbaled require ssl on the 2 backend servers for the rpc virtual directory
I disabled forms based authentication on both backend servers and did a reset of the exchange virtual directories.

Should i do a reset on my front end server as well?

No SMTP will not pass through the front end server.
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You shouldn't need to reset the frontend server.
Ensure that the patch level is the same, as it will cause problems if not. There are updated for Exchange 2003 post SP2, delivered by Microsoft Update.
A quick and dirty method to check is to look in \exchsrvr\exchweb directory. The highest version number should be the same on all servers, or at least on the frontend server. If the backend server is higher then things will not work properly.

Simon.
0
 
FlipTripAuthor Commented:
Wow, thx man. I've got it working now.

Now how can I enable forms based authentication and force SSL? Do I only have to change these settings on the front end server?
Exchange and rpc virtual directory --> enable require SSL?
ESM --> servername --> protocols --> HTTP --> Enable forms based authentication?

Or also on the backend servers?

Thx
Filip
0
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You wouldn't enforce SSL on the RPC virtual directory.
I also wouldn't do it on the Exchange virtual directories either. If you must, then only on the frontend server.
Personally I don't bother with enforced SSL - I simply don't allow port 80 from the internet.

Simon.
0
 
FlipTripAuthor Commented:
Everything is working now. Thanks for your help.

Grtz
Filip
0
All Courses

From novice to tech pro — start learning today.