Solved

exchange 2003 front end back end

Posted on 2013-01-17
13
1,169 Views
Last Modified: 2013-01-20
Hi
We have 2 exchange 2003 servers at two different geographical locations. Both are in the same domain and all uses have the same emaildomain. One in BE and the other in NL. Mailboxes for BE users are stored on server 1 and mailboxes for NL users ares stored on server 2.
Webmail is pointing to the server1 in BE where also RPC is configured on.
We recently removed the ISA server 2004 server in BE because of all the problems we were experiencing. We know have the following problem:
When users from BE connect to the OWA they can log on perfectly. When users from NL logon they get a page cannot be displayed error. I found on the internet that we should have a front-end server to get this working.

I tried making server1 a front end server but get an error telling me this server is already an rpc server.

Plz help
0
Comment
Question by:FlipTrip
  • 7
  • 5
13 Comments
 
LVL 7

Expert Comment

by:SvenIA
Comment Utility
Take a look at the attached document, it may help you....

What steps did you took to configure it as a FE server? Maybe try and make the other server backend?

http://technet.microsoft.com/en-us/library/aa996083(v=exchg.65).aspx
E2k3FrontBack.doc
0
 
LVL 2

Author Comment

by:FlipTrip
Comment Utility
I try to enable the check box 'this is a front-end' server
0
 
LVL 2

Author Comment

by:FlipTrip
Comment Utility
@SvenIA
That link isn't going to help me. RPC is setup correctly as this is working for the users on server1 as the external DNS record is pointing directly to server 1.
Is there a way to setup server1 also to function als a front-end server so users on server 2 are redirected when logging on to server 2?

Thx
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
You cannot make a server with mailboxes a frontend server.
If you have two servers with mailboxes and want a frontend server then you will need a third server (and additional Exchange licence). As you cannot purchase Exchange 2003 any longer you would have to purchase Exchange 2010 or 2013 and use downgrade rights. Or migrate to a later version of Exchange.
With Exchange 2010 you don't have frontend servers so you can have a single point of entry for servers in multiple sites and it will proxy across.

This has nothing to do with RPC over HTTP.

Simon.
0
 
LVL 2

Author Comment

by:FlipTrip
Comment Utility
Are there other options? So it's not possible to have one OWA url for 2 exchange 2003 back end servers without a front end server? (Doesn't rpc uses the owa url?)
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
Comment Utility
Correct - it isn't possible without a frontend server.
RPC over HTTP can use the same URL but would have the same problem. It needs a frontend server. This is on the limitations of Exchange 2003 which Exchange 2007 (and higher) resolved by having the seperate CAS role.

Simon.
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 2

Author Comment

by:FlipTrip
Comment Utility
Ok I'm brakeing my head over this and I cannot find a proper manual to correctly set this up. The word document of MS is a mess.

What I have done so far:

I have done a reset of the exchange virtual directories on both my back-end servers and removed the SSL certificates in IIS.
I used this guide: http://support.microsoft.com/kb/883380 (Method 1)
I installed RPC on both my back-end servers using this guide: http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
I did a reset of my RPC registry settings using the tool from that website.

I have setup a third exchange 2003 server with SP2 and made it the front-end server. I installed RPC on the server and installed or third party SSL certificate in IIS. I tried removing the mailbox and public datastore from this server but with no luck. I adjusted the databases to not start and set the information store service to disable. SMTP is also not installed.
I configured the rpc registry keys again with the tool from the petri website.

On all 3 servers I adjusted the RPC virtual directory to require SSL.

The following errors no come up on my front end server:

Event Type:      Error
Event Source:      MSExchangeSA
Event Category:      MAPI Session
Event ID:      9175
Date:            19/01/2013
Time:            16:11:23
User:            N/A
Computer:      frontendserver
Description:
The MAPI call 'OpenMsgStore' failed with the following error:
The Microsoft Exchange Server computer is not available.  Either there are network problems or the Microsoft Exchange Server computer is down for maintenance.
The MAPI provider failed.
Microsoft Exchange Server Information Store
ID no: 8004011d-0526-00000000

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      EXPROX
Event Category:      None
Event ID:      1001
Date:            19/01/2013
Time:            15:55:51
User:            N/A
Computer:      frontendserver
Description:
 Microsoft Exchange Server has detected that Basic Authentication is being attempted between this server and server 'server1'.  This authentication mechanism  is not secure and it is not supported between front-ends and back-ends.  If this condition persists, please verify that server 'server1' is properly  configured to use Integrated Windows Authentication for each virtual directory  used by Exchange.  After applying any changes it may be necessary to restart Internet Information  Services on both the front-end and back-end servers.  

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3031
Date:            19/01/2013
Time:            15:55:32
User:            domain\user
Computer:      frontendserver
Description:
The mailbox server [server2.domain.local] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.  For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379).   For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383).   This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      Server ActiveSync
Event Category:      None
Event ID:      3005
Date:            19/01/2013
Time:            15:44:05
User:            domain\user
Computer:      frontendserver
Description:
Unexpected Exchange mailbox Server error: Server: [server2.domain.local] User: [user@email.com] HTTP status code: [503]. Verify that the Exchange mailbox Server is working correctly.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Grtz
Filip
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
"On all 3 servers I adjusted the RPC virtual directory to require SSL."
That wasn't required.

On a frontend/backend, there is no need to configure the registry keys. Just set the option in ESM, wait about 20 minutes and then it should be configured correctly.
If you are bringing SMTP traffic in via the frontend server then you should have the databases mounted.

Did you disable forms based authentication before resetting the virtual directories?

All of the errors are down to authenticaiton mismatches - hence the need to reset everything.

Simon.
0
 
LVL 2

Author Comment

by:FlipTrip
Comment Utility
Ok, i have disbaled require ssl on the 2 backend servers for the rpc virtual directory
I disabled forms based authentication on both backend servers and did a reset of the exchange virtual directories.

Should i do a reset on my front end server as well?

No SMTP will not pass through the front end server.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
Comment Utility
You shouldn't need to reset the frontend server.
Ensure that the patch level is the same, as it will cause problems if not. There are updated for Exchange 2003 post SP2, delivered by Microsoft Update.
A quick and dirty method to check is to look in \exchsrvr\exchweb directory. The highest version number should be the same on all servers, or at least on the frontend server. If the backend server is higher then things will not work properly.

Simon.
0
 
LVL 2

Author Comment

by:FlipTrip
Comment Utility
Wow, thx man. I've got it working now.

Now how can I enable forms based authentication and force SSL? Do I only have to change these settings on the front end server?
Exchange and rpc virtual directory --> enable require SSL?
ESM --> servername --> protocols --> HTTP --> Enable forms based authentication?

Or also on the backend servers?

Thx
Filip
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 500 total points
Comment Utility
You wouldn't enforce SSL on the RPC virtual directory.
I also wouldn't do it on the Exchange virtual directories either. If you must, then only on the frontend server.
Personally I don't bother with enforced SSL - I simply don't allow port 80 from the internet.

Simon.
0
 
LVL 2

Author Closing Comment

by:FlipTrip
Comment Utility
Everything is working now. Thanks for your help.

Grtz
Filip
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now