Exchange 2010 - Additional Mailbox server at additional location via VPN

Multi-site company has 1 Exchange server, looking to add a second Exchange server at a remote location.

We currently have Site A which has a Barracuda Spam Virus Firewall and Exchange 2010 Standard with all roles installed. We are looking to set up an additional Exchange 2010 Standard server at Site B. Exchange 2010 in Site A is currently running on Windows 2008 R2 Enterprise.

Site A and Site B are accessible via VPN and while they have different local domains, there is a Forest Trust between them and they can both ping, resolve and access each other.

The new Windows 2008 R2 Enterprise - Exchange 2010 Standard installation at Site B is going to be strictly for mailboxes for users at that site. I plan to only install the Mailbox Role. While it will be at Site B, it will be added to the Site A domain via VPN and Forest Trust.

Computers in Site B are part of the Site B domain but they should be able to access the local Exchange server added to the Site A domain because of the Forest Trust.

After mail comes through the Barracuda Spam Virus Firewall, AD should determine where to send mail based on where the user mailbox is located, whether to Exchange Server in Site A or Site B.

Not looking for failover, nor DAG, nor CAS Array. Just a secondary Exchange server with Mailbox role.

What are the pros/cons, recommendations or best practices for this implementation scenario?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MAS (MVE)EE Solution GuideCommented:
You should have CAS role installed in SiteB as CAS is the user interface not Mailbox.

I suggest you install a server (which is a member of siteA domain) with all roles and configure autodiscover, EWS, OAB URLs etc. Exchange will do the proxying between servers.

Install another exchange with all roles (which is a member of SiteB) and share the domain name
Adam FarageEnterprise ArchCommented:
I see what you are trying to do, but your methodology is seriously incorrect. Mainly this statement:

The new Windows 2008 R2 Enterprise - Exchange 2010 Standard installation at Site B is going to be strictly for mailboxes for users at that site.

and then..

Computers in Site B are part of the Site B domain but they should be able to access the local Exchange server added to the Site A domain because of the Forest Trust.

A few issues arise here:

- Lack of a client access server in Site B will now stop users in Site B who have mailboxes hosted in Site B to actually obtain access to there email
- Since there is no HUB transport server in Site B, Site A will have nowhere to send messages to for users in Site B.

I would recommend setting up a CAS/HUB/Mailbox role in Site B to be supportable / working configuration, and then set no ExternalURL for the CAS services. With that said, all messages by default will proxy (SMTP) from Site B to Site A and vise versa for both internal out-of-site emails along with internet based, and all incoming client connections from the internet will be proxied to the non-internet facing site.

You will basically treat Site B as non-internet facing. You will also need a global catalog server / domain controller in Site B for this configuration to work.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RickyBelloAuthor Commented:
Thanks for the comments.

Adam Farage, your setup makes sense with all roles installed and CAS set with no ExternalURL. Do I need a new DomainA GC/DC at Site B for this to work properly or can the Exchange server just connect to the current GC/DC at Site A via VPN and Forest Trust?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Adam FarageEnterprise ArchCommented:
*rewrote the answer - as I misread the response above*

it depends... honestly. I would highly recommend extending the existing forest into Site B and have Site B as a separate AD site. From there setup a completely independent (but replicating) GCS / DC. I would NOT setup a separate forest, as that is going to just cause headaches.
RickyBelloAuthor Commented:
     Just to be clear, a new local GC/DC for Exchange at Site B, should be part of the Site A domain.
Adam FarageEnterprise ArchCommented:
yea thats fine, as long as you clearly split up the geographical sites within AD Sites and Services I would see no reason why this would not work.

here is some more clear cut information on proxy / redirection. Its a blog I wrote about a year ago, but the info is still spot on:
RickyBelloAuthor Commented:
Worked out great, after installing Exchange with the 3 roles at Site B, but added to Site A domain, hardly any configuration needed to take place. It was automatically showing up at the Exchange server in Site A and it automatically sends and receives from the main server.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.