Exchange 2010 - Additional Mailbox server at additional location via VPN

Posted on 2014-08-17
Medium Priority
Last Modified: 2014-08-19
Multi-site company has 1 Exchange server, looking to add a second Exchange server at a remote location.

We currently have Site A which has a Barracuda Spam Virus Firewall and Exchange 2010 Standard with all roles installed. We are looking to set up an additional Exchange 2010 Standard server at Site B. Exchange 2010 in Site A is currently running on Windows 2008 R2 Enterprise.

Site A and Site B are accessible via VPN and while they have different local domains, there is a Forest Trust between them and they can both ping, resolve and access each other.

The new Windows 2008 R2 Enterprise - Exchange 2010 Standard installation at Site B is going to be strictly for mailboxes for users at that site. I plan to only install the Mailbox Role. While it will be at Site B, it will be added to the Site A domain via VPN and Forest Trust.

Computers in Site B are part of the Site B domain but they should be able to access the local Exchange server added to the Site A domain because of the Forest Trust.

After mail comes through the Barracuda Spam Virus Firewall, AD should determine where to send mail based on where the user mailbox is located, whether to Exchange Server in Site A or Site B.

Not looking for failover, nor DAG, nor CAS Array. Just a secondary Exchange server with Mailbox role.

What are the pros/cons, recommendations or best practices for this implementation scenario?

Question by:RickyBello
  • 3
  • 3
LVL 28

Expert Comment

ID: 40267065
You should have CAS role installed in SiteB as CAS is the user interface not Mailbox.

I suggest you install a server (which is a member of siteA domain) with all roles and configure autodiscover, EWS, OAB URLs etc. Exchange will do the proxying between servers.

Install another exchange with all roles (which is a member of SiteB) and share the domain name
LVL 19

Accepted Solution

Adam Farage earned 2000 total points
ID: 40267915
I see what you are trying to do, but your methodology is seriously incorrect. Mainly this statement:

The new Windows 2008 R2 Enterprise - Exchange 2010 Standard installation at Site B is going to be strictly for mailboxes for users at that site.

and then..

Computers in Site B are part of the Site B domain but they should be able to access the local Exchange server added to the Site A domain because of the Forest Trust.

A few issues arise here:

- Lack of a client access server in Site B will now stop users in Site B who have mailboxes hosted in Site B to actually obtain access to there email
- Since there is no HUB transport server in Site B, Site A will have nowhere to send messages to for users in Site B.

I would recommend setting up a CAS/HUB/Mailbox role in Site B to be supportable / working configuration, and then set no ExternalURL for the CAS services. With that said, all messages by default will proxy (SMTP) from Site B to Site A and vise versa for both internal out-of-site emails along with internet based, and all incoming client connections from the internet will be proxied to the non-internet facing site.

You will basically treat Site B as non-internet facing. You will also need a global catalog server / domain controller in Site B for this configuration to work.

Author Comment

ID: 40268157
Thanks for the comments.

Adam Farage, your setup makes sense with all roles installed and CAS set with no ExternalURL. Do I need a new DomainA GC/DC at Site B for this to work properly or can the Exchange server just connect to the current GC/DC at Site A via VPN and Forest Trust?
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 19

Expert Comment

by:Adam Farage
ID: 40268226
*rewrote the answer - as I misread the response above*

it depends... honestly. I would highly recommend extending the existing forest into Site B and have Site B as a separate AD site. From there setup a completely independent (but replicating) GCS / DC. I would NOT setup a separate forest, as that is going to just cause headaches.

Author Comment

ID: 40268276
     Just to be clear, a new local GC/DC for Exchange at Site B, should be part of the Site A domain.
LVL 19

Expert Comment

by:Adam Farage
ID: 40268317
yea thats fine, as long as you clearly split up the geographical sites within AD Sites and Services I would see no reason why this would not work.

here is some more clear cut information on proxy / redirection. Its a blog I wrote about a year ago, but the info is still spot on: http://exchangelaboratory.com/2013/04/04/exchange-proxy-and-redirection-exchange-2007-and-2010-explained/

Author Closing Comment

ID: 40271522
Worked out great, after installing Exchange with the 3 roles at Site B, but added to Site A domain, hardly any configuration needed to take place. It was automatically showing up at the Exchange server in Site A and it automatically sends and receives from the main server.

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
How to effectively resolve the number one email related issue received by helpdesks.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question