Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Can't connect to Exchange 2003 Front End Server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Can't connect to Exchange 2003 Front End Server - 5.Jun.2008 6:00:37 PM
|
|
|
ghopper02
Posts: 4
Joined: 5.Jun.2008
Status: offline
|
I have a working SMTP gateway server / Exchange 2003 server / Windows 2003 Active Directory setup with about 50 users - this has been running fine for a year or so.
I'm learning Exchange as I go - having moved from 5.5 to 2003 successfully, I'm not a newbie, but I'm by no means an expert either!
I have installed another Exchange 2003 server (regular vanilla install) and set it to "Front end mode" with the check box after the install was complete. This will eventually be our OWA & gateway email server in the DMZ, but for now I have it inside and in the same subnet, etc as all the other servers & workstations (so there are no firewalls between machines).
I have setup & secured OWA with an SSL certificate and have enabled forms-based authentication.
Now for the problems...
1) I am able to connect to the OWA logon page but it will not allow me to sign on - it returns me to the logon page with just the username filled in. It displays no error message, just returns to the logon page as many times as you are willing to enter a password and click "Logon". What is strange is that it also sets a frame up on the left side of the webpage and opens all subsequent logon screens in the right 2/3 of the screen.
So... I figured I'd back up a step and try to connect directly to the front end server with an Outlook client (happens to be Outlook 2000). This results in problem #2...
2) When I create a new MS Exchange connection in Outlook that points to the Front End server (either by name or by IP address) I get the following error when I start Outlook. "Name could not be resolved. Network problems are preventing connection to the exchange server..." The front end server IS on the network & live though!
Additional Details:
Here are the Exchange services & their status on the front end server:
MS Exch Event Manual
MS Exch IMAP4 Disabled
MS Exch Information Store Started Automatic
MS Exch Management Started Automatic
MS Exch MTA Stacks Started Automatic
MS Exch POP3 Disabled
MS Exch Routing Engine Started Automatic
MS Exch Site Replication Service Disabled
MS Exch System Attendant Started Automatic
Simple Mail Transfer Protocol Started Automatic
The account I'm logging on with is valid & usable on the back end server from all workstations (including the one I tested the front end server connection with).
One thing I do notice is that, unlike my existing gateway email server, there is no "Default SMTP Virtual Server" shown under IIS in Computer Management. There is only the "Default SMTP Virtual Server" that shows up in Exchange System Management (similar to the existing backend server).
Also, in Exchange System Manager (running on the front end server) I can see both the front end AND back end servers so it appears that the front end server installed into active directory ok...
I'm just not sure where to go with this!
- it seems that the front end server isn't integrating with the back end server with regards to authentication in OWA...
- but if Outlook can't connect, is there a bigger problem that's causing the OWA problem???
- do I need to uninstall this server & start over? If so, how do I cleanly remove it from A/D???
If you need more info, I'll be happy to provide it!
Thanks in advance for any help you can provide,
ghopper02
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 18.Jun.2008 7:17:03 PM
|
|
|
123raghu
Posts: 59
Joined: 18.Mar.2008
Status: offline
|
Hi,
Can you confirm what permissions (Directory Security tab-> IIS Manager) have been setup on the Virtual directories (Default website & Exchange) on the Front-end and Back-end Exchange server ?
Also a MAPI client (Eg: Outlook) cannot connect/talk to the front-end server, you need to mention the name of the Backend server while configuring profiles....
Cheers,
Raghu
_____________________________
It is not how much you do, but how much love you put in the doing......
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 18.Jun.2008 7:36:29 PM
|
|
|
ghopper02
Posts: 4
Joined: 5.Jun.2008
Status: offline
|
Here are the settings (in my notes below "_" = not checked and "X" = checked)
Directory Security:
Back-end Server:
Default Website:
Authentication & Access Control:
Authentication - anonymous - using the IUSR_xxx account
Authenticated access - none checked
_ Integrated Windows
_ Digest Authent.
_ Basic Authent.
_ .NET Passport)
IP address & domain name restrictions:
None - all granted access
Secure Communications:
Not configured
Exchange Virtual Directory:
Authentication & Access Control:
Authentication - Anonymous disabled (not checked)
Authenticated access - only Integrated & Basic checked
X Integrated Windows
_ Digest Authent.
X Basic Authent.
_ .NET Passport)
Default domain = "\"
IP address & domain name restrictions:
None - all granted access
Secure Communications:
_ Require secure channel (not checked)
X Ignore Client Certificates (checked)
_ Enable client certificate mapping (not checked)
Front-End Server:
Default Website:
Authentication & Access Control:
Authentication - anonymous - using the IUSR_xxx account
Authenticated access - none checked
_ Integrated Windows
_ Digest Authent.
_ Basic Authent.
_ .NET Passport)
IP address & domain name restrictions:
None - all granted access
Secure Communications:
Not configured
Exchange Virtual Directory:
Authentication & Access Control:
Authentication - Anonymous disabled (not checked)
Authenticated access - only Basic checked
_ Integrated Windows
_ Digest Authent.
X Basic Authent.
_ .NET Passport)
Default domain = "\"
IP address & domain name restrictions:
None - all granted access
Secure Communications:
X Require secure channel (checked)
X Ignore Client Certificates (checked)
_ Enable client certificate mapping (not checked)
Thank you,
ghopper02
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 4.Jul.2008 3:33:13 AM
|
|
|
Exchange_Geek
Posts: 1026
Joined: 31.Dec.2006
Status: offline
|
i think its much more than the permission on IIS - Can you check if you have DSAccess errors on your FE Server - Verify you are able to communicate from FE Exchange to AD Servers using tools like dcdiag / netdiag / netmon.
Also, check if you do not have multiple NICs on your FE Server (Incase, you have please check the network binding order).
Try the most famous solution once - Reboot your both Exchange Server and DC / GC.
Also, which server is configured as your DNS Server - is that your preferred DNS on your NICs.
Awaiting your feedback
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 4.Jul.2008 6:15:49 PM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Why do you want to put the server in the DMZ? Do you think it will enhance the security of your network? If you do then you are disillusioned. It will not.
Exchange frontend servers are not deployed for security reasons, but for load. They are primarily used when you have more than one backend server. If you have 50 users I would struggle to justify a frontend server.
If you want to put something in the DMZ then you should be deploying ISA server. That is designed to be put in to the DMZ.
There are two prime reasons why a frontend server will not work.
1. The frontend server hasn't been kept at the same patch level as the backend server. You need to ensure that it is the same or higher. Therefore if the backend is Exchange 2003 SP2 then the frontend needs to be. The patch level (hotfixes) needs to be the same as well.
2. The other problem can be the authentication settings are wrong on the backend server so the proxy functionality doesn't work. If you have require SSL enabled on the backend server that can stop it from working.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:06:51 PM
|
|
|
ghopper02
Posts: 4
Joined: 5.Jun.2008
Status: offline
|
Thanks for the suggestions - I'll look into this & post back with results...
Right now the server is not in the DMZ - I had planned to do that so I could block all inbound port 80, 21, etc traffic to the internal network and limit it to the DMZ.
I already have the server working and on the network - SourceAnywhere is loaded and working...
I need to get OWA working again on Exchange 2003 but didn't want to open the main email server to the "outside world" - that's why I thought I'd need to load a front-end Exchange server...
The problem may well have to do with service pack/hotfixes... I'm not requiring SSL on the backend...
Thanks again,
ghopper02
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:17:30 PM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
A frontend server does not meet your design requirements. You are still exposing an Exchange server to the internet. Whether it is a frontend or backend server doesn't matter. Exchange servers cannot operate in isolation, which means your frontend server has to communicate fully with all of your domain controllers and with the backend server. Furthermore unless you change the configuration of the server the number of ports that you have to open turn the firewall in to swiss cheese. If your frontend server is compromised thats it - game over. The machine is a member of the domain and the attacker can walk straight to your data.
To meet your design requirements you need to have something that is not a member of the domain. The primary product used is ISA server.
Personally I have no problems with a dedicated Exchange server exposed to the internet. I only open port 443 and 25, nothing else.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:42:27 PM
|
|
|
ghopper02
Posts: 4
Joined: 5.Jun.2008
Status: offline
|
Thanks for the advice Sembee - and the explanation!
That would certainly simplify things for me.
The next question is - I have Exchange loaded on this 2nd server & set to front-end mode.
How difficult is it to remove?
Are there any gotcha's that I need to now to avoid trashing anything in A/D when I remove it?
Thanks again,
ghopper02
|
|
|
|
|
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:46:12 PM
|
|
|
Sembee
Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
Just remove it using add/remove programs. That will remove the server from AD correctly and cleanly.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
