• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

One Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Installation >> One Server Page: [1]
Message << Older Topic   Newer Topic >>
One Server - 3.Jan.2008 1:27:10 PM   


Posts: 47
Joined: 10.Aug.2006
Status: offline
Is it possible and if so is their a white paper on using OWA from the Internet with only one server.
I have a client who is a very small 30 users but chose not to buy SBS.  They now want OWA from the outside and don't have the money for a front end server. 
Can you do this without a front end server and if so how do you secure it.  Thanks
Post #: 1
RE: One Server - 3.Jan.2008 1:56:11 PM   


Posts: 1917
Joined: 12.Apr.2005
From: London
Status: offline
Hiya, yes you can do it, but as you are aware it is not recommended without using a FES, but, if the customer understands the risks and it unwilling to budge it can be accomplished like so;

1. Configure an External DNS name for the Exchange Server and point it to the External IP address of your Firewall.
2. On the Exchange Server open the IIS manager right click on the default web site, choose properties and from the dialog box that appears choose the "Directory Security" tab and click on the "Server Certificate" button.

3. The Server Certificate wizard will open - click on next - then choose "Create a new certificate" and then click next.

4. Choose "Prepare the request now, but send it later" and choose next

5. Provide a name for the certificate - I have found that this is better to keep this the same as the DNS name in the outside world, then choose a bit length - personally you can leave it at 1024 - but if you wish you can make it higher - then click next.

6. Enter in the Name of Your Organisation (you should look up the name of your organisation which is registered with your DNS provider - for example if your Domain Name is HappyToys.com - you should perform a "Who is" lookup to ensure that the registrant of the domain matches the Organisation on the Certificate - this is important with some Thwate Certificates - you can enter the OU as IT. - Click Next

7. You will be asked for the common name for the certificate - this MUST be the same as the DNS name for the server (for example owa.happytoys.com) - click next.

8. Complete the Geographical Information and then click next

9. Choose a location for the certificate request file and then click next

10. Confirm the information and then click next - then click finish

You now will have a file that can be sent to a SSL provider (such as Thwate or Verisign) that can be used to secure the communications for your OWA site.
You should not proceed without a valid SSL certificate - doing so will put your information at serious risk.

11. On your firewall configure a NAT rule which redirects traffic from the External IP to the internal IP address of your Exchange server on port 433 (SSL)  - this step might be a little different depending on the Firewall solution that you are using and if you have more than one rule for SSL traffic.

12. When you have your SSL certificate copy it to your Exchange Server then Open the IIS manager, then right click on the default web site and choose properties.

13. Click on Directory Security - and choose the "Server Certificate" - click on next then choose the "Process the pending request and install the certificate" and click next.

14. Follow the wizard through to where you will be asked to provide the location of the SSL certificate.

15. In the IIS manager right click on the following directories


Choose Properties then click on the Directory Security Tab and choose the Edit option.
Tick the "Require Secure Channel (SSL)" option.

That is in essence a very quick guide to allowing OWA to a single server.




Andy Grogan
MSExchange.org Forums Moderator
For my general ramblings about Exchange please visit my website:
W: http://www.telnetport25.com/
B: http://telnetport25.wordpress.com/
M: manifoldmaster@gmail.com

(in reply to yourisd)
Post #: 2
RE: One Server - 3.Jan.2008 2:15:26 PM   


Posts: 47
Joined: 10.Aug.2006
Status: offline
Thanks a ton. 

(in reply to a.grogan)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Installation >> One Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter