• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Can't connect to Exchange 2003 Front End Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Installation >> Can't connect to Exchange 2003 Front End Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
Can't connect to Exchange 2003 Front End Server - 5.Jun.2008 6:00:37 PM   
ghopper02

 

Posts: 4
Joined: 5.Jun.2008
Status: offline
I have a working SMTP gateway server / Exchange 2003 server / Windows 2003 Active Directory setup with about 50 users - this has been running fine for a year or so.

I'm learning Exchange as I go - having moved from 5.5 to 2003 successfully, I'm not a newbie, but I'm by no means an expert either!

I have installed another Exchange 2003 server (regular vanilla install) and set it to "Front end mode" with the check box after the install was complete. This will eventually be our OWA & gateway email server in the DMZ, but for now I have it inside and in the same subnet, etc as all the other servers & workstations (so there are no firewalls between machines).

I have setup & secured OWA with an SSL certificate and have enabled forms-based authentication.

Now for the problems...

1) I am able to connect to the OWA logon page but it will not allow me to sign on - it returns me to the logon page with just the username filled in. It displays no error message, just returns to the logon page as many times as you are willing to enter a password and click "Logon". What is strange is that it also sets a frame up on the left side of the webpage and opens all subsequent logon screens in the right 2/3 of the screen.

So... I figured I'd back up a step and try to connect directly to the front end server with an Outlook client (happens to be Outlook 2000). This results in problem #2...

2) When I create a new MS Exchange connection in Outlook that points to the Front End server (either by name or by IP address) I get the following error when I start Outlook. "Name could not be resolved. Network problems are preventing connection to the exchange server..." The front end server IS on the network & live though!

Additional Details:

Here are the Exchange services & their status on the front end server:
MS Exch Event                                                       Manual
MS Exch IMAP4                                                    Disabled
MS Exch Information Store                    Started      Automatic
MS Exch Management                           Started      Automatic
MS Exch MTA Stacks                           Started      Automatic
MS Exch POP3                                                      Disabled
MS Exch Routing Engine                        Started      Automatic
MS Exch Site Replication Service                            Disabled
MS Exch System Attendant                    Started      Automatic
Simple Mail Transfer Protocol                 Started      Automatic

The account I'm logging on with is valid & usable on the back end server from all workstations (including the one I tested the front end server connection with).

One thing I do notice is that, unlike my existing gateway email server, there is no "Default SMTP Virtual Server" shown under IIS in Computer Management. There is only the "Default SMTP Virtual Server" that shows up in Exchange System Management (similar to the existing backend server).

Also, in Exchange System Manager (running on the front end server) I can see both the front end AND back end servers so it appears that the front end server installed into active directory ok...

I'm just not sure where to go with this!
- it seems that the front end server isn't integrating with the back end server with regards to authentication in OWA...
- but if Outlook can't connect, is there a bigger problem that's causing the OWA problem???
- do I need to uninstall this server & start over? If so, how do I cleanly remove it from A/D???

If you need more info, I'll be happy to provide it!

Thanks in advance for any help you can provide,
ghopper02



Post #: 1
RE: Can't connect to Exchange 2003 Front End Server - 18.Jun.2008 7:17:03 PM   
123raghu

 

Posts: 68
Joined: 18.Mar.2008
Status: offline
Hi,

Can you confirm what permissions (Directory Security tab-> IIS Manager) have been setup on the Virtual directories (Default website & Exchange) on the Front-end and Back-end Exchange server ?

Also a MAPI client (Eg: Outlook) cannot connect/talk to the front-end server, you need to mention the name of the Backend server while configuring profiles....

Cheers,
Raghu

_____________________________

It is not how much you do, but how much love you put in the doing......

Cheers,
Raghu
Raghuv@live.com

(in reply to ghopper02)
Post #: 2
RE: Can't connect to Exchange 2003 Front End Server - 18.Jun.2008 7:36:29 PM   
ghopper02

 

Posts: 4
Joined: 5.Jun.2008
Status: offline
Here are the settings (in my notes below "_" = not checked and "X" = checked)

Directory Security:

Back-end Server:

   Default Website:
    Authentication & Access Control:
     Authentication - anonymous - using the IUSR_xxx account
     Authenticated access - none checked
         _ Integrated Windows
         _ Digest Authent.
         _ Basic Authent.
         _ .NET Passport)
    IP address & domain name restrictions:
     None - all granted access
    Secure Communications:
     Not configured

   Exchange Virtual Directory:
    Authentication & Access Control:
     Authentication - Anonymous disabled (not checked)
     Authenticated access - only Integrated & Basic checked
         X Integrated Windows
         _ Digest Authent.
         X Basic Authent.
         _ .NET Passport)
     Default domain = "\"
    IP address & domain name restrictions:
     None - all granted access
    Secure Communications:
     _ Require secure channel (not checked)
     X Ignore Client Certificates (checked)
     _ Enable client certificate mapping (not checked)


Front-End Server:

   Default Website:
    Authentication & Access Control:
     Authentication - anonymous - using the IUSR_xxx account
     Authenticated access - none checked
         _ Integrated Windows
         _ Digest Authent.
         _ Basic Authent.
         _ .NET Passport)
    IP address & domain name restrictions:
     None - all granted access
    Secure Communications:
     Not configured

   Exchange Virtual Directory:
    Authentication & Access Control:
     Authentication - Anonymous disabled (not checked)
     Authenticated access - only Basic checked
         _ Integrated Windows
         _ Digest Authent.
         X Basic Authent.
         _ .NET Passport)
     Default domain = "\"
    IP address & domain name restrictions:
     None - all granted access
    Secure Communications:
     X Require secure channel (checked)
     X Ignore Client Certificates (checked)
     _ Enable client certificate mapping (not checked)

Thank you,
ghopper02

(in reply to 123raghu)
Post #: 3
RE: Can't connect to Exchange 2003 Front End Server - 4.Jul.2008 3:33:13 AM   
Exchange_Geek

 

Posts: 1287
Joined: 31.Dec.2006
Status: offline
i think its much more than the permission on IIS - Can you check if you have DSAccess errors on your FE Server - Verify you are able to communicate from FE Exchange to AD Servers using tools like dcdiag / netdiag / netmon.

Also, check if you do not have multiple NICs on your FE Server (Incase, you have please check the network binding order).

Try the most famous solution once - Reboot your both Exchange Server and DC / GC.

Also, which server is configured as your DNS Server - is that your preferred DNS on your NICs.

Awaiting your feedback

(in reply to ghopper02)
Post #: 4
RE: Can't connect to Exchange 2003 Front End Server - 4.Jul.2008 6:15:49 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Why do you want to put the server in the DMZ? Do you think it will enhance the security of your network? If you do then you are disillusioned. It will not.
Exchange frontend servers are not deployed for security reasons, but for load. They are primarily used when you have more than one backend server. If you have 50 users I would struggle to justify a frontend server.

If you want to put something in the DMZ then you should be deploying ISA server. That is designed to be put in to the DMZ.

There are two prime reasons why a frontend server will not work.
1. The frontend server hasn't been kept at the same patch level as the backend server. You need to ensure that it is the same or higher. Therefore if the backend is Exchange 2003 SP2 then the frontend needs to be. The patch level (hotfixes) needs to be the same as well.

2. The other problem can be the authentication settings are wrong on the backend server so the proxy functionality doesn't work. If you have require SSL enabled on the backend server that can stop it from working.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to Exchange_Geek)
Post #: 5
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:06:51 PM   
ghopper02

 

Posts: 4
Joined: 5.Jun.2008
Status: offline
Thanks for the suggestions - I'll look into this & post back with results...

  Right now the server is not in the DMZ - I had planned to do that so I could block all inbound port 80, 21, etc traffic to the internal network and limit it to the DMZ.
I already have the server working and on the network - SourceAnywhere is loaded and working...
  I need to get OWA working again on Exchange 2003 but didn't want to open the main email server to the "outside world" - that's why I thought I'd need to load a front-end Exchange server...
  The problem may well have to do with service pack/hotfixes... I'm not requiring SSL on the backend...

Thanks again,
ghopper02

(in reply to Sembee)
Post #: 6
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:17:30 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
A frontend server does not meet your design requirements. You are still exposing an Exchange server to the internet. Whether it is a frontend or backend server doesn't matter. Exchange servers cannot operate in isolation, which means your frontend server has to communicate fully with all of your domain controllers and with the backend server. Furthermore unless you change the configuration of the server the number of ports that you have to open turn the firewall in to swiss cheese. If your frontend server is compromised thats it - game over. The machine is a member of the domain and the attacker can walk straight to your data.

To meet your design requirements you need to have something that is not a member of the domain. The primary product used is ISA server.

Personally I have no problems with a dedicated Exchange server exposed to the internet. I only open port 443 and 25, nothing else.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to ghopper02)
Post #: 7
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:42:27 PM   
ghopper02

 

Posts: 4
Joined: 5.Jun.2008
Status: offline
Thanks for the advice Sembee - and the explanation!
That would certainly simplify things for me.

The next question is - I have Exchange loaded on this 2nd server & set to front-end mode.
How difficult is it to remove?
Are there any gotcha's that I need to now to avoid trashing anything in A/D when I remove it?

Thanks again,
ghopper02

(in reply to Sembee)
Post #: 8
RE: Can't connect to Exchange 2003 Front End Server - 7.Jul.2008 1:46:12 PM   
Sembee

 

Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Just remove it using add/remove programs. That will remove the server from AD correctly and cleanly.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/

(in reply to ghopper02)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Installation >> Can't connect to Exchange 2003 Front End Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter