+ Reply to Thread
Results 1 to 13 of 13
  1. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #1

    Default 2 Exchange Server2K3 w/out FE

    Hi Guys,

    I setup my second exchange server and put some mailbox in it and it is working. My problem is I dont have a Front End server (budget constraint) and can't use my OWA SSL internal and external to login to the users on the new exchange server. How can I configure this for the users in addtional server to login through https (SSL) internal and external?
    Reply With Quote Quote  

  2. SS -->
  3. Question Mark Member rjbarlow's Avatar
    Join Date
    Apr 2007
    Location
    the few neurons in my brain... Italy!
    Posts
    419

    Certifications
    CCNA, MCSA 2k3: Messaging, MCP, 70-285. WIP: 70-236, 70-293
    #2
    An FE is not required in order to make able remote users to access its mailboxes, it is only recommended for designing more security putting him in a DMZ, You could install a certificate on Your BEs and grant access remotely to the servers to Your users and it works, even if is a practice that I would not recommend to anyone, unless the servers are behind a NAT or a firewall.
    Reply With Quote Quote  

  4. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #3
    Thanks rjbarlow but we just want a single certificate which is already configured on my old exchange server. Now the question is, how can I configure the 2nd exchange server to access our OWA SSL (example: https://mail.google.com/exchange). Should I import the certificate and assign the existing certificate or how can I also point mail.google.com to my other exchange server.
    Reply With Quote Quote  

  5. Question Mark Member rjbarlow's Avatar
    Join Date
    Apr 2007
    Location
    the few neurons in my brain... Italy!
    Posts
    419

    Certifications
    CCNA, MCSA 2k3: Messaging, MCP, 70-285. WIP: 70-236, 70-293
    #4
    You should register in the Internet DNS Your mail servers, with an A record and an MX record for each server, so they can be reachable by entering a standard URL like https://mail.mydomain.com, of course You should have already registered an Internet domain prior.
    For the certificates You could create an internal CA and issuing certificates to the servers, if You require no warning messages are dispalyed saying that the CA is not trusted to Your remote users, then You should purchase one other certificate and issuing it to the new server.
    Reply With Quote Quote  

  6. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #5
    Thanks rjbarlow. Actually, the certificate is already created by internal CA. Should I create a new one. Or can I use that certificate since I need to use only the https://mail.mydomain.com in my 2 exchage servers...
    Reply With Quote Quote  

  7. Question Mark Member rjbarlow's Avatar
    Join Date
    Apr 2007
    Location
    the few neurons in my brain... Italy!
    Posts
    419

    Certifications
    CCNA, MCSA 2k3: Messaging, MCP, 70-285. WIP: 70-236, 70-293
    #6
    You should create a new one.
    Reply With Quote Quote  

  8. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #7
    Sorry but will i create a new one with the same certificate name I suppose because I need to use only 1 name external and internal..(mail.domain.com/exchange). Is that right?
    Reply With Quote Quote  

  9. Question Mark Member rjbarlow's Avatar
    Join Date
    Apr 2007
    Location
    the few neurons in my brain... Italy!
    Posts
    419

    Certifications
    CCNA, MCSA 2k3: Messaging, MCP, 70-285. WIP: 70-236, 70-293
    #8
    You should create a server certificate for each server if You want each of them be reachable through OWA protected with SSL and each of them should have its own records in the public DNS in order to be both reachable by entering the respective FQDN in the URL. So You need even two public registered IP addresses. You cannot hope to reach both servers by entering the same URL or IP address, this make no sense, expecially speaking about Exchange back-end servers that are not parts of a servers cluster.
    Last edited by rjbarlow; 03-15-2009 at 03:20 PM.
    Reply With Quote Quote  

  10. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #9
    In simple terms:
    2BE no FE = 2 Certs and 2 different FQDNs for OWA
    2BE with FE = 1 Cert and 1 FQDN for OWA since FE can route to both BE Servers
    Reply With Quote Quote  

  11. Question Mark Member rjbarlow's Avatar
    Join Date
    Apr 2007
    Location
    the few neurons in my brain... Italy!
    Posts
    419

    Certifications
    CCNA, MCSA 2k3: Messaging, MCP, 70-285. WIP: 70-236, 70-293
    #10
    Quote Originally Posted by royal View Post
    In simple terms:
    2BE no FE = 2 Certs and 2 different FQDNs for OWA
    2BE with FE = 1 Cert and 1 FQDN for OWA since FE can route to both BE Servers
    Royal, You could not intervene prior? Seems I got some troubles obtaining awareness.
    Reply With Quote Quote  

  12. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #11
    thanks rjbarlow...I guess i just need to install an FE for my BE to use 1 cert and 1 FQDN. Because of budget constraint, I'll just use a desktop for an FE for the moment, since this is just use for OWA.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Jan 2008
    Posts
    1,941

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #12
    Quote Originally Posted by jojopramos View Post
    thanks rjbarlow...I guess i just need to install an FE for my BE to use 1 cert and 1 FQDN. Because of budget constraint, I'll just use a desktop for an FE for the moment, since this is just use for OWA.
    Free VMware Server Download for Server Consolidation - VMware
    Reply With Quote Quote  

  14. Senior Member jojopramos's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    419

    Certifications
    CCNA, MCSE, MCSA Messaging, A+, Server+, SCP
    #13
    I can use VMWare, you are right HeroPsycho.... but the server is just ML150 with 72GB HDD. I'll just ask them to buy a low end server instead. Thanks to all...
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks