OWA with 2 Exchange servers

OK, from what I've gathered so far, it sounds like I
need to use the front end/back end Exchange topology
in order to use OWA with two or more Exchange servers.

Does anyone have any experience with this? If there is
a clear step-by-step tutorial or something that would help
me with this, or if someone could point me in the right
direction, I would appreciate it very much.

Thanks in advance.


  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    The reason why you want to use a front-end, is because it has the logic to know how to talk with Active Directory to know what mailbox a user exists on. This is only really needed when you have more than one back-end Exchange servers. If you're just using OWA, you "technically" don't need a front-end and back-end since the stand-alone Exchange server can do OWA just fine by itself.

    See the thing is, there are several ways you can do OWA for internet users.
    1. 1 Exchange server doing OWA. Open up port 443 all the way through all firewalls so internet clients can contact your Exchange server. This isn't a good idea since you're creating a direct entrance into your internal network.
    2. 1 Front-end and 1 Back-end. Front-end is in the DMZ which provides the communication for OWA to internet clients. Since a front-end needs access to a GC, you need to either either put a GC in your DMZ (Never do this!) or you need to open port 3268 on your corporate/internal firewall.
    3. 1 Front-end and 1 Back-end. Both Front-end and back-end are in your corporate network and are being published by ISA which is in your DMZ. ISA will pre-authenticate users as well as use SSL bridging so you can use port 443 for all communications both from the internet through your internet facing firewall to ISA and use SSL bridging. SSL bridging basically decrypts the packets it receives for application layer inspection and then re-encrypts it when sending it to the front-end exchange server.
    4. Same thing as #3 but just use 1 Exchange server. As I said, if you have 2 Exchange servers hosting mailboxes, you'll want to use a Front-End so you can have clients going to 1 Front-End server and then letting that Front-End server route that packet to the appropriate Back-End server. ISA does not have the functionality to figure out what back-end server a client resides on.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
Sign In or Register to comment.