2 Exchange Server2K3 w/out FE

jojopramos

Hi Guys,

I setup my second exchange server and put some mailbox in it and it is working. My problem is I dont have a Front End server (budget constraint) and can't use my OWA SSL internal and external to login to the users on the new exchange server. How can I configure this for the users in addtional server to login through https (SSL) internal and external?

rjbarlow

An FE is not required in order to make able remote users to access its mailboxes, it is only recommended for designing more security putting him in a DMZ, You could install a certificate on Your BEs and grant access remotely to the servers to Your users and it works, even if is a practice that I would not recommend to anyone, unless the servers are behind a NAT or a firewall.

jojopramos

Thanks rjbarlow but we just want a single certificate which is already configured on my old exchange server. Now the question is, how can I configure the 2nd exchange server to access our OWA SSL (example: https://mail.google.com/exchange). Should I import the certificate and assign the existing certificate or how can I also point mail.google.com to my other exchange server.

rjbarlow

You should register in the Internet DNS Your mail servers, with an A record and an MX record for each server, so they can be reachable by entering a standard URL like https://mail.mydomain.com, of course You should have already registered an Internet domain prior.
For the certificates You could create an internal CA and issuing certificates to the servers, if You require no warning messages are dispalyed saying that the CA is not trusted to Your remote users, then You should purchase one other certificate and issuing it to the new server.

jojopramos

Thanks rjbarlow. Actually, the certificate is already created by internal CA. Should I create a new one. Or can I use that certificate since I need to use only the https://mail.mydomain.com in my 2 exchage servers...

rjbarlow

You should create a new one.

jojopramos

Sorry but will i create a new one with the same certificate name I suppose because I need to use only 1 name external and internal..(mail.domain.com/exchange). Is that right?

rjbarlow

You should create a server certificate for each server if You want each of them be reachable through OWA protected with SSL and each of them should have its own records in the public DNS in order to be both reachable by entering the respective FQDN in the URL. So You need even two public registered IP addresses. You cannot hope to reach both servers by entering the same URL or IP address, this make no sense, expecially speaking about Exchange back-end servers that are not parts of a servers cluster.

royal

In simple terms:
2BE no FE = 2 Certs and 2 different FQDNs for OWA
2BE with FE = 1 Cert and 1 FQDN for OWA since FE can route to both BE Servers

rjbarlow

royal wrote: »

In simple terms:
2BE no FE = 2 Certs and 2 different FQDNs for OWA
2BE with FE = 1 Cert and 1 FQDN for OWA since FE can route to both BE Servers

Royal, You could not intervene prior? Seems I got some troubles obtaining awareness.

jojopramos

thanks rjbarlow...I guess i just need to install an FE for my BE to use 1 cert and 1 FQDN. Because of budget constraint, I'll just use a desktop for an FE for the moment, since this is just use for OWA.

HeroPsycho

jojopramos wrote: »

thanks rjbarlow...I guess i just need to install an FE for my BE to use 1 cert and 1 FQDN. Because of budget constraint, I'll just use a desktop for an FE for the moment, since this is just use for OWA.

Free VMware Server Download for Server Consolidation - VMware

jojopramos

I can use VMWare, you are right HeroPsycho.... but the server is just ML150 with 72GB HDD. I'll just ask them to buy a low end server instead. Thanks to all...