Added Edge Server - Now have problems!
Hi guys,
On adding the edge server role today to our slowly growing network, webmail now does now work externally.
Rather than emailing the guys who look after the NAT rules on our leased line ( and waiting several hours for them to make changes) we decided to create the edge server and give it the mail server's IP, and give the mail server a new IP. This means that mail which is pointing to 10.35.99.4 would still work, as it would be pointing to the new edge server.
This all worked great however now OWA is not working externally and I cant see why. The only thing i can think of checking is if there is a rule on our firewall pointing webmail to the .4 address which is edge instead of .7 which is now our Mail and Client access server.
Any ideas on this? cheers
On adding the edge server role today to our slowly growing network, webmail now does now work externally.
Rather than emailing the guys who look after the NAT rules on our leased line ( and waiting several hours for them to make changes) we decided to create the edge server and give it the mail server's IP, and give the mail server a new IP. This means that mail which is pointing to 10.35.99.4 would still work, as it would be pointing to the new edge server.
This all worked great however now OWA is not working externally and I cant see why. The only thing i can think of checking is if there is a rule on our firewall pointing webmail to the .4 address which is edge instead of .7 which is now our Mail and Client access server.
Any ideas on this? cheers
Comments
-
cisco_trooper Member Posts: 1,441 ■■■■□□□□□□Check your A and PTR records in DNS. This was not a smart move.
-
cisco_trooper Member Posts: 1,441 ■■■■□□□□□□If webmail is now on a server with a different IP than it was before the install, you likely broke webmail. The firewall probably has an ACL allowing ports 80 and 443 to that host. That rule is now wrong because of the IP switch you seem to have made.
-
dynamik Banned Posts: 12,312 ■■■■■■■■■□Doesn't OWA, activesync, etc. go to the machine with the client access server role? I don't believe that gets filtered through the edge transport. As noted above, moving that machine is likely what broke it.
-
HeroPsycho Inactive Imported Users Posts: 1,940Doesn't OWA, activesync, etc. go to the machine with the client access server role? I don't believe that gets filtered through the edge transport. As noted above, moving that machine is likely what broke it.
That is correct.Good luck to all! -
blargoe Member Posts: 4,174 ■■■■■■■■■□They may have been doing what a lot of smaller companies do, hosting hub transport and client access and maybe mailbox on the same server. We don't have nearly enough information to say exactly what went wrong, but my guess is the firewall was configured to allow 25 and 443 to that one IP address, and/or the the A record for webmail and the MX for your domain is the same host/IP.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...