2 Exchange Server2K3 w/out FE

Hi Guys,

I setup my second exchange server and put some mailbox in it and it is working. My problem is I dont have a Front End server (budget constraint) and can't use my OWA SSL internal and external to login to the users on the new exchange server. How can I configure this for the users in addtional server to login through https (SSL) internal and external?

Comments

  • rjbarlowrjbarlow Member Posts: 411
    An FE is not required in order to make able remote users to access its mailboxes, it is only recommended for designing more security putting him in a DMZ, You could install a certificate on Your BEs and grant access remotely to the servers to Your users and it works, even if is a practice that I would not recommend to anyone, unless the servers are behind a NAT or a firewall.
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
  • jojopramosjojopramos Member Posts: 415
    Thanks rjbarlow but we just want a single certificate which is already configured on my old exchange server. Now the question is, how can I configure the 2nd exchange server to access our OWA SSL (example: https://mail.google.com/exchange). Should I import the certificate and assign the existing certificate or how can I also point mail.google.com to my other exchange server.
  • rjbarlowrjbarlow Member Posts: 411
    You should register in the Internet DNS Your mail servers, with an A record and an MX record for each server, so they can be reachable by entering a standard URL like https://mail.mydomain.com, of course You should have already registered an Internet domain prior.
    For the certificates You could create an internal CA and issuing certificates to the servers, if You require no warning messages are dispalyed saying that the CA is not trusted to Your remote users, then You should purchase one other certificate and issuing it to the new server.
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
  • jojopramosjojopramos Member Posts: 415
    Thanks rjbarlow. Actually, the certificate is already created by internal CA. Should I create a new one. Or can I use that certificate since I need to use only the https://mail.mydomain.com in my 2 exchage servers...
  • rjbarlowrjbarlow Member Posts: 411
    You should create a new one.
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
  • jojopramosjojopramos Member Posts: 415
    Sorry but will i create a new one with the same certificate name I suppose because I need to use only 1 name external and internal..(mail.domain.com/exchange). Is that right?
  • rjbarlowrjbarlow Member Posts: 411
    You should create a server certificate for each server if You want each of them be reachable through OWA protected with SSL and each of them should have its own records in the public DNS in order to be both reachable by entering the respective FQDN in the URL. So You need even two public registered IP addresses. You cannot hope to reach both servers by entering the same URL or IP address, this make no sense, expecially speaking about Exchange back-end servers that are not parts of a servers cluster.
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    In simple terms:
    2BE no FE = 2 Certs and 2 different FQDNs for OWA
    2BE with FE = 1 Cert and 1 FQDN for OWA since FE can route to both BE Servers
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • rjbarlowrjbarlow Member Posts: 411
    royal wrote: »
    In simple terms:
    2BE no FE = 2 Certs and 2 different FQDNs for OWA
    2BE with FE = 1 Cert and 1 FQDN for OWA since FE can route to both BE Servers
    Royal, You could not intervene prior? Seems I got some troubles obtaining awareness. icon_wink.gif
    Pork 3
    Maindrian's music

    WIP: 70-236, 70-293 and MCSE.
  • jojopramosjojopramos Member Posts: 415
    thanks rjbarlow...I guess i just need to install an FE for my BE to use 1 cert and 1 FQDN. Because of budget constraint, I'll just use a desktop for an FE for the moment, since this is just use for OWA.
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    jojopramos wrote: »
    thanks rjbarlow...I guess i just need to install an FE for my BE to use 1 cert and 1 FQDN. Because of budget constraint, I'll just use a desktop for an FE for the moment, since this is just use for OWA.

    Free VMware Server Download for Server Consolidation - VMware icon_thumright.gif
    Good luck to all!
  • jojopramosjojopramos Member Posts: 415
    I can use VMWare, you are right HeroPsycho.... but the server is just ML150 with 72GB HDD. I'll just ask them to buy a low end server instead. Thanks to all...
Sign In or Register to comment.