No announcement yet.

2nd BE Exchange box w/ RPC

  • Filter
  • Time
  • Show
Clear All
new posts

  • 2nd BE Exchange box w/ RPC

    Good Morning

    Initially I just had a FE and a BE box and that is working great. The FE box is in the DMZ, which runs OWA and RPC over HTTP.

    I have installed a 2nd BE box, and have set it up just like the 1st BE box. Problem being is authentication to the 2nd box via pop3/smtp/rpc over http won't work. But if I use webmail, I can login and view e-mail.

    Any suggestions?

  • #2
    Re: 2nd BE Exchange box w/ RPC

    Primary suggestion would be move the frontend server out of the DMZ. It is doing you no good there at all. It is actually making more of a security hole than having everything where it belongs - on the production network.

    Almost certainly the problem is the firewall in between the two servers. You have probably set it to allow the traffic to flow between the two existing servers. The frontend needs to communicate directly to the backend server. If the firewall is restricted to the original backend, it will be unable to. The existing backend cannot proxy the connection to the other backend - as that is what the frontend is supposed to do.

    Bring the frontend inside, close up the swiss cheese of your firewall so that only port 443 is open.
    If you are not allowed to have direct access to the Internet from production then put an ISA server in the DMZ, with the host machine a member of a workgroup, not the domain.

    Domain members do not belong in the DMZ - period.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.