Announcement

Collapse
No announcement yet.

Moving to Exchange 2003 frontend/backend config

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Moving to Exchange 2003 frontend/backend config

    Hello All,

    I just needed to clarify a few things about Exchange 2003 frontend/backend configuration; I am sort of an "average admin" of Exchange, so I wanted to make sure I dont miss any important details.

    We are currently on a single Win 2003 Ent SP2/Exchange 2003 Ent SP2 server, with about 250 mailboxes, a single 85 GB info store, OWA+SSL, 25 Blackberry's (through a Blackberry Ent Server) and about 10 iPhones on ActiveSync. Needless to say, the server is getting pretty overloaded now (and its also 6 yrs old, handed down to me about a year ago), so we are planning to move to different hardware in a Frontend/Backend configuration.

    I have been reading up on this for the past few days, and have already gone through MS's Exchange 2000 and Exchange 2003 Frontend/Backend Topology Guide. I have also read a few other posts on this forum (kudos to you all!).

    I have never migrated Exchange to new hardware, let alone in a frontend/backend config. How is this exactly done!? From what I understand, a frontend server is "added" to an already existing Exchange organization.. right? Am I on the right track:
    1. First, migrate the current Exchange server to new hardware as outlined in How to Move Exchange Server 2003 to New Hardware and Keep the Same Server Name.
    2. Setup a second server with Exchange 2003 and make it a frontend (by checking the box "This is a frontend server" in ESM, removing the public folder store, etc.
    3. Then setup OWA/SSL and ActiveSync on the front end. We do not have any POP/IMAP clients, so these services (and NNTP) will be disabled after initial setup.

    Now the questions:
    1. Where should I setup SMTP? Is there any performance benefit if SMTP is on the frontend or the backend? If SMTP is on the front end, how will internal Outlook clients (which connect to backend) send mail?
    2. The email that comes from the outside world to our organization first hits the org's email routers, then it gets forwarded to our spam filter, and from there on to the current email server. If I put SMTP on the frontend, wouldn't the spam filter need to be reconfigured to send email to the frontend (instead of the backend)? If SMTP is on backend, will OMA/ActiveSync users logging in thru frontend be able to send mail?

    Please feel free to give any other suggestions...!

    Thanks a lot in advance!
    VS.
    Last edited by svinay23; 28th October 2008, 18:03. Reason: Modified title

  • #2
    Re: Moving to Exchange 2003 frontend/backend config

    I haven't moved to new hardware but Sembee has written this article and from what I have read in his previous posts it is the best way to do it.

    http://www.amset.info/exchange/migration.asp

    My FE box only takes care of SSL, so 443 gets redirected to it and also the webmail traffic for OWA. Everything else is done by the BE.

    Comment


    • #3
      Re: Moving to Exchange 2003 frontend/backend config

      What I would do to start with is build the frontend server to begin with.
      As the server is so old, I would suggest that you take it through Exchange 2003 RTM, SP1 and then SP2, rather than going straight to SP2. there are complicated reasons why this is advised to do with MS missing a component from the SP2 files that only causes a problem if a backend was ever at SP1.
      After service packs, use Microsoft Update to update the machine. then make it a frontend server.

      The frontend server can cope with POP3/SMTP/IMAP plus all web based services.
      Use the Exchange best practises tool to ensure that you haven't missed anything.

      With the frontend in place, I would do a standard swing migration as per my article that has already been posted. Forget about the techniques to retain the same server name - that is a waste of time and puts the data at unnecessary risk.

      Your understanding of SMTP with Exchange isn't correct.
      Where the email is sent from has nothing to do with the clients. Exchange will deal with that.
      Therefore you could have all email coming in and out of the frontend server quite happily and is what I usually do. Outlook doesn't use SMTP to connect to the server.
      However as you have something in front of the Exchange servers it doesn't really matter where you send the email, as it will reach the right point eventually. You could use the frontend server purely for web based services (OWA, OMA, EAS, RPC over HTTPS) and leave the mail routing to/from the backend direct from/to the spam server.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Moving to Exchange 2003 frontend/backend config

        Octagon, thanks for the link to Simon's article. I remember reading this last year when I performed an in-place upgrade to Exchg 2003 from 2000 on the current box (basically because I didnt have a spare server for Swing migration!)

        Simon, Thanks a lot for your suggestions. I now see how SMTP fits into Exchange.. I know Outlook does not use SMTP to connect to exchange, but was a little confused about where to put the SMTP service.. thought it actually mattered. So.. I can start building the FE right now (while my current server is still in production), and wont have to really use it until I start doing the Swing migration.. right?

        The spam filter only filters inbound mail. Outbound mail just gets sent out directly using SMTP. I may end up using the FE for everything (thats what I originally had in mind), just as you mentioned.. for OWA/SSL, OMA, EAS, RPC over HTTPS and SMTP. In that case, inblund mail which is "allowed" from the spam filter will go to the FE.. and the BE will only host mailboxes.

        I have to go thru your article now.. didnt get a chance all day! I know I had some other question in mind last year when I first read this (I dont remember now).. will get back to you guys again on that.

        I get your point about doing phased updates for Exchange 2003 -- RTM, SP1 then SP2.

        Again, thanks for all the help..!
        Sincere regards,
        VS.
        Last edited by svinay23; 28th October 2008, 23:29.

        Comment


        • #5
          Re: Moving to Exchange 2003 frontend/backend config

          For anyone else reading this... I just want to stress that the RTM, SP1, SP2 is ONLY required when the backend server has done the same thing and in a FE/BE scenario. Standalone server, or where the backend has gone straight to SP2 then it isn't required. You can go straight to SP2 then updates.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Moving to Exchange 2003 frontend/backend config

            The current Exchange server was an in-place upgrade from Ex 2000, and I had installed Exchange 2003 Ent from the CD and then upgraded staright to SP2, without going thru SP1 (unless the CD itself came with SP1.. will need to check). Will I still need to do RTM > SP1 > SP2 on the new FE/BE servers?

            The Swing Migration article on Amset is simply great.. thanks Simon!! I do have a question though:
            - Wont moving mailboxes one by one to the new server, or even in groups, break the single instance storage ratio? My server's SIS is about 15 currently (yes, 15). with an 85 GB info store (EDB + STM files), I dont know how big the new info store can possibly get...??
            Last edited by svinay23; 29th October 2008, 05:46.

            Comment


            • #7
              Re: Moving to Exchange 2003 frontend/backend config

              SIS will be maintained across the move if you use Move Mailbox.
              However as you are using Enterprise edition I would strongly suggest splitting the store in to at least two. It will make DR quickly and allow you to prioritise recovery.

              There are no Exchange CDs with an integrated service pack, so if you went RTM to SP2 then the issue I flagged isn't an issue.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Moving to Exchange 2003 frontend/backend config

                Good to know SIS is maintained with Move Mailbox!
                And the Store split.. Yes, I am surely splitting the store into 2 (probably 3) after the migration.

                About the SSL cert for OWA: After the FE is in production, wont I have to move the SSL cert from the current server to the FE? Will a simple export/import of the cert work? Or do I need to purchase a new cert? The cert name does not match the current server name anyway, so I believe it shouldnt matter.. the current cert should work on the FE (as long as external DNS is updated to point to the FE).

                Comment


                • #9
                  Re: Moving to Exchange 2003 frontend/backend config

                  If you already have an SSL certificate then simply move it across. You do not need a new certificate.

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: Moving to Exchange 2003 frontend/backend config

                    Thanks Simon... and external DNS will need to be manually updated? The reason I am aksing is we do not manage external DNS.. I will have inform the head office IT dept to make the change, and co-ordinate the time with them to minimize OWA downtime, etc.

                    Another question (maybe very simple): How (and where) is the OWA address setup!? Our OWA users here type in companyname.com/exchange, which takes them to the OWA login window (which is the address on the SSL cert.. different from companyname.com/exchange). I checked IIS on the Exchange server > Default Web Site > Home Directory, and the "A directory located on this computer" option is checked - so redirection has NOT been setup. I am a little baffled with this!

                    Comment


                    • #11
                      Re: Moving to Exchange 2003 frontend/backend config

                      DNS has nothing to do with Exchange. If you have a port forwarded on the firewall then you simply need to change that to point at the frontend server.

                      As for the OWA address, again that has nothing to do with Exchange. You can use anything you like as long as it resolves, as long as you put the /exchange part in the URL.

                      So if you were feeling nasty you could make the URL externalemailaccesstoexchangeovertheinternet.examp le.com/exchange

                      As long as it resolves then it would access Exchange.

                      Personally I think that example.com should be pointed at the public web site - so both www.example.com and example.com go there, as many people are now dropping the www from URLs.
                      If that is the case with you, then someone has created a web page or forward on the public web site so that example.com/exchange redirects to host.example.com/exchange (which is the name on your SSL certificate). Again that is something outside of Exchange.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment


                      • #12
                        Re: Moving to Exchange 2003 frontend/backend config

                        Thats exactly where I was going with this - we do have our own public website example.com (that web server is in the DMZ, to be precise). I checked IIS on the web server, but cannot locate a page or forward which makes example.com/exchange go to host.example.com (the SSL cert name). I should honestly say that I dont know a whole lot about IIS, web-sites and forwardings.. so maybe I am looking in the wrong place in IIS. Will check in detail again.

                        In any case, I guess it shouldnt matter.. the redirect from example.com/exchange is already working and resolving to host.example.com. As long as we dont change anything there and just change DNS to resolve host.example.com to the new FE IP.. everything should just work smoothly. ...Right?

                        Comment


                        • #13
                          Re: Moving to Exchange 2003 frontend/backend config

                          Just an update: Found the redirection to host.example.com from the public website example.com/exchange. the previous guys created a virtual directory on the public webserver called "Exchange" and setup a redirection on it to the URL of the Exchange server SSL cert.

                          Comment


                          • #14
                            Re: Moving to Exchange 2003 frontend/backend config

                            Hello all:

                            Allright.. turns out I had to create my backend server this weekend itself (without the front end). The current Exchange server was acting a little flaky.. so I decided to just create the new server (which will be the backend when I next create the front end in a few days) and start moving the mailboxes over (using Move Mailbox from ESM).

                            Following Sembee's article.. I am now at moving the mailboxes part (we dont have too many public folders, they replicated in under an hour. I checked almost all other settings and they are the same as the old server). Looks like this is going to take a while. However, I do have a small problem I cant figure out: I exported/imported our SSL certificate from the current server to the new server. Now both servers Default Web Site's have the same certificate installed. When I access OWA internally, my IE6 first shows a login window for the current server, then after typing in domain\username and password, it then shows a login window for the new server (on which I moved my mailbox last night).. and I can login to OWA fine. But this is not working externally.. IE says Cannot display web page.

                            I think this may have something to do with DNS: I modified DNS to point to the new server yesterday night. Now here goes, when I ping the SSL name of my certificate (which is the external DNS name) from outside the firewall, it resolves fine.. ping shows the IP of the new server (although I dont get any response, pings are blocked at the firewall). But when I ping from inside the firewall, ping still comes back with the IP of the old server.

                            I changed the DNS pointers yesterday and the company's DNS servers have a TTL of 24 hours, so it may work later today. But this baffles me..!

                            Also.. should I remove the SSL cert from the old server..!? Should I disable OWA on the old server? How..?

                            Thanks a lot for all your help guys..
                            VS.
                            Last edited by svinay23; 9th November 2008, 15:28.

                            Comment


                            • #15
                              Re: Moving to Exchange 2003 frontend/backend config

                              That is expected behaviour.
                              If you aren't using a fe/be scenario, then when you login to one server, but your mailbox is located on another server, OWA will redirect you to the correct server. However it will redirect you to the server's real name, not any external name, which in most cases will not work.
                              You need to update where the ports on your firewall point, but you will only be able to use one or other of the servers for OWA access, with mailboxes on those servers working (the others not).

                              Simon.
                              --
                              Simon Butler
                              Exchange MVP

                              Blog: http://blog.sembee.co.uk/
                              More Exchange Content: http://exchange.sembee.info/
                              Exchange Resources List: http://exbpa.com/
                              In the UK? Hire me: http://www.sembee.co.uk/

                              Sembee is a registered trademark, used here with permission.

                              Comment

                              Working...
                              X