No announcement yet.

Question on reversing single server RPC over HTTP setup to FE/BE setup.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Question on reversing single server RPC over HTTP setup to FE/BE setup.


    Several years ago I setup RPC over HTTPS on a single Exchange server per this article:

    (This may be an updated version of the same one I used)

    This has work successfully ever since for us however, the company I work for has grown considerably and now we would like to implement the FE/BE configuration using two servers (mostly for security reasons).

    My question, frankly, is it possible to back out of this setup/configuration without much hassle? Is it just a matter of back stepping through the above article? Are there important details I should consider before I attempt this conversion? Would you recommend another approach?

    We will be keeping the current server as the BE and purchasing a new server to act as the FE in the DMZ.

    This is how I imagine the process:
    1. Back out of current configuration by reversing steps in above article
    2. Remove current Exchange server role as DC
    3. Build FE server and place in the DMZ
    4. Configure firewall for pass-through of proper ports for FE/BE communication
    5. Configure FE server and test for email connectivity through use of OWA (non-https)
    6. Test internal clients using Outlook 2003/2007 for receipt and delivery of internal and external email
    7. Move server Certificate to FE server
    8. Configure RPC over HTTP on the new FE/BE system
    9. Configure OMA on FE
    10. Configure OWA
    11. Test RPC over HTTP, OWA and OMA for email connectivity

    Current Network Information:
    • Active Directory Domain (Server 2003)

    Current Exchange Server Information:
    • Windows Server 2003 Standard Edition SP2
    • Exchange Server 2003 Standard Edition SP2 (Build 7638.2)
    • This server is a Global Catalog Server
    • This server fulfills the requirements of the article above
    • RPC over HTTPS single server configuration
    • OWA standard configuration
    • OMA standard configuration
    • SMTP standard configuration
    • GFI Mail Essentials 12
    • Symantec Information Foundation Mail Security blah blah blah Version 6.0 (Anti-virus only)
    • NO IMAP or POP3
    • NO other special or unusual configurations

    We are in the planning phase of this project/conversion. Obviously we would like to accomplish this conversion with minimal downtime. Also, the order of operations above is a very rough draft and I am not asking anyone to verify it, I just wanted to keep it whole for the sake of discussion. My real question spawns from #1 so until I have that answered the rest are non-issue.

    If there is anymore information that is needed to help answer these questions please just ask and I will accomodate. I really appreciate any help with this matter.


  • #2
    Re: Question on reversing single server RPC over HTTP setup to FE/BE setup.

    First - Exchange in a DMZ? Bad idea. Does nothing to improve your network security. Whatever your reasons for wanting to put Exchange in the DMZ, I can guarantee that they are wrong.

    If you want to put something in the DMZ then put ISA server, as that is designed to go there.

    The way to change is to simple set the backend server to Backend and then set the frontend to frontend to Frontend and thats it. As long as the SSL certificate is correct and the DNS is pointing to the correct server - then it should be transparent to the users.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.