Announcement

Collapse
No announcement yet.

Exchange Server cannot be accessed

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange Server cannot be accessed

    Hi,

    I am looking to upgrade to Exchange 2007. We currently run a multi-site organisation. 1 back-end and 1 front-end (in DMZ) Exchange 2003 server in each site. We are the only site that is looking to move to Exchange 2007 so we will have to operate in a mixed environment for another couple of months.

    When running Best Practices tool I am receiving "Exchange server cannot be accessed errors" for the front end servers in other sites in their DMZ, the firewall is blocking access.
    My quesiton is can I ignore these errors as these are only front end servers with OWA running? If I install Exchange 2007 with no access to these servers will this cause routing issues overall?

    Thanks,

    Barbara

  • #2
    Re: Exchange Server cannot be accessed

    You need to remove the servers from the DMZ.
    No Exchange role on Exchange 2007 is supported in the DMZ except for Edge. A server in the DMZ does nothign for your security, and those servers have to be replaced first.
    Therefore I would bring those servers back where they belong - inside the network, then you can look to replace the frontend servers with servers running the Client Access Role.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange Server cannot be accessed

      Thanks for your response Simon.

      The OWA servers in the DMZ are located in 2 other sites and these sites are going to remain Exchange 2003 till end of the year so I cannot replace them.

      My question is is this going to cause any issues -
      Setup will be
      Site A - Exchange 2007
      Site B - Exchange 2003 with front end in DMZ
      Site C - Exchange 2003 with front end in DMZ

      Will this work?

      Thanks,

      Barbara

      Comment


      • #4
        Re: Exchange Server cannot be accessed

        You can't deploy Exchange 2007 without removing them.
        You cannot use Exchange 2003 to access Exchange 2007 OWA.

        If you are using frontend servers then you must replace them with client access servers. That is the way that Microsoft tell you to operate in a co-existence scenario.

        You shouldn't even have Exchange 2003 servers in a DMZ. Whatever reason you have them in that place, I can guarantee that it is wrong. There are no good reasons for putting Exchange 2003 in a DMZ.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange Server cannot be accessed

          Sorry to keep coming back to this but suppose I am still confused,

          Clarification on the site set up

          Mail comes in to site A and then flows to Site B via lease line and Site C via site to site VPN.
          Each site has its own OWA that accesses its own back end server - firewalls are not configured to allow access to other Exchange servers in organisation.

          ON Site A the plan would be to install new box with Exchange 2007 with CAS installed using ISA.
          On Site A to migrate over mailboxes to this new install, when finally done to then decommision front-end and back-end server.
          Site B and C will continue to operate as normal with their Exchange 2003 setup.

          Is this scenario feasible at all or are you saying that I have to remove the front end servers first in site B and C before I can even install the new Exchange 2007 box?

          Thanks,

          Barbara

          Comment


          • #6
            Re: Exchange Server cannot be accessed

            While you have the servers in a DMZ you are going to continue to have problems.
            You will be completely unable to do anything with the mailboxes that those frontend servers serve until they are replaced with CAS servers.

            From memory, and I haven't got a test lab setup to test it, but I actually think the Exchange 2007 installation will not allow you to continue while you have Exchange 2003 frontends in the Exchange org.

            Personally I would deploy a single CAS only server in the main site, and decommission the frontend servers before moving forward. That will provide you with a single point of entry that is secure and you do not have to worry about the version of the backend server. That would be a CAS inside the network. If you wanted to use ISA that would be in the DMZ publishing OWA to the single CAS.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Exchange Server cannot be accessed

              Thanks Simon for all your help, time to get cracking now!

              Comment

              Working...
              X