Announcement

Collapse
No announcement yet.

Trying to install Exchange 2007 SP3 on Windows 2008 R2

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Trying to install Exchange 2007 SP3 on Windows 2008 R2

    Hello,

    I have been trying to set up an Exchange server 2007 SP3 on a Windows 2008 R2, but so far, impossible.

    The error message when I am installing the HUB Transport role or the Client Access role:

    "...Error installation. Error code 3221685951. The remote procedure call failed..."

    I have a domain , and the Schema master is in the same site as the Exchange-to-be server. I point out this because I read they must be in the same site, so I moved the "Schema" FSMO with NTDSUTIL.

    On top of that, the Exchange server and the Domain controller are separated by an ISA Server, but I removed the "Strict RPC Compliance" feature in the rule which allows all the traffic between the DC and the Exchange.

    There is other DCs in other sites in my LAB environment, but I tested the replication among them with dcdiag /test:replication , and it seems to be working fine, along with other dcdiag switches.

    The firewalls are off in both the DC and the Exchange server .

    They can ping each other and the Exchange Server can log into Active Directory (I can see kerberos, ldap, ... traffic in ISA Server).

    So, I would say there is no problem in the Exchange logging into Active directory through the DC, therefore, the ISA rule is working fine, in my view.

    I restarted all the machines involved, just in case, I performed ping over and over, I loggeg into Active Directory with other accounts and again the ISA showed kerberos,ldap traffic going through.

    I checked that the "RPC Server" was running on both the DC and the Exchange.

    At this point I am really stuck.

    Thanks in advance!
    -
    Madrid (Spain).

  • #2
    Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

    Is the user you're using to install a member of the Schema Admins?
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

      Thanks JeremyW

      I think so because I am logged as the Domain administrator and have only a domain.
      -
      Madrid (Spain).

      Comment


      • #4
        Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

        You normally expect the main exchange roles (MBX, CAS, HT) to be able to contact a global catalog (not just a DC) in the same site without anything like the ISA server in between - appreciate this is a lab environment, but what is the case for the ISA?

        IMHO
        a) remove the ISA so the Exchange server can communicate directly with the DC
        b) confirm the DC is also a GC and ensure full replication
        c) retry the install
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

          Thanks Ossian.

          Yes! , once I remove ISA out of the mix, things begin to work properly, but I would like to have my DCs in the LAN, and the Exchange servers, sql servers, and so forth, in a DMZ, and I have done so before in previous lab environment without any issues when it came to installing a Exchange in the DMZ.

          I am used to working with ISA Server, separating DCs with other servers and it is not big deal, except for sometimes the famous "Strict RPC compliance", that gave me many headaches in the past, so I know just untick that feature.

          I have a rule allowing all the traffic back and forth between the Exchange and the DC (with the 5 FSMOs)

          Again: So grateful !!
          -
          Madrid (Spain).

          Comment


          • #6
            Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

            With Exchange 2007 and above only the Edge Transport (ET) role should live in the DMZ - all the other roles should live in the internal network as they need good communications with a DC to work properly. This is by design, so no wonder that when you try to put Exchange on the wrong side of the firewall, it breaks something!

            The ET role is designed to run on a standalone server and use LDAP to synchronise with AD through a strictly controlled set of firewall ports.
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

              Thanks Ossian.

              I cannot understand something:

              If I publish OWA , and the OWA Server (Client Access role) is in the Internal LAN, well, that does not seem to me an appropriate thing (security-wise) of setting things up, I mean, A person from the internet is going to reach a server located in the LAN, either to get OWA or Active Sync.

              Moreover, the hub transport role would be needed to be accessed from the internet to receive emails, and again, in the LAN, ...I am confused now ; I am quite far from being an expert but I thought that the servers which can be accessed from the internet, should be placed in a dmz, for security reasons.

              As for the good communication between the dc and the Exchange, well, you can always set up a rule allowing all the protocols between these two servers, it worked for me in a Exchange 2010 implementation (Learning lab too, but working for some months in that LAB, with emails going back and forth).

              Again, thanks a lot !
              -
              Madrid (Spain).

              Comment


              • #8
                Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

                But opening OWA to the public internet requires Port 443 (only) open in your firewall, while allowing Exchange in the DMZ to talk to AD in the LAN requires a large number of ports. This blog may help you understand the issues better: http://blogs.technet.com/b/exchange/...1/3408587.aspx
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

                  Thanks a lot for the link, I am really surprised, didn't expect it !!.

                  It is too technical for my knowledge I have tried it but I don't even know what a reverse proxy is, although I have used ISA Server for quite some time now, so I will dig into it, I may have used it and didn't know it was called that way !

                  I also can't understand what "pre-authentication" is or where it takes place, but I will read it as many times as necessary.

                  Thanks.
                  -
                  Madrid (Spain).

                  Comment


                  • #10
                    Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

                    Thanks.

                    Now I think I know (after looking into it) what a reverse proxy is, and indeed I have done it quite some times with ISA Server.

                    If I got it right, when a client from the internet asks for about any service (smtp 25, pop, pops, imaps, web, https.... ) the isa server redirects that request from that external client to the internal appropriate server.
                    -
                    Madrid (Spain).

                    Comment


                    • #11
                      Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

                      that is correct, yes.

                      ISA listens for requests, and forwards them on to the internal server.
                      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                      Comment


                      • #12
                        Re: Trying to install Exchange 2007 SP3 on Windows 2008 R2

                        Thanks TehCamel! .
                        -
                        Madrid (Spain).

                        Comment

                        Working...
                        X