Two exchange servers, one domain, no FE, OWA and SSL

  • Thread starter gjl_support
  • Start date Views 3,860
G

gjl_support

#1
We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is

set as the secondary. Outlook email is working fine for both servers. For all

users that have their mailbox setup on serverA, they are able to access their

email just fine from owa both internally and externally. For users that have

their mailbox residing on serverB, they are not able to access owa from

anywhere. When serverB users go to https://serverA/exchange, they get page

cannot be displayed. However, when they are internal and they access

http://serverB/exchange (not https), then owa comes up just fine, but I want

them to use ssl. I compared the two and noticed that there is no ssl cert

configured for serverB and there is one for serverA. I dont have any extra

hardware to implement an FE.

Here are my thoughts for allowing serverB users to access OWA:

1. I assume I will need to create a new MX for serverB, point it to the

gateway of the subnet where serverB resides and then create a NAT rule to

redirect it to the internal IP of serverB?

2. Create an SSL cert for serverB and give the users with mailboxes on

serverB the correct OWA address?

Ive never worked with multiple exchange servers in a single domain so please

pardon my ignorance. Thank you.

Thanks!
 
M

Mark Arnold [MVP]

#2
On Tue, 3 Nov 2009 10:00:01 -0800, gjl_support

<gjl_support> wrote:


> We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is
> set as the secondary. Outlook email is working fine for both servers. For all
> users that have their mailbox setup on serverA, they are able to access their
> email just fine from owa both internally and externally. For users that have
> their mailbox residing on serverB, they are not able to access owa from
> anywhere. When serverB users go to https://serverA/exchange, they get page
> cannot be displayed. However, when they are internal and they access
> http://serverB/exchange (not https), then owa comes up just fine, but I want
> them to use ssl. I compared the two and noticed that there is no ssl cert
> configured for serverB and there is one for serverA. I dont have any extra
> hardware to implement an FE.

> Here are my thoughts for allowing serverB users to access OWA:

> 1. I assume I will need to create a new MX for serverB, point it to the
> gateway of the subnet where serverB resides and then create a NAT rule to
> redirect it to the internal IP of serverB?

> 2. Create an SSL cert for serverB and give the users with mailboxes on
> serverB the correct OWA address?

> Ive never worked with multiple exchange servers in a single domain so please
> pardon my ignorance. Thank you.

> Thanks!


What's this master and secondary thng? There's no such thing in

Exchange 2003 (or 2007 for that matter)
 
M

Mark Arnold [MVP]

#3
On Tue, 3 Nov 2009 10:00:01 -0800, gjl_support

<gjl_support> wrote:


> We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is
> set as the secondary. Outlook email is working fine for both servers. For all
> users that have their mailbox setup on serverA, they are able to access their
> email just fine from owa both internally and externally. For users that have
> their mailbox residing on serverB, they are not able to access owa from
> anywhere. When serverB users go to https://serverA/exchange, they get page
> cannot be displayed. However, when they are internal and they access
> http://serverB/exchange (not https), then owa comes up just fine, but I want
> them to use ssl. I compared the two and noticed that there is no ssl cert
> configured for serverB and there is one for serverA. I dont have any extra
> hardware to implement an FE.

> Here are my thoughts for allowing serverB users to access OWA:

> 1. I assume I will need to create a new MX for serverB, point it to the
> gateway of the subnet where serverB resides and then create a NAT rule to
> redirect it to the internal IP of serverB?


No. No MX record. Deliver all mail to the current MX record and it

will sort it out from there. Create an MX if you want but it will be

additional work for you.

You do need an A record for the other server though.

> 2. Create an SSL cert for serverB and give the users with mailboxes on
> serverB the correct OWA address?


Yup. A new certificate.


> Ive never worked with multiple exchange servers in a single domain so please
> pardon my ignorance. Thank you.

> Thanks!
 
O

Oliver Moazzezi [MVP]

#4
To chime in,

Don't worry about adding an extra MX record, unless you see value in doing

so incase Server A goes down.

If you cannot implement an Exchange 2003 FE, which would proxy all OWA

requests (as well as pop/imap/activesync) to both backends. You will have to

have two OWA urls.

One for ServerA

One for ServerB.

The Certificate will be unique to each.

Oliver
 
G

gjl_support

#5
Sorry, it is Master and Member. Server A is the Master, Server B is a Member.

"Mark Arnold [MVP]" wrote:


> On Tue, 3 Nov 2009 10:00:01 -0800, gjl_support
> <gjl_support> wrote:
>
> >We have two exchange 2003 sp2 boxes, A and B. A is set as the master and B is
> >set as the secondary. Outlook email is working fine for both servers. For all
> >users that have their mailbox setup on serverA, they are able to access their
> >email just fine from owa both internally and externally. For users that have
> >their mailbox residing on serverB, they are not able to access owa from
> >anywhere. When serverB users go to https://serverA/exchange, they get page
> >cannot be displayed. However, when they are internal and they access
> >http://serverB/exchange (not https), then owa comes up just fine, but I want
> >them to use ssl. I compared the two and noticed that there is no ssl cert
> >configured for serverB and there is one for serverA. I dont have any extra
> >hardware to implement an FE.
> >Here are my thoughts for allowing serverB users to access OWA:
> >1. I assume I will need to create a new MX for serverB, point it to the
> >gateway of the subnet where serverB resides and then create a NAT rule to
> >redirect it to the internal IP of serverB?
> >2. Create an SSL cert for serverB and give the users with mailboxes on
> >serverB the correct OWA address?
> >Ive never worked with multiple exchange servers in a single domain so please
> >pardon my ignorance. Thank you.
> >Thanks!


> What's this master and secondary thng? There's no such thing in
> Exchange 2003 (or 2007 for that matter)
> .
>
 
G

gjl_support

#6
So I create a new OWA URL, and then what? Is there a good site that has

instructions on how to create a second owa url or is it just like creating

the first one? And how do I associate that second owa url to server B? Is

it through the ssl cert that I will create for it?

Sorry, Im more of a network guy, havent done much designing with Exchange yet.

"Oliver Moazzezi [MVP]" wrote:


> To chime in,

> Don't worry about adding an extra MX record, unless you see value in doing
> so incase Server A goes down.

> If you cannot implement an Exchange 2003 FE, which would proxy all OWA
> requests (as well as pop/imap/activesync) to both backends. You will have to
> have two OWA urls.

> One for ServerA
> One for ServerB.

> The Certificate will be unique to each.

> Oliver

> .
>
 
M

Mark Arnold [MVP]

#7
On Thu, 12 Nov 2009 10:08:11 -0800, gjl_support

<gjlsupport> wrote:


> Sorry, it is Master and Member. Server A is the Master, Server B is a Member.
>


You create the Exchange the same as you would have done the first. You

create a certificate the same way, all that's going to happen is that

it will have a different name.

Nothing changes.
 
Top