RE: OWA Front-end server problems - Access Den ied!

• From: "ONG Liang Bu (CSC)" <lbong@xxxxxxxxxx>
• To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
• Date: Mon, 9 Dec 2002 09:21:34 +0800

This is correct for server1 not for server2 as mentioned in his email.
When you put the FE server outside of firewall in the DMZ it need to
go through firewall to talk to the BE Exchange database, LDAP to DC,
Kerberos, GC, DNS, RPC etc...

Have been working on this for quite a while.  I regret doing this.
Putting FE inside firewall then I just need to open SMTP, HTTP and HTTPS.
Life will be much easier.

No choice because management want this.

-----Original Message-----
From: Ricardo Watanabe [mailto:ricardowt@xxxxxxxxxxx]
Sent: Monday, December 09, 2002 12:33 AM
To: [ExchangeList]
Subject: [exchangelist] RE: OWA Front-end server problems - Access
Denied!


http://www.MSExchange.org/


You need to open the ports below only:
443(SSL) - HTTPS Services
80 -  HTTP Service (If necessary)
25 - SMTP Services
It's necessary one rule in the Firewall:
Source: ANY
Destination: OWA Server
Services: HTTPS, HTTP, SMTP
It's necessary also, create another rule to comunication between OWA Server 
with the Exchange Server:
Source: OWA Server
Destination: Exchange Servers
Services: SMTP
I would like tell too, how the OWA server is in a DMZ, maybe be  necessary 
create NAT too.

Regards,

Ricardo





>From: "ONG Liang Bu (CSC)" <lbong@xxxxxxxxxx>
>Reply-To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
>To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
>Subject: [exchangelist] RE: OWA Front-end server problems - Access Denied!
>Date: Sun, 8 Dec 2002 15:59:55 +0800
>
>http://www.MSExchange.org/
>
>Bjorn,
>
>We are in the middle of deploying the same thing, Frontend at DMZ,
>have you done all these, openning up all necessary ports?
>This is only advisable if you have two-layer firewall, otherwise
>you will be openning up too many ports in the firewall.
>
>http://www.microsoft.com/Exchange/techinfo/deployment/2000/E2kFrontback.asp
>http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/wc070
9
>02/wcblurb070902.asp
>http://support.microsoft.com/default.aspx?scid=kb;en-us;280132
>http://support.microsoft.com/default.aspx?scid=kb;en-us;289241
>
>Ong LB
>Exchange Admin
>NIE/NTU
>Singapore
>
>-----Original Message-----
>From: Björn Johansson [mailto:Bjorn.Johansson@xxxxxxxxxx]
>Sent: Friday, December 06, 2002 10:58 PM
>To: [ExchangeList]
>Subject: [exchangelist] OWA Front-end server problems - Access Denied!
>
>
>http://www.MSExchange.org/
>
>Hi,
>Exchange 2000 Enterprise SP3 (running on Win2000 Server SP3)
>Client Win2000 Pro SP3, IE 6.0 SP1
>OWA works fine if I connect to http://server1/exchange
>But now we have a second server (server2) that will be placed in DMZ and
>work as a Front-end server. Currently it's located on the internal network
>during configuration of OWA. When Server2 has "This is a Front-end server"
>DISABLED it also works if I connect to http://server2/exchange. The
>difference is that the URL is changing to server1 as soon the OWA page
>appears.
>The problem occurs when I enable the "This is a Front-end server"
>checkbox. I get a logon screen. No matter how I type my username (ie.
>domain\username, username@domain ). I only get access denied. I've checked
>my password etc.
>What am I missing?!?
>Thanks
>/Björn
>
>--------------------------------------------------------------
>
>This e-mail and attachments may contain confidential, proprietary
>or legally privileged information. It is intended for the use of the
>addressee only. If you receive this e-mail and attachments by
>mistake, you must not disclose, disseminate, distribute, copy or
>otherwise use it. Please notify the sender immediately and delete
>the e-mail and attachments from your system.
>
>Zenit, Nektar, Futuris and Manticore are mutual funds according
>to §3 of the Swedish Mutual Funds Act (1990:1114). Avenir is a
>mutual fund in accordance with article 12 of the Finnish Mutual
>Funds Act (99/48). Zodiak Venture Capital is a Swedish
>closed-end limited partnership. None of the Funds are UCITS
>funds. This e-mail is not a solicitation or recommendation to
>acquire units in the Funds. The units of the Funds have not been
>registered and will not be registered in accordance with any
>securities legislation in the United States, Canada, Japan,
>Australia or New Zealand or elsewhere and may not be offered or
>sold to or within the United States, Canada, Japan, Australia or
>New Zealand or in such countries where such offer or sale would
>be in conflict with applicable laws or regulations.
>
>##########################################
>This message has been scanned by F-Secure Anti-Virus
>for Microsoft Exchange.
>##########################################
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>ISA Server Resource Site: http://www.isaserver.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this MSExchange.org Discussion List as:
>lbong@xxxxxxxxxx
>To unsubscribe send a blank email to
>$subst('Email.Unsub')
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>ISA Server Resource Site: http://www.isaserver.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this MSExchange.org Discussion List as: 
>ricardowt@xxxxxxxxxxx
>To unsubscribe send a blank email to 
>$subst('Email.Unsub')


_________________________________________________________________
MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
lbong@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » RE: OWA Front-end server problems - Access Den ied!

1. Home
2. exchangelist
3. Archive
4. 12-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---