RE: OWA Front-end server problems - Access Denied!

  • From: "Björn Johansson" <Bjorn.Johansson@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 9 Dec 2002 11:17:43 +0100

Hi and thank you all for your replies!

Actually the Front-end server and Back-end server are on the same network
until we get things to work and tightened security.
After reading the excellent white paper "Using Microsoft Exchange 2000
Front-End Servers" I can now logon. But I get error 404 "The page cannot
be found ".

I've searced MS KB without luck .

Please help.

/Björn




-----Original Message-----
From: ONG Liang Bu (CSC) [mailto:lbong@xxxxxxxxxx]
Sent: den 9 december 2002 02:22
To: [ExchangeList]
Subject: [exchangelist] RE: OWA Front-end server problems - Access Den
ied!


http://www.MSExchange.org/

This is correct for server1 not for server2 as mentioned in his email.
When you put the FE server outside of firewall in the DMZ it need to
go through firewall to talk to the BE Exchange database, LDAP to DC,
Kerberos, GC, DNS, RPC etc...

Have been working on this for quite a while.  I regret doing this.
Putting FE inside firewall then I just need to open SMTP, HTTP and HTTPS.
Life will be much easier.

No choice because management want this.

-----Original Message-----
From: Ricardo Watanabe [mailto:ricardowt@xxxxxxxxxxx]
Sent: Monday, December 09, 2002 12:33 AM
To: [ExchangeList]
Subject: [exchangelist] RE: OWA Front-end server problems - Access
Denied!


http://www.MSExchange.org/


You need to open the ports below only:
443(SSL) - HTTPS Services
80 -  HTTP Service (If necessary)
25 - SMTP Services
It's necessary one rule in the Firewall:
Source: ANY
Destination: OWA Server
Services: HTTPS, HTTP, SMTP
It's necessary also, create another rule to comunication between OWA
Server
with the Exchange Server:
Source: OWA Server
Destination: Exchange Servers
Services: SMTP
I would like tell too, how the OWA server is in a DMZ, maybe be  necessary
create NAT too.

Regards,

Ricardo





>From: "ONG Liang Bu (CSC)" <lbong@xxxxxxxxxx>
>Reply-To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
>To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
>Subject: [exchangelist] RE: OWA Front-end server problems - Access
Denied!
>Date: Sun, 8 Dec 2002 15:59:55 +0800
>
>http://www.MSExchange.org/
>
>Bjorn,
>
>We are in the middle of deploying the same thing, Frontend at DMZ,
>have you done all these, openning up all necessary ports?
>This is only advisable if you have two-layer firewall, otherwise
>you will be openning up too many ports in the firewall.
>
>http://www.microsoft.com/Exchange/techinfo/deployment/2000/E2kFrontback.a
sp
>http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/wc0
70
9
>02/wcblurb070902.asp
>http://support.microsoft.com/default.aspx?scid=kb;en-us;280132
>http://support.microsoft.com/default.aspx?scid=kb;en-us;289241
>
>Ong LB
>Exchange Admin
>NIE/NTU
>Singapore
>
>-----Original Message-----
>From: Björn Johansson [mailto:Bjorn.Johansson@xxxxxxxxxx]
>Sent: Friday, December 06, 2002 10:58 PM
>To: [ExchangeList]
>Subject: [exchangelist] OWA Front-end server problems - Access Denied!
>
>
>http://www.MSExchange.org/
>
>Hi,
>Exchange 2000 Enterprise SP3 (running on Win2000 Server SP3)
>Client Win2000 Pro SP3, IE 6.0 SP1
>OWA works fine if I connect to http://server1/exchange
>But now we have a second server (server2) that will be placed in DMZ and
>work as a Front-end server. Currently it's located on the internal
network
>during configuration of OWA. When Server2 has "This is a Front-end
server"
>DISABLED it also works if I connect to http://server2/exchange. The
>difference is that the URL is changing to server1 as soon the OWA page
>appears.
>The problem occurs when I enable the "This is a Front-end server"
>checkbox. I get a logon screen. No matter how I type my username (ie.
>domain\username, username@domain ). I only get access denied. I've
checked
>my password etc.
>What am I missing?!?
>Thanks
>/Björn
>
>--------------------------------------------------------------
>
>This e-mail and attachments may contain confidential, proprietary
>or legally privileged information. It is intended for the use of the
>addressee only. If you receive this e-mail and attachments by
>mistake, you must not disclose, disseminate, distribute, copy or
>otherwise use it. Please notify the sender immediately and delete
>the e-mail and attachments from your system.
>
>Zenit, Nektar, Futuris and Manticore are mutual funds according
>to §3 of the Swedish Mutual Funds Act (1990:1114). Avenir is a
>mutual fund in accordance with article 12 of the Finnish Mutual
>Funds Act (99/48). Zodiak Venture Capital is a Swedish
>closed-end limited partnership. None of the Funds are UCITS
>funds. This e-mail is not a solicitation or recommendation to
>acquire units in the Funds. The units of the Funds have not been
>registered and will not be registered in accordance with any
>securities legislation in the United States, Canada, Japan,
>Australia or New Zealand or elsewhere and may not be offered or
>sold to or within the United States, Canada, Japan, Australia or
>New Zealand or in such countries where such offer or sale would
>be in conflict with applicable laws or regulations.
>
>##########################################
>This message has been scanned by F-Secure Anti-Virus
>for Microsoft Exchange.
>##########################################
>
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>ISA Server Resource Site: http://www.isaserver.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this MSExchange.org Discussion List as:
>lbong@xxxxxxxxxx
>To unsubscribe send a blank email to
>$subst('Email.Unsub')
>
>------------------------------------------------------
>List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>------------------------------------------------------
>ISA Server Resource Site: http://www.isaserver.org
>Windows Security Resource Site: http://www.windowsecurity.com/
>Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>------------------------------------------------------
>You are currently subscribed to this MSExchange.org Discussion List as:
>ricardowt@xxxxxxxxxxx
>To unsubscribe send a blank email to
>$subst('Email.Unsub')


_________________________________________________________________
MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
lbong@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
bjorn.johansson@xxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
--------------------------------------------------------------

This e-mail and attachments may contain confidential, proprietary or
legally
privileged information. It is intended for the use of the addressee only.
If you receive this e-mail and attachments by mistake, you must not dis-
close, disseminate, distribute, copy or otherwise use it. Please notify
the
sender immediately and delete the e-mail and attachments from your system.

Zenit, Nektar, Helios, Helios Euro, Futuris, Manticore and Lynx are mutual
funds according to §3 of the Swedish Mutual Funds Act (1990:1114).
Avenir is a mutual fund in accordance
with article 12 of the Finnish Mutual Funds Act (99/48).
Zodiak Venture Capital is a Swedish closed-end limited partnership.
None of the Funds are UCITS funds. This e-mail is not a solicitation or
recommendation to
acquire units in the Funds. The units of the Funds have not been
registered
and will not be registered in accordance with any securities legislation
in
the United States, Canada, Japan, Australia or New Zealand or elsewhere
and may not be offered or sold to or within the United States, Canada,
Japan, Australia or New Zealand or in such countries where such offer or
sale would be in conflict with applicable laws or regulations.

##########################################
This message has been scanned by F-Secure Anti-Virus
for Microsoft Exchange.
##########################################



Other related posts: