RE: Global Catalog Server
- From: Rick Boza <rickb@xxxxxxxxxxxxxxx>
- To: Exchange List <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 02 Mar 2005 09:04:31 -0500
Just to clarify: if folks have 'added GC to their Exchange server' what that
means is they made it a DC. If this server is then placed into a DMZ, it's
an inherently risky maneuver.
One of the big knocks (security-wise) on Exchange 5.5 was every server had a
copy of the DS - so if you wanted OWA to be exposed externally, you were
leaving your directory exposed for exploitation if you were not extremely
cautious about how to do so.
Using this as a fix for an Exchange front-end server is even more dangerous,
because you also have now exposed your security mechanism - at least with
5.5, you only exposed the directory, not the underlying security principals!
If making a front-end server (or any Exchange 2x server) into a DC and GC
fixes a problem, then you have one of two things: A routing problem (which
could include a name resolution problem), or a filtering problem. My first
guess would be you don't have the proper ports open between the front end
and the GC on your internal network...that makes sense, if suddenly adding a
GC fixes the problem, right?
Making your Exchange server a DC and GC for the sake of fixing an issue is a
Bad Thing ?. While there are sound architectural designs that have Exchange
on a DC, doing so as a troubleshooting exercise is not (repeat: NOT) one of
them.
Rick
On 3/2/05 8:52 AM, "Bruce J. Rose" <brose@xxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
>
> I added GC to my rebuilt exchange box fixed problems and has not seem to
> cause any...Yet>
>
> Bruce
>
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, March 01, 2005 9:27 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Global Catalog Server
>
> http://www.MSExchange.org/
>
> Andrew, if you have a stand alone Exchange server not belonging to a
> domain...
>
> GC server can only be a DC!
>
> If making their Exchange server a GC fixed problems, their problems are
> rooted deeper than they think.
>
> If the Exchange server is going to be a DC, it must be fully configured
> properly as a DC including GC BEFORE installing Exchange.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
>
>> -----Original Message-----
>> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
>> Sent: Tuesday, March 01, 2005 4:32 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] Global Catalog Server
>>
>> http://www.MSExchange.org/
>>
>> I am wondering how I would go about install the GC on my standalone
>> Exchange box? I've been having a lot of problems with RPC over HTTP
> and
>> notice a lot people who install GC on their exchange servers (2003)
>> noticed the problems got fixed.
>>
>> Andrew
>>
>>
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> johnlist@xxxxxxxxxxxxxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> brose@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts: