After my post yesterday about certificates I have moved on managing to create one thanks to all for the help.
Now today I have been trying to setup remote access to exchange, I have followed a guide on msexchange.org to the letter but I still can't get anything working outside our LAN.
If someone could point me to a document that explains the process I would be very greatful. There is obviously more than what i have done and I must be missing something. I will continue to trawl the web but if you know of a document please would you share.
Here is what I have so far
outlook.schoolname.lea.sch.uk resolves to our external ip address
Exchange 2003 is working sending and recieving emails both internaly and externaly
Outlook web assistant available internally
OWA is published to an externally accessible port (i.e. not an interface that is only on your local network).
While we are talking remote OWA do people use one server or the Front End/Back End configuration beloved of MCP books?
Our LEA use FE/BE for primaries, but we can't really justify the expense for ours. It'd give us more options for securing Exchange if we did.
This is something I've implemented in the last week so it is all fairly fresh in my mind.
Does the Exchange server have a direct connection to the 'net or is there some kind of firewall inbetween it and the big bad world?
This is how I did it (more or less):
Software:
Exchange 2003
ISA 2004
IIS6
Windows 2003
Turn SSL on the HTTP Virtual Server OWA is sitting on. Assign it a certificate. Make sure the certificate name matches the URL you're using. I'm not sure if this next bit is entirely necessary but it didn't start working for me until I did it: In IIS, add a host header value. Make it the same as the URL your OWA is being published on.
Export the certificate you created for OWA by right clicking on the virtual server in IIS, go to Directory Security, press "server certificate". Choose "Export", press next. Choose a path to save the exported cert to, press next. Enter a password, press next. Confirm the details, press next.
Go to the Proxy Server. Import the certificate (Run MMC, Add/remove snap in, certificates. Manage certs for comptuer account on local computer. Browse to Trusted Root Certificates, Certificates. Right click on Certficates, press Import. Browse to whereever you exported the cert from the email to, enter the password.). Open the ISA console. Go to Firewall Policy. In the pane on the right side, choose toolbox. Go to Network Objects, web listeners. Create a new one. Give it a name (OWA SSL listener or something). Listen to requests from External network, press next. Disable HTTP, enable SSL on port 443. Choose the certificate you are going to use, press next. Press Finish. Still in the toolbox pane, right click the listener you just created and press properties. Go to preferences, authentication. Uncheck Basic and check OWA Forms-based. Press OK. Go to Tasks, press "Publish a mail server". Give the publishing rule a name ("OWA Access"). Choose "web client access", press next. Choose OWA, press next, leave enable high bit characters blah blah blah checked, press next. Choose Secure Connection to clients and mail server, press next. Enter the FQDN of your exchange server, press next. Choose "Accept requests for this domain name", type the domain you're going to access OWA with, press next. Choose the web listener you just created, press next. Apply rule to all users, press next. Press finish.
Browse to your webmail URL and all being well you should be able to get access
Of course, this is where I find out you're using Exchange 5.5 and some kind of Linux proxy server
As for front end/back end servers, this is something I'd like to implement but so far have not found the money for.
Thanks for that Norphy, I will look into that tomorrow, the only thing we don't have up and running is ISA 2004, although that was going to be a summer project. Is there much to setting up ISA 2004 because we have a licience for it through the school agreement. Is there so docs on this too.
Forget that I have just found a paper on ISA configuration
Setting up ISA 2004 should be quite easy. However I found it frustrating as we were using ISA 2000 before which has a completely different interface. It took me a while to get used to all the changes and to understand how to perform the same tasks with the new interface.
Now that I've got used to it, I'm not entirely sure it was worth the effort but there you have it.
Norphy thanks for all your help
The last question .....I hope can you install ISA on the same server as Exchange? If not that were I have a problem
You can install ISA on the same server as Exchange - however, for exchange must be installed on Domain Controller (well at least it did when I last did it on 2000). This means you won't be able to lock down ISA as much. There is a lock down wizard in ISA that should be able to do it for you but it is better to put ISA on its own computer.
I believe that is is recommended that you don't install ISA on a DC. It is also recommended that you don't install Exchange 2003 on a DC. I would also avoid the combination of exchange and ISA.
I believe that it's also recommended that ISA is installed on its own box. It can be installed with other stuff but it tends to block ports and things.
Yeah, we have ISA on its own dedicated box. Well, I call it a box but it's more of a shelf :P. It can be installed on the same server as Exchange but it is a bad idea™. My suggestion to you would be to "borrow" a spare PC, stick an extra NIC in it and use that as your ISA server. That is what I had to do before we had the money for dedicated hardware.
Norphy: Hope you don't mind, I've wikified your OWA with SSL method. Mostly so I can find it when I need to do it later on.
If you typed all that lot from memory after 2 weeks 8O I'm v. impressed!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
