+ Post New Thread
Results 1 to 14 of 14
Web Development Thread, Remote exchange access.... How? in Coding and Web Development; After my post yesterday about certificates I have moved on managing to create one thanks to all for the help. ...
  1. #1
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    671
    Thank Post
    41
    Thanked 16 Times in 15 Posts
    Rep Power
    20

    Remote exchange access.... How?

    After my post yesterday about certificates I have moved on managing to create one thanks to all for the help.

    Now today I have been trying to setup remote access to exchange, I have followed a guide on msexchange.org to the letter but I still can't get anything working outside our LAN.

    If someone could point me to a document that explains the process I would be very greatful. There is obviously more than what i have done and I must be missing something. I will continue to trawl the web but if you know of a document please would you share.

    Here is what I have so far

    outlook.schoolname.lea.sch.uk resolves to our external ip address
    Exchange 2003 is working sending and recieving emails both internaly and externaly
    Outlook web assistant available internally

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: Remote exchange access.... How?

    OWA is published to an externally accessible port (i.e. not an interface that is only on your local network).

  3. #3

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Remote exchange access.... How?

    While we are talking remote OWA do people use one server or the Front End/Back End configuration beloved of MCP books?

  4. #4
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33

    Re: Remote exchange access.... How?

    Our LEA use FE/BE for primaries, but we can't really justify the expense for ours. It'd give us more options for securing Exchange if we did.

  5. #5
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,227
    Thank Post
    50
    Thanked 271 Times in 209 Posts
    Blog Entries
    6
    Rep Power
    108

    Re: Remote exchange access.... How?

    This is something I've implemented in the last week so it is all fairly fresh in my mind.

    Does the Exchange server have a direct connection to the 'net or is there some kind of firewall inbetween it and the big bad world?

    This is how I did it (more or less):

    Software:

    Exchange 2003
    ISA 2004
    IIS6
    Windows 2003

    Turn SSL on the HTTP Virtual Server OWA is sitting on. Assign it a certificate. Make sure the certificate name matches the URL you're using. I'm not sure if this next bit is entirely necessary but it didn't start working for me until I did it: In IIS, add a host header value. Make it the same as the URL your OWA is being published on.

    Export the certificate you created for OWA by right clicking on the virtual server in IIS, go to Directory Security, press "server certificate". Choose "Export", press next. Choose a path to save the exported cert to, press next. Enter a password, press next. Confirm the details, press next.

    Go to the Proxy Server. Import the certificate (Run MMC, Add/remove snap in, certificates. Manage certs for comptuer account on local computer. Browse to Trusted Root Certificates, Certificates. Right click on Certficates, press Import. Browse to whereever you exported the cert from the email to, enter the password.). Open the ISA console. Go to Firewall Policy. In the pane on the right side, choose toolbox. Go to Network Objects, web listeners. Create a new one. Give it a name (OWA SSL listener or something). Listen to requests from External network, press next. Disable HTTP, enable SSL on port 443. Choose the certificate you are going to use, press next. Press Finish. Still in the toolbox pane, right click the listener you just created and press properties. Go to preferences, authentication. Uncheck Basic and check OWA Forms-based. Press OK. Go to Tasks, press "Publish a mail server". Give the publishing rule a name ("OWA Access"). Choose "web client access", press next. Choose OWA, press next, leave enable high bit characters blah blah blah checked, press next. Choose Secure Connection to clients and mail server, press next. Enter the FQDN of your exchange server, press next. Choose "Accept requests for this domain name", type the domain you're going to access OWA with, press next. Choose the web listener you just created, press next. Apply rule to all users, press next. Press finish.

    Browse to your webmail URL and all being well you should be able to get access

    Of course, this is where I find out you're using Exchange 5.5 and some kind of Linux proxy server

    As for front end/back end servers, this is something I'd like to implement but so far have not found the money for.

  6. #6
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    671
    Thank Post
    41
    Thanked 16 Times in 15 Posts
    Rep Power
    20

    Re: Remote exchange access.... How?

    Thanks for that Norphy, I will look into that tomorrow, the only thing we don't have up and running is ISA 2004, although that was going to be a summer project. Is there much to setting up ISA 2004 because we have a licience for it through the school agreement. Is there so docs on this too.

  7. #7
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    671
    Thank Post
    41
    Thanked 16 Times in 15 Posts
    Rep Power
    20

    Re: Remote exchange access.... How?

    Forget that I have just found a paper on ISA configuration

  8. #8
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,227
    Thank Post
    50
    Thanked 271 Times in 209 Posts
    Blog Entries
    6
    Rep Power
    108

    Re: Remote exchange access.... How?

    Setting up ISA 2004 should be quite easy. However I found it frustrating as we were using ISA 2000 before which has a completely different interface. It took me a while to get used to all the changes and to understand how to perform the same tasks with the new interface.

    Now that I've got used to it, I'm not entirely sure it was worth the effort but there you have it.

  9. #9
    edie209's Avatar
    Join Date
    Mar 2006
    Location
    Kernow
    Posts
    671
    Thank Post
    41
    Thanked 16 Times in 15 Posts
    Rep Power
    20

    Re: Remote exchange access.... How?

    Norphy thanks for all your help

    The last question .....I hope can you install ISA on the same server as Exchange? If not that were I have a problem

  10. #10
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    559
    Thank Post
    65
    Thanked 52 Times in 37 Posts
    Rep Power
    29

    Re: Remote exchange access.... How?

    You can install ISA on the same server as Exchange - however, for exchange must be installed on Domain Controller (well at least it did when I last did it on 2000). This means you won't be able to lock down ISA as much. There is a lock down wizard in ISA that should be able to do it for you but it is better to put ISA on its own computer.

  11. #11
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,421
    Thank Post
    10
    Thanked 486 Times in 426 Posts
    Rep Power
    110

    Re: Remote exchange access.... How?

    I believe that is is recommended that you don't install ISA on a DC. It is also recommended that you don't install Exchange 2003 on a DC. I would also avoid the combination of exchange and ISA.

  12. #12

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: Remote exchange access.... How?

    I believe that it's also recommended that ISA is installed on its own box. It can be installed with other stuff but it tends to block ports and things.

  13. #13
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,227
    Thank Post
    50
    Thanked 271 Times in 209 Posts
    Blog Entries
    6
    Rep Power
    108

    Re: Remote exchange access.... How?

    Yeah, we have ISA on its own dedicated box. Well, I call it a box but it's more of a shelf :P. It can be installed on the same server as Exchange but it is a bad idea™. My suggestion to you would be to "borrow" a spare PC, stick an extra NIC in it and use that as your ISA server. That is what I had to do before we had the money for dedicated hardware.

  14. #14
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    33

    Re: Remote exchange access.... How?

    Norphy: Hope you don't mind, I've wikified your OWA with SSL method. Mostly so I can find it when I need to do it later on.

    If you typed all that lot from memory after 2 weeks 8O I'm v. impressed!

SHARE:
+ Post New Thread

Similar Threads

  1. Remote Access - How?
    By Zoom7000 in forum Wired Networks
    Replies: 34
    Last Post: 1st February 2012, 12:43 PM
  2. Web based remote access??
    By maniac in forum How do you do....it?
    Replies: 21
    Last Post: 4th February 2008, 09:56 PM
  3. Remote Access for Staff
    By Grommit in forum Windows
    Replies: 10
    Last Post: 16th January 2007, 09:09 PM
  4. Moodle and remote access.
    By eejit in forum Windows
    Replies: 4
    Last Post: 5th January 2006, 10:59 AM
  5. Remote Access
    By ajbritton in forum How do you do....it?
    Replies: 6
    Last Post: 26th September 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •