|
Home > Archive > microsoft.public.exchange2000.admin > October 2002 > Emergency: Exchange Front End Servers and PIX DMZ
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Emergency: Exchange Front End Servers and PIX DMZ
|
|
|
| Guys,
We are having exteme difficulty getting Exchange 2000
SP2's Information Store Service to start in DMZ1 off a PIX
525. It works if we move it to the backend network. We
have opened the server up to any destination (domain
controllers and backend Exchange servers included) in the
DMZ over tcp/udp/icmp for troubleshooting. The proper
routes are in the firewall and the server can ping all
domain controllers/backend exchange servers in either
network. The Information Store service fails with a 'Could
not Find Active Directory' message in the application
event log. Again, when the server is placed in the
backend network, it starts and the server functions fine.
The DNS entry only points to our Active Directory
Integrated DNS server in the backend.
Our arses are potentially on the line here....can anyone
help?
| |
| Ward Flowers [MS] 2002-10-05, 8:42 pm |
| http://support.microsoft.com/defaul...b;EN-US;Q280132
This article may point to some ports that need to be opened between the DMZ
and the internal network.
--
Ward Flowers
Exchange Support Professional
****** Disclaimer ******
This posting is provided "AS IS" with no warranties, and confers no rights.
Note: Please do NOT reply to this e-mail address. It is used for newsgroup
purposes only.
"a" <a@a.com> wrote in message
news:0de501c25e60$d980bf40$2ae
2c90a@phx.gbl...
> Guys,
>
> We are having exteme difficulty getting Exchange 2000
> SP2's Information Store Service to start in DMZ1 off a PIX
> 525. It works if we move it to the backend network. We
> have opened the server up to any destination (domain
> controllers and backend Exchange servers included) in the
> DMZ over tcp/udp/icmp for troubleshooting. The proper
> routes are in the firewall and the server can ping all
> domain controllers/backend exchange servers in either
> network. The Information Store service fails with a 'Could
> not Find Active Directory' message in the application
> event log. Again, when the server is placed in the
> backend network, it starts and the server functions fine.
> The DNS entry only points to our Active Directory
> Integrated DNS server in the backend.
>
> Our arses are potentially on the line here....can anyone
> help?
| |
|
| Thanks for the response.
All ports between the front end Exchange server in the DMZ
and everything in the backend network are open.
The rule is similar to as follows in the firewall:
frontendexchangeIP tcp any
frontendexchangeIP udp any
frontendexchangeIP icmp any
We do not plan to leave it like this for security reasons,
only for troubleshooting. We can ping all backend servers
and telnet to every port in the article. For some reason,
the infostore service won't start in the DMZ - only in the
backend 
>-----Original Message-----
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;Q280132
>
>This article may point to some ports that need to be
opened between the DMZ
>and the internal network.
>
>--
>Ward Flowers
>Exchange Support Professional
>
>****** Disclaimer ******
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>Note: Please do NOT reply to this e-mail address. It is
used for newsgroup
>purposes only.
>
>"a" <a@a.com> wrote in message
> news:0de501c25e60$d980bf40$2ae
2c90a@phx.gbl...
>> Guys,
>>
>> We are having exteme difficulty getting Exchange 2000
>> SP2's Information Store Service to start in DMZ1 off a
PIX
>> 525. It works if we move it to the backend network. We
>> have opened the server up to any destination (domain
>> controllers and backend Exchange servers included) in
the
>> DMZ over tcp/udp/icmp for troubleshooting. The proper
>> routes are in the firewall and the server can ping all
>> domain controllers/backend exchange servers in either
>> network. The Information Store service fails with
a 'Could
>> not Find Active Directory' message in the application
>> event log. Again, when the server is placed in the
>> backend network, it starts and the server functions
fine.
>> The DNS entry only points to our Active Directory
>> Integrated DNS server in the backend.
>>
>> Our arses are potentially on the line here....can anyone
>> help?
>
>
>.
>
| |
| Ward Flowers [MS] 2002-10-05, 8:42 pm |
| I guess the next thing we need are the application log errors when starting
the IS. I am almost positive it is networking because of the ability to
start them internally, but lets take a look at the errors to see what is
reported.
--
Ward Flowers
Exchange Support Professional
****** Disclaimer ******
This posting is provided "AS IS" with no warranties, and confers no rights.
Note: Please do NOT reply to this e-mail address. It is used for newsgroup
purposes only.
"a" <a@a.com> wrote in message
news:10b001c25e6d$01fed7c0$35e
f2ecf@TKMSFTNGXA11...
> Thanks for the response.
>
> All ports between the front end Exchange server in the DMZ
> and everything in the backend network are open.
>
> The rule is similar to as follows in the firewall:
>
> frontendexchangeIP tcp any
> frontendexchangeIP udp any
> frontendexchangeIP icmp any
>
> We do not plan to leave it like this for security reasons,
> only for troubleshooting. We can ping all backend servers
> and telnet to every port in the article. For some reason,
> the infostore service won't start in the DMZ - only in the
> backend
> >-----Original Message-----
> >http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;Q280132
> >
> >This article may point to some ports that need to be
> opened between the DMZ
> >and the internal network.
> >
> >--
> >Ward Flowers
> >Exchange Support Professional
> >
> >****** Disclaimer ******
> >This posting is provided "AS IS" with no warranties, and
> confers no rights.
> >
> >Note: Please do NOT reply to this e-mail address. It is
> used for newsgroup
> >purposes only.
> >
> >"a" <a@a.com> wrote in message
> > news:0de501c25e60$d980bf40$2ae
2c90a@phx.gbl...
> >> Guys,
> >>
> >> We are having exteme difficulty getting Exchange 2000
> >> SP2's Information Store Service to start in DMZ1 off a
> PIX
> >> 525. It works if we move it to the backend network. We
> >> have opened the server up to any destination (domain
> >> controllers and backend Exchange servers included) in
> the
> >> DMZ over tcp/udp/icmp for troubleshooting. The proper
> >> routes are in the firewall and the server can ping all
> >> domain controllers/backend exchange servers in either
> >> network. The Information Store service fails with
> a 'Could
> >> not Find Active Directory' message in the application
> >> event log. Again, when the server is placed in the
> >> backend network, it starts and the server functions
> fine.
> >> The DNS entry only points to our Active Directory
> >> Integrated DNS server in the backend.
> >>
> >> Our arses are potentially on the line here....can anyone
> >> help?
> >
> >
> >.
> >
|
|
|
|
|