|
Home > Archive > microsoft.public.exchange2000.admin > October 2002 > Emergency: Exchange Front End Servers and PIX DMZ
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Emergency: Exchange Front End Servers and PIX DMZ
|
|
|
| Would also like to mention that all NetDiag tests pass
while the server is in the DMZ. This is very odd 
>-----Original Message-----
>Guys,
>
>We are having exteme difficulty getting Exchange 2000
>SP2's Information Store Service to start in DMZ1 off a
PIX
>525. It works if we move it to the backend network. We
>have opened the server up to any destination (domain
>controllers and backend Exchange servers included) in the
>DMZ over tcp/udp/icmp for troubleshooting. The proper
>routes are in the firewall and the server can ping all
>domain controllers/backend exchange servers in either
>network. The Information Store service fails with
a 'Could
>not Find Active Directory' message in the application
>event log. Again, when the server is placed in the
>backend network, it starts and the server functions
fine.
>The DNS entry only points to our Active Directory
>Integrated DNS server in the backend.
>
>Our arses are potentially on the line here....can anyone
>help?
>.
>
| |
| Gary McDonnell 2002-10-05, 8:42 pm |
| Also, remember that the PIX requires a change to it's configuration when
passing SMTP traffic to an Exchange server.
http://support.microsoft.com/defaul...;EN-US;Q320027&
Personally I've found it more efficient not to have the Exchange server in
the DMZ. Instead I just put it behind the firewall and open only port 25
(SMTP) to it, and for POP3 traffice port 110. If you have to have something
in the DMZ, why not just set up a W2K SMTP server and have it relay to the
Exchange server - if desired, I think you can even have it relay on a
nonstandard port instead of port 25.
Good luck! /gary mcdonnell
--------------------------
"a" <a@a.com> wrote in message
news:111501c25e6d$4b3e1040$3be
f2ecf@TKMSFTNGXA10...
Would also like to mention that all NetDiag tests pass
while the server is in the DMZ. This is very odd
>-----Original Message-----
>Guys,
>
>We are having exteme difficulty getting Exchange 2000
>SP2's Information Store Service to start in DMZ1 off a
PIX
>525. It works if we move it to the backend network. We
>have opened the server up to any destination (domain
>controllers and backend Exchange servers included) in the
>DMZ over tcp/udp/icmp for troubleshooting. The proper
>routes are in the firewall and the server can ping all
>domain controllers/backend exchange servers in either
>network. The Information Store service fails with
a 'Could
>not Find Active Directory' message in the application
>event log. Again, when the server is placed in the
>backend network, it starts and the server functions
fine.
>The DNS entry only points to our Active Directory
>Integrated DNS server in the backend.
>
>Our arses are potentially on the line here....can anyone
>help?
>.
>
|
|
|
|
|