OWA FrontEnd in DMZ

[techbird]

I am running Exchange 2003 on Windows 2003 Server. I am using the FrontEnd/BackEnd setup - with the FrontEnd in a DMZ. I had everything working great until the FrontEnd was placed in the DMZ. I have read numerous articles and have opened all the suggested ports I've seen recommendation for. It still does not work. I am new at the firewall side of things. The error I receive is:

All the DS Servers in Domain are not responding. (this is received when I try to logon)

I hope this means something to some of the brilliant minds that I know are out there, because I need help - great frustration has taken over a while back. Any help tremendously appreciated.

Thanks
C Emmons

 

[mlichstein]

This is the main reason why an Exchange server in a DMZ is not recommended. It negates the purpose of a DMZ by opening numerous ports.

You need LDAP, Kerberos, DNS, Netbios, Global Catalog, RPC, and others.

That error could be many things, including DNS, Kerberos, GC, or basically everything I listed above.

What ports have you opened?

 

[Micron1090]

Put the server behind the firewall and use NAT to allow outside access. The way you only have to forward 80 and 443 to that specific server and you no longer have the server to server communication problems.

i've done this in the past with a Pix and it works great.