Exchange Over the internet w/ Proxy Server 2.0
Chris Young
set static ports for IS & DS & map those ports to win proxy
then map port 135 to winproxy
But I have been unsuccessful in trying to get exchange to work over the
internet with Proxy Server 2.0
I've set the two registry keys
MSExchangeDS -> Parameters -> TCP/IP = XXXA
MSExchangeIS -> ParametersSystem -> TCP/IP = XXXB
And I have my wspcfg.ini
[STORE]
ServerBindTcpPorts=110,143,XXXB
Persistent=1
KillOldSession=1
ForceCredentials=1
[DSAMAIN]
ServerBindTcpPorts=389,XXXA
Persistent=1
KillOldSession=1
ForceCredentials=1
[MAD]
ServerBindTcpPorts=135
Persistent=1
KillOldSession=1
ForceCredentials=1
There are several articles on http://search.support.microsoft.com, but they
all say - set the IS & DS to have static ports & map the ports to the proxy.
But they don't have "Proxy Server" specific notes (or even ISA Server
notes). Am I missing something¿ Am I doing something wrong¿
With Proxy Server, mapping is done with the wspcfg.ini, right¿
I did configure POP3,IMAP,LDAP, and SMTP to work with the wspcfg.ini files.
Maybe I'm mapping the IS & DS to the wrong programs.
IS = Information Store = STORE.EXE
DS = Directory Store = DSAMAIN.EXE
I'm kinda guessing with the MAD.EXE for port 135. I tried it on the IS,
but that didn't seem to help.
With this setup, I can telnet into the external ports
telnet ip 25 = 220 FQDN ESMTP Server (Microsoft Exchange Internet Mail
Service 5.5.2653.13) ready
telnet ip 135 = connect (no output - blank console)
telnet ip XXXA = connect (no output - blank console)
telnet ip XXXB = connect (no output - blank console)
Even tried to turn off packet filtering, IMAP,POP3, LDAP, & SMTP still work,
but not "Exchange Over the Internet"
Any help would be appreciated.
Thanks
Chris
Tim Cox
internet with Proxy Server 2.0"? Sounds like you are trying to server proxy
Exchange Server so external clients can connect to Exchange Server thru
proxy with native Outlook connectivity. Is that correct? If so, you will
save lots of grief and have a more secure server setting up proxy with VPN
than what you are attempting...IMHO...
--
No Email Replies
***********************
"Chris Young" <Chris...@icims.com> wrote in message
news:O3o02D6jAHA.1708@tkmsftngp04...
Tim Cox
putting Exchange in DMZ. You will have problems communicating with internal
clients which means opening holes in your firewall/proxy which means hackers
may exploit them. You also leave the Ex Svr exposed to the internet which
means hackers may exploit it. All that for the sake of what--making it easy
to connect to the Ex Svr from the internet? You're giving up a whole heck of
a lot of security for that...and you can reverse it all by putting the Ex
Svr BEHIND the proxy and opening Proxy to VPN for remote users. Much more
secure and surely easier than trying to get DMZ setup to work correctly. Ex
Svr in DMZ is not BEHIND proxy.
--
No Email Replies
***********************
"Chris Young" <Chris...@icims.com> wrote in message
news:#zsDgOHkAHA.1396@tkmsftngp03...
> Okay - what if it's not even "over the internet"
>
> What if I just have my Exchange Server in a DMZ - behind Proxy Server - so
> that it is not on the same physical network as my clients.
>
> By default, Outlook connects to Exchange through port 135 - and then two
> dynamic ports are assigned to the client to connect to the
InformationStore
> and the DirectoryStore.
>
> To work across a Proxy - you need to assign static ports to the IS and the
> DS - so that you don't have to open the thousand+ ports that exchange
> "might" use - you only have to open three ports (IS, DS & 135). You could
> assign a static port to the SA if you want to be able to remotely admin -
> but I'm not going for that here
>
> With WinProxy I can connect over the internet.
>
> I'm trying to get this to work with ProxyServer instead of WinProxy
> (different client - different network)
>
> Thanks
> Chris
>
> "Tim Cox" <T...@NoSpamCstone-adv.com> wrote in message
> news:OBN1Xc6jAHA.864@tkmsftngp04...