Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Installing OWA on IIS in DMZ

0 views
Skip to first unread message

John Weathers

unread,
Jan 18, 2001, 10:07:40 AM1/18/01
to
How do I load OWA on an IIS server in a DMZ when it is looking for the
Exchange 5.5 server during installation using a WINS broadcast? The
Exchange server is on a different network segment, behind a Checkpoint
firewall running NAT.


M. Anderson

unread,
Jan 18, 2001, 1:58:20 PM1/18/01
to
You can configure the server inside your intranet, then change the IP
settings and drop in the DMZ. You should not need to put WINS servers in
the IP configuration of the OWA server if you are going to put in DMZ as it
doesn't need to register with WINS. Keep in mind that you will need to open
certain ports. Assuming you will be using SSL - you'll need to open 443
from the internet to the OWA box. Also, you'll need to open the following
ports from OWA to your Exchange Server: Port 135 Bi Directional, PORT 137
(UDP) for NetBIOS Name Service, PORT 138 (UDP) for NetBIOS datagram
(Browsing), PORT 139 (TCP) for NetBIOS session (NET USE) ,PORT 1225, 1226 Bi
Directional

"John Weathers" <jwea...@infosysnetworks.com> wrote in message
news:e390aEWgAHA.1724@tkmsftngp05...

John Weathers

unread,
Jan 23, 2001, 2:44:29 PM1/23/01
to
What about a connection to a domain controller to handle authentication? I
have it communicating with the Exchange server, but it won't get past the
login box.

"M. Anderson" <mic...@micontechnologies.com> wrote in message
news:OCUehBYgAHA.2024@tkmsftngp05...

microsoft

unread,
Jan 26, 2001, 12:40:25 PM1/26/01
to
You can use the LMHosts file to tell the IIS to only use one particular DC
for NT authentication. This way you only open up port 138 and 139 to one DC
on your internal network instead of allowing 139 from your IIS to
everything and their dogs on the internal net.
Then you need the 139 and 1125 & 1126(or whatever you want) for the IIS to
talk with the exchange server.

the 1125 1126 ports require a registry key edit on the Exchange server

I have basically the same scenario at my company


"John Weathers" <jwea...@infosysnetworks.com> wrote in message
news:e390aEWgAHA.1724@tkmsftngp05...

John Weathers

unread,
Jan 29, 2001, 9:26:40 AM1/29/01
to
Okay, I got it loaded and currently have an open path through my firewall
between the OWA (IIS) server in the DMZ and the Exchange server in the
network and it is working fine.

But when I tried to narrow the hole down to only the following ports, it
started timing out with an ASP time-out error screen:

UDP ports 137 and 138 from OWA to Exchange
TCP port 139 from OWA to Exchange
TCP ports 135, 1225, and 1226 in both directions.

I shouldn't need any ports opened to a domain controller because it was
working without any. The only traffic I was allowing was between the two IP
addresses of the OWA server and the Exchange server, but not restricting any
ports. Now I just need to know which ports it is using so I can restrict
everything else.

I made the registry change on the Exchange server to assign static ports
1225 and 1226, and made the LMHOSTS entry on the OWA server.


microsoft wrote in message ...

John Weathers

unread,
Jan 29, 2001, 10:54:02 AM1/29/01
to
Okay, answering my own questions now, I did a sniffer trace and the Exchange
server is still replying using random ports, so I need to check my Registry
settings first.....

John Weathers wrote in message ...

0 new messages