Question : Exchange 2003 Front-End Back-End DMZ Config...

I've setup many E2K FE/BE configs, but never with the FE in a DMZ.  I'm having problems on the FE server with slow startup response, extremely slow logon response, and errors talking back to the BE servers (an active/passive cluster).  The network config is:

(Internet)----[Firewall]----[FrontEnd]----[Firewall]----[BackEnd]

I have the following ports open from the Internet to the FrontEnd:

  0080 TCP (http) {for testing until we get a certificate for SSL}
  0443 TCP (https)

I have the following ports open from the FrontEnd to the BackEnd

  0025 TCP (smtp)
  0080 TCP (http)
  0110 TCP (pop3)
  0143 TCP (imap4)
  0691 TCP (LSA)

And the following ports open from the FrontEnd to the inside DC's, which also perform DNS and WINS:

  0053 TCP (dns)
  0053 UDP (dns)
  0088 TCP (kerberos)
  0088 UDP (kerberos)
  0135 TCP (rpc-epm)
  0389 TCP (ldap-ds)
  0389 UDP (ldap-ds)
  3268 TCP (ldap-gc)

Also, at least for the present time, all ports 1024 and higher are permitted from the INSIDE network to the FrontEnd server for RPC.

What am I missing?  Once I solve this basic issue, I will refine the RPC port range and, eventually, tunnel everything through IPSec.  But for now I need to get the basics working.

Thanks.

Answer : Exchange 2003 Front-End Back-End DMZ Config...

http://support.microsoft.com/default.aspx?scid=kb;EN-US;179442

check out this part as well for the ports necessary for the domain. I saw SMB in here, but I'm not sure you'd need it for AD, don't remember...I'm embarassed :)

d
Random Solutions  
 
programming4us programming4us