Exchange 2003 remote user problems

[acunje]

Hello all!

I am here at work and we are stumped at an issue with our exchange server that we are currently having.

Here is the scoop:

Originally we were running Exchange 2000 on Server 2000. People running outlook ouside of the company could connect & use the the exchange server and check email with out the vpn. Later we added a firewall....but this didn't change anything...people could still connect freely.

Now we have recently changed over to exchange 2003 on the server which is running server 2003. Users can no longer connect to exchange outside of the office...but it works inside the office perfectly fine.

Please help us with any knowledge you may have on this issue as we are stumped beyond belief.

I was thikning that there may be some protcol or setting that is being blocked/disabled in 2003 that was normally enabled in 2000 that may be causing this occurance. But i dont really know.

PLEASE HELP!

~Thanks again~
-Andrew Cunje

 

[stash]

Unless you were allowing a whole bunch of nasty ports inbound through your firewall (like RPC), I don't see how users were able to connect externally w/o the VPN.

I don't think anything has changed in 2003 compared to 2000, except that 2003 has the ability to use RPC/HTTPS (with Outlook 2003) to accomplish what you want securely. Not sure why it isn't working now though, if you haven't closed your firewall down.

 

[acunje]

alright....we think its because we forgot to open up a buncha ports that we had configured before in the firewall an dforgot to add as static ports in the registry...does any one have a nice link that could assist us with the ports we need to open?

 

[MrChad]

Originally posted by: acunje
alright....we think its because we forgot to open up a buncha ports that we had configured before in the firewall an dforgot to add as static ports in the registry...does any one have a nice link that could assist us with the ports we need to open?

Are your clients running XP?

 

[stash]

Yeah, so if you didn't notice from my first post, opening a ton of ports (including major nastiness vectors like RPC) inbound on your FW is a Really Bad Idea. 🙂

It was never recommended to do so with Exchange 2000. Which is why it was recommended that external clients either use OWA or VPN in to use the fat client.

In Exchange 2003 with OL2003 clients (Windows XP only) you can provide fat client access without a VPN and without opening lots of scary ports. This feature is RPC over HTTPS.

This article is a good place to start: http://www.microsoft.com/technet/prodte...c-4839-9732-5a85525a0874.mspx?mfr=true

Make sure you have at least SP1 on the Exchange servers.

Here's another good link: http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx

Good luck.

 

[Brazen]

Did you do in in-place upgrade of Exchange 2000 or did you migrate to a newly built Exchange 2003 box? If you had RPC and all the other ports open to the world, the thought of all the nasty things your server must have picked up (between viri and haxors) will be keeping me awake with nightmares and crying into my pillow all night.

 

[RebateMonger]

The access methods and the inbound ports needed for external access to Exchange 2003 email are pretty straightforward:

VPN: Whatever your VPN protocol requires
RPC over HTTPS: TCP Port 443
Outlook Mobile (SmartPhone): TCP Port 443
OWA: TCP Port 443

Those are the recommended remote access methods for Exchange 2003. All of these methods work great and I use all of them to stay connected every day.

 

[acunje]

Thanks all for the help. We are trying to setup OWA. We currntly have migrated to a new 03 exchange server. Any links on OWA?

 

[acunje]

Sorry for doble post.

But we want users to be able to use their outlooks express clients to get their mail from the servers.

~Andrew

 

[stash]

ugh, why? OWA or full Outlook with RPC/HTTPS is much better.

You'll need to configure POP3 and open the appropriate ports to enable access with OE.