Take the front-end server out of the firewall and move it into your internal network. If you want a suitable appliance for a DMZ, install an ISA server there. It will nicely proxy OWA. Close the myriad dangerous ports you opened in your internal firewall.
Ed Crowley MCSE+I MVP "There are seldom good technological solutions to behavioral problems." -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dandy, Jim Sent: Friday, September 15, 2006 12:47 PM To: Exchange Discussions Subject: Migration and Stability problems. I've got a little test environment that I'm using to test migration from 5.5 to 2003. I boot up the machines in the test environment and 3 out of 4 times, everything will work fine. Occasionally, something will not work properly. Usually it's that the 5.5 server won't accept messages (or that the front-end won't deliver messages to it). Here is the topology. 2003 Front-end server in a perimeter network (DMZ). 2003 Back-end server, 5.5 server, 2003 domain controller behind the DMZ. A forth machine is running the active directory connector behind the DMZ. The Front-end has an Internet Mail SMTP connector and the 5.5 system as an Internet Mail service left over from the standalone 5.5 setup (pre Exchange 2003). I swapped the IP addresses between the Front-end 2003 server and the 5.5 system. So, mail destined for either the 2003 back-end or the 5.5 system comes in through the front-end. Mail sent out from a mailbox on the 5.5 system goes out through the 5.5 IMC. Mail sent out from the 2003 back-end goes out through the front-end. At first I thought that the problem was with the firewall between the DMZ and the protected network. I've been monitoring network traffic and it doesn't appear that anything that should get through the firewall is being blocked. I'm now wondering if the above configuration can ever be stable? Perhaps I should do my migration prior to installing the front-end? I kind of wanted to have the final setup-in place along side the legacy system so I could test it out and migrate people over slowly and, if something goes wrong, migrate them back to 5.5. Anyway, the question I'm asking is, is it asking too much to expect the above configuration to be stable? If so, what would be the best migration approach? Thanks for your help. Curt _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
