Access exchange from offsite

S

screwmesa

[H]ard|Gawd
Joined
May 19, 2005
Messages
1,024
I have Exchange Server 2003 setup and everyone at my company can access it at the office fine from either OWA or Outlook. Everyone can access it via OWA fine offsite as well. But when I try to setup Outlook 2003 for our Exchange server it cannot resolve the server name.

Here's how our network is laid out:
DC handles DNS which resolves fine from offsite. (If users go to test.domain.com they can get to email from a link on the homepage).
Mail server (mailserver.test.domain.com) will not resolve when using test.domain.com in Outlook 2003 for Exchange server.

Do I need to setup an MX record in DNS? I'm new with Exchange so please forgive my stupidity.

Edit: I have a public IP for the mail server which also serves IIS for test.domain.com.
Edit 2: I have a web hosting company that we use to server our website aka domain.com. I have a subdomain setup there (test.domain.com) that points to the public IP of the IIS/Mail server.
 
You can't just access Exchange offsite like that unless you open up all of the required ports on your firewall and create NAT translations if you servers are on a private network. What you need to do is setup and front-end/back-end configuration and use RPC over HTTP. This will require you to acquire a valid SSL certificate. If you are running only one Exchange server you can still do RCP over HTTP but the configuration is different. Do a search for it on Microsoft's site.
 
Another option is to just trun POP3 on your mail server but you will lose quite a bit of functionality.
 
Alright, I have already setup SSL and I will lookup how to configue RPC over HTTP. We only have one Exchange server.

Thanks for pointing me in the right direction.

EDIT: No go, clients are all Windows 2000 with Office 2003. MS says you need XP SP1 or newer for RPC over HTTP. Can I not just open the SMTP port on our firewall?
 
screwmesa said:
Alright, I have already setup SSL and I will lookup how to configue RPC over HTTP. We only have one Exchange server.

Thanks for pointing me in the right direction.

EDIT: No go, clients are all Windows 2000 with Office 2003. MS says you need XP SP1 or newer for RPC over HTTP. Can I not just open the SMTP port on our firewall?
Click to expand...

Yeah, you do need XP with Outlook 2003. SMTP will already need to be open if your organization is going to recieve mail from the internet. However, that will only allow your clients to send mail through your server. You will need POP3 so that they can recieve their mail.
 
Aww, so there is no way to use Exchange exactly as we do with Outlook onsite? That's one of the reasons we bought it.... :(
 
The two approaches I would take....
1) OWA...which with 2003 is really quite functional, but if they for some reason appear allergic to OWA...
2) setup a VPN router (quite inexpensive these days), if you have a dynamic IP setup a DynDNS for easy PPTP VPN access...
Then have them launch Outlook 2003. Runs great over a thin VPN pipe due to the cached mode it supports.
 
I was afraid we'd have to go VPN. One of our admin staff has to have everything look exactly the same or they don't understand it. Hence, OWA will not work for them. I guess VPN will solve everything as all will actually be the same. :p
 
screwmesa said:
I was afraid we'd have to go VPN. One of our admin staff has to have everything look exactly the same or they don't understand it. Hence, OWA will not work for them. I guess VPN will solve everything as all will actually be the same. :p
Click to expand...

Nothing to be afraid of, if anything, it tightens up your network...less ports exposed on the wild side.

And easy, man I've been loving the RV0 series from Linksys/Cisco. Look at the 082 or 016 models, not the 042. Fairly inexpensive for a SOHO grade router, very robust in features, VERY fast, and stable.

Since these came out, I stopped rolling out Sonicwalls...they've gotten too expensive with their forced license renewals for upgrades 'n support.
 
How hard is Sonicwall to deal with? We have a Pro3060 firewall here and already purchased vpn licenses.
 
screwmesa said:
I was afraid we'd have to go VPN. One of our admin staff has to have everything look exactly the same or they don't understand it. Hence, OWA will not work for them. I guess VPN will solve everything as all will actually be the same. :p
Click to expand...

There is little to no difference in OWA (exchange 2k3) and Oulook (2K3) or at least none that the secretary would know about anyway.
 
AS_CHAPS said:
There is little to no difference in OWA (exchange 2k3) and Oulook (2K3) or at least none that the secretary would know about anyway.
Click to expand...

Haha, you don't work with many secretaries do you? :D

The simple fact that you access it over the web is enough to confuse my average user. :(
 
logo29a said:
Haha, you don't work with many secretaries do you? :D

The simple fact that you access it over the web is enough to confuse my average user. :(
Click to expand...

Eh...2K3 got pretty darned close to what regular Outlook looks like. Even OWA 2K isn't all bad...the address book is partially clunky.

Ever try to walk users through OWA from Exch 5.5? Or worse...install OWA for Exch 5.5? Yuck!
 
screwmesa said:
How hard is Sonicwall to deal with? We have a Pro3060 firewall here and already purchased vpn licenses.
Click to expand...

Well, this is just from my perspective. I think their products are excellent...however, the two times I had to call support, well, lets just say it was horrible.

The first time, I was setting up 4x Sonicwall SOHO3's in various corners of my state, to VPN to the central office of a health care client. PPPoE DSL, business class static IP accounts, 1500/128 for the 3x satellites, 6000/384 account for the central office.

The Sonicwall tech, in attempting to sound like he spoke English, kept telling me over and over, and over and over, that Sonicwall did not support PPPoE DSL because it needs static IP addresses on at least one of the VPN endpoints.

I kept telling him that even though it was PPPoE, they were ALL business grade static IP accounts. He refused to believe me, saying static PPPoE does not exist. I wanted to grab him by the throat and choke him.

I've been a moderator over at Speedguide.net for quite some time....I don't need some first tier support telling me about broadband, and trying to tell me PPPoE cannot be static. PPPoE is just an authentication. Static or dynamic is irrelevant.

Regardless, my client had purchased 4x SOHO3 units, I knew for a fact they'd work on PPPoE, one of the members of Speedguide who was very familiar with Sonicwalls..as he worked with them a lot, well, 1x hour on the phone with him and he had me up and running.

The other instance was last fall or something, on a client with a pair of TZW units.
 
I've dealt with their service before, we had their content filtering service accidentally letting sites through (playboy, etc at a k-8 school). 2 weeks into a no internet rule, we got them to RMA the unit after exporting our settings to them on several occassions and several phone calls ending with cussing and hitting the phone on the desk. :p

I'll get into the vpn stuff in the next few weeks and let you know how it goes.
 
I use RPC over HTTP with a single server just fine.. There is plenty of setup info on the web to get it working, and with it outlook 2003 runs on my laptop and connects to my server from anywhere as long as I have internet access.
 
Aronj66 said:
I use RPC over HTTP with a single server just fine.. There is plenty of setup info on the web to get it working, and with it outlook 2003 runs on my laptop and connects to my server from anywhere as long as I have internet access.
Click to expand...

Which doesn't help the OP since his systems run Windows 2000 Professional.
 
I don't know, I may install XP for that one perticular user. We have XP licensing for our 2000 boxes...

Thanks for your input all, I will have a beer or two while a think of a decision.
 
YeOldeStonecat said:
Eh...2K3 got pretty darned close to what regular Outlook looks like. Even OWA 2K isn't all bad...the address book is partially clunky.

Ever try to walk users through OWA from Exch 5.5? Or worse...install OWA for Exch 5.5? Yuck!
Click to expand...

No, migrating from 5.5 to 2003 was bad enough! :D
 
YeOldeStonecat said:
one of the members of Speedguide who was very familiar with Sonicwalls..as he worked with them a lot, well, 1x hour on the phone with him and he had me up and running.
Click to expand...

Hey YOSC.... :D

Like YOSC said above, I use them a lot, and for VPN's they are rock solid. I peronally maintain 10 tunnels in my own office to remote client sites for remote administration, and have the ability to use the GVPN (global vpn client) to many others.

The SW's are pretty easy to set up the VPN client. You've already got a lot of $$ tied up in a VPN appliance if you own a 3060, so you might as well use it. Although SW's support sucks I guess (I've fortunately never had to deal with them yet- always been able to wallow through it myself), their software VPN is relatively painless to set up and use. It's a simple one-click process for the end user to activate, and they'll type in a username and p/w, and be connected.

Haha, you don't work with many secretaries do you?
Click to expand...
OMFG- I hear ya there.... don't let ANYTHING be different- or they are completely baffled.

In any case, have you ever downloaded the GVPN software for your unit? There have been several revisions, and the one bundled with the software that came with your SW may be an older version. Their latest revision is 3.1.556, but I prefer the prior revision which is 2.2.2.210 If you need this older revision- let me know- I'll get it to you. I have them all.

In any case, once you set up the Group VPN on the SonicWall (not much to set up really- it's preconfigured) you export the policy file through the router interface to disk, and distribute that rcf file to the end users. Once their GVPN is set up on their home PC, they'll import this policy into their GVPN software, and voila! Done.

Post back if you need a hand setting it up.
 
I'll start of by saying OWA for 2003 is awsome put you don't get access to your personal address book or PST's. IF y6ou need thouse I love Citrix =). I know it expensive so you could go with vppn + rdp/TS.
 
oakfan52 said:
I'll start of by saying OWA for 2003 is awsome put you don't get access to your personal address book or PST's. IF y6ou need thouse I love Citrix =). I know it expensive so you could go with vppn + rdp/TS.
Click to expand...

If setup on Exchange, you don't need a personal address book, what you do is setup the contacts to be available as your Outlook Address Book. For smoothest and most efficient Exchange use....I like the Contacts for the users own address book. Easiest to use, right click..send. And accessible from OWA. PSTs are for antique Exchange servers on inadequate hardware with no hard drive space (in which case if OWA is important..spend the money to do it right), or for moving Outlook users from one Exch server to another.
 
YeOldeStonecat said:
If setup on Exchange, you don't need a personal address book, what you do is setup the contacts to be available as your Outlook Address Book. For smoothest and most efficient Exchange use....I like the Contacts for the users own address book. Easiest to use, right click..send. And accessible from OWA. PSTs are for antique Exchange servers on inadequate hardware with no hard drive space (in which case if OWA is important..spend the money to do it right), or for moving Outlook users from one Exch server to another.
Click to expand...


you ouviosuly don't work for an large enterprise where mailbox size gets extreme. Even the Exchange DB has its limits for stability. Yes you split the mailbox up accross multiple exhange clusters but hardrware isn't free. PST are still needed for 99% of invironments.
 
oakfan52 said:
you ouviosuly don't work for an large enterprise where mailbox size gets extreme. Even the Exchange DB has its limits for stability. Yes you split the mailbox up accross multiple exhange clusters but hardrware isn't free. PST are still needed for 99% of invironments.
Click to expand...


"Environments"..and I hugely disagree 99% of them. I've done a few exchange servers for some larger manufacturing plants. Runaway databases can be controlled implementing rules of mailbox use. Granted the core of my consulting is done with Small Business Server, but I've done a few bigger ones...none that nudge the 75 gig limit though.

And if you users for some reason must have every e-mail and file sent to them since they were first hired there, including a full running history of their sent items...then you must be dealing with daily repairing of those multi-gig sized PST files. Not to mention the network traffic added by everyone opening PSTs from folders on the server...ooops..unless they're kept locally and not being backed up! But in my view, if the organization is THAT large, and e-mail is THAT important..then spend the money!

But back to your comment on OWA....the flaw is not in OWA, since it supports OAB just fine. The limit comes from when not using Exchange to its fullest, and falling back on PSTs, therefore losing Exchange functionality.
 
YeOldeStonecat said:
"Environments"..and I hugely disagree 99% of them. I've done a few exchange servers for some larger manufacturing plants. Runaway databases can be controlled implementing rules of mailbox use. Granted the core of my consulting is done with Small Business Server, but I've done a few bigger ones...none that nudge the 75 gig limit though.

And if you users for some reason must have every e-mail and file sent to them since they were first hired there, including a full running history of their sent items...then you must be dealing with daily repairing of those multi-gig sized PST files. Not to mention the network traffic added by everyone opening PSTs from folders on the server...ooops..unless they're kept locally and not being backed up! But in my view, if the organization is THAT large, and e-mail is THAT important..then spend the money!

But back to your comment on OWA....the flaw is not in OWA, since it supports OAB just fine. The limit comes from when not using Exchange to its fullest, and falling back on PSTs, therefore losing Exchange functionality.
Click to expand...

looking at my post... didn't mean to sound like a jackass.

Its not a technical problem when it comes to large enterrpises. Its a one Political one. Our VP's are outraged that we have their mailbox limit set to 4GB. Mailbox of that size are like PST's over 1GB they tend to be very problematic. ie why does it take so long to search for an e-mail. I don't see how they could possible have 10GB of e-mail (since we all know how much work VP's really do). none the less you have to find a way. No way would you risk 500 other suers mailbox on a server just to let a VP have unlimited e-mail storage. PST's have a 2GB limit and we keep ours under 1GB. Really just have to train the users how to arcive by year to PST's if they want to keep that many e-mails. They get backed up still and the exchange DB stays stable. Everyone is happy.
 
oakfan52 said:
Its not a technical problem when it comes to large enterrpises. Its a one Political one. Our VP's are outraged that we...
Click to expand...

I realize that's a big one. I'm at the liberty of standing up and shouting more that "This won't work"...or "You're gonna be sorry soon...you'll see", because I'm an outside consultant. They don't sign my paycheck on a week to week basis. And I'm at the point of being so busy, I don't have enough time in the week, so if they say "We don't like your bossiness, goodbye"..not a big loss for me, as I don't like to have clients who cling onto antiquated technology that's going to give them trouble.

A hard fact to drill into the bean counters...."How valuable is your information? If your infrastructure would disappear today...right now...how much would you pay to get it back?"

A lot of the VPs and beancounters don't realize how important computers and data are to the company, that the network has become the backbone of daily business. Often when a network is implemented, it's chopped down on that initial install...and it grows, and ages, beyond it's use...but in their eyes it's paid for, and since "it's working now"...they won't continue to put money into "upgrades". Not until a major 911 happens. I see it all the time, often relishing the day when I can crack a grin of "I told ya so".

Another more vague area that's hard to drill into the bean counters heads is how "Ease of use, and availibility of information" increases production, equaling less time spent by employees to do a specific task. They don't grasp how "spending some money on making remote access easier" equates to "ease of use on the remote employees end...allowing them to get more done remotely, or encouraging them to remote in more since they feel it's easier and worth their time".

So yeah, I can sympathize with your situation...you're often "stuck working with what you have" because they won't give you the budget you want.
 
You must log in or register to reply here.
Back
Top