EMC - Servers seperated by firewalls
Hi,
I have four sites running 1 Exchange Server 2007 HT/CAS and 1 Mailbox server each. All the sites are seperated by Firewalls. When I am trying to access CAS/HT of one site from the server on other site using Exchange Management Console it gives me an error that " Could not connect IIS service onXXXX Server". This was prior to the installation of Exchange 2007 SP1. After SP1 i am getting the same error while accessing mailbox servers.
Also, after SP1 I am not able to see copy status (LCR) of any other servers, It says - services down.
It looks like that I have to open 80/443 ports between servers or some other ports?
Everything else is working fine. I have fixed the IS, SA to static ports for communication bbetween firewall.
Any suggestion?
Regards,
Vineet
January 22nd, 2008 6:28pm
Hi,
Requesting experts there for inputs on above issue. Whenever I am trying to access anything on a CAS server behind a firewall using EMC or EMS ( Get-OWAvirtualDirectory or any other command) it says that " Task was unable to connect to IIS on destination server. Ensure that the server exists and reachable from this computer. RPC server is unavailable."
Looks like that some more ports need to be opened in firewall or will have to fix CAS services on static ports.
E-mail services are working perfectly fine.
Please help!!!
Regards,
Vineet
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2008 5:48pm
RPC server is unavailable - here is the answeer.
Exchange 2007 servers need to communicate freely with each other. For example, they need rpc for some intraorg communications. Do you have any reasons to filter traffic between them??
http://technet.microsoft.com/en-us/library/bb331973.aspx
January 27th, 2008 8:56pm
Hi,
I apologize for delayed response. I have gone through the mentioned KB article and understood that for Admin interface it uses RPC, which means both servers should be able to communicate freely.
Still, I would like to know if there is any way to restrict this RPC communication on static ports, the way we are doing it for AD and Exchange MB (IS and SA). The only reason of doing this is a firewall between two servers.
Would request a response.
Thanks,
Vineet
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2008 12:41pm
http://support.microsoft.com/kb/154596
On all the exchange servers make the following registry change:
1. Add the Internet key under: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
2.
Under the Internet key, add the values "Ports" (MULTI_SZ), "PortsInternetAvailable" (REG_SZ), and "UseInternetPorts" (REG_SZ). In this example ports 5000 through 5100 inclusive have been arbitrarily selected to help illustrate how the new registry key can be configured. For example, the new registry key appears as follows:
Ports: REG_MULTI_SZ: 5000-5100PortsInternetAvailable: REG_SZ: YUseInternetPorts: REG_SZ: Y
3.
Restart the server. All applications that use RPC dynamic port allocation use ports 5000 through 5100, inclusive. In most environments, a minimum of 100 ports should be opened, because several system services rely on these RPC ports to communicate with each other.
June 13th, 2008 6:13pm