Why have you placed the server in the DMZ? If you have read the
installation guides provided by Microsoft, you would know that you would
have to open up just about every port just to get the services to
communicate properly. This is why Microsoft changed their thoughts on how
to properly implement Exchange 2003 and that is to keep all servers within
the LAN and if desired, place the SMTP Gateway in the DMZ. Then open only
the ports to the Frontend only within the firewall to that single IP. If you
do not do this, then there are a TON of ports you must open between them...
(DMZ to LAN and back)
Between the two domains, you must open certain ports are well. Goto
Microsoft.com/exchange and read up on proper installation and migration and
search for ports used by Exchange 2003 and ports for trust relationships for
Windows 2003 native-mode.
This will give you a start.
<> wrote in message
news: oups.com...
> First, here is my environment:
> ===============================
> - I have a single forest with two separate 2003 native mode domains;
> A.COM and B.COM. Domain A.COM is the forest root domain. There is a
> two-way trust relationship between the two domains.
>
> - I have a single server in a DMZ that is a member of A.COM
> (DMZserver.A.COM). This is a front-end server for Exchange OWA and my
> back-end server is also a member of A.COM and resides on my internal
> network.
>
> - The appropriate ports are opened for this DMZ server to authenticate
> and talk to the domain controllers in A.COM. No ports are opened for
> this server to talk to DCs in B.COM.
> ===============================
>
> OK, up until last week I could login to DMZserver.A.COM as
> . Last week I did an in place upgrade of Exchange 2000
> to 2003, and Windows Server 2000 to 2003. After the upgrade, logging
> into the server with worked just fine of course.
> However, now trying to log into DMZserver.A.COM as
> yields "The specified domain either does not exist or could not be
> contacted." So my question is what changed and why. The firewall
> was not touched and it worked just fine before the upgrade. There were
> no ports open for DMZserver.A.COM to directly talk to domain
> controllers in B.COM, so the DCs in A.COM were taking care "pass
> through" authentication to B.COM. Did something change in the
> Windows Server 2003 upgrade? Any thoughts are appreciated.
>
Similar Threads
Linear Mode
