If it is a DMZ of one machine, then it is not. If it is a in a DMZ of many machines then the risk profile is far greater than having it internally, assuming it is the only internal machine
Web publishing, as you have suggested is a great idea. Jim, the firewall may be getting in your way, suggest if you are wanting the fe in the DMZ, bring the server inside to do the install and check it is all working ok, then move out to DMZ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ed Crowley [MVP] Sent: Wednesday, 7 March 2007 10:37 To: Exchange Discussions Subject: RE: Cannot Install OWA 2003 After a reread of your question, I strongly advise you to reconsider doing that. Move the front-end server inside your intranet and use IIS or a web publishing appliance to proxy for your OWA and RPC over HTTPS clients. To install a front-end in your DMZ you must have a whole slew of dangerous ports open on your inside firewall making it like Swiss cheese. Putting a front-end server in a DMZ is tantamount to militarizing it. Ed Crowley MCSE+Internet MVP Time Magazine's Person of the Year! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Blunt Sent: Tuesday, March 06, 2007 12:20 PM To: Exchange Discussions Subject: Cannot Install OWA 2003 Scenario: o 1 Front-end in the DMZ o 1 SMTP Bridgehead server o 1 Mailbox server (~950 Mailbox-enabled users) Environment: o Exchange 2003 Enterprise, SP2 (native) on Windows 2003 Enterprise, SP1 in a Windows 2003 Native AD o Outlook 2003, SP2 on client end o SMTP Bridgehead server is running Symantec Mail Security for Microsoft Exchange, version 5.0.4.363. It also runs the AV console for administering the AV on the mailbox server, handles the encryption services in and out of the domain, and is the OWA Admin server. Problem: I'm trying to actually install the Exchange software on the FE and designate it as such, but when I do that, I get the following error message from the install application: "You must have write access to the local registry and the Remote Registry Service must be started" I have looked at the permissions on the server and I have full permissions. I have opened reged32 and given myself explicit Full Control to the HKLM registry hive. I have rebooted the machine three times. The SMTP, NNTP, IIS, WWW and Remote Registry services are all running. I have Googled and can't find anything. Anyone got any ideas? Jim Blunt _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
