As part of the install, you may also need to go to a DC , not just the BE, check the firewall logs for anything to/from the FE that does not go to/from the BE that has been blocked
Personally I'd pull in inside to begin with to eliminate any FW issues and then move it out. The basic KIS principle applies here -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Blunt Sent: Wednesday, 7 March 2007 12:51 To: Exchange Discussions Subject: Re: Cannot Install OWA 2003 Currently, the network architect has all 65,000+ ports are wide open, between the FE server and the BE server, until he sees what is flowing after the install. Then he will lock it down to specific ports. I told him that he needed to open the following ports in the firewall, based on an article on MSExchange.org (http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html), by Markus Klein, titled "Implementing Outlook Web Access with Exchange Server 2003" * For Exchange Communication: o Port 80 for HTTP o Port 691 for Link State Algorithm routing protocol * For Active Directory communication: o Port 389 for LDAP (TCP and UDP) o Port 3268 for Global Catalog Server LDAP (TCP) o Port 88 for Kerberos Authentication (TCP and UDP) On 3/6/07, Tim Vander Kooi <[EMAIL PROTECTED]> wrote: > My guess is that you don't have all the necessary holes opened through > your firewall to allow authentication to the internal domain/forest. > The setup process thinks it can't authenticate due to the service not > running since it isn't aware of the firewall in the way. > Tim > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Jim Blunt > Sent: Tuesday, March 06, 2007 4:11 PM > To: Exchange Discussions > Subject: Re: Cannot Install OWA 2003 > > I was attempting to do the initial Exchange installation, after which > I will go back and check the box to make it an FE. > > It's during the installation that it blows up. > > Nice catch Tim, but yes...the account is a Domain, Enterprise, Schema > and Exchange admin. > > The complete and total error message was: > > The component "Microsoft Exchange Messaging and Collaboration > Services" cannot be assigned the action "install" because: > "You must have write access to the local registry and the Remote > Registry Service must be started" > > > On 3/6/07, Ed Crowley [MVP] <[EMAIL PROTECTED]> wrote: > > Good question. You shouldn't have to install anything to make an > Exchange > > server a front-end server. All you need to is to select the > > checkbox > in the > > server's property page in Exchange System Manager. > > > > Ed Crowley MCSE+Internet MVP > > Time Magazine's Person of the Year! > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Tim Vander Kooi > > Sent: Tuesday, March 06, 2007 12:53 PM > > To: Exchange Discussions > > Subject: RE: Cannot Install OWA 2003 > > > > You get the error when installing Exchange? Or when designating it > > as > a FE > > server? > > Assuming it's during install, are you logged in with an account > > having > the > > necessary forest/domain permissions? > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > Jim > > Blunt > > Sent: Tuesday, March 06, 2007 2:20 PM > > To: Exchange Discussions > > Subject: Cannot Install OWA 2003 > > > > Scenario: > > o 1 Front-end in the DMZ > > o 1 SMTP Bridgehead server > > o 1 Mailbox server (~950 Mailbox-enabled users) > > > > Environment: > > o Exchange 2003 Enterprise, SP2 (native) on Windows 2003 > > Enterprise, > > SP1 in a Windows 2003 Native AD > > o Outlook 2003, SP2 on client end > > o SMTP Bridgehead server is running Symantec Mail Security for > Microsoft > > Exchange, version 5.0.4.363. It also runs the AV console for > administering > > the AV on the mailbox server, handles the encryption services in and > out of > > the domain, and is the OWA Admin server. > > > > Problem: > > I'm trying to actually install the Exchange software on the FE and > designate > > it as such, but when I do that, I get the following error message > > from > the > > install application: > > > > "You must have write access to the local registry and the > > Remote Registry Service must be started" > > > > I have looked at the permissions on the server and I have full > permissions. > > I have opened reged32 and given myself explicit Full Control to the > HKLM > > registry hive. I have rebooted the machine three times. The SMTP, > NNTP, > > IIS, WWW and Remote Registry services are all running. > > > > I have Googled and can't find anything. > > > > Anyone got any ideas? > > > > Jim Blunt > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: > > http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: > > http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: > > http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. ********************************************************************** Have you clicked on yet? www.nrc.govt.nz ********************************************************************** NORTHLAND REGIONAL COUNCIL This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] ********************************************************************** _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
