Re: Exchange 2003 OWA over HTTPS authentication delay

Perform a netmon. Capture from the FE and the BE. Then you can tell if you
have any name resolution issue and when does FE foward the traffic to BE and
how long does BE take to return and etc.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Also, the use of included script samples are subject to the terms specified
at http://www.microsoft.com/info/cpyright.htm


"kman" <davidk@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1122352115.183272.266660@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hi folks,
>
> I've spent more time on this problem than I care to realise, so any
> help anyone can provide is very welcome.
>
> Symptoms: Using the URL "https://<ip address>/exchange/<username>" I am
> imediately presented with dialog box asking me to accept an un-verified
> SSL certificate. This is as expected (certificate generated by private
> CA server), however, after accepting the certificate there is a delay
> of up to 30 seconds before I'm asked for authentication details, which
> I find unacceptable. OWA in fact works after the lengthy delay without
> any drama at all.
>
> Topology:
> LAN - Exchange 2003 SP1 server hosting mailboxes as a back-end server,
> also the PDC/GC server.
> DMZ - Exchange 2003 SP1 server acting as front-end server for OWA
> alone.
>
> I've configured the firewall according to every article I've read on
> the subject, but so far the only fix I've managed to apply to the
> system is to open port 445 (SMB) between the DMZ and the LAN, which is
> also unacceptable.
>
> Firewall:
>
> DMZ to LAN
> - 80 (HTTP, TCP)
> - 691 (Link State Routing, TCP)
> - 389 (LDAP, TCP & UDP)
> - 3268 (GC, TCP)
> - 88 (Kerberos, TCP & UDP)
> - 53 (DNS, TCP & UDP)
> - 135 (RPC Mapper, TCP)
> - 55000 (RPC services, TCP)**
>
> LAN to DMZ
> - 3389 (RDP, TCP)
>
> * to DMZ
> - 443 (HTTPS, TCP)
>
> **Port 55000 has been configured as the target RPC port on the DC.
>
> I have two such configurations, one for a customer and one for my
> office. The customer is seeing the symptoms describe above, while at my
> office I am unable to logon to the front-end server via RDP with the
> error "...RPC server is unavailable...". This problem is not nearly as
> important to me as the logon delay.
>
> Again any help is appreciated.
>
> Dave.
>


.

Relevant Pages

  • Re: Web portal security
    ... win2003 standard server with IIS, SSL enabled and will be placed on ... So I will be fwding port 443 in firewall to my DMZ port. ... Well, assuming you are going to use teh SQL database from SBS, you can ... subnet than my LAN and map one to one from firewall to dmz. ...
    (microsoft.public.windows.server.sbs)
  • Re: 2 NICs Configuration Problem
    ... Servers on the DMZ are public, ... provides NAT for the LAN machines, allowing them to reach the Internet ... effectively bypassing firewall filtering to that server. ... Ethernet adapter Server Local Area Connection: ...
    (microsoft.public.windows.server.networking)
  • Re: Where to put the server
    ... Put the 2003 IIS Server in the DMZ. ... SBS box or another LAN server. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Web portal security
    ... opinions will differ about DMZ vs member server, I'd put the portal in the ... DMZ but I don't think the TTZ170 provides true DMZ. ... Can the portal be run on another port? ... 2.Some usres from LAN must access portal server in order upload customer ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to join AD domain from DMZ network
    ... the server from the DMZ registered the ... unless you lock it down to a specific port. ... authentication from DMZ to 2003 AD internal network. ...
    (microsoft.public.windows.server.active_directory)
Quantcast