We are a small shop with only a couple hundred email boxes, and we have been working with one Exchange 2003 server for awhile with no problems. The OWA works fine but we wanted to be a bit more secure and move the OWA into a DMZ, so we bought a license and installed exchange 2003 on Windows 2003 server that was also just installed.I put on the same service packs and updates as we have on the old server.Iput the same certificate on the new server and set it up for forms based authentication. Before I made the new server a FE server, when you accessed OWA on the new server it redirected you to the old server. After I made it a FE server it brings me authentication form and allows me to put in my username and password but just hangs after that. If I put the wrong password it asks me to try again so it must be authenticating, it just will not go to the next page and open up OWA. I have compared the settings on the new server and old server in ESM and the IIS manager, but did not find anything other than the redirects for http to https and /exchange that I have in the old server. I have not put those in the new server yet. I have also not put it in the DMZ yet, it is on the same network as the old server. I plan to move it once I get it working. Any Ideas?

Best bet would be to turn all logging to Max on the server and try it. This way maybe you will get an idea of what is really going on. The real reason I posted it to mention that it is not "best practice" to put a front-end Exchange 2003 server in the DMZ, as you have to open a lot of ports to make it work. Most people would recommend using a reverse proxy in the DMZ to publish OWA to. (E.G. ISA server). Just thought I would throw it out there.

I was doing some reading and found that the communication from the front end server to the back end is via 80. I got the front end server OWAto work by removing the SSL requirement on the Exchangevirtual Server in IIS for the back end server. This caused some red X box problems on the back end server OWA, but that gives me a starting point. As far as the FE in the DMZ, I figure it is better than OWA directly tomy onlyexchange server that is not in the DMZ. FE server will only be used for OWA, and will not be accepting SMTP. I have another serveras SMTP gateway withspam and virus control in the DMZ.I have alsoimplemented private VLAN in the DMZ so the servers in the DMZ can not talk to each other. We have a requirement that all outside facing servers be in a DMZ. This arrangement meets that need. We may get a ISA server later to make it more secure, but thats more licenses and hardware.