none
Direct email send/receive connection between two exchange servers on the same wan

    Question

  • Got an interesting question. I have two Microsoft exchange servers in separate domains and organizations that share the same WAN network. Instead of having email that would be sent between these domains go out over the internet, I'd like to setup a secure email send connection between these two servers. Both exchange organizations are very simple single server installations. So I'm thinking it should be simple. Another little caveat to this situation is that both domains don't share DNS information directly, so I'll be wanting to send this stuff over via IP if possible. My big question is how. I'm assuming that this needs to be done on each server by setting up the following:

    1. Organization Configuration > Hub Transport settings > New Send Connector:
    Need to setup a Partner send connector on each server

    2. Server Configuration > Hub Transport settings > New Receive Connector:
    Need to setup a Partner receive connector on each server.

    3. Have to setup a domain user account in each of the domains for the basic authentication setup on the connector.

    4. Run the command to setup cross forest authentication:
    .\Enable-CrossForestConnector.ps1 -Connector "Cross-Forest" -user "ANONYMOUS LOGON"

    After doing all this I'm getting email messages sent to the other domain showing up in the outbound queue for the connector.  They hang out there until I disable the connector and then the messages flow out the main outbound connector with the other email.

    So what am I missing?  Sounds like it's something simple.

    Thanks.

    -Dan

    Tuesday, January 10, 2012 5:51 PM

Answers

  • You might be able to accomplish what you what even simpler with a couple of internal DNS MX records and no special connectors at all.

    You didn't say what version of Exchange these servers are, and that makes a difference.  Exchange 2010 supports what's known as opportunistic TLS, so if both servers support it, they'll automatically attempt to communicate through an encrypted session.  For Exchange 2003, you'd have to configure it manually.

    http://technet.microsoft.com/en-us/library/bb430753.aspx

    I think you're going to find that this will be really easy for you to set up.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Wednesday, January 11, 2012 7:16 AM

All replies

  • You might be able to accomplish what you what even simpler with a couple of internal DNS MX records and no special connectors at all.

    You didn't say what version of Exchange these servers are, and that makes a difference.  Exchange 2010 supports what's known as opportunistic TLS, so if both servers support it, they'll automatically attempt to communicate through an encrypted session.  For Exchange 2003, you'd have to configure it manually.

    http://technet.microsoft.com/en-us/library/bb430753.aspx

    I think you're going to find that this will be really easy for you to set up.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Wednesday, January 11, 2012 7:16 AM
  • I believe Enable-CrossForestConnector.ps1 was introduced with exchange 2010

    Network+,Security+,NCSA,MCTS,MCPS,And MCITP
    Friday, January 13, 2012 10:54 PM
  • Hi Dan,

    did you found the answer?.

    I´m in the same situation two exchange server (2003, 2007) and tow different domain sharing the same wan.

    Regards.

    Tuesday, January 24, 2012 9:48 AM
  • Guys!! Any of you achieved this in a simple way..

    I'm also in the same situation. 2 Simple exchange 2007 servers in 2 different Windows 2003 server domains linked via WAN. We have domain trust in place, but how to join both of them.. We should be able to see each other address books and exchange mails via WAN instead through Internet

    Pls advise  

    Thursday, June 14, 2012 2:48 PM