Skip to Main Content
Exchange Server Cookbook
book

Exchange Server Cookbook

by Paul Robichaux, Missy Koslosky, Devin L. Ganger
June 2005
Intermediate to advanced content levelIntermediate to advanced
464 pages
13h 2m
English
O'Reilly Media, Inc.
Content preview from Exchange Server Cookbook

10.4. Enabling IPsec on an Exchange Server 2003 Cluster

Problem

You have one or more front-end servers communicating with a clustered back-end server, and you want to protect IMAP, POP, or HTTP traffic passing between them.

Solution

Using a graphical user interface

  1. Open the Registry Editor (regedit.exe).

  2. In the left pane, navigate to:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley
  3. Click on the Oakley subkey.

  4. In the right pane, right-click the NLBSFlags entry and select Modify.

  5. In the Value data field, type 1 and click OK.

  6. Close the Registry Editor.

Using the command line

On the server where you want to enable IPsec, run the following command:

> reg add HKLM\System\CurrentControlSet\Services\PolicyAgent\Oakley 
/t REG_DWORD /v "NLBSFlags" /d "1" /f

Discussion

You can use IPsec as described in Recipe 10.3 to protect IMAP, POP, and HTTP communications between front- and back-end servers. However, if the back-end server is a cluster, the ordinary setup method doesn't work well. That's because the security association (SA) established between the two servers has to be renegotiated when failover occurs. The default interval for SA renegotiation is five minutes, which means that until that interval elapses, the FE and BE will be unable to communicate. This can take up to six minutes: five minutes for the timer to elapse, plus one minute for the IKE protocol to decide that it needs to establish a new SA. In Exchange 2000, there was no way to fix this, meaning that Microsoft ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Microsoft® Exchange Server 2010: Best Practices

Microsoft® Exchange Server 2010: Best Practices

Siegfried Jagott, Joel Stidley
Microsoft® Exchange Server 2003 Unleashed

Microsoft® Exchange Server 2003 Unleashed

Rand H. Morimoto - MCSE, Joe R. Coca, CISSP Kenton Gardinier - MCSE MCSA, MCSA Michael Noel - MCSE+I
Microsoft® Exchange Server 2013 Unleashed

Microsoft® Exchange Server 2013 Unleashed

Rand Morimoto, Michael Noel, Guy Yardeni, Chris Amaris, Andrew Abbate

Publisher Resources

ISBN: 0596007175Errata Page