Quantcast
Channel: Exchange Server 2013 - High Availability and Disaster Recovery forum
Viewing all 1985 articles
Browse latest View live

Certificate for ADFS

July 28, 2015, 11:27 pm
$
0
0

Hi!

I am currently implementing an Exchange Server 2013 which will coexist with 320 Exchange Online User Accounts.

So far, we have already done the following.

  1. Installed Exchange Server 2013 and installed the SSL certificate (mail.company.com)
  2. Exchange is now up, can connect with Outlook 2013 and via OWA.
  3. Setup ADFS and ADFS Proxy for SSO.

However, this is were i got stuck. Upon checking in this link, https://msdn.microsoft.com/en-us/library/azure/dn151311.aspx?f=255&MSPPError=-2147217396, it says "Subject name and subject alternative name must contain your federation service name, such as fs.contoso.com".

Is there a way for me to change the Subject Name of my certificate to fs.company.com without messing up with what is already configured in my mail server? Or should I be using another certificate?

Kindly help me on this.

Search

DAG Member Servers Reshuffle

July 30, 2015, 1:29 am
$
0
0

Hi,

I Need Possibilities of reshuffling members servers in DAGs. Currently I have 4 DAGs which contains 3 Member server Each. Recently we have observed that DAG-1 servers are placed in 1 Chassis, and this is for all DAGs. Physical placement of These servers are bit Tedious hence, looking to Do adjustments at Exchange side. If I Change DAG members in below format by simply using Exchange Management console .. Will this work ?

Future Placement
Chasis-1Chasis-2Chasis-3Chasis-4
DAG -1DAG-2DAG-3DAG-4
EXC01EXC02EXC03EXC04
Exc05EXC06EXC07EXC08
Exc09EXC10EXC11Exc12
Current Placement
Chasis-1Chasis-2Chasis-3Chasis-4
DAG-1DAG-2DAG-3DAG-4
Exc01Exc04Exc07Exc10
Exc02Exc05Exc08Exc11
Exc03Exc06Exc09Exc12

An Early Reply would be appreciated

Exchange server DAG (Cluster failure)

February 5, 2015, 8:15 am
$
0
0
Hi,

Here is my issue: In our organization, Exchange server 2013 is installed on windows server 2012,

From few months we are having issue with cluster fail-over.

We have a DAG with 8 nodes and in that 4 servers are having this issue

Here is the below event logs we are receiving  and exchange DBs will get fail-over to the passive node

Let me know if you need any more detail

Could you please let me know the cause and resolution for this issue. 

Here is the flow of event logs..

 "IMPORTANT thing is this is happening every 3rd or 4th day the month, depends on the number of days in the month (30/31 days ) "

1 : NETLOGON 

 

This computer was not able to set up a secure session with a domain controller in domain VCN due to the following: 

The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. 

This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

 

ADDITIONAL INFO 

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

 

event : 5719

 

 

2 : Security Kerberos:

 

The digitally signed Privilege Attribute Certificate (PAC) that contains the authorization information for client Server-name$ in realm(FQDN) could not be validated.

 

 This error is usually caused by domain trust failures; Contact your system administrator

 

event iD 7

 

 

3 : DNS Client event 

 

The system failed to register host (A or AAAA) resource records (RRs) for network adapter

with settings:

 

           Adapter Name : {******-3175-888-9999-******}

           Host Name : Server-name

           Primary Domain Suffix : FQDN 

           DNS server list :

              131.**.***.*, 131.**.***.*

           Sent update to server : <?>

           IP Address(es) :

             131.**.***.***

 

The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time.

 

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

 

Even ID : 8015

 

4 : Fail-over cluster:

 

File share witness resource 'File Share Witness \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)' failed to arbitrate for the file share \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)'. Please ensure that file share \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)' exists and is accessible by the cluster.

 

Segotn5102 - witness server

segotn5110 - DAG name (Virtual name)

event : 1564

 Thank you,

Pradeep K



DAG Sendmail issues 4 days after DAG creation

July 29, 2015, 9:15 am
$
0
0

Have had Exchange 2013 running on a Virtual machine for a couple of months now without issues other than some serious throttling issues we bypassed exchange and resolved.

I installed a second Exchange 2013 server on a physical server and Created an active passive DAG on Sunday the 18th.  Everything tested as far as email flowing inbound and outbound, both plain text and through our ZIX server.

On Thursday the 23rd, everyone in the company received a certificate warning when logging into outlook any versin.

At the same time, noticed that any job from any of our 4 job servers that had email tasks going through the exchange server also failed with the following error.

Source: Send Duplicate Attempt Send Mail Task     Description: An error occurred with the following error message: "Service not available, closing transmission channel. The server response was: 4.3.2 Service not available".

We drained the Physical Exchange server queues and powered it down, no more certificate errors, and no more jobs failing.

Not sure where to begin looking.

Exchange 2013 - Hardware Load Balancing PowerShell virtual directory

July 29, 2015, 7:44 am
$
0
0

Hi,

We use a 3rd party mail archive solution that connects to /powershell in order to process mail. I'm trying to use a hardware load balancer (netscaler) to publish the that virtual directory. I'm using the same configuration that I've previously published /owa/ and the other vdirs with, however, trying to access /powershell always fails, even when I check the URL in a browser. The /powershell vdir is configured with the default settings.

Here's a quick snippet from the IIS log on one of my Exchange servers. When a client PC accesses the URL, it succeeds. When my HLB tries, I get a 500 error:

2015-07-28 18:07:10 192.168.1.103 GET /powershell/healthcheck.htm - 443 - 192.168.40.130 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 200 0 0 109
2015-07-28 17:59:16 192.168.1.103 GET /powershell/healthcheck.htm - 443 - 192.168.1.251 - - 500 0 64 15

The guides I've seen for publishing Exchange 2013 this way all focus on the /owa, /ecp, /oa, etc directories, not /powershell.
Is publishing /powershell via HLB supported? Are there any tests I can run to narrow down the issue, or guides that I can follow to get this up and running?

Thanks,
Greg

Exchange Multi Site DAG Failover

July 10, 2015, 8:41 am
$
0
0

Hi We have an Exchange Server 2013 environment which is deployed on 2 Sites.

Site A and Site B. Both Sites are connected via VPN.

We have 2 mailbox servers on each site. We have create a DAG all 4 mailbox server are member of that DAG. We have a third site which is on separate location and this site is also connected via vpn with both Sites as shown in the diagram.

The issue is that our databases were mounted on Mailbox 1 on Site A. Primary active manager was also on Mailbox A. VPN from site B to Site A was disconnected. Due to this our databases were dismounted and users faced disconnectivity. We were able to access Site B from  Site A but Single Site VPN tunnel was disconnected from Site B to Site A. Can anyone help us why our databases were dismounted.

In case our VPN tunnel from Third Site to Site A disconnects then how we can able to failover to Site B. We have DNS failover and if any of our CAS is not accessible then DNS automatically failover to next CAS server and OWA points to active CAS but our DAG does not failover. Can any body give us any opinion.

Any help will be highly appreciated.

Regards,

Anees


Dead server in DAG - adding new one.

July 30, 2015, 8:20 am
$
0
0
Hi folks,

I have two exchange servers that are in DAG. One of them is dead.

I'm planning to setup another one, add it to the DAG and then remove the dead one from the DAG and the AD environment.

Anything special I need to have in mind when doing this or do you reccomend another way?

Thanks in advanced.

Implement site resilince issue distribute groups mail

July 30, 2015, 9:52 pm
$
0
0

Hello

Yesterday I have test lab with Exchange Server 2013 Sp1 for site resilience.

For information i have two data center include:

Primary site :

1 AD DS

1 Client Access Server

1 Mailbox Server role

Secondary site :

1 AD DS

1 Client Access Server

1 Mailbox Server role

Issue happen when test case.

When me shutdown only mailbox server in primary site. A mailbox have availability can send and receive from External e-mail but when me send message from external mail to Distribute group recipient not receive mail. The external mail status retry...

But when start Mailbox Server the recipient in distribute group can receive message from external e-mail.

Who have issue such  ?

Thank you.

Search

Exchange server crashed, only EDB recovered

July 30, 2015, 8:16 am
$
0
0

Hello,

My exchange server crashed and was not recoverable. the AD is also lost. To use e-mail we switched to office 365, but our old e-mails are not in office 365. I have the EDB file and setup a new AD and exchange server in VMware (new domain) and I am trying to mount the database from the old domain\server. I am having no luck.

old setup: Windows server 2008 / exchange 2013

new setup: Windows server 2012 / exchange 2013

can anyone help me out? any help would be greatly appreciated.

Thanks, Willem

Exchange SMTP Relay HA

August 4, 2015, 9:14 am
$
0
0

Hi Guys,

Fairly simple question I'm sure for most of you.

I'm a bit confused about how inbound smtp traffic from the firewall is sent to an active server in a HA scenario?

For example, say we use ARR for CAS HA, DAG's for mailbox HA and we lose server A, ARR will redirect users to server B and server B will become the active database server - however SMTP traffic from the firewall will still be hitting server A.

What solution do you recommend for ensuring inbound traffic is always directed at an active server?

The same logic applies for SMTP relays on the network which will have the same problem.

Many thanks,

Stupac86


Ive set up a 2 member DAG in Exchange 2013, how to I configure the virtual directories on each member?

August 6, 2015, 11:30 am
$
0
0

Im running Exchange 2013 and i used a guide online to setup a 2 member DAG, Ive got the DAG setup and in the process of creating database copies on the 2nd member.  But as both have CAS role how do I set the Virtual directory Internal and External URL's? Do I set both servers the same?  How do I need to set my DNS for this?  I cant find any guides that tells you how to configure the URL's on each member after setting up the DAG.  

Can anyone help?

Thanks

JK MCP

Exchange 2013 DAG with single site and 2 multi-role servers with error "MapiExceptionIllegalCrossServerConnection"

January 21, 2015, 12:48 am
$
0
0

Hi,

I've got a lab with a domain controller and an Hyper-v with on it two multi-role exchange 2013 CU7 servers on W2K12 R2 OS, configured in DAG semplified (but the problem is the same also if I use the classical DAG configuration), a witness server, and a L7 load balancer for the exchange servers.

When I made the test to disable the OWA application pool where I've got the active mailbox database of the user, the balancer in correct manner redirect the session to the other exchange multi-role server, but the client in  his OWA session is no more able to send new mail with the error "Error your request can't be completed rigt now. Please try again later."

The only strange log that I see on the server in the MAPI client access directory where there is the following error message:

2015-01-21T08:00:45.132Z,956,1,/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt,,Microsoft.Exchange.RpcClientAccess.Monitoring.dll,15.0.0.0,Cached,,,,MapiHttp,Client=Microsoft.Exchange.RpcClientAccess.Monitoring,R:4ab7b6c8-54ee-4be3-aa9d-f8c856c4c47c:2,C:MAPIAAAAAOC4+7OCoZOjkqeKuoumlKSEtYO5ibyGs4bc/879z/vD9sX1zP28AwAAAAAAAA==|S:0-mGmHRQ==,OwnerLogon,0x6BB (rpc::Exception),00:00:00.0310000,"Logon: Owner, /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt in database  last mounted on Exch2.lab.net",RpcEndPoint: [ServerTooBusyException] Client is being backed off -> [ClientBackoffException] Mailbox was moved to a different mailbox server. A client needs to retry. -> [IllegalCrossServerConnectionException] Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt. -> [MapiExceptionIllegalCrossServerConnection] Monitoring mailbox [] with application ID [Client=MSExchangeRPC] is not allowed to make cross-server calls from [Exch1.lab.net] to [Exch2.lab.net] [diag::AAAOAAAA/wAAAAAAAAAAAgAAAAA=],,,HealthMailbox7021deb6ae104dadbf52feedfa7fa68b@lab.net,

The CAS try to access the mailbox on the other server, but without success.

Someone have idea how to solve?

Thanks

IllegalCrossServer Exception Exchange 2013 SP1 DAG

August 6, 2015, 2:56 pm
$
0
0
Hello,

I have an Exchange 2013 SP1 DAG with 2 Exchange Servers.
On one Exchange Server I am not able to open the ECP, (On the other one it is working fine), but owa works on both.
After inserting the credentials into the login page, a blank page appears.


When I am check then the logs I find this warning with eventid 1309.
I already tried to recreate the HealthDatabases and the ECP VirtualDirectory. 
Below the warning code in the eventviewer
    
Event code: 3005 
Event message: An unhandled exception has occurred. 
Event time: 8/7/2015 1:30:31 AM 
Event time (UTC): 8/6/2015 9:30:31 PM 
Event ID: c182d90778c1416bb20e1661997b42fb 
Event sequence: 17519 
Event occurrence: 14667 
Event detail code: 0 

Application information: 
    Application domain: /LM/W3SVC/2/ROOT/owa-2-130828936400156394 
    Trust level: Full 
    Application Virtual Path: /owa 
    Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\owa\ 
    Machine name: EXCHANGE2 

Process information: 
    Process ID: 11888 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Exception information: 
    Exception type: MapiExceptionIllegalCrossServerConnection 
    Exception message: MapiExceptionIllegalCrossServerConnection: Monitoring mailbox [] with application ID [Client=OWA] is not allowed to make cross-server calls from [exchange2.core.local] to [Exchange1.core.local]
   at Microsoft.Mapi.CrossServerDiagnostics.BlockCrossServerCall(ExRpcConnectionInfo connectionInfo, String mailboxDescription)
   at Microsoft.Mapi.CrossServerConnectionPolicy.CheckAndBlockMonitoringMailboxes(ExRpcConnectionInfo connectionInfo)
   at Microsoft.Mapi.CrossServerConnectionPolicy.Apply(ExRpcConnectionInfo connectionInfo)
   at Microsoft.Mapi.ExRpcConnectionFactory.Create(ExRpcConnectionInfo connectionInfo)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, Boolean unifiedLogon, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout, TimeSpan callTimeout, Byte[] tenantHint)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, ClientIdentityInfo clientIdentity, String applicationId, Byte[] tenantPartitionHint, Boolean unifiedLogon)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore, Boolean unifiedSession)

Request information: 
    Request URL: https://localhost:444/owa/proxylogon.owa 
    Request path: /owa/proxylogon.owa 
    User host address: 127.0.0.1 
    User: CORE\SM_12984a6c393744e18 
    Is authenticated: True 
    Authentication Type: Kerberos 
    Thread account name: NT AUTHORITY\SYSTEM 

Thread information: 
    Thread ID: 49 
    Thread account name: NT AUTHORITY\SYSTEM 
    Is impersonating: False 
    Stack trace:    at Microsoft.Mapi.CrossServerDiagnostics.BlockCrossServerCall(ExRpcConnectionInfo connectionInfo, String mailboxDescription)
   at Microsoft.Mapi.CrossServerConnectionPolicy.CheckAndBlockMonitoringMailboxes(ExRpcConnectionInfo connectionInfo)
   at Microsoft.Mapi.CrossServerConnectionPolicy.Apply(ExRpcConnectionInfo connectionInfo)
   at Microsoft.Mapi.ExRpcConnectionFactory.Create(ExRpcConnectionInfo connectionInfo)
   at Microsoft.Mapi.MapiStore.OpenMapiStore(String serverDn, String userDn, String mailboxDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, String httpProxyServerName, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, Boolean wantRedirect, String& correctServerDN, ClientIdentityInfo clientIdentity, Boolean unifiedLogon, String applicationId, Client xropClient, Boolean wantWebServices, Byte[] clientSessionInfo, TimeSpan connectionTimeout, TimeSpan callTimeout, Byte[] tenantHint)
   at Microsoft.Mapi.MapiStore.OpenMailbox(String serverDn, String userDn, Guid guidMailbox, Guid guidMdb, String userName, String domainName, String password, ConnectFlag connectFlags, OpenStoreFlag storeFlags, CultureInfo cultureInfo, ClientIdentityInfo clientIdentity, String applicationId, Byte[] tenantPartitionHint, Boolean unifiedLogon)
   at Microsoft.Exchange.Data.Storage.MailboxSession.ForceOpen(MapiStore linkedStore, Boolean unifiedSession)

Anybody has an idea how to solve this, as I am going crazy with this error? 
Thanks a lot for any suggestion, 
Tommy



how many log drives

August 6, 2015, 4:26 pm
$
0
0
I currently have Exchange 2007 with 3 database drives and 1 transaction log drive.  All are on a NetApp FAS3240 and I am using SnapManager for Exchange for transaction log backup.  I am upgrading to Exchange 2013 and I have read that some recommend having a log drive per database (3 database drives and 3 log drives).  Recommendations?

Exchange 2013 - Routing Boundaries, Delivery Groups.

August 6, 2015, 8:22 am
$
0
0

Hey Guys,

I am hoping you guys can help out here. Nothing is broken so at least there is that. I am trying to better understand these 2 terms:

1) Routing Boundary

2) Delivery group

I have already read through this https://technet.microsoft.com/en-us/library/aa998825(v=exchg.150).aspx#RoutingDest but am still unclear.

I am not sure what is meant by routing boundary. does that mean "Destination, for messages to be delivered to, which can go no further and can follow the DAG or the ad Site" ?

Does delivery group mean, these servers will be used to deliver messages to this users mailbox?

I just need some clarification on the terms, all of the other documentation I have been able to locate regarding this is basically just the same as the documentation above.

Thanks,

Robert

Robert

Search

how to build Exchange 2013 lab system

August 7, 2015, 10:38 am
$
0
0

currently we have 2007, 2010 lab environment.

need to deploy 2 node Exchange 2013 where both nodes have CAS and Mailbox roles, to the existing lab environment.

I need assistance to find workable documentation with steps to create deployment. being a lab we thinking the Microsoft Load Balancer should be supportable with our load and testing. trying to mimic a customer environment but on a smaller scale.

Failover for odd number (member count) DAG across two datacenters

August 13, 2015, 1:40 pm
$
0
0

Consider this scenario:

DAG1 with 3 MB servers.

2 Datacenters: 2 of the MB servers in datacenter A, 1 in datacenter B

datacenter A experiences an outage, and both MB servers in dc A goes down at the same time.

Can Exchange brought back online / failed over to datacenter B with just 1 MB server?

From what I'm reading about cluster quorum, DAG will not function if fewer than half +1 members are online. Even with dynamic quorum, if 2 MB servers go down simultaneously, quorum can't adjust (for dynamic quorum to work, each server needs to go offline one at a time sequentially).

One thing I heard was the only way to failover in this scenario is to remove DAG, and bring the MB in datacenter B as a standalone MB server...

I also saw something about enabling DAC (Datacenter Activation Coordination mode) for the DAG can mean I can failover Exchange to datacenter B with just 1 MB...

Any thoughts would be appreciated :)

me


Exchange 2013 HA Physical and Virtual Server

August 13, 2015, 8:20 am
$
0
0
Hello All..............I will be migrating Exchange Server 2010 to Exchange 2013.  The new Exchange 2013 will be highly available. Is it possible make high availability between a Physical and Virtual Server?

Outlook clients cannot connect to Exchange for some time

June 24, 2015, 7:20 am
$
0
0

I am asking this question to see if anyone else is seeing the same issue.

We have three DAG servers for Availability and the databases are setup as passive and lagged copies. When one Dag server goes down the database are mounted automatically to the passive copies, here very thing ok. But some clients whose mailboxes that are on the mounted databases on the downed DAG server start getting connection errors on the Outlook client  though the database are already mounted on another DAG server.Or at times the Outlook breaks completely and we have to delete the user profile and recreate it again to repair Outlook client.

Is this normal ? We never had this issue when we were on Exchange 2010. What could be the causes and could we avoid this ?

Could it be that since Outlook now uses https instead of tcp/ip connections that the clients are locked up on the cache trying to connect to the downed server ? If this is the Case is there away to avoid this ?

Activesync does not Show this problem.

Our servers are on Vmware.

automatic replies outlook 2013 not working server unavailable

August 14, 2015, 3:11 am
$
0
0

I have seen threads about this problem and I have it too, the only difference is that the users experiencing this problem have a second or shared mailbox added in Outlook. When I remove the shared mailboxes, then the issue goes away. I have checked to make suer the user is the default, but does not make any difference

Viewing all 1985 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>