Quantcast
Channel: Exchange Server 2013 - High Availability and Disaster Recovery forum
Viewing all 1985 articles
Browse latest View live

Exchange 2013 DAG File Share Witness offline

April 4, 2016, 9:04 am
$
0
0

I have a 3 node DAG including the FSW. I am using Server 2012 R2 and dynamic quorum. I believe the DNS record for the CNO was deleted and I have since recreated it to no avail. I am getting 4 separate Event ID errors 1069, 1196, 1205 and 1564. I have looked online and found a blog that advises to simulate cluster failure and run a repair or take cluster offline and do the repair.

What are the implications of taking the cluster offline and/or simulating a failure of the cluster on the DAG and Exchange 2013?

Event ID 1196 -

Cluster network name resource 'Cluster Name' failed registration of one or more associated DNS name(s) for the following reason:

The handle is invalid.

.

Ensure that the network adapters associated with dependent IP address resources are configured with at least one accessible DNS server.

Event ID 1564 -

File share witness resource 'File Share Witness (sharename\dagname)' failed to arbitrate for the file share ''. Please ensure that file share '' exists and is accessible by the cluster.

Event ID 1069 -

Cluster resource 'File Share Witness (\\sharename\servername.domainname.com)' of type 'File Share Witness' in clustered role 'Cluster Group' failed. The error code was '0xc000006b'.

Based on the failure policies for the resource and role, the cluster service may try to bring the resource online on this node or move the group to another node of the cluster and then restart it.  Check the resource and group state using Failover Cluster Manager or the Get-ClusterResource Windows PowerShell cmdlet.

Event ID 1205 -

The Cluster service failed to bring clustered role 'Cluster Group' completely online or offline. One or more resources may be in a failed state. This may impact the availability of the clustered role.

Cluster Log entries - 0000ec78.0000a4dc::2016/04/04-09:06:12.986 WARN  [RES] Network Name: [NNLIB] LogonUserEx fails for user DAGName$: 1326 (useSecondaryPassword: 0)
0000ec78.0000a4dc::2016/04/04-09:06:12.986 WARN  [RES] Network Name: [NNLIB] LogonUserCall fails for user DAGName$: (useSecondaryPassword: 1), password length is 0
0000ec78.0000a4dc::2016/04/04-09:06:12.986 INFO  [RES] Network Name: [NNLIB] Logon failed for user DAGName$ (Error 3221225579), DC\\domaincontroller, domain
0000ec78.0000a4dc::2016/04/04-09:06:12.986 INFO  [RES] Network Name <Cluster Name>: Identity: Obtaining Windows Token for Name: DAGName, SamName: DAGName$, Type: Singleton, Result: -1073741717, LastDC:\\Domaincontroller
0000ec78.0000a4dc::2016/04/04-09:06:12.986 INFO  [RES] Network Name: Agent: OnInitializeReply, Failure on (f703c3e4-303f-40de-89b2-6c35a6148bb6,Identity): -1073741717
0000ec78.0000a4dc::2016/04/04-09:06:12.986 INFO  [RES] Network Name <Cluster Name>: SyncReplyHandler Configuration, result: -1073741717
0000ec78.000094e4::2016/04/04-09:06:12.986 ERR   [RES] Network Name <Cluster Name>: Initializing Identity module failed with error -1073741717
0000ec78.000094e4::2016/04/04-09:06:12.986 ERR   [RHS] Error 3221225579 from ResourceControl for resource Cluster Name.
0000f160.000100d0::2016/04/04-09:06:12.987 ERR   [RES] File Share Witness <File Share Witness (\\ServerName\ShareName)>: Failed to get virtual server token from core NetName resource, error 3221225579.
0000f160.000100d0::2016/04/04-09:06:12.987 ERR   [RES] File Share Witness <File Share Witness (\\ServerName\ShareName)>: Failed to retrieve the virtual server token from the core netname resource with 3221225579.
0000f160.000100d0::2016/04/04-09:06:12.987 ERR   [RES] File Share Witness <File Share Witness (\\ServerName\ShareName)>: Failed to bring resource online with error 3221225579.
0000f160.000100d0::2016/04/04-09:06:12.987 ERR   [RHS] Resource File Share Witness (\\ServerName\ShareName) has failed to come online: error 3221225579

Any assistance would be very much appreciated. This has been on-going for a week now.

Regards

Scott


Search

configure second Exchange Server 2013 on Win2012 Datacenter

April 5, 2016, 4:57 am
$
0
0

Hello Guys

I have installed a second Exchange Server 2013 Standard and have already one in use. I thought I just have to create a DAG for high availability but apparently thats not quiet enough. My target is, that one Exchange Server can have a failure so the second one will be there to still send and receive e-mails. All our mails go through the MailGateway in the DMZ that has GFI MailEssentials on it. So before I can create DAG I need to make some configurations on the GFI so he knows that there is another Exchange Server to send the mails to.

Now my issue is, that I can't find the configurations I need to make on the GFI (GW-server).

And what exactly do I need to configure on the second Exchange Server except DAG.

One last question, on the first Exchange Server i got three volumes: C: 250GB, Data: 400GB and Logs: 200GB. The second one only has C: with 250GB. Does the second one need the other two volumes as well?

Thank you for any help of yours!

priinz

Exchange DAG replication traffic never ending?

April 5, 2016, 7:03 am
$
0
0

Hello,

we are using Exchange with a DAG set up and are using three mailbox servers. The three mailbox servers are distributed across three HyperV hosts. Two of the mailbox servers use LUNs inside a NetApp 2240. We noticed the performance of our NetApp recently was horrific as it was under consistent full IOPS load and we were able to narrow it down to the exchange mailbox servers reading with max IOPS from the NetApp.

We have a total mailbox volume of around 2TB, and we saw the mailbox servers reading with 3Gbit for over 2 days (easter holidays) - which amounts to some 60TB in reads - and they never stopped. We now throttled the VHDs down to 700IOPS each to avoid impacting the performance of other HyperV machines too much.

Is it a "feature" for a DAG mailbox group to consistently check for consistency with maximum storage speed or do we experience some kind of bug/loop? 

Exchange Server 2010 Version: 14.03.0279.002 (Update Rollup 12 2015/12/10)

CAS Server, Mailbox Server and File Witness server down

April 7, 2016, 5:37 am
$
0
0

Hello team,

My exchange server 2010 has two CAS Servers and two MBX Servers 

One CAS and MBX are on one volume of vmware datastore and second CAS and MBX are on second volume of vmware datastore

now one of the volume has failed and one CAS and MBX are down ( CAS one is the witness server which is also down )

Also Active Directory server is down and second AD is available ( We will transfer the FSMO role to ADC Server )

As Second CAS and MBX are available we want to mount the DB and Point the RPCClient Access Server to available CAS server and restore the exchange services. 

Appreciate your reply and support.

Thanks,Arif

DAG Exchange Server IP Address

April 7, 2016, 11:59 pm
$
0
0

Helli guys

i created a dag, but i have no idea what IP-address the DAG needs. i need help! i thought the dag needs the ip-addresses of both exchange servers (the replication, second ip of both)

But then it says it failed because it uses the same ip address as the exchange server, but what other ip-address do i have to give him?

thanks for any help!

priinz

eDiscovery Deployment URL Appears Incorrect

April 8, 2016, 10:56 am
$
0
0
Greetings, we have Exchange 2013 CU7 on premises and in Compliance Management if I perform a search in the In-Place Discovery, I do not have any issue creating and running the search as myself or with the domain administrator. If I try to download directly by clicking the down arrow, the download process starts, but then errors out. Initially I thought it was just a certificate issue, and tried all the other things I found that I could find that other people used to resolve their issues, however in looking at the log files, I noticed that the Deployment URL is not formatted they way I would expect, and I am not entirely sure how to fix it easily.

The URL is as follows, with server and domain names substituded:

https://server/ecp/15.0.1044.29/exporttool/server.domain.local/microsoft.exchange.ediscovery.exporttool.application?name=Search%20Results&ews=https%3A%2F%2Fex3%2Fews%2FExchange.asmx

Everything looks normal at first, but in the middle of the string, there is the addition "servername.domain.local" that to me should not be there. Otherwise the path looks correct and does exist, but the quoted string is out of place.

Does anyone have an idea on how to change this easily?

Thanks in advance,

DAC Mode needed?

April 8, 2016, 4:26 am
$
0
0

hello guys

ihave created a DAG with two exchange servers 2013 on windows server 2012. i have read about the DAC mode, but can't fit it in. do i need to enable the DAC mode? for what exactly is it here?

thanks for any help!

priinz

2 member DAG with file share witness loses quorum even though witness is accessible

April 9, 2016, 9:14 pm
$
0
0

I'm at a loss with this issue so coming to you all.

I'm running two servers both with CAS and MBX roles with Exchange 2013 CU 11 on Server 2012 R2. My DC is also Server 2012 R2 and using it as my witness server and directory. On my two cluster nodes, in Failover Cluster Manager, I see the nodes online and see my file share witness online. I've made sure the File Share Witness directory permissions have Exchange Trusted Subsytsem with Full Access assigned to NTFS and share permissions. I also assigned the DAG object Full Access  to see if that worked and it didnt. When I validate the cluster, all my quorum tests pass without issue.

However, when I take one of my MBX servers offline, these are the errors I see in Cluster Events.
Event ID - 1135
Cluster node 'HOMELAB-EXCH01' was removed from the active failover cluster membership. The Cluster service on this node may have stopped.

Event ID - 1564
File share witness resource 'File Share Witness (\\homelab-dc01.homelab.local\AR-EXCHDAG.homelab.local)' failed to arbitrate for the file share '\\homelab-dc01.homelab.local\AR-EXCHDAG.homelab.local'. Please ensure that file share '\\homelab-dc01.homelab.local\AR-EXCHDAG.homelab.local' exists and is accessible by the cluster.

 

When I run Test-ReplicationHealth, my quorum passes as well:
RunspaceId       : 43f0bd66-cdc6-43d0-81d2-e872ac770041
Server           : HOMELAB-EXCH01
Check            : QuorumGroup
CheckDescription : Checks that the quorum and witness for the database availability group is healthy.
Result           : Passed
Error            :
Identity         :
IsValid          : True
ObjectState      : New

RunspaceId       : 43f0bd66-cdc6-43d0-81d2-e872ac770041
Server           : HOMELAB-EXCH01
Check            : FileShareQuorum
CheckDescription : Verifies that the path used for the file share witness can be reached.
Result           : Passed
Error            :
Identity         :
IsValid          : True
ObjectState      : New

I'm at a loss at what is wrong with this thing.



Search

How To Change Which Database A User Is Using.

April 10, 2016, 12:42 pm
$
0
0

We had a power outage that corrupted the original exchange database that all users were on.

Boss did not want to do any backups because it was considered a "Waste Of Time". Well now we are wasting more time and after this problem is fixed, I received the go ahead to put a backup in place.

The "DB1" will not mount and the Content Index State: Failed. I have tried the eseutil tool with no success. At this point I created a new "DB2" and I want to switch all existing users to the new "DB2". The "Move Mailbox" tool does not work because it is trying to locate the user's existing mailbox on the corrupted "DB1". How do I change the DB, making new mailboxes if needed, to the new "DB2" without deleting the users' account and remaking it?

 

How to remove an Email account not AD user Account, if Database does not exists

April 11, 2016, 6:49 pm
$
0
0

Morning,

Exchange server 2013 installed on VM and crashed. I could not recover it. I installed new Exchange server 2013 on VM with old working domain.

I removed all accounts from AD and created new accounts with Email boxes in new database except Administrator. I cannot create a new administrator account or mail box. I also could not remove administrator mail box.

Please help me to remove Administrator mail box which has old database info (broken database, which doesn't exists) and create an administrator mailbox in new database.

Regards

Agkhan

file share isn't accessible

April 11, 2016, 11:51 pm
$
0
0

i created a dag and it actually works. but i realized that i got a lot of errors in the logs. the source is failoverclustering. it says that the file share on the witness server isn't accessible by the cluster. or it says that the cluster resource failed. or it says that the node has lost communication with the other node.

my exchange servers are in the exchange trusted subsystem group and that group is in the administrators group (because my witness server is a DC, i know it isn't recommended but i got no choice)

does anyone have an idea what that error means and what i can do to change that?

thank you!

priinz

DAG / CAS High Availability Ceritifcate

April 12, 2016, 2:54 pm
$
0
0

I have one Exchange 2013 server (Mailbox/CAS) configured, tested running. It's already joined to the DAG and is the only member with the exception of the witness share. A second Exchange 2013 server (Mailbox/CAS) is nearly done.  We also have a 3rd party load balancer in front of both servers routing the traffic for myexch.mydomain.com and will route it to one or the other server.

My question is about the certificate.  One the first server we have already requested certificate using New-ExchangeCertificate ... and imported it, Import-ExchangeCertificate...  with the domain myexch.mydomain.com.  Then changed the URLs on the server to myexch.mydomain.com.  For the second server are we ok to simply import the certificate and change the URLs to myexch.mydomain.com?  There are some internally who believe this will break the second Exchange server.

Replacing failed server in test environment "not within your authorized scope"

April 12, 2016, 2:37 pm
$
0
0

After following instructions below to replace a non-recoverable test server, I am unable to perform most functions on this server.  I get the error below.  How do I reset what is needed to allow me to put the server in and out of maintenance mode and update the certificate?  I can not move active database copies to this server either.

https://technet.microsoft.com/en-us/library/dd638206.aspx

The operation on server "EXTEST04" failed because it's not within your authorized scope. Use
Get-ManagementRoleAssignment to verify your scope or contact your Exchange administrator. 'EXTEST04' isn't within
your current write scopes. Can't perform save operation.
    + CategoryInfo          : InvalidOperation: (EXTEST04:ADObjectId) [Enable-ExchangeCertificate], InvalidOperatio
   nException
    + FullyQualifiedErrorId : [Server=EXTEST04,RequestId=573f7e04-5346-4eb2-9d43-df46fdf56251,TimeStamp=4/12/2016 8
   :34:11 PM] [FailureCategory=Cmdlet-InvalidOperationException] 32B4B195,Microsoft.Exchange.Management.SystemConfigu
  rationTasks.EnableExchangeCertificate
    + PSComputerName        : EXTEST04.test.domain.com

Exchange/hyper-v/server query

April 13, 2016, 1:25 am
$
0
0

Hello Everyone :)

We currently have 1 exchange server running on a server 2012 environment on a vsphere.

I am currently looking at migrating all stuff to hyper-v (going to use MVMC as its a pretty good tool), however what I would then like to do is move exchange from its current server to a 2012r2 and up it to a 3 host DAG (2 locally and one remote), was wondering if I might get some advice on how best to achieve this with minimal disruption (I am already anticipating several 11pm-5am style shifts).

Any thoughts would be appreciated.

kind regards

Keith

FSW Maintenance

April 13, 2016, 5:04 am
$
0
0

Hi, we have a two-node DAG setup where we use a file share witness. The server on which the witness share sits needs some maintenance that will take the share offline. What would be the best approach here?

- What happens with Exchange operations if the witness share server disappears (if only for an hour)?

- Is it possible to use the AlternateWitnessServer functionality here (same datacenter)?

- Should I just move the witness share to a temporary server while the main server is in maintenance mode, and then move it back afterwards?

Search

DAG error - failover cluster shows both nodes online???

April 13, 2016, 2:19 pm
$
0
0

Good afternoon, all!

I recently had to deal with a failover failure on my two-member DAG.  The servers lost connection through a network failure and now I'm getting a DCOM error like this:  DCOM was unable to communicate with the computer dag1.contoso.com using any of the configured protocols; requested by PID 3c24 (C:\Windows\system32\ServerManager.exe).  The DAG was originally set up using DHCP.  I checked on the DHCP server (Cisco router) and found that the address listed in DNS is no longer leased.  Hence, the DAG members can't see the dag1 computer. 

Is there a way to see what MAC address the DAG used to obtain the lease and then update DNS?  Or would I be better off re-designing the DAG network to have a static IP?  If so, are there any ill effects from taking a couple of days to research the network design to be sure I don't hurt myself accidentally?

Thanks to all for looking!

Gregg

Seeing FastDocumentTimeoutException Warnings on Passive DAG Copies

April 18, 2016, 7:56 am
$
0
0

It seems like we have a transient problem with our DAG copies, where this particular warning just cycles around randomly amongst all of our passive copies:

The indexing of mailbox database <DB_NAME> encountered an unexpected exception.
Error details: Microsoft.Exchange.Search.Core.Abstraction.OperationFailedException: The component operation has failed. ---> 
Microsoft.Exchange.Search.Core.Abstraction.OperationFailedException: 
The component operation has failed. --->
 Microsoft.Exchange.Search.Fast.FastDocumentTimeoutException: The Content Submission Service returned failure for the document: Document timeout expired
. ---> System.TimeoutException: Document timeout expired

I'm not really sure what to make of it. It started happening when we had a RAID controller on a server go bad and we replaced it, and then I formatted the drives in Windows, and then reseeded copies of our DB's back onto that server. This is really the only error/warning message I'm seeing, and from what I can tell, there's not much discussion of this one on the web. Has anyone else run across this, or does anyone have any tips on where to look deeper for a solution?

Thanks.


server response was 5.7.1. Client was not authenticated

April 18, 2016, 11:45 am
$
0
0

Trying to setup a relay/recieve connector on ex2013 CAS.

-  Created a new custom receive connector with default permissions. 

-  Selected Basic Authentication on the security on the receive connector.

- Assigned permissions using ADSI Edit to the account created in AD as following this article

https://exchangequery.com/2013/12/02/steps-to-configure-anonymous-and-authenticated-relay-in-exchange-2013/

I did not select/apply Anonymous users permissions.

I enter AD user name and password and When I try to relay via this connector I see error "the smpt server rquires a secure connection or the client was not authenticated. The server response was 5.7.1. Client was not authenticated.

Thank you

SMTP Authentication using AD service Account

April 21, 2016, 11:28 am
$
0
0

Looking for some assistance on setting up SMTP authentication using AD service account receive connector on CAS2013 servers. 

Sending device/server must be able to send internally and externally. I am not finding a document on this from Microsoft.  I have seen few others but not much luck.

Than you

Exchange mailbox server not pick up the Secondary DNS when the Primary DNS is offline

April 21, 2016, 8:44 pm
$
0
0

Dear all Sir,

We would like to know the solution when Exchange Mailbox Server does not pick up the second DNS after the primary DNS is offline.

Thank you.

Best Regards,

Yan Naing Oo

The following are log files with issue happen.

Issue: We have 4 mailbox servers in a DAG group, each mailbox has two DNS entries configured. When the primary DC (also DC) down, 2 Exchange servers did not pick up the second DNS (also DC) and Exchange hang. The Exchange can be pinged, but can’t rdp.

Logs with issue happen:

Log Name:      Application
Source:        MSExchange ADAccess
Date:          4/5/2016 7:00:17 AM
Event ID:      2501
Task Category: Site Update
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      APPP1007.abc.com
Description:
Process Microsoft.Exchange.Directory.TopologyService.exe (PID=4660). The site monitor API was unable to verify the site name for this Exchange computer. Error Message Active Directory server  is not available. Error message: Active directory response: The LDAP server returned an unknown error..

Make sure that Exchange server is correctly registered on the DNS server.

Log Name:      Application
Source:        MSExchange ADAccess
Date:          4/5/2016 7:01:25 AM
Event ID:      4027
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      APPP1007.abc.com
Description:
Process Microsoft.Exchange.RpcClientAccess.Service.exe (PID=10540). WCF request (Get Servers for oml.com) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running. In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s). 
Error Details System.TimeoutException: This request operation sent to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService did not receive a reply within the configured timeout (00:02:00).  The time allotted to this operation may have been a portion of a longer timeout.  This may be because the service is still processing the operation or because the service was unable to send a reply message.  Please consider increasing the operation timeout (by casting the channel/proxy to IContextChannel and setting the OperationTimeout property) and ensure that the service is able to connect to the client.

Viewing all 1985 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>