[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

Exchange 2010 SP1 Outlook Anywhere not working for Directory connections

We have 2 Exchange servers with a DAG in our environment they are both CAS servers.  After a successful demotion and promotion of these servers to virtualize them we are now having issues with Outlook Anywhere.

Outlook Anywhere works but will not connect to the directory.

I can telnet ports 6001 and 6002 to the server but not 6004. The exchange servers are not even listening on these ports via netstat cmd.

I can browse to the RPC web page with no issues.

I have checked the "ValidPorts" registry key.
0
LouisvilleGeek
Asked:
LouisvilleGeek
  • 3
  • 3
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
Quickest way to deal with this is to reinstall Outlook Anywhere:
Disable Outlook Anywhere completely, wait 15 minutes for the event ID to confirm it has gone, then remove the RPC Proxy feature from IIS. Ensure that the two RPC virtual directories have gone from IIS manager and run IISRESET.

Then reinstall the RPC Proxy and enable Outlook Anywhere again. Do not test until you see the event log entry to confirm it is enabled. It takes about 15 minutes.

When you say demote/promote - you aren't referring to DCPROMO I hope?

Simon.
0
 
LouisvilleGeekAuthor Commented:
Simon,

Yes - both of the Exchange servers are domain controllers.

We recently virtualized one of them and as such we demoted it then after it was virtualized, promoted it back.  Yes, with dcpromo.

Both times demotion/promotion were successful.  They are both GC's but hold no FSMO roles.
0
 
Simon Butler (Sembee)ConsultantCommented:
Running DCPROMO on a server with Exchange installed is not supported. It breaks many things, including IIS functionality, which is what has probably happened here.
Doesn't matter if it was successful or not - because that only affects the DC part, it doesn't tell you what was broken in Exchange.

Personally, I would have moved to member servers if you were moving from physical to virtual. You have significantly complicated the setup of your environment by having both DC and DAG functionality on the same server. As you must have Enterprise edition Windowsows to run a DAG there is no excuse to have DC as well, as you can have four VMs per physical licence.

That might be quite blunt, but even now I would be looking to remove each server in turn, rebuild it as a member server so that it is just Exchange and not a DC. I wouldn't like to see what happens in a failover of the DAG because Exchange on a DC acts in an odd way. Again to be blunt, that is a VERY poor design of your Exchange environment.

Simon.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LouisvilleGeekAuthor Commented:
Simon,

I am going to try to reinstall Outlook Anywhere tonight after hours.

I appreciate your blunt analysis there.  I knew that was a bad design.  I am simply trying to put out the fire here.  I didn't design it.

I tried to keep the servers as member servers but Exchange authentication was broken.  Promoting them back to DC's fixed that issue.

What we will look to future-proof this is to remove the DAG.  Stand up a new Exchange server and move all of our mailboxes to it.  We only need one Exchange server.
0
 
Simon Butler (Sembee)ConsultantCommented:
I have never seen a DAG with domain controller on the same instance of Windows outside of SBS. The symptoms you saw around authentication is one of the issues that running DCPROMO causes, as it screws up all of the security settings. Complete mess. The move to virtual was your opportunity to move things around.

If youa re going to move, make sure that you have an RPC CAS Array in place, it will make life a lot easier.

Simon.
0
 
LouisvilleGeekAuthor Commented:
Excellent detail and great instructions.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now