[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Exchange 2010 SP1 Outlook Anywhere not working for Directory connections

Posted on 2013-01-02
Medium Priority
Last Modified: 2013-01-03
We have 2 Exchange servers with a DAG in our environment they are both CAS servers.  After a successful demotion and promotion of these servers to virtualize them we are now having issues with Outlook Anywhere.

Outlook Anywhere works but will not connect to the directory.

I can telnet ports 6001 and 6002 to the server but not 6004. The exchange servers are not even listening on these ports via netstat cmd.

I can browse to the RPC web page with no issues.

I have checked the "ValidPorts" registry key.
Question by:LouisvilleGeek
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 2000 total points
ID: 38737249
Quickest way to deal with this is to reinstall Outlook Anywhere:
Disable Outlook Anywhere completely, wait 15 minutes for the event ID to confirm it has gone, then remove the RPC Proxy feature from IIS. Ensure that the two RPC virtual directories have gone from IIS manager and run IISRESET.

Then reinstall the RPC Proxy and enable Outlook Anywhere again. Do not test until you see the event log entry to confirm it is enabled. It takes about 15 minutes.

When you say demote/promote - you aren't referring to DCPROMO I hope?


Author Comment

ID: 38737259

Yes - both of the Exchange servers are domain controllers.

We recently virtualized one of them and as such we demoted it then after it was virtualized, promoted it back.  Yes, with dcpromo.

Both times demotion/promotion were successful.  They are both GC's but hold no FSMO roles.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38737294
Running DCPROMO on a server with Exchange installed is not supported. It breaks many things, including IIS functionality, which is what has probably happened here.
Doesn't matter if it was successful or not - because that only affects the DC part, it doesn't tell you what was broken in Exchange.

Personally, I would have moved to member servers if you were moving from physical to virtual. You have significantly complicated the setup of your environment by having both DC and DAG functionality on the same server. As you must have Enterprise edition Windowsows to run a DAG there is no excuse to have DC as well, as you can have four VMs per physical licence.

That might be quite blunt, but even now I would be looking to remove each server in turn, rebuild it as a member server so that it is just Exchange and not a DC. I wouldn't like to see what happens in a failover of the DAG because Exchange on a DC acts in an odd way. Again to be blunt, that is a VERY poor design of your Exchange environment.

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 38737574

I am going to try to reinstall Outlook Anywhere tonight after hours.

I appreciate your blunt analysis there.  I knew that was a bad design.  I am simply trying to put out the fire here.  I didn't design it.

I tried to keep the servers as member servers but Exchange authentication was broken.  Promoting them back to DC's fixed that issue.

What we will look to future-proof this is to remove the DAG.  Stand up a new Exchange server and move all of our mailboxes to it.  We only need one Exchange server.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38738504
I have never seen a DAG with domain controller on the same instance of Windows outside of SBS. The symptoms you saw around authentication is one of the issues that running DCPROMO causes, as it screws up all of the security settings. Complete mess. The move to virtual was your opportunity to move things around.

If youa re going to move, make sure that you have an RPC CAS Array in place, it will make life a lot easier.


Author Closing Comment

ID: 38740002
Excellent detail and great instructions.

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question