Exchange 2010 SP1 Outlook Anywhere not working for Directory connections

Posted on 2013-01-02
Medium Priority
Last Modified: 2013-01-03
We have 2 Exchange servers with a DAG in our environment they are both CAS servers.  After a successful demotion and promotion of these servers to virtualize them we are now having issues with Outlook Anywhere.

Outlook Anywhere works but will not connect to the directory.

I can telnet ports 6001 and 6002 to the server but not 6004. The exchange servers are not even listening on these ports via netstat cmd.

I can browse to the RPC web page with no issues.

I have checked the "ValidPorts" registry key.
Question by:LouisvilleGeek
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 2000 total points
ID: 38737249
Quickest way to deal with this is to reinstall Outlook Anywhere:
Disable Outlook Anywhere completely, wait 15 minutes for the event ID to confirm it has gone, then remove the RPC Proxy feature from IIS. Ensure that the two RPC virtual directories have gone from IIS manager and run IISRESET.

Then reinstall the RPC Proxy and enable Outlook Anywhere again. Do not test until you see the event log entry to confirm it is enabled. It takes about 15 minutes.

When you say demote/promote - you aren't referring to DCPROMO I hope?


Author Comment

ID: 38737259

Yes - both of the Exchange servers are domain controllers.

We recently virtualized one of them and as such we demoted it then after it was virtualized, promoted it back.  Yes, with dcpromo.

Both times demotion/promotion were successful.  They are both GC's but hold no FSMO roles.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38737294
Running DCPROMO on a server with Exchange installed is not supported. It breaks many things, including IIS functionality, which is what has probably happened here.
Doesn't matter if it was successful or not - because that only affects the DC part, it doesn't tell you what was broken in Exchange.

Personally, I would have moved to member servers if you were moving from physical to virtual. You have significantly complicated the setup of your environment by having both DC and DAG functionality on the same server. As you must have Enterprise edition Windowsows to run a DAG there is no excuse to have DC as well, as you can have four VMs per physical licence.

That might be quite blunt, but even now I would be looking to remove each server in turn, rebuild it as a member server so that it is just Exchange and not a DC. I wouldn't like to see what happens in a failover of the DAG because Exchange on a DC acts in an odd way. Again to be blunt, that is a VERY poor design of your Exchange environment.

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Author Comment

ID: 38737574

I am going to try to reinstall Outlook Anywhere tonight after hours.

I appreciate your blunt analysis there.  I knew that was a bad design.  I am simply trying to put out the fire here.  I didn't design it.

I tried to keep the servers as member servers but Exchange authentication was broken.  Promoting them back to DC's fixed that issue.

What we will look to future-proof this is to remove the DAG.  Stand up a new Exchange server and move all of our mailboxes to it.  We only need one Exchange server.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38738504
I have never seen a DAG with domain controller on the same instance of Windows outside of SBS. The symptoms you saw around authentication is one of the issues that running DCPROMO causes, as it screws up all of the security settings. Complete mess. The move to virtual was your opportunity to move things around.

If youa re going to move, make sure that you have an RPC CAS Array in place, it will make life a lot easier.


Author Closing Comment

ID: 38740002
Excellent detail and great instructions.

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question