Solved

Exchange 2013 behind TMG 2012 - The remote server has been paused

Posted on 2013-01-23
7
3,503 Views
Last Modified: 2013-01-29
I'm desperately trying to get my Exchange online after migration without success. Exchange 2013 resides in LAN behind TMG, and it is published in TMG. From the LAN I can access https://url/owa, but when I try to access it from WAN or from the TMG itself, I'm getting "500 Internal Server Error. The remote server has been paused or is in process of being started. (70)"

It is important to say that this exact setup have worked for months before the migration. My whole infrastructure is virtual, so Exchange and TMG are VMs also. I've just converted all the VMs from vSphere to Hyper-V, and connected them in the same way. So the setup on both servers is the same as it was before the migration. The only things that are changed are:
Virtual NICs - I've removed the old ones and added the new ones after the migration (conversion), but setup is the same (at least IPs, gateways, DNS)
Public IPs on TMG, but I've changed TMG accordingly.

Where to start to search for the solution?

Thanks!

Fat Dragon
0
Comment
Question by:fd4u
  • 4
  • 2
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38813123
Check basics:
1. check the selected IP on TMG publishing rule. is it the correct one ?
2. right click on the publishing rule and test rule... any errors ?
3. In TMG NICs, the only DNS servers should be filed are the internal ones.... no external DNS ip should be used on TMG.
0
 

Author Comment

by:fd4u
ID: 38813151
Thanks Sulimanw

1 - Checked. It is correct one, and public DNSes (autodiscovery, mail/owa, MX) are set to this one.
2 - Testing publishing rules "Publishing for Outolook" (url/autodiscover, url/ews, url/oab, url/rpc) and "Publishing Exchange ActiveSync" (url/Microsoft-Server-ActiveSync) , are passed with all green. "Publishing Outlook Web Access" partly passes (url/ecp and url/owa are green, but url/Exchange and url/public are red with 404 not found). But it was the exact behavior as it was before the migration, when everything worked fine. I'm not sure but I think that Exchange 2013 doesn't have /excahnge...
3. - Checked and correct - DNSes are set just on internal (LAN) nic.

Thanks for trying to help!
0
 

Author Comment

by:fd4u
ID: 38813162
One more thing: I'm able to send / receive mails. For example when I open https://url/owa from the LAN I can send a mail to external world. And when I send a mail from external world - it is delivered, and I can see it in owa in LAN.

But I can't:
Open https://url/owa outside the LAN
Connect Outlook outside the LAN

Thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38813178
0
 

Accepted Solution

by:
fd4u earned 0 total points
ID: 38815188
Sorry for delay. I've searched for the solution meanwhile.

I've read these posts already, but they aren't helpful in my case.

Meanwhile I've discovered very strange thing while analyzing traffic between TMG and Exchange - regular occurrences of denied "BranchCache-Advertise" 443 connection attempts (TMG to Exchange). In desperation I've created firewall rule which allows HTTPS traffic from "Local Host" (TMG) to Exchange, and after that I've succeeded to get https://url/owa from TMG! And now the most incredible thing: I've also got https://url/owa from outside!!! Unbelievable!!!

Just to check again, I've disabled newly created rule, and I've lost access again (from TMG and from external machine)!

To conclude: the solution is to allow HTTPS traffic from "Local Host" to published server, or to enable system policy rule 19 (Allow HTTP/HTTPS from TMG...), and allow "Local Host" to any network this way...

Thanks for trying to help.
0
 
LVL 16

Expert Comment

by:PaciB
ID: 38819148
Hi,

In my opinion this is not a solution.
All right it works, but that is not the correct solution.

It should have worked with a "classical" TMG publishing rule. So something in your configuration is wrong and make the normal configuration to fail.
What you have done is just masking the problem with a "patch" and your don't even know why it works now !

I don't have a real solution for you at this time but in my opinion your should still be searching for the real cause.

Have a good day.
0
 

Author Closing Comment

by:fd4u
ID: 38830316
It resolved the issue.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question