Solved

Exchange 2013 behind TMG 2012 - The remote server has been paused

Posted on 2013-01-23
7
3,448 Views
Last Modified: 2013-01-29
I'm desperately trying to get my Exchange online after migration without success. Exchange 2013 resides in LAN behind TMG, and it is published in TMG. From the LAN I can access https://url/owa, but when I try to access it from WAN or from the TMG itself, I'm getting "500 Internal Server Error. The remote server has been paused or is in process of being started. (70)"

It is important to say that this exact setup have worked for months before the migration. My whole infrastructure is virtual, so Exchange and TMG are VMs also. I've just converted all the VMs from vSphere to Hyper-V, and connected them in the same way. So the setup on both servers is the same as it was before the migration. The only things that are changed are:
Virtual NICs - I've removed the old ones and added the new ones after the migration (conversion), but setup is the same (at least IPs, gateways, DNS)
Public IPs on TMG, but I've changed TMG accordingly.

Where to start to search for the solution?

Thanks!

Fat Dragon
0
Comment
Question by:fd4u
  • 4
  • 2
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Check basics:
1. check the selected IP on TMG publishing rule. is it the correct one ?
2. right click on the publishing rule and test rule... any errors ?
3. In TMG NICs, the only DNS servers should be filed are the internal ones.... no external DNS ip should be used on TMG.
0
 

Author Comment

by:fd4u
Comment Utility
Thanks Sulimanw

1 - Checked. It is correct one, and public DNSes (autodiscovery, mail/owa, MX) are set to this one.
2 - Testing publishing rules "Publishing for Outolook" (url/autodiscover, url/ews, url/oab, url/rpc) and "Publishing Exchange ActiveSync" (url/Microsoft-Server-ActiveSync) , are passed with all green. "Publishing Outlook Web Access" partly passes (url/ecp and url/owa are green, but url/Exchange and url/public are red with 404 not found). But it was the exact behavior as it was before the migration, when everything worked fine. I'm not sure but I think that Exchange 2013 doesn't have /excahnge...
3. - Checked and correct - DNSes are set just on internal (LAN) nic.

Thanks for trying to help!
0
 

Author Comment

by:fd4u
Comment Utility
One more thing: I'm able to send / receive mails. For example when I open https://url/owa from the LAN I can send a mail to external world. And when I send a mail from external world - it is delivered, and I can see it in owa in LAN.

But I can't:
Open https://url/owa outside the LAN
Connect Outlook outside the LAN

Thanks
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
0
 

Accepted Solution

by:
fd4u earned 0 total points
Comment Utility
Sorry for delay. I've searched for the solution meanwhile.

I've read these posts already, but they aren't helpful in my case.

Meanwhile I've discovered very strange thing while analyzing traffic between TMG and Exchange - regular occurrences of denied "BranchCache-Advertise" 443 connection attempts (TMG to Exchange). In desperation I've created firewall rule which allows HTTPS traffic from "Local Host" (TMG) to Exchange, and after that I've succeeded to get https://url/owa from TMG! And now the most incredible thing: I've also got https://url/owa from outside!!! Unbelievable!!!

Just to check again, I've disabled newly created rule, and I've lost access again (from TMG and from external machine)!

To conclude: the solution is to allow HTTPS traffic from "Local Host" to published server, or to enable system policy rule 19 (Allow HTTP/HTTPS from TMG...), and allow "Local Host" to any network this way...

Thanks for trying to help.
0
 
LVL 16

Expert Comment

by:PaciB
Comment Utility
Hi,

In my opinion this is not a solution.
All right it works, but that is not the correct solution.

It should have worked with a "classical" TMG publishing rule. So something in your configuration is wrong and make the normal configuration to fail.
What you have done is just masking the problem with a "patch" and your don't even know why it works now !

I don't have a real solution for you at this time but in my opinion your should still be searching for the real cause.

Have a good day.
0
 

Author Closing Comment

by:fd4u
Comment Utility
It resolved the issue.
0

Featured Post

Want to promote your upcoming event?

Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video discusses moving either the default database or any database to a new volume.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now