[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2013 behind TMG 2012 - The remote server has been paused

Posted on 2013-01-23
7
Medium Priority
?
3,701 Views
Last Modified: 2013-01-29
I'm desperately trying to get my Exchange online after migration without success. Exchange 2013 resides in LAN behind TMG, and it is published in TMG. From the LAN I can access https://url/owa, but when I try to access it from WAN or from the TMG itself, I'm getting "500 Internal Server Error. The remote server has been paused or is in process of being started. (70)"

It is important to say that this exact setup have worked for months before the migration. My whole infrastructure is virtual, so Exchange and TMG are VMs also. I've just converted all the VMs from vSphere to Hyper-V, and connected them in the same way. So the setup on both servers is the same as it was before the migration. The only things that are changed are:
Virtual NICs - I've removed the old ones and added the new ones after the migration (conversion), but setup is the same (at least IPs, gateways, DNS)
Public IPs on TMG, but I've changed TMG accordingly.

Where to start to search for the solution?

Thanks!

Fat Dragon
0
Comment
Question by:fd4u
  • 4
  • 2
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38813123
Check basics:
1. check the selected IP on TMG publishing rule. is it the correct one ?
2. right click on the publishing rule and test rule... any errors ?
3. In TMG NICs, the only DNS servers should be filed are the internal ones.... no external DNS ip should be used on TMG.
0
 

Author Comment

by:fd4u
ID: 38813151
Thanks Sulimanw

1 - Checked. It is correct one, and public DNSes (autodiscovery, mail/owa, MX) are set to this one.
2 - Testing publishing rules "Publishing for Outolook" (url/autodiscover, url/ews, url/oab, url/rpc) and "Publishing Exchange ActiveSync" (url/Microsoft-Server-ActiveSync) , are passed with all green. "Publishing Outlook Web Access" partly passes (url/ecp and url/owa are green, but url/Exchange and url/public are red with 404 not found). But it was the exact behavior as it was before the migration, when everything worked fine. I'm not sure but I think that Exchange 2013 doesn't have /excahnge...
3. - Checked and correct - DNSes are set just on internal (LAN) nic.

Thanks for trying to help!
0
 

Author Comment

by:fd4u
ID: 38813162
One more thing: I'm able to send / receive mails. For example when I open https://url/owa from the LAN I can send a mail to external world. And when I send a mail from external world - it is delivered, and I can see it in owa in LAN.

But I can't:
Open https://url/owa outside the LAN
Connect Outlook outside the LAN

Thanks
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Accepted Solution

by:
fd4u earned 0 total points
ID: 38815188
Sorry for delay. I've searched for the solution meanwhile.

I've read these posts already, but they aren't helpful in my case.

Meanwhile I've discovered very strange thing while analyzing traffic between TMG and Exchange - regular occurrences of denied "BranchCache-Advertise" 443 connection attempts (TMG to Exchange). In desperation I've created firewall rule which allows HTTPS traffic from "Local Host" (TMG) to Exchange, and after that I've succeeded to get https://url/owa from TMG! And now the most incredible thing: I've also got https://url/owa from outside!!! Unbelievable!!!

Just to check again, I've disabled newly created rule, and I've lost access again (from TMG and from external machine)!

To conclude: the solution is to allow HTTPS traffic from "Local Host" to published server, or to enable system policy rule 19 (Allow HTTP/HTTPS from TMG...), and allow "Local Host" to any network this way...

Thanks for trying to help.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38819148
Hi,

In my opinion this is not a solution.
All right it works, but that is not the correct solution.

It should have worked with a "classical" TMG publishing rule. So something in your configuration is wrong and make the normal configuration to fail.
What you have done is just masking the problem with a "patch" and your don't even know why it works now !

I don't have a real solution for you at this time but in my opinion your should still be searching for the real cause.

Have a good day.
0
 

Author Closing Comment

by:fd4u
ID: 38830316
It resolved the issue.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month17 days, 15 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question