Solved

Exchange 2013 behind TMG 2012 - The remote server has been paused

Posted on 2013-01-23
7
3,567 Views
Last Modified: 2013-01-29
I'm desperately trying to get my Exchange online after migration without success. Exchange 2013 resides in LAN behind TMG, and it is published in TMG. From the LAN I can access https://url/owa, but when I try to access it from WAN or from the TMG itself, I'm getting "500 Internal Server Error. The remote server has been paused or is in process of being started. (70)"

It is important to say that this exact setup have worked for months before the migration. My whole infrastructure is virtual, so Exchange and TMG are VMs also. I've just converted all the VMs from vSphere to Hyper-V, and connected them in the same way. So the setup on both servers is the same as it was before the migration. The only things that are changed are:
Virtual NICs - I've removed the old ones and added the new ones after the migration (conversion), but setup is the same (at least IPs, gateways, DNS)
Public IPs on TMG, but I've changed TMG accordingly.

Where to start to search for the solution?

Thanks!

Fat Dragon
0
Comment
Question by:fd4u
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38813123
Check basics:
1. check the selected IP on TMG publishing rule. is it the correct one ?
2. right click on the publishing rule and test rule... any errors ?
3. In TMG NICs, the only DNS servers should be filed are the internal ones.... no external DNS ip should be used on TMG.
0
 

Author Comment

by:fd4u
ID: 38813151
Thanks Sulimanw

1 - Checked. It is correct one, and public DNSes (autodiscovery, mail/owa, MX) are set to this one.
2 - Testing publishing rules "Publishing for Outolook" (url/autodiscover, url/ews, url/oab, url/rpc) and "Publishing Exchange ActiveSync" (url/Microsoft-Server-ActiveSync) , are passed with all green. "Publishing Outlook Web Access" partly passes (url/ecp and url/owa are green, but url/Exchange and url/public are red with 404 not found). But it was the exact behavior as it was before the migration, when everything worked fine. I'm not sure but I think that Exchange 2013 doesn't have /excahnge...
3. - Checked and correct - DNSes are set just on internal (LAN) nic.

Thanks for trying to help!
0
 

Author Comment

by:fd4u
ID: 38813162
One more thing: I'm able to send / receive mails. For example when I open https://url/owa from the LAN I can send a mail to external world. And when I send a mail from external world - it is delivered, and I can see it in owa in LAN.

But I can't:
Open https://url/owa outside the LAN
Connect Outlook outside the LAN

Thanks
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38813178
0
 

Accepted Solution

by:
fd4u earned 0 total points
ID: 38815188
Sorry for delay. I've searched for the solution meanwhile.

I've read these posts already, but they aren't helpful in my case.

Meanwhile I've discovered very strange thing while analyzing traffic between TMG and Exchange - regular occurrences of denied "BranchCache-Advertise" 443 connection attempts (TMG to Exchange). In desperation I've created firewall rule which allows HTTPS traffic from "Local Host" (TMG) to Exchange, and after that I've succeeded to get https://url/owa from TMG! And now the most incredible thing: I've also got https://url/owa from outside!!! Unbelievable!!!

Just to check again, I've disabled newly created rule, and I've lost access again (from TMG and from external machine)!

To conclude: the solution is to allow HTTPS traffic from "Local Host" to published server, or to enable system policy rule 19 (Allow HTTP/HTTPS from TMG...), and allow "Local Host" to any network this way...

Thanks for trying to help.
0
 
LVL 16

Expert Comment

by:Bruno PACI
ID: 38819148
Hi,

In my opinion this is not a solution.
All right it works, but that is not the correct solution.

It should have worked with a "classical" TMG publishing rule. So something in your configuration is wrong and make the normal configuration to fail.
What you have done is just masking the problem with a "patch" and your don't even know why it works now !

I don't have a real solution for you at this time but in my opinion your should still be searching for the real cause.

Have a good day.
0
 

Author Closing Comment

by:fd4u
ID: 38830316
It resolved the issue.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video discusses moving either the default database or any database to a new volume.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question