[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 189
  • Last Modified:

We added a second Exchange server, and are moving mailboxes to it. OWA has stopped working, why?

Experts,

We are adding a second exchange server to our infrastructure as a mailbox role server.  Both are now running Exchange 201 Ent, SP3.  All roles are installed to the new server.  We have started moving mailboxes to the server.  In this process, we are realizing that as the users move to the new server, and into a new database, OWA is no longer working, and phones are stopping to sync.  When we try to login to the OWA site, we get the OWA login page, and after entering sign in info, and clicking sign in, we get a blank page and the URL reads mail.domain.com/owa/auth.owa.

Server Details:
Exchange Enterprise  2013 SP3
Windows server 2008R2 Ent SP1

How do we fix this?

Thanks!
0
cocosyseng
Asked:
cocosyseng
  • 7
  • 5
  • 3
  • +1
1 Solution
 
joinaunionCommented:
On the new server have you changed the url to point to owa.companyname.com
0
 
cocosysengAuthor Commented:
Yes, we mirrored the settings from server1 to server2.  We verified those first.
0
 
Joseph NyaemaIT ConsultantCommented:
Don't have to do anything. This is an intermediate problem. OWA will start working once the mailbox move is complete.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Adam FarageEnterprise ArchCommented:
Are the mailboxes done moving, and did Active Directory replicate?
0
 
cocosysengAuthor Commented:
Some are and some are still moving.  I've been working on my mailbox, and its moved and completed on the new server, and I have the issue.  Users that are still on the original server dont seem to be affected by this.  Yes, AD shows both servers listed in Exchange.  Across all sites.  

One server is on one subnet, and the mailbox server(the one we're moving mailboxes to) is on another subnet.  Would that play into this at all?
0
 
Joseph NyaemaIT ConsultantCommented:
Could be a replication issue... Are the domain controllers in the same site?  Domain controllers in separate sites have a replication latency by default.
If not can move them into one site to remove the replication latency,
on a domain controller run
repadmin /syncall
can the move them back to their original sites.
0
 
cocosysengAuthor Commented:
Server 1 is using the domain controllers in site 1, and server 2 is using the DC's in site 2.  How would I make server 2 replicate and create the path to server 1?
0
 
Joseph NyaemaIT ConsultantCommented:
Three options

1.

Wait for the next  active directory site replication window (happens every three hours by default

2.

reduce the replication interval (default is three hours)

3.

move the Domain Controllers into one site
You do all this from Active directory sites and services
to change the replication interval
navigate to Site -> inter site transports-> IP
Right Click on inter-site link
Change the replication interval

To move Domain Controllers to the same site
Navigate to Sites -> Site name -> Servers
Drag the Domain Controllers to the desired site. Run repadmin /syncall Can move domain controller back to its original site once replication is done
0
 
cocosysengAuthor Commented:
I've done that and our rep time is set to 30 minutes.  I've ran the repadmin /syncall and made sure replication took place.  Still nothing.
0
 
Adam FarageEnterprise ArchCommented:
Run DCDIAG /TESTALL and see if any errors occur. It sounds like when the move is completed or completing, the changes are not replicating and the users are not able to gain access to Exchange again.
0
 
cocosysengAuthor Commented:
Ran the Diag's servers come up error free.  I can see where you're going with this, the queues are giving me this "451 4.4.0 primary target IP address responded with 451 5.7.3 cannot achieve exchange server authentication, attempted failover....."
0
 
Joseph NyaemaIT ConsultantCommented:
Have you tried to run iisreset on the CAS servers or or tried rebooting them them.

For the errors in the queue - looks like the default permissions on the hub transport receive connectors have been changed. Need to re-enable the Exchange Server authentication on the default server connector on the mailbox server
0
 
Adam FarageEnterprise ArchCommented:
451 4.4.0 primary target IP address responded with 451 5.7.3 cannot achieve exchange server authentication, attempted failover.....

Do you have a database availability group? What else is in the environment, such as firewalls and such?
Are the two servers you are moving too in the same AD site and subnet, or different?

This very well could be something with SSL offloading (proxy does not work well with SSL offloading), a database stuck failing over or IPS / HTTPS Packet Inspection on a firewall.
0
 
joinaunionCommented:
Can you test your activesync here https://testconnectivity.microsoft.com/
You can run the other test also if your up to it.
0
 
cocosysengAuthor Commented:
We got it.  There was an issue with the passthrough authentication in IIS for the backend server, that MS helped us to correct.  The issue was we had the IIS settings mirrored from the front end server, but once the authentication settings were changed for the back end server, it all took off and fired back up.  thanks all for all your help!!
0
 
Joseph NyaemaIT ConsultantCommented:
Should have mentioned all changes you made to the default configuration...
Exchange 2013 works straight out of the box....  So makes really hard to know what is wrong if you don't tell us what you have changed.
0
 
cocosysengAuthor Commented:
We opened a ticket with Microsoft to correct the settings.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 7
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now