Mike Broderick
asked on
exchange 2010 to 2016, access EAC, get http 500 error if old exch svr down
I am migrating from exchange 2010 to 2016 in a test environment. When I click on the Exchange Administrative Center from the 2016 server's desktop, I accept the certificate warning, sign in, and then get an HTTP 500 error. This only happens when the 2010 server is down. I have cycled the 2010 server several times: When 2010 up, it works. When 2010 down, 500 error.
This is a test environment and this is my second pass at this. The first pass I didn't notice the problem until after uninstalling exchange 2010, and couldn't get in.
Am I missing something?
This is a test environment and this is my second pass at this. The first pass I didn't notice the problem until after uninstalling exchange 2010, and couldn't get in.
Am I missing something?
Is your CAS role on a separate server from the mailbox role? If so, you have to keep the 2010 CAS role available until all mailboxes are on a 2016 server. Move your administrative account mailbox to the 2016 server or open ecp on 2016 in IE using the URL described in the link above. The URLs in that link will cause ECP to proxy your connection instead of trying to redirect.
ASKER
No, I'm not getting the error they show (event ID 4). I also checked the RemoteDomains.xaml file. I don't have the problem they described.
ASKER
All Exchange roles are on the same server (I only have one of each). I had moved all of the mailboxes and still have the problem.
ASKER
Mohammed, I do see an object that doesn't look right in the RemoteDomains.xaml file:
<Service Name="RemoteDomains" Class="{x:Type RemoteDomainCodeBehind}"
xmlns:data="clr-namespace: Microsoft. Exchange.D ata.Direct ory.System Configurat ion;assemb ly=Microso ft.Exchang e.Data.Dir ectory"
xmlns:s="clr-namespace:Sys tem;assemb ly=mscorli b"
xmlns="clr-namespace:Micro soft.Excha nge.Manage ment.DDISe rvice;asse mbly=Micro soft.Excha nge.Manage ment.Contr olPanel"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml">
Notice that one of the "xmlns:" statements does not have a colon or a variable before the equal (:s= , :x=, etc.). Could you look at your file and see if yours is the same? The above segment is at the top of my file.
<Service Name="RemoteDomains" Class="{x:Type RemoteDomainCodeBehind}"
xmlns:data="clr-namespace:
xmlns:s="clr-namespace:Sys
xmlns="clr-namespace:Micro
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml">
Notice that one of the "xmlns:" statements does not have a colon or a variable before the equal (:s= , :x=, etc.). Could you look at your file and see if yours is the same? The above segment is at the top of my file.
This is what I have in my file
<Service Name="RemoteDomains" Class="{x:Type RemoteDomainCodeBehind}"
xmlns:data="clr-namespace:Microsoft.Exchange.Data.Directory.SystemConfiguration;assembly=Microsoft.Exchange.Data.Directory"
xmlns:s="clr-namespace:System;assembly=mscorlib"
xmlns="clr-namespace:Microsoft.Exchange.Management.DDIService;assembly=Microsoft.Exchange.Management.ControlPanel"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml">
BTW, have you updated your Exchange 2016 to CU1 , here's the link
http://www.microsoft.com/downloads/details.aspx?FamilyID=f3e560e7-fbb0-41ef-b3ee-05b083d4e3a3
http://www.microsoft.com/downloads/details.aspx?FamilyID=f3e560e7-fbb0-41ef-b3ee-05b083d4e3a3
ASKER
Thanks for the object. It matches mine.
No, I wasn't on CU1! Sorry; I really thought I was. I am now. Same problem.
No, I wasn't on CU1! Sorry; I really thought I was. I am now. Same problem.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
No, not yet. I will try that shortly.
ASKER
There are 4 things I wonder about. If anybody thinks they have something to do with this problem, please comment:
1) This domain was originally a Windows 2000 Small Business Server domain. It has been migrated to 2003 SBS, then 2016 R2 (2008 mode). Could there be objects or Policies in the domain causing a problem?
2) When installing Exchange 2016 (and CU1 update) I got the warning:
Setup can't verify that the 'Host' (A) record for this computer exists within the DNS database on server 192.168.x.x .
For more information, visit: http://technet.microsoft.com/library(EXCHG.160)/ms.exch.setupreadiness.HostRecordMissing.aspx
192.168.x.x is the server exchange 2016 is installed on, it is also a DC. I tried to figure out why setup has a problem with this server. Everything looks OK. NS lookup works. Replication seems to work.
3) I am using Exchange's default certificate on both the 2005 and 2016 servers. I do not want to buy a certificate unless I have to. I plan on creating a certificate using the domain's CA. We do not use any internet email clients. I doubt this is causing a problem because the procedure I am using tells me to start the EAC before doing anything with certificates, but I thought I would tell you.
4) All of the exchange services (there are a lot of them) type Automatic are started except Microsoft Exchange Notifications Broker. When I start it, it ends shortly after.
1) This domain was originally a Windows 2000 Small Business Server domain. It has been migrated to 2003 SBS, then 2016 R2 (2008 mode). Could there be objects or Policies in the domain causing a problem?
2) When installing Exchange 2016 (and CU1 update) I got the warning:
Setup can't verify that the 'Host' (A) record for this computer exists within the DNS database on server 192.168.x.x .
For more information, visit: http://technet.microsoft.com/library(EXCHG.160)/ms.exch.setupreadiness.HostRecordMissing.aspx
192.168.x.x is the server exchange 2016 is installed on, it is also a DC. I tried to figure out why setup has a problem with this server. Everything looks OK. NS lookup works. Replication seems to work.
3) I am using Exchange's default certificate on both the 2005 and 2016 servers. I do not want to buy a certificate unless I have to. I plan on creating a certificate using the domain's CA. We do not use any internet email clients. I doubt this is causing a problem because the procedure I am using tells me to start the EAC before doing anything with certificates, but I thought I would tell you.
4) All of the exchange services (there are a lot of them) type Automatic are started except Microsoft Exchange Notifications Broker. When I start it, it ends shortly after.
1. Possibly, but depends on whether those migrations were done correctly.
2. Make sure the DC is pointing to itself or another DC for DNS. Also make sure it's configured to register itself in DNS. That said, Exchange coexisting on the same server as a DC isn't a recommended configuration. You are better off installing Hyper-V and creating a separate VM for DC and Exchange to have them on the same server. Server 2012's licensing allows up to 2 VM guests for each Server License, so you don't have to pay for two licenses when doing this. You just have to make sure the only service on the server is Hyper-V. If you install Hyper-V while it's a DC, make the first VM a DC, then demote the original DC so it's just running the Hyper-V service. That will allow you to remain in compliance for licensing while keeping the DC and Exchange logically separated.
3. If you have a CA, that's fine. It will distribute the certificate trust to Domain Joined computers, and if none of your systems are domain joined, you'll be fine.
4. Microsoft Exchange Notifications Broker only runs for a little bit after reboot, then shuts itself down. This is normal.
2. Make sure the DC is pointing to itself or another DC for DNS. Also make sure it's configured to register itself in DNS. That said, Exchange coexisting on the same server as a DC isn't a recommended configuration. You are better off installing Hyper-V and creating a separate VM for DC and Exchange to have them on the same server. Server 2012's licensing allows up to 2 VM guests for each Server License, so you don't have to pay for two licenses when doing this. You just have to make sure the only service on the server is Hyper-V. If you install Hyper-V while it's a DC, make the first VM a DC, then demote the original DC so it's just running the Hyper-V service. That will allow you to remain in compliance for licensing while keeping the DC and Exchange logically separated.
3. If you have a CA, that's fine. It will distribute the certificate trust to Domain Joined computers, and if none of your systems are domain joined, you'll be fine.
4. Microsoft Exchange Notifications Broker only runs for a little bit after reboot, then shuts itself down. This is normal.
There might be anything causing this issue since you installed Exchange on AD which is not a recommended practice. however I don't think it would be because of 2,3 or 4.
The policies might get cause some complexity since Exchange needs some groups to be configured via group policy ...
but anyway. could you try to create another user in your AD. add the user to the Organization management then try to login with it.
The policies might get cause some complexity since Exchange needs some groups to be configured via group policy ...
but anyway. could you try to create another user in your AD. add the user to the Organization management then try to login with it.
ASKER
I created the new user. Same problem.
When I click on the EAC desktop icon, I see the url https://localhost/ecp/?ExchClientVer=15 and the screen warning about the certificate. When I click continue and logon, I see the url https://localhost/owa/auth.owa. Probably normal but I should tell you.
When I click on the EAC desktop icon, I see the url https://localhost/ecp/?ExchClientVer=15 and the screen warning about the certificate. When I click continue and logon, I see the url https://localhost/owa/auth.owa. Probably normal but I should tell you.
Close the browser on Exchange 2016 server. open Eventviewer and clean the Application log.
Rerun the browser and try to login to the ECP until you get the 500 error. go back to the Eventviewer and see what are the errors you've got there?
Export and attach the application log here for us to see
Rerun the browser and try to login to the ECP until you get the 500 error. go back to the Eventviewer and see what are the errors you've got there?
Export and attach the application log here for us to see
ASKER
OK. I'm working on it. FYI. when the 2010 server is down I get ID 3505 source MSExchange Front End HTTP Proxy:
[Owa] Marking ClientAccess 2010 server --myserver-- (https://--myserver.local/owa) as unhealthy due to exception: System.Net.WebException: The operation has timed out
at System.Net.HttpWebRequest. GetRespons e()
[Owa] Marking ClientAccess 2010 server --myserver-- (https://--myserver.local/owa) as unhealthy due to exception: System.Net.WebException: The operation has timed out
at System.Net.HttpWebRequest.
ASKER
Attached is the text file containing the events. The short answer is there are no events. I ran it 5 times, got 5 different sets of events. Different events each time. One time there were no events. I think there are so many events coming in every minute that I the ones I was seeing are not directly related.
The error you posted is normal one it occurs in every coexistence scenario when a legacy server is down.
Could you check if you have an AD replication issues ? What's the Global catalog server that's connected to your Exchange 2010 and 2016? Are they the same DCs? or different?
Is the time identical on all your DCs?
Could you check if you have an AD replication issues ? What's the Global catalog server that's connected to your Exchange 2010 and 2016? Are they the same DCs? or different?
Is the time identical on all your DCs?
ASKER
I'll verify there are no replication issues. The domain had a 2003 SBS server w/exchange 2003 but they were demoted and uninstalled as part of this test. 2016 install first gave a warning about a legacy exchange server, but I used ADSI to remove a replication partner. After that it didn't give any warnings.
On the DC you can use the following cmds to check for the replication
repadmin /showrepl
repadmin /replsum
dcdiag /test:replications
repadmin /showrepl
repadmin /replsum
dcdiag /test:replications
ASKER
The tests all passed. I also ran dcdiag /testdns /e /v. Nothing. Not even warnings.
As a side, I have been using the following to migrate:
http://www.msexchange.org/articles-tutorials/exchange-2016-articles/migration-deployment/migrating-small-organization-exchange-2010-exchange-2016-part6.html
The only two things I haven't done are to create a certificate and to create connectors. When It says to create DNS records for autodiscover and mail, I put them in both mydomain.com and mydomain.local. The address pointed to is 192.168.xxx.10, 2016 server. Is that OK?
As a side, I have been using the following to migrate:
http://www.msexchange.org/articles-tutorials/exchange-2016-articles/migration-deployment/migrating-small-organization-exchange-2010-exchange-2016-part6.html
The only two things I haven't done are to create a certificate and to create connectors. When It says to create DNS records for autodiscover and mail, I put them in both mydomain.com and mydomain.local. The address pointed to is 192.168.xxx.10, 2016 server. Is that OK?
I really doubt this is has anything to do with the problem you're having. Your problems seems more likely to be a configuration issue.
Just out of curiosity what's the SP and RU your Exchange 2010 is on ?
Just out of curiosity what's the SP and RU your Exchange 2010 is on ?
ASKER
The exchange 2016 server's level is Version 15.1 (Build 396.30) . The 2012 R2 level is version 6.3 build 9600.
no I meant 2010 Exchange server not 2016.
ASKER
Sorry. Exchange 2010 is Version 14.3 (Build 123.4)
ASKER
It works now. It looks like after all of the mailboxes were migrated the problem went away. Thank you for all of your help.
http://www.moh10ly.com/blog/exchange/exchange-2013/exchange-2013-ecp-fails-with-500-unexpected-error-after-running-hybrid-configuration-wizard-with-office-365