Exchange 2010: setup exhange on iphone
hi all,
I setup the exchange 2010 with self sign certificate & I opened port 25 & port 443. When I tried to setup the account on iphone, it said that "Failed to verify identity" Is there anything else that I need to setup on Exchange
for it to support mobile device? I couldn't figure out how to fix it
Thanks
When using sing self-signed certificate or certificate from local CA, by default, devices don't trust that issuer so you need to export that certificate (self signed or CA root) and import it to all devices so it will be trusted.
Example: http://www.petenetlive.com/KB/Article/0000242.htm
The best practice and most recommended way is to buy a certificate from third party CA (Go Daddy for example), that way, no special configuration on devices is needed.
Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.
Similar Messages
-
Exchange 2010 email access from iPhone 4
Hi,
We have Exchange 2010 in our network and we are publishing OWA & Outlook Anywhere using TMG 2010 with GoDaddy Public Certificate.
Everything works well.
I can access the OWA & Outlook Anywhere from Non Domain machines without any issues but when it comes to iPhone it just doesn't work.
I followed the procedure to configure iPhone from this link and selected the manual configuration option but i get the
http://maketecheasier.com/connect-exchange-account-from-iphone/2011/02/14
I get Server‘
field added to the previous fields in the settings.
Is there any configuration required on TMG for iPhone email access?
Please suggest.
Regards,
Maqsood
Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation CertifiedHi,
We have Exchange 2010 in our network and we are publishing OWA & Outlook Anywhere using TMG 2010 with GoDaddy Public Certificate.
Everything works well.
I can access the OWA & Outlook Anywhere from Non Domain machines without any issues but when it comes to iPhone it just doesn't work.
I followed the procedure to configure iPhone from this link and selected the manual configuration option but i get the
http://maketecheasier.com/connect-exchange-account-from-iphone/2011/02/14
I get Server‘
field added to the previous fields in the settings.
Is there any configuration required on TMG for iPhone email access?
Please suggest.
Regards,
Maqsood
Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified
Please can you give some info about the Godday certificate you bought. -
I am having some issues and I am need some help please. I tried to setup exchange on a local server yesterday (2010) and 1/2 way through it throught a ton of errors where I could not find some items. So ok I said it would not even uninstall without giving
me grief. I then did a manual uninstall of 2010 since I couldnt get 2010 to even install on the new server without doing so. I then setup a new virtual server today and tried to reinstall it. but am still getting an error and here is the logs.
[04/27/2014 07:48:55.0235] [2] Active Directory session settings for 'initialize-ExchangeUniversalGroups' are: View Entire Forest: 'True', Configuration Domain Controller: '69-64-71-40.ketelaaraccounting.com', Preferred Global Catalog: '69-64-71-40.ketelaaraccounting.com',
Preferred Domain Controllers: '{ 69-64-71-40.ketelaaraccounting.com }'
[04/27/2014 07:48:55.0235] [2] Beginning processing initialize-ExchangeUniversalGroups -DomainController:'69-64-71-40.ketelaaraccounting.com' -ActiveDirectorySplitPermissions:$null
[04/27/2014 07:48:55.0267] [2] Used domain controller 69-64-71-40.ketelaaraccounting.com to read object DC=ketelaaraccounting,DC=com.
[04/27/2014 07:48:55.0282] [2] Used domain controller 69-64-71-40.ketelaaraccounting.com to read object CN=Configuration,DC=ketelaaraccounting,DC=com.
[04/27/2014 07:48:55.0282] [2] Used domain controller 69-64-71-40.ketelaaraccounting.com to read object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ketelaaraccounting,DC=com.
[04/27/2014 07:48:56.0031] [2] Used domain controller 69-64-71-40.ketelaaraccounting.com to read object OU=Microsoft Exchange Security Groups,DC=ketelaaraccounting,DC=com.
[04/27/2014 07:48:56.0125] [2] [ERROR] Unexpected Error
[04/27/2014 07:48:56.0125] [2] [ERROR] The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:ed5aa0f9-643b-43d8-bdeb-5e6c0f327703,CN=Deleted Objects,DC=ketelaaraccounting,DC=com on the otherWellKnownObjects attribute
in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ketelaaraccounting,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.
[04/27/2014 07:48:56.0156] [2] Ending processing initialize-ExchangeUniversalGroups
[04/27/2014 07:48:56.0156] [1] The following 1 error(s) occurred during task execution:
[04/27/2014 07:48:56.0156] [1] 0. ErrorRecord: The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:ed5aa0f9-643b-43d8-bdeb-5e6c0f327703,CN=Deleted Objects,DC=ketelaaraccounting,DC=com on the otherWellKnownObjects
attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ketelaaraccounting,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.
[04/27/2014 07:48:56.0156] [1] 0. ErrorRecord: Microsoft.Exchange.Management.Tasks.InvalidWKObjectException: The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:ed5aa0f9-643b-43d8-bdeb-5e6c0f327703,CN=Deleted
Objects,DC=ketelaaraccounting,DC=com on the otherWellKnownObjects attribute in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ketelaaraccounting,DC=com points to an invalid DN or a deleted object. Remove the entry, and then
rerun the task.
[04/27/2014 07:48:56.0156] [1] [ERROR] The following error was generated when "$error.Clear();
initialize-ExchangeUniversalGroups -DomainController $RoleDomainController -ActiveDirectorySplitPermissions $RoleActiveDirectorySplitPermissions
" was run: "The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:ed5aa0f9-643b-43d8-bdeb-5e6c0f327703,CN=Deleted Objects,DC=ketelaaraccounting,DC=com on the otherWellKnownObjects attribute in the container
object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ketelaaraccounting,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.".
[04/27/2014 07:48:56.0156] [1] [ERROR] The well-known object entry B:32:C262A929D691B74A9E068728F8F842EA:CN=Organization Management\0ADEL:ed5aa0f9-643b-43d8-bdeb-5e6c0f327703,CN=Deleted Objects,DC=ketelaaraccounting,DC=com on the otherWellKnownObjects attribute
in the container object CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ketelaaraccounting,DC=com points to an invalid DN or a deleted object. Remove the entry, and then rerun the task.
[04/27/2014 07:48:56.0156] [1] [ERROR-REFERENCE] Id=443949901 Component=
[04/27/2014 07:48:56.0156] [1] Setup is stopping now because of one or more critical errors.
[04/27/2014 07:48:56.0156] [1] Finished executing component tasks.
[04/27/2014 07:48:56.0187] [1] Ending processing Install-ExchangeOrganization
[04/27/2014 07:48:56.0187] [0] The Exchange Server setup operation didn't complete. More details can be found in ExchangeSetup.log located in the <SystemDrive>:\ExchangeSetupLogs folder.
[04/27/2014 07:48:56.0203] [0] End of Setup
[04/27/2014 07:48:56.0203] [0] **********************************************
Im really lost I can not find the entry it is complaining about no matter how hard I look. I really need help I would rather not scrap all my hard work.
TedHi,
Based on my research, we can try to firstly check the otherWellKnownObjects attribute in order to resolve the issue:
1.) Go to Start -> Run -Type LDP.exe -> click OK
2.) Click Connection -> Connect and then click OK
3.) Click Connection -> Bind and then click OK
4.) Click View -> Tree and for the BaseDN select CN=Configuration,DC=DomainName,DC=local and click OK
5.) In the left-pane expand the Configuration partition -> Services -> Microsoft Exchange
6.) Right-click the object Microsoft Exchange and then click Modify
7.) In the Attribute box type otherWellKnownObjects
8.) In the Values box type B:32:9C5B963F67F14A4B936CB8EFB19C4784:CN=ExchangeLegacyInterop\0ADEL:90d1a283-ed42-4ddf-8402- f0dbef0290b2,CN=Deleted Objects,DC=CAO,DC=local (The invalid DN reference you
want to delete)
9.) Select the Delete radio button
10.) Click the Enter button
11.) The Entry List text box will populate with [Delete] and the selected attribute and its value in steps 7 & 8.
12.) Click on the Run button
And here are some references:
http://blogs.technet.com/b/winde76/archive/2012/06/10/prepare-ad-creates-duplicate-security-groups.aspx
http://social.technet.microsoft.com/Forums/exchange/en-US/2fd295db-f84e-4c7b-a1cb-03fa0433d95f/exchange-2010-install-setup-preparead-fail?forum=exchangesvrdeploylegacy
http://social.technet.microsoft.com/Forums/exchange/en-US/7f0f2ea5-73f0-4a61-8f9f-728f11eea98b/exchange-2010-install-fails-preparead
Thanks,
Angela Shi
TechNet Community Support -
Forefront for exchange 2010 setup wizard preinstall update request
I'm trying to install FPE, but even before I install and after the extraction of the files im getting the following error message on both my CAS servers.
I have the following roles installed on this Client Access Server im using for the initial install of Forefront.
Do I need to install active directory domain services before I continue.Hi,
Firstly, please refer to the similar thread below:
FSEMachinePrep.exe
fails saying Server Unavailable
Based on my research,
Microsoft Forefront Protection 2010 for Exchange Server (FPE) can be deployed on Exchange Edge Transport, Hub Transport, Mailbox server, or combined
Hub/Mailbox roles.
Exchange 2010 requires Active Directory to be in place except for the Exchange 2010 Edge role (for DMZ) which can be deployed in a workgroup with Active Directory Lightweight
Directory Services. Both Exchange (Mailbox, HUB and CAS role) and therefore FPE requires an Active Directory on site.
Did you set up a domain environment for exchange server? If yes, please check the group membership of the user and make sure that it is a member of the Organization
Management role group. In addition, please also make sure that you can connect to the primary domain controller on the CAS servers.
More information:
Microsoft Exchange Server 2010: Exchange Server and Active Directory
Best regards,
Susie -
I'm trying to have existing Exchange accounts setup on my new iMac and can't get it to work.
I have existing Exchange accounts setup on my iPhone and iPad to access my work email. I'm trying to do the same on my new iMac and can't get it to work. I have it setup the same as my iPad and it asks me for my password over and over...any suggestions?
<Re-Titled By Host>Hi mwatts18,
As a preliminary troubleshooting step, you should reference the information in the following article:
OS X Mail: Troubleshooting sending and receiving email messages
http://support.apple.com/kb/TS3276
I would especially suggest that you delete the account and re-add it, making sure that you are entering the correct password when you add the account. Thanks for being a part of the Apple Support Communities!
Regards,
Braden -
Hello,
I have an Exchange 2010 question which I will post in the Exchange 2013 section since the Ask a question button in the legacy Exchange Servers section of technet takes me back to the part of Technet where I can only ask questions regarding Exchange 2013.
If someone can point me to a part where I can place a question in an Exchange 2010 forum please let me know.
We have Exchange 2010 setup with a CAS array listening to outlook.internaldomain.com
We have TMG 2010 setup with a rule for Outlook Anywhere, the rule listens to mail.externaldomain.com and traffic that meets this rule is let through to outlook.internaldomain.com.
When I fire up my laptop, which is connected to the internet, and start Outlook and let it configure my profile through autodiscover it sets it up correct and fills the Outlook profile with a servername stating outlook.internaldomain.com and a proxyserver
to be used stating mail.externaldomain.com. After initial setup when my Outlook starts it almost immediatly prompts me for a username and a password so this is working fine.
At the office we have an internal network segment where DHCP is servicing the connecting clients and giving them our internal DNS servers because they need connection to some other network segments which are not available to the internet. This network segment
does not have access to our internal Exchange environment but has full access to the internet. Clients in this network segment do want to use Outlook so using Outlook Anywhere for them is the logical way to go. When I connect my laptop to this network segment
I get handed an IP address and our internal DNS servers, when I start Outlook it takes about two minutes before a the credential prompt pops up and another 2 to 6 minutes after entering credentials before it says all folders are in sync. This is quite long
and our clients find this unacceptable.
I started testing what might be going on here and I have found that when I manually enter external DNS servers the Outlook password prompt will popup in seconds and all is working as expected so it seems Outlook is trying to connect to the internal servername
when using our internal DNS servers (which can resolve outlook.internalnetwork.com) instead of directly going to the proxy server which is to be used for Outlook Anywhere.
When I start a network monitor trace my thoughts are confirmed because when I am connected to the internal network segment OUTLOOK.EXE first tries to connect to outlook.internaldomain.com, it almost immediately gets a response stating that this route is
inaccessible but OUTLOOK.EXE keeps on trying to connect untill some sort of time out is reached (somewhere around two minutes) after which it connects to mail.externaldomain.com and Outlook shows the credential prompt.
So to round it up, when connected to DNS servers that can resolve the internal servername Outlook tries to connect to the internal servername in stead of the external name, Outlook does not reckognize the answer from the network that the internal route is
not acessible (or it does but does nothing with this information).
Has anybody experienced this behaviour in Outlook?
Does anyone have a solution in where I can force Outlook to connect to it's proxyserver and disregard the internal servername?Thank you for your reply.
The client computers that are experiencing the issues are not domain joined, the only reason I can think of why this is occurring is because the DNS servers are able to resolve the internal hostname of the server, but I would expect Outlook to always use
the proxy server that has been set in the configuration of the Outlook profile. Or at least acknowledging the answer that the initially tried route is inaccessible and immediately continue to the proxy server.
For setting the same hostname for internal and external use, we use different namespaces internally and externally, do you mean setting the external hostname on the CAS array for internal use ? Wouldn't that push all internal communication to the internet
and to the outside interface of the TMG where the server is published with that hostname ? -
Exchange 2010/2013 coexistence published in TMG 2010
Environment:
Two Windows 2008 R2, Exchange 2010 SP3 servers, currently holding all mailboxes
Two Windows 2012 R2, Exchange 2013 SP1 servers, setup in progress
Two Windows 2008 R2, TMG 2010, V7.0.9193.540 publishing both Exchange 2010 servers.
Scenario:
I need to continue having Exchange 2010 setup in TMG as is as the mailbox migration to 2013 will take weeks if not months and I have a project requirement to have Exchange Database Availability Group (DAG) functionality for all mailboxes throughout the project,
so 4 servers are an absolute must. So I need to add Exchange 2013 in TMG and not just replace the 2010 setup with the 2013 setup and I cannot run one 2010 and one 2013 server.
Questions:
1. I currently only have 2 public IP addresses available to SMTP, mapped to the external interfaces of TMG, to allow my environment to be able receive emails on 4 Exchange servers (two 2010 and two 2013) I need to have 4 public IP addresses, is that correct?
2. Does anyone have a good general guide/blog for doing this (setting up Exchange 2013 in TMG in a coexistance scenario)?
This is nice, but doesn't really approach it from a coexistance scenario:
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Thanks!Hi Trana,
In TMG you can use single IP address to publish multiple Web address and below are the options which you can explore.
Hope your OWA ECP etc are Https
You need a SSL certificate which has all the URL SAN entry of both old and new Exchange server.
Create a listener and select the IP address (Say public IP address 195.219.x.x)
Link the SSL certificate
Public DNS entry
A record , Single IP
195.219.x.x
Point to
Owa1.exchange1.com - Old Server
195.219.x.x
Point to
ECP1.exchange1.com - Old Server
195.219.x.x
Point to
ECP2.exchange2.com - New Server
195.219.x.x
Point to
Owa2.exchange2.com - New Server
Create a Web publishing rule as below
Old server Exchange 1
Owa1.exchange1.com
ECP1.exchange1.com
One Web publishing Rule with all the URL added on it and link the Rule with the listener we created
Point the Web publishing to Exchange1.com server which is old
New server Exchange 2
Web publishing Rule with all the URL added on it and link the Rule with the listener we created
Point the Web publishing to Exchange2.com server which is New
ECP2.exchange2.com
Owa2.exchange2.com -
Error Code 8224 Ldifde Exchange 2010 installation failure
Hi, here is a problem I have been bashing my head with for about a week. I am transitioning to Exchange 2010 from 2003. I have two DC's running Windows Server 2003 Sp2, one of which is the Exchange 2003 server. I have just brought online a windows 2008R2
member server, which I am attempting to install exchange 2010 on. I get the following error message during installation.
Organization Preparation
Failed
Error:
The following error was generated when "$error.Clear(); install-ExchangeSchema -LdapFileName ($roleInstallPath + "Setup\Data\"+$RoleSchemaPrefix + "schema1.ldf")" was run: "There was an error while running 'ldifde.exe' to
import the schema file 'C:\Windows\Temp\ExchangeSetup\Setup\Data\PostExchange2003_schema1.ldf'. The error code is: 8224. More details can be found in the error file: 'C:\Users\administrator.CFN\AppData\Local\Temp\2\ldif.err'".
There was an error while running 'ldifde.exe' to import the schema file 'C:\Windows\Temp\ExchangeSetup\Setup\Data\PostExchange2003_schema1.ldf'. The error code is: 8224. More details can be found in the error file: 'C:\Users\administrator.CFN\AppData\Local\Temp\2\ldif.err'
Elapsed Time: 00:00:22
And from the ldif.err:
The connection cannot be established
The error code is 8224
Now I have checked dns, all is good. I can resolve the DC without issue.
I have done dcdiag and netdiag and passes all tests. I have even written a hosts file, all this to no avail.
Any help would be appreciated.
Thanks
BI had a same and I fixed this........
Solution
1. The error is happening at the "Organization Preparation" stage, so let's go 'old school' and do that manually.
2. Locate the server on your network that is the schema master (Locate FSMO Servers).
3. Put the Exchange 2010 DVD in the schema master (Or share it over the network and connect to it from the schema master server).
4. Drop to command line and change to the DVD Drive/Directory with the Exchange 2010 setup files in it.
5. ONLY do this if you have Exchange 2003 already! Run the following command, (If no Exchange 2003 present, skip to the next step).
X:\Setup /PrepareLegacyExchangePermissions (Where "X" is CD ROM derive letter)
6. Run the following command:
X:\Setup /PrepareSchema
7.
Run the following command:
X:\Setup /PrepareAD
Note: At this point it may fail, and say it requires an organization name, (it will do this if it finds no existing container in Active Directory).
Error
Exchange organization name is required for this mode. To specify an organization name, use the /organizationName parameter.
If that is the case, then run the following command:
X:\Setup /PrepareAD /OrganizationName:"Your required org name"
Reboot your server and try to install exchange 2010.
Jotiba Patil -
Exchange 2010 DAG Failover does not works
Hi Experts,
I have a Exchange 2010 setup in a DAG environment. We have 2 MBX servers in the main site and 1 MBX server in the DR site , all part of one DAG. We have 2 HUB/CAS servers in the main site and 1 HUB/CAS server in the DR site.
Recently we had to do our BCP test for audit purpose. We had issues in doing failover to the DR site and below is the error faced.
Please advise urgently on the possible causes and resolution steps for it as we need to do this test again on the coming weekend.
"EvictDagClusterNode got exception Microsoft.Exchange.Cluster.Replay.AmClusterEvictWithoutCleanupException: An Active Manager operation failed. Error An error
occurred while attempting a cluster operation. Error: Evict node 'sme-ho-mbx01' returned without the node being fully cleaned up. Please run cluster.exe node <NodeName> /forcecleanup to complete clean up for this node.. ---> System.ComponentModel.Win32Exception:
The wait operation timed out"
So, basically one of the MBX server was not evicting from the Cluster due to which failover did not work.
Would appreciate some urgent thoughts for the possible resolution.
regards
abubakar
Md.Abubakar Noorani IT Systems Engineer Serco Ltd.Hi,
Yes, you can run the Stop-DatabaseAvailabilityGroup without shutting down the Mailbox server. During the process of DAG failover to DR site, the Stop-DatabaseAvailabilityGroup cmdlet should be run against all servers in the primary datacenter. If the Mailbox
server is unavailable but Active Directory is operating in the primary datacenter, the Stop-DatabaseAvailabilityGroup command with the ConfigurationOnly parameter must be run against all servers in this state in the primary datacenter.
And please note that the Stop-DatabaseAvailabilityGroup cmdlet can be run against a DAG only when the DAG is configured with a DatacenterActivationMode value of DagOnly.
Based on the error message, it seems that you should run the cluster node nodename /forcecleanup cmdlet against the specified node in the main site. Have you tried this to check the result?
Best regards,
Belinda
Belinda Ma
TechNet Community Support -
Exchange 2010 3 node DAG and split datacenters
Hi all,
I have a Exchange 2010 setup with 3 DAG nodes, 2 servers in Primary site & one in DR site, 2 active directory Sites, one domain controller per site. All roles on each server.
Each server has a single NIC, with the following configs:
Primary Site:
MBX1 IP = 192.168.1.11 - Network Name MAPI-Primary
MBX2 IP = 192.168.1.12 - Network Name MAPI-Primary
Cluster IP = 192.168.1.10
DR Site:
DRMBX1 IP = 192.168.100.11 - Network Name MAPI-DR
Cluster IP = 192.168.100.10
Dag name = DAG1
Under the DAG Networks, I see 3 Networks
DAG1_MAP1-Primary with the 192.168.1.0/24 subnet and the 2 MBX Network IP's in it.
DAG1_MAP1-DR with the 192.168.100.0/24 subnet and the 1 DR MBX Network IP in it.
and one called DAG1_Replication, which has a 10.1.1.0/24 subnet and NO NIC's in it. I think this was an original replication subnet used when there was only 2 nodes in the DAG and a cross over cable was used.
Can I delete the DAG_Replication network from the config?
Should I consolidate the 2 DAG1_MAPI-Primary and DAG1-MAPI-DR networks under one simply called DAG1-MAPI?
Secondly,
When I look at cluster manager on each of the 2 Nodes MBX1/2, I can see the 3 Nodes. Trying to run cluster manager on the DR node, and I can't connect to the DAG1 cluster, get an error saying not ready. Am I right in thinking this should not be
happening? I have a managed firewall, but don't have access too logs, any idea what ports could be dropped from DRMBX1?
Finally,
Cluster manager on the 2 working nodes shows an error:
Cluster Network Name is not online, and the Cluster Core resources panel shows cluster name DAG1 Offline, with ONLY 1 IP address, the DAG VIP (192.168.1.10) being online. Should I see the other 192.168.100.10 DAG VIP as well? Is this also a manifestation
of the firewall?
I have inherited this config, so I am not fully sure what a correct working condition should report look like. Any help on a clearer understanding would be greatly appreciated.
Thanks in advance !!In answer to your first question, yes, if no server is listed with an IP address in that replication network, you can delete it without affecting the DAG operations.
As for your second question, if your servers are in different subnets, you need at least two networks defined in your DAG. And since your servers are in different Windows sites, I have to assume they are in different subnets. I believe that if
you check them in the EMC, you will only see IP addresses for the local servers in each network. So no consolidation is possible.
On your question about Cluster Manager, don't do anything in Cluster Manager - my personal experience has been that the Exchange toolset is sufficient for all management tasks related to an Exchange DAG. What are you trying to determine? Also,
Microsoft doesn't support a DAG installed across a firewall - either you open all ports between these servers (and all domain controllers in your forest), or you will have an unsupported configuration.
For your final question, I assume DAG1 is your DAG's network name, and those two IPs are the ones for the two datacenters. If this is the case, only one IP address will be active at a time. -
Hi all,
need urgent assistance on the following issue
this is my Exchange 2010 setup
2 x CAS/Hub servers with HP network teaming, and load balanced using Windows NLB multicast mode. There are 2 VIPs on the NLB, one for outlook anywhere, one for autodiscover
2 DNS records were created for the 2 VIPs
Clients use Outlook Anywhere (HTTPS) to connect to the CAS servers from external segment via a Palo Alto firewall, which also acts as a layer 3 router
static arp was set on the Palo Alto firewall, with both virtual MACs pointing to the primary virtual MAC used by the NLB.
Observations
1. within same segment - no issue accessing Exchange servers, even when one CAS node is offline
2. external segment (via firewall)
a. when both nodes are up
outlook client able to connect to Exchange CAS VIP on 443, but will disconnect after around 30 seconds. Client will retry and the pattern will repeat
Exchange CAS RPC logs shows client connections and disconnections to the outlook anywhere VIP address
Firewall logs shows allowed traffic from client to the VIPs
unable to complete profile creation
b. with only CAS2 (CAS1 stopped/deleted from NLB cluster)
no issues accessing Exchange servers, creating profiles etc
c. with only CAS1
same behaviour as (a)
reinstalled NLB, but doesn't resolve
deleted CAS1 from NLB cluster, and re-add. issue remain
Q1. is teaming supported? Teaming is currently set to automatic mode, instead of specified Fault Tolerant
Q2. are there additional settings we need to set or verify on the Palo Alto firewall, since the issue only happen to external segment? Thanks!Yes - I've been scarred with this for many years :(
If it is just CAS 1 that is causing issues, then focus in on that. The support statement for Win 2008 R2 is that NLB is still a 3rd party component and support may ask for it to be disabled.
http://support.microsoft.com/kb/278431
Does CAS1 and CAS2 have the same NICs (firmware as well), driver, teaming software, and teaming config?
I also want to ask what the network team did for configuring the switch ports on the servers? This will vary from vendor to vendor - did they do the same config on both?
Cheers,
Rhoderick
Microsoft Senior Exchange PFE
Blog:
http://blogs.technet.com/rmilne
Twitter: LinkedIn:
Facebook:
XING:
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Thanks Rhoderick, issue still persists
can you also help clarify what you meant by "configuring the switch ports on the servers"?
thanks again -
Out of office sending out old messages - Exchange 2010 - Outlook 2007
Tracking down an issue of a user (I think it's only one) having their Out of Office Message always being a previous message from a year or two back. Doesn't matter if it's changed in Outlook 2007 or in OWA.
I've read some older post on this, but didn't find a clear answer.
This current Exchange 2010 setup is a migration from 2003. Could this be a leftover migration issue?
Anybody have this happen recently?Hi,
How do you know this is an old reoccurring message? Based on the content or time?
Since the MailboxAutoReplyConfiguration is correct, I suspect the issue can occur by certain client machine. At this stage, I suggest you disable OOF and re-enable
OOF on the problematic machine. If the issue persists, please refer to the following article to clean the problematic client’s Outlook rules. (run Outlook.exe /cleanrules in Run console.)
http://www.tech-recipes.com/rx/2161/outlook_2007_clean_up_command_line_switches/
Thanks.
Novak Wu
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
[email protected]
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Mail For Exchange 2010: folders view
For some reason I cant receive mails that are delived in Folders, under Inbox, in my exchange 2010 setup through activesync.
According to logs, folders are checked but I receive only mails from my Inbox....
16/01/2011 19:40:56 Connected to connection method named WIND Internet with type Packet Data
16/01/2011 19:40:57 PING Command Requested
16/01/2011 19:41:03 start E-mail sync
16/01/2011 19:41:04 client->server adds=0 changes=1 deletes=0 fails=0
16/01/2011 19:41:04 end E-mail sync
16/01/2011 19:41:04 start Calendar sync
16/01/2011 19:41:04 end Calendar sync
16/01/2011 19:41:04 start Drafts sync
16/01/2011 19:41:04 end Drafts sync
16/01/2011 19:41:04 start Folder1 sync
16/01/2011 19:41:05 end Folder1 sync
16/01/2011 19:41:05 start Folder2 sync
16/01/2011 19:41:05 end Folder2 sync
16/01/2011 19:41:11 Sending a Ping to the server
16/01/2011 19:41:11 Heartbeat interval is 11 minutes.
16/01/2011 19:52:16 Ping response received, no updates. Re-issuing ping.
16/01/2011 19:52:17 Sending a Ping to the server
16/01/2011 19:52:17 Heartbeat interval is 13 minutes.
16/01/2011 19:52:26 HTTP error code=302
16/01/2011 19:52:26 Exception during Ping.
Any ideas?Problem solved; I should check "inherit permissions" to security options , inside Active Directory Security
-
Exchange 2010 Resource Forest - Autodiscover
Environment:
Account Forest (No Exchange server installed)
Resource Forest (Exchange 2010 SP3)
I understand that a SCP record can be created in the account forest using the following command: Export-AutoDiscoverConfig -DomainController <FQDN> -TargetForestDomainController <String> -TargetForestCredential $a -MultipleExchangeDeployments
$true
Questions:
1. Do I need to prep the schema in the Account Forest to create the relevant Exchange configuration before running Export-AutoDiscoverConfig?
2. Is the switch MultipleExchangeDeployments $true needed? Technet states that it's only needed if both forests contain Exchange but also states it's needed for
multiple accepted email domains? (which we do have)
http://technet.microsoft.com/en-us/library/aa998832(v=exchg.141).aspx3.
3. Can this change be backed out. i.e. can the SCP record be removed by using ADSI edit.
Thanks in advanceHi,
Here are my answers you can refer to:
1. It depends.
If Exchange deployment has two or more trusted forests, you must update Active Directory so that Outlook users in one forest can access the CAS servers in the remote (or target) forest to use the Autodiscover service. To do this, we must extend the schema in
the user forest by running Exchange 2010 Setup with the /PrepareAD or /PrepareSchema switch, and then run the Export-AutodiscoverConfig cmdlet in the resource forest that contains the Client Access servers that provide the Autodiscover service against the
target forests.
If you do not want to extend the schema in the user forest, you can update DNS in the user forest with a host record that points to the internal IP address of the Client Access server in the resource forest where Autodiscover is hosted.
For more information, you can refer to the following article:
http://www.testlabs.se/blog/2010/11/06/configuring-the-autodiscover-service-for-multiple-forests/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
2. It doesn’t need in your environment.
When the parameter MultipleExchangeDeployments is set to TRUE you will tell the forests that you have multiple Exchange forests. The parameter will also export the accepted domains which are defined in the Exchange environment.
3. SCP record can be removed by using ADSI edit:
On your account domain, open adsiedit.msc, locate the SCP records in
CN=Autodiscover,CN=Protocols,CN=<CAS_SERVER>,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=<ORG>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com
For more information, you can refer to the following thread:
http://social.technet.microsoft.com/Forums/exchange/en-US/a06686ec-f1dc-4738-b4c5-76c41088e145/configuring-autodiscover-in-resource-forest?forum=exchangesvrdeploylegacy
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
Console Tree not Visible in Exchange 2010
Hello. When I log into our Exchange 2010 server's EMC the only pane that is visible is the Results pane (which takes up the entire screen). The only option I have are File and Help. File only has the option of Disk Cleanup.
When I log on as a different user, I get the standard view.
How do I restore the standard view of the EMC?
Any help would be greatly appreciated.
Thank you,
MikeYou don;t have proper permission on your account.
These are the default permissions for Exchange Admins
Delegated Setup - This management role group gives members the ability to run the Exchange 2010 setup program and therefore deploy, but not administer, a new Exchange 2010 server. Deployment can
only be performed on servers that have already been provisioned by an administrator with additional permissions.
Discovery Management - A member of the Discovery Management role group has the ability to perform searches of all mailboxes within the Exchange organization as well as implement the Legal Hold
feature of Exchange 2010. We shall be looking at this management role group in detail later in this article series.
Help Desk - The Help Desk management role group gives members permissions that are typically required by members of a help desk, such as modifying users’ details such as their address and phone
number.
Hygiene Management - This management role group is used to provide permissions associated with managing and configuring both the antivirus and anti-spam elements found in Exchange 2010.
Organization Management - The Organization Management role group is synonymous with the Exchange Full Administrator role in Exchange 2003 and the Exchange Organization Administrators role in Exchange
2007. Essentially, membership of this management role group gives the user the ability to perform pretty much any task in Exchange 2010, with the main missing task being the ability to perform mailbox searches; that itself is achieved via the Discovery Management
role group.
Public Folder Management - This management role group naturally gives members the ability to manage the public folder environment.
Recipient Management - A member of this management role group can create and modify Exchange recipients.
Records Management - The Records Management role group gives the ability for members to control and configure the compliance features of Exchange 2010. Examples of such features include transport
rules configured on a Hub Transport server as well as message classifications in Outlook.
Server Management - This management role group gives the ability to manage all Exchange servers within the organization. Permissions granted as membership of this management role group therefore
work at the server configuration level found in the Exchange Management Console and do not work at, say, the organization level found in the Exchange Management Console.
UM Management - As its name suggests, membership of this management role group grants permissions to manage all aspects of the Unified Messaging environment.
View-Only Organization Management - This management role group allows members to view the configuration of any element found within the Exchange organization.
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exchange-2010-role-based-access-control-part1.html
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com Twitter:
LinkedIn:
Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Maybe you are looking for
-
Reg : User status information is not updating in Cube
Hi Experts, I am loading data to INfocube which gets data from sales order ODS and Master data infoobject PROJECT which has project code. User status is a attribute fo Project (Master data infoobject). 1 WEEK before user staus was changed for a part
-
File data view issue in Mainframe system
Hi, I am generating an outbound Interface file to Mainframe system. Details about file - It contains header of 15 bytes, data records of 1930 bytes and trailer record of 11 bytes. I am putting a carriage return at the end of each record( we are doin
-
As per topic, when I attempt to rotate my 40" TV to portrait setting using Apple TV, the screen becomes slightly pixelated. Is there anyway I can still resume the quality of the display?
-
I was trying to download the latest version of itunes, but itunes wouldn't let me. The support folks said to unintall the old version and install the new. I uninstalled the old version, but I still couldn't install the new. I decided to punt so I got
-
Generic way to set indent-amount on Transformer?
Does anyone know if there is a generic way to set the indent-amount on a transformer? I'm guessing the property below is specific to apache transformers. I believe we're using an apache transformer by default, but what if the default changes in the f