Load balancing 3 2013 FE servers through a HW load balancer

Similar Messages

• What is best recommendstion for DNS LB for lync 2013 Edge servers

  What is best recommendation for DNS LB for lync 2013 Edge servers ?. We have F5 LB for edge and want to decide if we can go with DNS base LB for Edge servers.
  Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com

  It will be better to Use Hardware Load balancing (F5).
  If you choose to use DNS load balancing for a pool but still need to implement hardware load balancers for traffic such as HTTP traffic, the administration of the hardware load balancers is greatly simplified. For example, configuring the hardware load balancer
  will be simpler as it will only manage the HTTP and HTTPS traffic, while all other protocols will be managed by DNS load balancing
  Also for more info., you can check below links
  http://technet.microsoft.com/en-us/library/gg615011.aspx
  http://technet.microsoft.com/en-us/library/gg398634.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• CPU Monitoring of AIX servers through OMW

  HI All,
  Can you please let me know how can we monitor the CPU Utilization of AIX servers through OMW. I have created a template and deployed on all the AIX servers, but the problem is it is working fine on some of the servers (alerting one's the threshold level is exceeded) but is not alerting for some servers even though the agent is working fine on those.
  Please let me know what can be the validations I can do to ensure monitoring is working fine for all the AIX servers.
  Thanks in advance.
  Regards,
  Arvinder

  After spending more time researching I think I have found a solution:
  http://blogs.technet.com/b/kevinholman/archive/2013/06/22/opsmgr-2012-hyper-v-management-pack-extensions-published.aspx
  http://hypervmpe2012.codeplex.com/
  This Hyper-V MP addresses the monitoring of servers using dynamic resources and it looks to also contain optional performance counters for reporting. No reports only dashboards are included. Will need to create these from scratch. 
  Anyone use this MP? any feedback?
  Cheers,
  Martin
  Blog:
  http://sustaslog.wordpress.com 
  LinkedIn:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• I am unable to start Managed Servers through Weblogic AdminConsole

  Hi,
  We are using Weblogic 10.3.1.0 version.
  Totaly 4 Managed Severs
  1 Admin Server
  with Nodemanger.
  In Admin Console When ever we going to Stop the Manged Servers.
  1. Environment ----- > Servers ---- > Control ----------- > Mananged Server 1 -----------> Force shutdown
  2. Then click refresh button ---- showing "FAILED_NOT_RESTARTABLE"
  3. after that when ever we going to start the Managed Server in Admin console
  First its Showing ----- Starting
  and next its showing ----- FAILED_NOT_RESTARTABLE
  4. its not coming to Running State.
  In Logs
  Domain log
  -----------> <1273141345460> <BEA-000450> <Socket 8 internal data record unavailable (probable closure due idle timeout), event received 17>
  ####<06-May-2010 11:54:40 o'clock BST> <Alert> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143280738> <BEA-000396> <Server shutdown has been requested by weblogic>
  ####<06-May-2010 11:54:40 o'clock BST> <Notice> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143280771> <BEA-000365> <Server state changed to FORCE_SUSPENDING>
  ####<06-May-2010 11:54:40 o'clock BST> <Notice> <Cluster> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143280844> <BEA-000163> <Stopping "async" replication service>
  ####<06-May-2010 11:54:41 o'clock BST> <Notice> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143281061> <BEA-000365> <Server state changed to ADMIN>
  ####<06-May-2010 11:54:41 o'clock BST> <Notice> <WebLogicServer> <ukirt156> <twpserver1> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1273143281064> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  ####<06-May-2010 11:54:41 o'clock BST> <Notice> <Server> <ukirt156> <twpserver1> <DynamicListenThread[Default]> <<WLS Kernel>> <> <> <1273143281113> <BEA-002607> <Channel "Default" listening on 172.21.149.168:7003 was shutdown.>
  ####<06-May-2010 11:56:30 o'clock BST> <Error> <NodeManager> <ukirt156> <AdminServer> <[ACTIVE] ExecuteThread: '45' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1273143390016> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
  AdminServer log
  <06-May-2010 11:56:30 o'clock BST> <Error> <NodeManager> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
  <06-May-2010 11:57:33 o'clock BST> <Error> <NodeManager> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
  <06-May-2010 12:07:02 o'clock BST> <Error> <NodeManager> <BEA-300048> <Unable to start the server twpserver1 : Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
  ManagedServer Log
  <06-May-2010 11:54:40 o'clock BST> <Alert> <WebLogicServer> <BEA-000396> <Server shutdown has been requested by weblogic>
  06-May-2010 11:54:41 org.quartz.core.QuartzScheduler shutdown
  INFO: Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED shutting down.
  06-May-2010 11:54:41 org.quartz.core.QuartzScheduler pause
  INFO: Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED paused.
  06-May-2010 11:54:41 org.quartz.core.QuartzScheduler shutdown
  INFO: Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED shutdown complete.
  <06-May-2010 11:54:54> <Debug> <NodeManager> <Waiting for the process to die: 19316>
  <06-May-2010 11:54:54> <Info> <NodeManager> <Server was shut down normally>
  <06-May-2010 11:54:54> <Debug> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>
  NodeManager Log
  <06-May-2010 11:54:54> <Info> <twp_domain> <twpserver1> <Server was shut down normally>
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Boot identity properties saved to "/appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties">
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Startup configuration properties saved to "/appl/weblogic/scripts/servers/twpserver1/data/nodemanager/startup.properties">
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Rotated server output log to "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out00020">
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Server error log also redirected to server log>
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Starting WebLogic server with command line: /appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/bin/java -Dweblogic.Name=twpserver1 -Djava.security.policy=/appl/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.management.server=http://ukirt156:7001 -Djava.library.path="/appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/lib/i386/jrockit:/appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/lib/i386:/appl/weblogic/oracle/middleware/jrockit_160_05_R27.6.2-20/jre/../lib/i386::/appl/nsm/CA/UnicenterNSM/lib:/appl/nsm/CA/SharedComponents/JRE/1.4.2_09/lib/i386/client:/appl/nsm/CA/SharedComponents/JRE/1.4.2_09/lib/i386:/appl/nsm/CA/SharedComponents/ccs/dia/dna/lib:/appl/nsm/CA/SharedComponents/ccs/dia/lib:/usr/lib:/opt/CA/CAlib:/appl/nsm/CA/SharedComponents/lib:/appl/nsm/CA/SharedComponents/Csam/SockAdapter/lib:/appl/weblogic/oracle/middleware/wlserver_10.3/server/native/linux/i686:/appl/weblogic/oracle/middleware/wlserver_10.3/server/native/linux/i686/oci920_8" -Djava.class.path=/data/share/package/twp/WEB-INF/lib/ojdbc14.jar:/appl/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/appl/weblogic/oracle/middleware/wlserver_10.3/server/lib/weblogic.jar -Dweblogic.system.BootIdentityFile=/appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVerification=false -Dweblogic.ReverseDNSAllowed=false -Xmanagement:port=7091,ssl=false,authenticate=false -Xms=1200m -Xmx=1200m -Xverbose:gc,gcpause -Dreflexis.scheduler=true -Dreflexis.server=twpserver1 -Djava.awt.headless=true -Dclient.encoding.override=UTF-8 -Doracle.jdbc.V8Compatible=true weblogic.Server >
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Working directory is "/appl/weblogic/scripts">
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Rotated server output log to "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out00021">
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Server error log also redirected to server log>
  <06-May-2010 11:56:21> <Info> <twp_domain> <twpserver1> <Server output log file is "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out">
  <06-May-2010 11:56:29> <Info> <twp_domain> <twpserver1> <Server failed during startup so will not be restarted>
  <06-May-2010 11:56:29> <Warning> <Exception while starting server 'twpserver1': java.io.IOException: Server failed to start up. See server output log for more details.>
  java.io.IOException: Server failed to start up. See server output log for more details.
  at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:332)
  at weblogic.nodemanager.server.Handler.handleStart(Handler.java:542)
  at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:119)
  at weblogic.nodemanager.server.Handler.run(Handler.java:66)
  at java.lang.Thread.run(Thread.java:619)
  Server logs
  <06-May-2010 12:06:57> <Info> <NodeManager> <Server output log file is "/appl/weblogic/scripts/servers/twpserver1/logs/twpserver1.out">
  [JRockit] Management server started on port 7091, ssl=false, authenticate=false.
  <06-May-2010 12:06:59 o'clock BST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with BEA JRockit(R) Version R27.6.2-20_o-108500-1.6.0_05-20090120-1115-linux-ia32 from BEA Systems, Inc.>
  <06-May-2010 12:07:00 o'clock BST> <Critical> <Security> <BEA-090518> <Could not decrypt the username attribute value of {AES}xvFgPysVi5b89pYwaAppoqPXQ5wFVW13yoFhzhKmuQo= from the file /appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties. If you have copied an encrypted attribute from boot.properties from another domain into /appl/weblogic/scripts/servers/twpserver1/data/nodemanager/boot.properties, change the encrypted attribute to its cleartext value then reboot the server. The attribute will be re-encrypted. Otherwise, change all encrypted attributes to their cleartext values, then reboot the server. All encryptable attributes will be re-encrypted. The decryption failed with the exception <06-May-2010 12:07:01 o'clock BST> <Info> <Management> <BEA-141223> <The server name twpserver1 specified with -Dweblogic.Name does not exist. The configuration includes the
  <06-May-2010 12:07:01 o'clock BST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
  There are 1 nested errors:
  weblogic.management.ManagementException: [Management:141223]The server name twpserver1 specified with -Dweblogic.Name does not exist. The configuration includes the following servers {AdminServer}.
  at weblogic.management.provider.internal.RuntimeAccessImpl.<init>(RuntimeAccessImpl.java:149)
  at weblogic.management.provider.internal.RuntimeAccessService.start(RuntimeAccessService.java:41)
  at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
  at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
  at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:749)
  at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:488)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:446)
  at weblogic.Server.main(Server.java:67)
  >
  <06-May-2010 12:07:01 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <06-May-2010 12:07:01 o'clock BST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <06-May-2010 12:07:01 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  <06-May-2010 12:07:02> <Debug> <NodeManager> <Waiting for the process to die: 19443>
  <06-May-2010 12:07:02> <Info> <NodeManager> <Server failed during startup so will not be restarted>
  <06-May-2010 12:07:02> <Debug> <NodeManager> <runMonitor returned, setting finished=true and notifying waiters>
  Note: if i start the manged servers through WLST script its working fine.
  [twpuser@ukirt156 /appl/weblogic/scripts]$ java weblogic.WLST
  nmConnect('weblogic', 'w3bl0g1c', 'ukirt156', '5556', 'twp_domain', '/appl/weblogic/oracle/middleware/user_projects/domains/twp_domain', 'plain')
  nmStart('twpserver1')
  Please provide the solution, how to solve this issue.
  Thanks
  SRK

  Just at first glance, it seems as though you have one or more configuration issues, perhaps inconsistencies between the node manager server configuration files and the domain's config.xml
  nmConnect('weblogic', 'w3bl0g1c', 'ukirt156', '5556', 'twp_domain', '/appl/weblogic/oracle/middleware/user_projects/domains/twp_domain', 'plain')
  nmStart('twpserver1')
  implies that tmp_domain is configured in /appl/weblogic/oracle/middleware/user_projects/domains, (which is the default from the configuration wizard). However, the node manager and server output logs make it seem like it's trying to use a domain in the directory /appl/weblogic/scripts. Not sure how that happened, perhaps you had two domains? Perhaps copied or moved the domain files? Something else?
  In any case, start by checking out your nodemanager.domains file and ensure that it reflects your intended domain directory.

• Sharepoint Mp 2013 Discovers Servers that are not in the config file.

  Hi,
  Sharepoint Mp 2013 Discovers Servers that are not in the config file. Any workaround/fix?
  Regards,
  Mirza

  Hi,
  Would you please give more details about your question?
  Have you downloaded and imported the sharepoint 2013 management pack to your management group:
  System Center Management Pack for SharePoint Server 2013
  http://www.microsoft.com/en-hk/download/details.aspx?id=35590
  In addition, please also follow the below article to configure your management pack:
  Configuring the SharePoint 2013 Management Packhttp://blogs.technet.com/b/kevinholman/archive/2013/05/14/configuring-the-sharepoint-2013-management-pack.aspx
  It is also suggested to read the management pack guide before using the management pack.
  Regards, Yan Li

• Decommissioning Exchange 2010 Casarray (contains 2013 Mailbox Servers?)

  I'm in the process of decommissioning exchange 2010. I went to remove the 2010 casarray and see that my 2013 mailbox servers are a part of the array? Can I still remove the array? Do I leave it?

  Hi,
  Please have a look in to the below mentioned article especially the reply from Off2work
  http://social.technet.microsoft.com/Forums/office/en-US/c10550fa-b735-48ee-ad52-a75f0176e1de/cas-array-in-exchange-2013?forum=exchangesvrdeploy
  As an additional info , as per my knowledge there is no use of cas array in exchange 2013 and at the same time exchange 2013 servers will not make use of it even though if it is an member of an casarray in exchange 2010.
  Please reply me if you have any queries .
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Exchange 2013 SP 1 + Lync 2013 CAS servers 100% CPU Load.

  Hello. Can somebody explain about one issue?
  We have Exchange 2013 CU6 + Lync 2013 (5.0.8308.556) integration.  After install Exchange SP1 all Client Access Servers begun to consume all CPU time.  In process
  explorer there are w3wp.exe (MSExchangeServicesAppPool) and lsass.exe (netlogon context). In IIS logs a lot of events about
  GET /EWS/Exchange.asmx/s/GetUserPhoto email=[email protected]&size=HR648x648&CorrelationID=<empty>;&cafeReqId=07966a0b-99a4-4f0a-8a38-a8a83264e46c; 443 - 10.10.10.10 OC/15.0.4659.1001+(Microsoft+Lync) - 401 1 2148074254 46
  GET /EWS/Exchange.asmx/s/GetUserPhoto email=[email protected]&size=HR648x648&CorrelationID=<empty>;&cafeReqId=c7fb9499-1dc7-48d9-add6-64156a910de6; 443 Contoso\username 10.10.10.10 OC/15.0.4659.1001+(Microsoft+Lync) - 200 0 0 437
  IIS logs are grow up very quickly, about 1GB per day. Before to installing SP1 was not problems.  Thanks in advance.

  Hi,
  From your description, you said that you have Exchange 2013 CU6 + Lync 2013 (5.0.8308.556) integration, then you install Exchange 2013 SP1 on all CAS servers.
  Do you mean your Exchange 2013 Mailbox server is CU6, and all CAS servers are SP1?
  We had better have the same version on Exchange servers in our environment, if that is the case, please upgrate all to CU6, Exchange 2013 latest version, to check result.
  Best regards,
  Belinda Ma
  TechNet Community Support

• Topology not replicating to Lync 2013 Edge servers

  Hello all,
  I have installed Lync 2013 with a FE Pool (three servers HW Load Balanced), Director Pool (two servers HW Load Balanced), and an Edge Environment (2 servers, in DMZ, member of a work group, also HW load balanced).  All servers are Windows 2012
  server (not R2).
  I am able to login remotely and have green checks across the board at
  https://testconnectivity.microsoft.com.  So things are looking good.
  My issue is that I am unable to replicate to my Edge servers from the FE.  I am not seeing errors in the event viewer, just a big red 'x' on the topology tab in the control panel for the Edge servers.  Also, when trying to force replication
  the Edge servers continue to show 'False'.
  Here are things I have done/checked to resolve this - so I need your assistance please:
  1. From the FE, I can visit
  https://EdgeFQDN:4443/replicationwebservice  - there are no errors, no certificate errors so things look good
  2. I have verified that I the Edge servers have the domain suffix added to them. The HW Load balancer is configured as the EdgeInternal.domain.com entry and the physical edge servers are named Edge01 and Edge02 (obviously with the domain suffix added). 
  So this seems correct based on recommendations.
  3. I have added the following reg keys to all Lync Servers in the org
  HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL ->DWORD ClientAuthTrustMode Value=2 and SendTrustedIssuerList DWORD Value: 0
  I am trying to avoid having to resort to this as possible resolution -
  http://ucken.blogspot.com/2012/04/resetting-lync-cms-replication.html, but if this is my next step, please let me know.
  May be useless info, but here it is anyway....
  One thing I will mention - during my setup, I setup Kerberos Authentication for Lync 2013.  I followed
  http://howdouc.blogspot.com/2011/07/kerberos-web-authentication-for-lync.html and
  http://technet.microsoft.com/en-us/library/gg398976.aspx to configure this. 
  I am unable to access the RtcReplicaRoot\xds-replica directory on the primary FE server or any other lync server for that matter.  I assume this is because it is locked down to the Kerberos account that
  was created.  However, I am unable to run the command "Set-CsKerberosAccountPassword -FromComputer FEFQDN.Domain.com -ToComputer EdgeFQDN.Domain.com".  Obviously
  this fails because the Edge servers are in a workgroup and cant see the Kerberos account that was created.  Would this break the replication?   Just thinking outloud...
  Thanks in advance for any input.
  Wall

  Michael, Thank you for your response.  We are currently in coexistence with a Lync 2010 environment. 
  Our environment consists of a European domain and a North American domain, both in the same forest.  The European environment has had 2010 up and running for a couple of years and we (North America) just installed 2013 Lync.  The EU domain has
  many domain names they support (.uk, .net, .ie, etc.)  NAm only manages .com domain name space.
  I tell you this because I have configured the NAm environment to support only .com (save $ for SSL UCC licensing) and to provide separate paths to our services.  There is a EU site and a NAm site in the Lync topology.  The issues are with the FE
  servers in NAm. 
  Based on your response above, the NAm servers are fine with your suggestions in #2 and #3.  The CMS database is still on 2010 in the EU site.
  Given that the NAm domain is configured to support only .com domain namespace, I am worried that moving the CMS to NAm FE's as it would break EU's ability for federation.
  Any guidance or expertise is greatly appreciated.
  My ultimate goal is to have NAm employees authenticate to their Edge servers in the site and EU to authenticate to their respective Edge Servers.  Also, I have read that we can only have one Edge pool responsible for Federation in the Lync org. 
  I assume that we will have to keep federation going through EU as they have the SSL certs for all domains configured in their environment.  Just a little confused before I make any changes.
  Wall

• Merge Lync 2013 Edge servers in same pool

  Hi guys.
  - We had Lync 2013 FE STD version.
  - We have added one more Lync 2013 FE STD and done front end pool pairing.
  - We had single Edge Pool, soo only 1 EDGE server being in 1 POOL.
  We wish to add another Edge server and put previous and this new Edge server in one pool.
  This is a printscreen of our current Edge Deployment.
  Because we have a federation enabled with external partners who had put in their lync configuration
  to trust to our public external address of current edge server: LyncEDGESIP.domain.com, we would like to avoid sending them new address and we have decided to keep that public address and make it EDGE POOL NAME where both edge servers would be inside.
  Now we are little bit confused/amused what to do next.
  If use LyncEDGESIP.domain.com to be FQDN of EDGE POOL with 2 two edge servers, what would we need to do with our current edge server.
  What to put for:
  Access Edge Service public address on both edge servers
  Web Conferencing Edge Service public address on both edge servers
  A/V Edge Service public address on both edge servers.
  bostjanc

  Go with cutover migration if you can take downtime. Here is the high level summary for your reference;
  Remove existing edge server from topology and publish the changes.
  Create a new edge server pool in topology builder.
  Make sure that access edge , web conference edge and AV edge name remains the same.
  Publish the topology and run the setup on both edge servers. You need to configure external and internal IP addresses based on Lync topology.
  Replicate the configuration change and run the deployment wizard.
  Import the certificate and start the services.
  Create additional DNS A records for load balancing externally.
  Thanks
  Saleesh
  If answer is helpful, please hit the green arrow on the left, or mark as answer.
  Technet Blog

• Unable to send to external email recipients - Multi Tenant Exchange 2013 - MultiRole servers in DAG

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine (external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Send Connectors are the default ones created during install. Receive connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for many hours with no progress.
  I have created new Send Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  I am at a loss as to why I can't send out with the default configuration. I would assume that email would flow out without any changes, but this does not happen.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

  Greetings all, I hope someone can help.
  I have created a Exchange 2013 multi-tenant organization, with two servers, both multi-role - CAS and Mailbox roles.
  Internal mail flow is fine.
  Incoming mail from external senders is also fine. - 
  external email addresses can send to the domain).
  External firewall port forwards ports 443 and 25 to the Internal DAG IP address.
  There are two multi-role Exchange servers that are members of the DAG.
  I am able to connect to OWA and ECP via https://externalIP/OWA and https://alias.domain.com/OWA
  No SSL certificates have been purchased or installed yet.
  Exchange URLs have not been changed since default configuration at install.
  OWA and ECP works both internal and external.
  External DNS works with SPF and PTR records correctly configured
  Exchange RCA - Send test only fails with one Spam Listing (this Blacklist provider now flags all domains and you cannot ask to be removed)
  Receive Connectors are the default ones created during install. Send connector is standard configuration with  - * - 
  When sending email to an external address, I receive a failure notice
  ServerName.test.corp.int gave this error:
  Unable to relay 
  Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.
  More Info - 
  ServerName.test.corp.int
  Remote Server returned '550 5.7.1 Unable to relay'
  I have been troubleshooting this for several days with no progress.
  I have created new Receive Connectors for the server that is advising that it is unable to relay, but they have all failed.
  I have tried setting the Internal IP address for Exhange Server 1 (Exchange Server 2 reports failure), with most combinations of Security (Anonymous, Exchange Users, etc).
  I have also tried with the IP range 192.168.11.0/24 to allow the whole the subnet, I still receive the unable to relay failure notice.
  I have tried this guide - hxxps://glazenbakje.wordpress.com/2012/12/30/exchange-2013-how-to-configure-an-internal-relay-connector/ - with different combinations, still no resolution.
  Even more info - Further troubleshooting -
  I found my one of my Exchange servers had an extra NIC. I have since added a second NIC to the other server, so now both Exchange servers have dual NICs. I removed the DAG cleanly and recreated the DAG from scratch, using this link -
  hxxp://careexchange.in/how-to-create-a-database-availability-group-in-exchange-2013/ 
  The issue still exists, even with a newly created DAG. I also found that the Tenant Address Books were not 'applied'. I applied them but still no resolution
  I think the issue is related to multi-tenant configuration even though the error says that it can't relay. The unable to relay message can appear when sending from a domain that the Organization does not support. Like trying to email as [email protected]
  when you domain name is apple.com - But through extensive research I still can't resolve the issue.
  Can someone please assist before I lose my sanity.
  Thanks in advance,
  Terry

• Exchange 2013 OWA published through TMG: Unable to preview documents with Office Web App server

  We configured our Exchange 2013 servers to use Office Web App for document previews on OWA. Everything works fine internally, and externally also when we access OWA directly. But when from an outside network we open a OWA session through TMG and try to preview
  a document, we get the error "Sorry we cannot open this document, an error occured . . ."
  Did anyone experience such an issue ?
  Thanks,
  Antonio

  Hello,
  Since directing accessing OWA from CAS is fine and the issue only occur when involving TMG, I think the issue is more related to TMG settings. Please find more efficient support
  via our TMG forum:
  http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• Exchange 2013 CAS servers cannot accept connections on Exchange ports

  Exchange 2013 Enterprise SP1 / Windows Server 2008 R2 SP1
  I have configured site resilience setup with the following at two sites:
  - two CAS servers
  - six MB servers
  Traffic to the CAS servers pass through HLB.
  I just discovered that the "01" CAS server at each site is not accepting Exchange traffic.
  If I telnet to one of the Exchange ports, it looks like there is a connection, however the moment any character is entered, the connection dies.
  For example
  - telnet Site01CAS01 25
  -   ( screen goes blank and DOES NOT display the expected "220 servername Microsoft ESMTP ...." message )
  - when I attempt to enter  "ehlo" the moment I enter "e" the session is disconnected.
  I can successfully perform a telnet connection to the CAS02 server and run through the complete send a test message through telnet process. The session disconnect occurs on the CAS01 server at each site for ANY port controlled by Exchange: 25, 143, 587,
  717, 993
  I can successfully telnet to ports NOT controlled by Exchange: 80, 81, 8080, 443
  There appears to be nothing essentially wrong with IIS
  The firewall is DISABLED.
  I discovered this issue yesterday.
  I upgraded to Excahgne 2013 SP1 10 days ago.
  I cannot say for sure if this condition existed before the SP! upgrade. I upgraded from CU1 to SP1
  Any thoughts?
  Thanks! Tom

  Well, port 25 doesnt have anything to do with IIS regardless.
  Since this is the CAS, port 25 is handled by the Microsoft Exchange Frontend Transport service .
  A couple of things I would check.
  Check the server component state. Get-ServerComponentState -Identity <server> to ensure everything is "active".
  I assume all the services are running and you have rebooted the server to ensure things start up clean.
  Also ensure the NIC on this server is set to register itself in DNS.
  Finally, If you have disabled the firewall service on the server, its not supported. You should enable the firewall service and then disable it logically netsh advfirewall set Allprofiles state off
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Migrating Users from Exchange 2007 to Exchange 2013 Without redirection through exchange 2013.

  We have all our users and mailboxes on Exchange 2007 and I have introduced two Exchange 2013 servers in my organization and both have mailbox and CAS server installed on them. 
  With Exchange 2007 server, I had not modified any of the internal and external url/uri and had stayed with the defaults.
  For migration most of the documents are suggesting of changing the default internal URL and Auto Discover Service internal URI values.
  In my case, I want to migrate all the users and mailbox (everything that is on Exchange 2007) form 2007 to 2013 and decommission exchange 2007 completely from our organization.
  I am in the phase of transferring users from Exchange 2007 to Exchange 2013 and do not want to change any settings on the existing 2007 servers.
  I have created new dns entry mailx.abc.com with two IPs of both exchange 2013 and changed the Outlook Anywhere internal URL on both Exchange 2013 server to mailx.abc.com.
  So by doing these, I think all existing clients will still connect to exchange 2007 and after moving their mailbox they will be connect to exchange 2013.
  In short I am not redirecting or using 2013 as proxy for 2007 clients and clients whose mailbox is on exchange 2013 will directly connect to 2013 server.
  Questions are, Is this the right way to migrate all the users to Exchange 2013?
  Will it affect the operation of existing Exchange 2007 server?

  Read the below blog on Client Connectivity in Exchange co-existence. There can't be better blog than this on this topic.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  Clients connect to Exchange from Internal-Outlook, External-Outlook, Web & Active Sync.
  For Internal the configuration that you have mentioned should work as clients would get Autodiscover information from Active Directory (SCP) and get connected to right server.
  However, for external connectivity it makes sense to use External URL on Exchange 2013 servers (keep the Exchange exposed to Internet), configure legacy URL for exchange 2007 and use Exchange 2013 external URL for mailboxes that are Exchange 2007 and Exchange
  2013 for standardization.
  Refer article for configuring URLs -
  http://silbers.net/blog/2014/01/22/exchange-20072013-coexistence-urls/
  - Sarvesh Goel - Enterprise Messaging Administrator

• Sharepoint 2013 delivers documents through IIS too good! Need to restrict by logged in user

  I have a Sharepoint 2013 app that lets external users (https://) pull data from SQL to create links on the page that the user can click on to get documents to pop-up in the browser so they can view/save them.  The page sends the user's ID as a parameter
  and the stored proc uses that to return only the documents that user is allowed to see.  Took forever to figure out... looks great... my employer is going to be impressed and save money... yada, yada yada!  Problem is:  If you knew the name
  of a directory on the mapped location and knew the filename (somehow), and you had a login that got you to the site, you could successfully put that address in your address bar and the document would come up!  That's a bad thing!  I need to only
  let users see documents they have access to.
  I have been playing with the app pool settings and advanced settings for the sub-site, but it still lets me pull items that the logged-in user doesn't have permissions on the server to get to.  I haven't been able to prove it, but I suspect that IIS
  is sending another login credential to the directory to retrieve the file... something like "admin" or something that can have wider access.
  Here is my setup:  I have a directory on another server that is mapped to the Sharepoint Server box.  I have a Virtual Directory that points to that mapped drive.  My Sharepoint Page is on a site of its own and is called with the URL "https://reportcenter.<company
  name>.com".  There is only one page on the site.  When the page opens it provides links to documents on the Virtual Directory.  When you click on any of them the files appear in the browser just fine.  Sharepoint is running on a
  Windows 2012 R2 Standard OS.  The test user I am using is "Client1" and they are a member of the "SP_Clients" group which is not a member of anything else in Active Directory.  In the file directory I went to the Share list and
  made sure my test user and the SP_Clients group is not in the list... if the system tried to use Client1 there is no way they should get access.
  Any thoughts on what I can do to stop Clients from getting to files they shouldn't be?

  Thank you for your question and reply.
  No, the identity is not passed as a URL property.  The way it works is that SP verifies the user and sends them to the default page after they sign-in.  Once there, the page evaluates the UserID value and that values is passed to a stored procedure
  as a parameter.  The user can't get to the page unless they are verified by SP, they can't somehow go around this. 
  Now, once the page loads they click on one of files they wish to see (a link on the page that was created from the results of the stored procedure call).  The link points to a virtual directory setup in IIS that points to a mapped drive where the files
  are located.  The security on the files is set on the directories in their actual location.  I just need SP to pass the user's ID to the file directory and check the sharing rights on the file to see if this user has rights to get it.  It seems
  like SP is passing some other credential (probably SP_Admin, or Admin or something) which has the ability to read the file and therefore pass it back to the screen.
  I can't put the documents in SharePoint... they have to be in a file directory. The reason is that we have an elaborate program that runs every month to create these files and places them in the correct directories.  Somehow changing that application
  to create the files and place them programmatically in a SharePoint directory is beyond the scope of the project.  Under the circumstances, it would be much simpler to just provide the user a list of the documents they have access to and have them click
  on a link on a page and have the document appear in their browser.  Everything actually works, but I just have this last piece where SP is not 'telling' the file directory the UserID of the logged in user and therefore all the documents are available.
  All that needs to be done, is to make sure the userID is passed to the file directory so it can be checked against the security there to see if the user can have the file or not.
  I hope that makes sense.  I look forward to hearing back from you with your thoughts on this and how this can be accomplished.
  Thanks,
  Scott

• Exchange 2013 Mail Flow Through VPN

  I have 2 Exchange servers in 2 different AD sites. Is it possible to route mail flow between the 2 sites through a VPN tunnel? I want to force mail flow between the 2 servers to route externally through the internet.
  Appreciate any feedback.

  Hi Chester,
  we have a DNS record for mail and this record is pointing to our private IP address of CAS server. Network team has done network configuration for that particular IP to route the traffic through VPN tunnel to the Exchange servers in other site. Another thing
  for you to think is Private IP request won't go to internet and will go to DNS server in that site and once the DNS server will resolve that request against IP address the traffic will be routed to that server.
  Kindly mark this as answer if found helpful. Thanks.
  Regards, Riaz Javed Butt | Consultant Microsoft Professional Services MCITP, MCITP (Exchange), MCSE: Messaging, MCITP Office 365 | msexchgeek.wordpress.com