No client access on DAG switchover - Single site

Similar Messages

• Exchange Web Services are not currently available for this request because none of the Client Access Servers in the destination site could process the request.

  Hi,
  I am using EWS Java APIs and passing OAuth tokens to fetch data from office 365 mailboxes.
  Because I am developing Web APIs I preferred using "Application Permissions" defined in Azure active directory application for Office 365, and used "client credential flow" OAuth flow to fetch OAuth token specific to application which will
  allow "Have full access via EWS to all mailboxes in the organisation".
  After fetching token with the procedure specified in the document "http://blogs.msdn.com/b/exchangedev/archive/2015/01/21/building-demon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow.aspx"
  I passed this token to EWS Java APIs,
  it gave me error saying:
  microsoft.exchange.webservices.data.ServiceResponseException: Exchange Web Services are not currently available for this request because none of the Client Access Servers in the destination site could process the request.
  I tried similar thing with EWS managed APIs for .net. Got similar error.
  Can anyone provide some help and direction to resolve this error.
  Thanks & Best Regards,
  Pranjal

  I see you found an answer with the X-AnchorMailbox header on StackOverflow:
  http://stackoverflow.com/questions/29554724/exchange-web-services-are-not-currently-available-for-this-request-because-none

• Exchange 2013 DAG with single site and 2 multi-role servers with error "MapiExceptionIllegalCrossServerConnection"

  Hi,
  I've got a lab with a domain controller and an Hyper-v with on it two multi-role exchange 2013 CU7 servers on W2K12 R2 OS, configured in DAG semplified (but the problem is the same also if I use the classical DAG configuration), a witness server, and a L7
  load balancer for the exchange servers.
  When I made the test to disable the OWA application pool where I've got the active mailbox database of the user, the balancer in correct manner redirect the session to the other exchange multi-role server, but the client in  his OWA session is no more
  able to send new mail with the error "Error your request can't be completed rigt now. Please try again later."
  The only strange log that I see on the server in the MAPI client access directory where there is the following error message:
  2015-01-21T08:00:45.132Z,956,1,/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt,,Microsoft.Exchange.RpcClientAccess.Monitoring.dll,15.0.0.0,Cached,,,,MapiHttp,Client=Microsoft.Exchange.RpcClientAccess.Monitoring,R:4ab7b6c8-54ee-4be3-aa9d-f8c856c4c47c:2,C:MAPIAAAAAOC4+7OCoZOjkqeKuoumlKSEtYO5ibyGs4bc/879z/vD9sX1zP28AwAAAAAAAA==|S:0-mGmHRQ==,OwnerLogon,0x6BB
  (rpc::Exception),00:00:00.0310000,"Logon: Owner, /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt in database  last mounted on Exch2.lab.net",RpcEndPoint: [ServerTooBusyException]
  Client is being backed off -> [ClientBackoffException] Mailbox was moved to a different mailbox server. A client needs to retry. -> [IllegalCrossServerConnectionException] Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt.
  -> [MapiExceptionIllegalCrossServerConnection] Monitoring mailbox [] with application ID [Client=MSExchangeRPC] is not allowed to make cross-server calls from [Exch1.lab.net] to [Exch2.lab.net] [diag::AAAOAAAA/wAAAAAAAAAAAgAAAAA=],,,[email protected],
  The CAS try to access the mailbox on the other server, but without success.
  Someone have idea how to solve?
  Thanks

  Hi Hinte, sorry for the answer delay.
  I've run the command you suggest to check the HealthMailbox status, but seems that all are fine:
  [PS] C:\Windows\system32>get-Mailbox -Monitoring | ft name, servername
  Name                                                        ServerName
  HealthMailbox7021deb6ae104dadbf52feedfa7fa68b               exch1
  HealthMailboxb83c9040b32e4d1197f7f54f6709bb7f               exch1
  HealthMailboxb1c32037890b43fbb2af2efe7c36ba00               exch1
  HealthMailbox8d174269b494458daf9ade5099e22845               exch1
  HealthMailboxaa7d10f02d2d4cc588243b291ead3e3a               exch1
  HealthMailboxeb32c30a019f42968a7cbc49a6ac3e65               exch1
  HealthMailboxc6ff1d36ba154c5db5411b44718edcbd               exch1
  HealthMailbox75dc7caa7e8c4a3b812a01b607536d48               exch1
  HealthMailbox16c86e512f454e7890b80c180ce19c00               exch1
  HealthMailboxc6e447f7dba24d9b913f1dfcabe9f927               exch1
  HealthMailbox40fa5a3f2abc4accae6286cd98abc90a               exch1
  HealthMailbox2712b9544bad4e7b8b671be2cda8cfde               exch2
  HealthMailboxe2559124da20499386bf8103dcb21e9b               exch2
  HealthMailbox3264c6078dad45d4a78c56a3afe81df1               exch1
  HealthMailboxacacc51eb8bc4717b295ddf0adccf77e               exch2
  HealthMailbox64c4dd8cddac4c4e8bb7314010e797b1               exch1
  HealthMailbox4a92bfa14fdd47fbb27c19513f6d2beb               exch2
  HealthMailbox465d2a69de93430e84b4d699a88cb0c3               exch1
  HealthMailbox97b578e57cd44204820fffa416b25633               exch2
  HealthMailboxb411059771db4647bb775c665ec29440               exch1
  HealthMailboxf981dde6f4134f839bf41eb0000434e4               exch2
  HealthMailboxc33801c7c3b1474f8aa6065249bb4fca               exch1
  HealthMailbox2282128ed8d14937998212edd15adf20               exch2
  HealthMailboxe3d12b756cf545239b38be4607904ae1               exch2
  [PS] C:\Windows\system32> 
  Regarding the test sugested to diable instead the OWA App Pool only the OWA virtual directory, I've not found on IIS the possibility to stop the access to this virtual directory.
  Also on exchnage Administration page there is no the possibility to switch off this virtual directory only (or I don't found where is this setting).
  Regards

• Add Client access server with DR MBX to server clients from DR site.

  Hello,
  We have a medium size implementation at our company. It is as below,
  - Two mail box servers (MBX1, MBX2) at production Site.
  - One mail box server (MBXDR01 at DR site (Active))
  - One DAG (name: IDKUDAG ) (MBX1,MBX2 and MBXDR01 are members)
  - Two Client access servers at production site (with MBX1 and MBX2)
  There is a high speed WAN connection between two sites.
  What I need to do, I want to add additional CAS server at DR site as in case of production site maintenance or outage I want to migrate the DBs to DR MBX and the CAS server handle mail
  client’s access.
  Can I add a new server at the DR site with the same configuration as the production site???
  Or there is another solution for this case.
  Please advise.
  Best regards,
  Ahmed Salah
  BR Ahmed Aboutabl

  Hi Ahmed,
  The CAS configuration for Exchange service in the second datacenter can be the same configuration as you mentioned. For example, the same internal&external namespaces for OWA, Autodiscover, EWS, OAB etc. in two datacenters.
  Also make sure the certificate has included all needed namespace for the second site. For your reference, here is an article talked about the details of site resilients:
  https://technet.microsoft.com/en-us/library/dd638129(v=exchg.150).aspx
  http://www.msexchange.org/articles-tutorials/exchange-server-2010/high-availability-recovery/designing-site-resilient-exchange-2010-solution-part1.html
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Mailbox and Client Access on the same servers for CAS HA (L4 LB) and Mailbox DAG

  Hi, I would like to ask this question.
  I'm reading all sort of documentation that I'm finding on the internet, but I can't understand if what I'm thinking to do is possible.
  I would like to setup a basic environment configuring only two Exchange 2013 on two Win 2012 R2 servers. Both servers will be Mailbox (MBX) and Client Access (CAS). I will create a two-member DAG using File Share Witness or Disk Witness for the Dynamic Quorum.
  Then I will setup Outlook Anywhere with internal and external namespace for CAS redundancy and layer 4 load balancing.
  In this scenario I will not need to install a third part load balancer.
  Am I doing right or I watching a movie?
  Thanks in advance

  Hi ,
  You could need to have the HLB or virtual load balancers for redundancy.
  Disadvantages of some load balancing methods :
  If you use Windows NLB then it can provide redundancy on server level failure and not on application level.
  In case if we use the windows round robin method for load balancing then it wouldn't provide server level and application level redundancy during the failures.At the Same time we need to manually adjust the DNS records during the server failure but on the
  client end dns caches will create the issues.
  Lets consider you are having the internal and external names for outlook anywhere like below .
  internal and external outlook anywhere name :
  mail.domain.com
  For the above name just configure the HOST A record in windows DNS and map it to load balancer ip.Then the second step would be to configure your exchange servers in LB .So all the internal and external outlook client connectivity will happen via LB to exchange
  servers.In that case if anyone of the server is down then LB will automatically make the outlook client to get connected to the server which is alive and at the same time none of the request from outlook client to LB will get forward to the server which is
  in down state.
  Note : Make sure you are having the redundancy for LB devices also otherwise it would be a single point of failure on the LB end . 
  Please reply me if anything is unclear.
  Thanks & Regards S.Nithyanandham

• Client Access Server per AD Site?

  In a single forest, single domain, multi AD site environment, can users in Site-B using Outlook 2010 clients connect to Client Access array /OWA, Hub, Maibox in Site-A without the need to install a Client Access server in Site-B? or Do I actually
  have to install a Client Access server in Site-B?
  I've read this thread, but I am still a little confused
  http://social.technet.microsoft.com/Forums/exchange/en-US/03b835b4-7ecb-47ee-9b34-20cb2f70c3d4/client-access-server-active-directory-site?forum=exchangesvradminlegacy
  Per MS.."You must install the Client Access server role in every Exchange organization and every Active Directory site that has the Mailbox server role installed"
  http://technet.microsoft.com/en-us/library/bb124915(v=exchg.141).aspx.   My Site-B does not have a Mailbox server, so I don't really need to have a Client Access in Site-B, if I understand this correctly.
  Greatly appreciated if anyone can provide some clarification.
  Thanks!
  Note:  Right now, there's only a single, default site in AD (Site-A). I am planning to add a Site-B in AD and add a domain controller in Site-B, but a little confused about the exchange.  Just want to make sure that once I add Site-B to AD,
  users would still be able to access Outlook/Exchange properly.

  yes you don't need to. Your site B users will connect directly to the CAS on the Site-A, make sure the link speed is good enough.
  Where Technology Meets Talent

• RE: Accessing multiple Env from single Client-PC

  Look in the "System Management Guide" under connected environments page
  72. This will allow services in your primary environment to find
  services in your connected environment. However, there is a bug
  reported on this feature which is fixed in 2F4 for the HP and H1 for all
  other servers. The following is from Forte:
  The connected environments bug that was fixed in 2F4 is #24282. The
  problem
  was in the nodemgr/name server source code and caused the following to
  occur:
  Service1 is in connected envs A and B.
  Client has env A as primary, B as secondary.
  Envmgr A dies before the client has ever made a call to Service1.
  Afer env A is gone, client makes a call to Service1 which causes Envmgr
  B to
  seg fault.
  You should upgrade your node manager/env manager nodes to 2F4. The 2F2
  development and runtime clients are fully compatible with 2F4 servers.
  Kal Inman
  Andersen Windows
  From: Inho Choi[SMTP:[email protected]]
  Sent: Monday, April 21, 1997 2:04 AM
  To: [email protected]
  Subject: Accessing multiple Env from single Client-PC
  Hi, All!
  Is there anybody has any idea to access multiple environments from
  single client-PC? I have to have multiple environments because each
  environment resides geographically remote node and network bandwidth,
  reliability are not good enough to include all the systems into single
  environment.
  Using Control Panel for doing this is not easy for those who are not
  familiar with Windows. The end-user tend to use just single application
  to access all necessary services.
  I could consider two option to doing this:
  1. Make some DOS batch command file to switch different environment
  like, copying back/forward between environment repositories and
  set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
  proper client partition(ftexec).
  2. Duplicate necessary services among each environment.
  But, these two options have many drawbacks in terms of system
  management(option 1), performance(option 2) and others.
  Has anybody good idea to implement this? Any suggestion would be
  appreciated.
  Inho Choi, Daou Tech., Inc.
  email: [email protected]
  phone: +82-2-3450-4696

  Look in the "System Management Guide" under connected environments page
  72. This will allow services in your primary environment to find
  services in your connected environment. However, there is a bug
  reported on this feature which is fixed in 2F4 for the HP and H1 for all
  other servers. The following is from Forte:
  The connected environments bug that was fixed in 2F4 is #24282. The
  problem
  was in the nodemgr/name server source code and caused the following to
  occur:
  Service1 is in connected envs A and B.
  Client has env A as primary, B as secondary.
  Envmgr A dies before the client has ever made a call to Service1.
  Afer env A is gone, client makes a call to Service1 which causes Envmgr
  B to
  seg fault.
  You should upgrade your node manager/env manager nodes to 2F4. The 2F2
  development and runtime clients are fully compatible with 2F4 servers.
  Kal Inman
  Andersen Windows
  From: Inho Choi[SMTP:[email protected]]
  Sent: Monday, April 21, 1997 2:04 AM
  To: [email protected]
  Subject: Accessing multiple Env from single Client-PC
  Hi, All!
  Is there anybody has any idea to access multiple environments from
  single client-PC? I have to have multiple environments because each
  environment resides geographically remote node and network bandwidth,
  reliability are not good enough to include all the systems into single
  environment.
  Using Control Panel for doing this is not easy for those who are not
  familiar with Windows. The end-user tend to use just single application
  to access all necessary services.
  I could consider two option to doing this:
  1. Make some DOS batch command file to switch different environment
  like, copying back/forward between environment repositories and
  set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
  proper client partition(ftexec).
  2. Duplicate necessary services among each environment.
  But, these two options have many drawbacks in terms of system
  management(option 1), performance(option 2) and others.
  Has anybody good idea to implement this? Any suggestion would be
  appreciated.
  Inho Choi, Daou Tech., Inc.
  email: [email protected]
  phone: +82-2-3450-4696

• Accessing multiple Env from single Client-PC

  Hi, All!
  Is there anybody has any idea to access multiple environments from
  single client-PC? I have to have multiple environments because each
  environment resides geographically remote node and network bandwidth,
  reliability are not good enough to include all the systems into single
  environment.
  Using Control Panel for doing this is not easy for those who are not
  familiar with Windows. The end-user tend to use just single application
  to access all necessary services.
  I could consider two option to doing this:
  1. Make some DOS batch command file to switch different environment
  like, copying back/forward between environment repositories and
  set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
  proper client partition(ftexec).
  2. Duplicate necessary services among each environment.
  But, these two options have many drawbacks in terms of system
  management(option 1), performance(option 2) and others.
  Has anybody good idea to implement this? Any suggestion would be
  appreciated.
  Inho Choi, Daou Tech., Inc.
  email: [email protected]
  phone: +82-2-3450-4696

  Hi, All!
  Is there anybody has any idea to access multiple environments from
  single client-PC? I have to have multiple environments because each
  environment resides geographically remote node and network bandwidth,
  reliability are not good enough to include all the systems into single
  environment.
  Using Control Panel for doing this is not easy for those who are not
  familiar with Windows. The end-user tend to use just single application
  to access all necessary services.
  I could consider two option to doing this:
  1. Make some DOS batch command file to switch different environment
  like, copying back/forward between environment repositories and
  set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
  proper client partition(ftexec).
  2. Duplicate necessary services among each environment.
  But, these two options have many drawbacks in terms of system
  management(option 1), performance(option 2) and others.
  Has anybody good idea to implement this? Any suggestion would be
  appreciated.
  Inho Choi, Daou Tech., Inc.
  email: [email protected]
  phone: +82-2-3450-4696

• Single Client Access Name for Weblogic Forms and Reports.

  I have a 2 node clustered system:
  Windows 2008 R2 64-bit
  Weblogic 10.3.3 (on each node)
  Weblogic Forms and Reports 11.1.1.3 (on each node)
  Database 11gR2 RAC 11.2.0.1 (on each node)
  The forms and reports are clustered and I can connect to each from each of the two servers and the cluster is working well.
  The database uses Single Client Access Name (SCAN) to present the database as if it were one server called dbserver1.
  I was wondering if there was a similar thing for Weblogic and what everyone else uses to present their application as a single name to the user.
  I tried using Windows Network Load Balancing, but this stops the database scan listeners from working.
  Thanks.

  Dear,
  Did you find an answer to your question back in 2009?
  We are facing the same installation architecture, but we do not find any concrete information regarding SCAN with Oracle Forms 11g
  Geert

• Exchange 2013 DAG / client access

  Hello
  I'm in the planning of a new Exchange 2013 infrastructure. The infrastructure will be located in a datacenter and should host about 1000 mailboxes. I have read many whitepapers and tutorials, but some things are still unclear to me.
  - Microsoft suggests multi-role servers for this amount of users because client access is no more than a reverse proxy in EX2013. Is this correct? I've read that one users with 200 mails/day needs 8.5 MCycles with only DB and 10.63 MCycles with DB and CAS
  on the same server. So I plan to start with 2 multi-role servers in a DAG. What's your oppinion on this?
  - Client connections: I assume the clients connect to the cluster IP of the DAG. How do they get directed to the server on which their database is online? Does each server need to have the cluster IP and a public IP to which the clients connect?
  - SMTP: As I understand the documentation, mails are sent from the server which the user is active on. (Which makes sense for high availability.) What is best practice regarding the protocol logs? Do the support employees need to search in the files on 2
  servers?
  Thank you very much for your input!

  Hi
  I would use the firewall for load balancing unless there is a technical reason why this is not possible.  NLB is not recommended as it is not service aware - you cannot configure a probe to test OWA is working for example - so if you already have something
  better that would be my choice.
  In the choice between IIS ARR and NLB or CAS and NLB I would go for IIS ARR as this reduces you license costs, but neither of these is better than the appliance/firewall option.
  I've never used NLB for load balancing other than on TMGs so I cannot say what the performance is like behind a firewall, in theory your assumption would be correct.
  The load balancer doesn't make this decision it just spreads the load between the active servers, the CAS role connects the use session to the correct mailbox server:
  http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
  Steve

• Difference bewteen Single Client Access Name (SCAN) & Grid Naming Service

  Hi ,
  Whats the difference bewteen Single Client Access Name (SCAN) & Grid Naming Service in 11g RAC R2?
  Regards,
  Stephen

  Hi Stephen,
  There is a very good document about it (http://www.oracle.com/technetwork/products/clustering/overview/scan-129069.pdf).
  Best regards,
  Gennady

• Urgent Help / suggestion Needed - DAG in Differnt Site - Implementaion

  Hi All
  Current setup of my lab is below - 
  MAIN SITE - Named Head Office
  Root Domain Controller : IP 172.29.154.1 / 255.255.0.0 
  Two node DAG : - Mailbox servers - DAG NAME - DAG1
  Casarray (casaarray1 , and casarray2) servers
  One hub transport server 
  Total 6 VM servers are running in the head office site
  Created a new AD site for name Branch Office and installed a addition domain controller with IP of 10.10.10.1/255.0.0.0
  Now i would like to implement the DAG between the sites .
  how can i implement, i mean what are the best ways to implement the DAG between two sites
  1. shall i go for  typical installation of exchange (CAS, HUB , MAILBOX ) 2010 in main office and Branch office . will it support DAG between two sites for typical installation?
  2. shall i install one more Mailbox server alone in MAIN SITE and install CAS and hub in one server and mailbox alone in the branch office site? i mean -  two Mailbox servers in each site 
  any other best ways other than above two points , the main intention is to implementing, testing and learning the site resilience between the sites and want to know the stuffs in and around DAC
  Thanks in advance

  so, i was assuming that i will add one mbx server in main site and another mbx server in branch site and make it HA via DAG --- is it possible
  Next option
  i can go for  typical installation of ( CAS , HUB MBX server (all three in  in one server) in main site and another three server roles (aal in one server) of Branch  office and make the mailbox for HA -- will it possible
  how can i achieve the HA with my current setup between the sites 
  If your bandwidth and  latency between sites  you
  can have  HA for mailbox databases by adding a mailbox server as a member in the current DAG. DAG will
  give you only HA for mailbox not HUB/CAS. 
  After you installed the Mailbox role on the branch server, You have to set autodiscover site affinity.
  http://technet.microsoft.com/en-us/library/aa998575(v=exchg.141).aspx
   It is little bit complicated if you want HA over 2 sites, It depends on the bandwidth and latency between sites. If
  you install all the 3 roles  and configure the branch site as part of the main branch ADsite you can have highly availability for CAS by a load balancer and this is not a small change. i.e. add the branch server to the Main office CAS
  Array and load balance. 
  http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/EXL401
  If the branch site is not Internet facing, Please check this. 
  http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
  adding an MBX/HUB/CAS in your branch office and buy a hardware load balancer of your budget. List
  of MS supported HLBs here.  Configure the load balancer to according to your bandwidth and latency
  between sites.
  Thanks, MAS
  Please mark as helpful if you find my comment helpful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.
  Couple of comments please!
  Autodiscover sitescope is a function of CAS not mailbox.  This is written into AD when the CAS role is installed.
  Why are you splitting all the roles out like this?  The recommendation in 2010 and 2013 is to multirole whenever possible.  There are valid reasons for splitting, I just want to know what's driving you to this. 
  The preferred DC switch is just for the current PowerShell session IIRC.  I'll check up on that though.
  I'd ask you to look at the design examples on TechNet
  http://technet.microsoft.com/en-us/library/dd979781(v=exchg.141).aspx
  In all of this, you have to consider what the impact of a failed WAN link(s) will do.  If you have a single DAG spanning both locations, and the WAN goes down then in the case of a single DAG spanned between both of the sites some users will not have
  access to a local mailbox server.  The cluster service terminates and so does the Exchange store.  That is by design. 
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• [Fwd: Client accessing MBeanHome for more than one domain receives SecurityException]

  Fwd'ing to security newsgroup
  -------- Original Message --------
  Subject: Client accessing MBeanHome for more than one domain receives
  SecurityException
  Date: 4 Mar 2004 07:27:33 -0800
  From: Dinesh Bhat <[email protected]>
  Reply-To: Dinesh Bhat <[email protected]>
  Organization: BEA NEWS SITE
  Newsgroups: weblogic.developer.interest.management
  Hi,
  When a client accesses MBeans of more than one domains (Weblogic 8.1)
  that have
  different passwords, it receives a SecurityException. This occurs when
  the MBeanHome
  for each domain is looked up at initialization and reused for each
  request ( to
  access MBeans ). The security exception does not occur if the MBeanHome
  for each
  domain is looked up for each request. On initial review, this behavoir
  seems inconsistent.
  Looking up the MBeanHome for each request may introduce a significant
  overhead.
  I am not sure if concurrent lookups would also cause the same problem.
  I have read on another post that we can work around this problem by
  establishing
  a trust relationship between the servers, but this may not be feasible
  when one
  is monitoring a lot of servers and the overhead of configuration may be
  an issue.
  I have attached code that can reproduce the problem.
  Please advise on the correct approach.
  Thanks
  Dinesh Bhat
  Panacya Inc.
  import java.util.ArrayList;
  import java.util.Set;
  import java.util.HashMap;
  import java.util.Iterator;
  import java.util.Hashtable;
  import javax.management.MBeanServer;
  import javax.naming.Context;
  import weblogic.jndi.Environment;
  import weblogic.management.MBeanHome;
  * This class reproduces the Security Exception that is caused when a client tries to access
  * MBeans of more than one domain with different weblogic passwords. Here is the stacktrace of the
  * exception
  * java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
       at weblogic.rjvm.BasicOutboundRequest.sendReceive(BasicOutboundRequest.java:108)
       at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:138)
       at weblogic.management.internal.AdminMBeanHomeImpl_811_WLStub.getDomainName(Unknown Source)
       at WLSecurityTest.getWeblogicInfo(WLSecurityTest.java:140)
       at WLSecurityTest.runTest(WLSecurityTest.java:75)
       at WLSecurityTest.<init>(WLSecurityTest.java:66)
       at WLSecurityTest.main(WLSecurityTest.java:51)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.intellij.rt.execution.application.AppMain.main(Unknown Source)
  Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
       at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:682)
       at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:181)
       at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:814)
       at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:299)
       at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:920)
       at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:841)
       at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:222)
       at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:794)
       at weblogic.rjvm.t3.T3JVMConnection.dispatch(T3JVMConnection.java:570)
       at weblogic.socket.NTSocketMuxer.processSockets(NTSocketMuxer.java:105)
       at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:32)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
  * Note: the exception is caused only when the MBeanHome for each domain is cached and used for subsequent
  * transactions. The exception does not occur if the MBeanHome for each domain is looked up for each transaction. This
  * would significant overhead in practice. Also the transactions across the various domains occurs serially, hence
  * the effect of concurrent lookups has to be tested.
  * Usage:
  * This class has been tested with weblogic 8.1
  * The class needs weblogic.jar in its classpath
  * One can specify the weblogic details as System properties. The properties need to be specified in
  * the following format:
  * wls.host.n, wls.userId.n, wls.password.n where n is the weblogix instance number. Also specify
  * the boolean system property reconnect.each.iteration to toggle between reconnecting or not reconnecting
  * for each iteration. When not reconnecting for each iteration, the MBeanHome is reused and the Security Exception
  * occurs.
  * Following is the example of system properties
  * -Dwls.host.0=localhost:7001 -Dwls.userId.0=weblogic -Dwls.password.0=weblogic
  * -Dwls.host.1=localhost:7011 -Dwls.userId.1=weblogic -Dwls.password.1=weblogic1
  * -Dwls.host.2=localhost:7021 -Dwls.userId.2=weblogic -Dwls.password.2=weblogic2
  * -Dreconnect.each.iteration=false
  public class WLSecurityTest
  ArrayList wlsDetailsList = new ArrayList();
  HashMap connectionMap = new HashMap();
  public static void main(String[] args)
  try
  WLSecurityTest wlSecurityTest = new WLSecurityTest();
  catch (Exception e)
  e.printStackTrace();
  * Constructor
  * @throws Exception
  public WLSecurityTest() throws Exception
  int noOfTries = 10;
  getWLSDetails();
  for( int i=0; i <= noOfTries; i++)
  runTest();
  * Runs the test
  private void runTest()
  for (int i = 0; i < wlsDetailsList.size(); i++)
  WLSDetails wlsDetails = (WLSDetails) wlsDetailsList.get(i);
  getWeblogicInfo(wlsDetails);
  * Get Weblogic details from System properties
  * @throws Exception
  private void getWLSDetails() throws Exception
  wlsDetailsList = new ArrayList();
  String hostKeyTmpl = "wls.host";
  String userIdKeyTmpl = "wls.userId";
  String passwordKeyTmpl = "wls.password";
  boolean done = false;
  for (int i = 0; !done; i++)
  WLSDetails wlsDetails = new WLSDetails();
  String hostKey = hostKeyTmpl + "." + Integer.toString(i);
  String userIdKey = userIdKeyTmpl + "." + Integer.toString(i);
  String passwordKey = passwordKeyTmpl + "." + Integer.toString(i);
  wlsDetails.hostName = System.getProperty(hostKey);
  done = (wlsDetails.hostName == null) || (wlsDetails.hostName.length() == 0);
  if (!done)
  wlsDetails.userId = System.getProperty(userIdKey);
  wlsDetails.password = System.getProperty(passwordKey);
  connect(wlsDetails);
  wlsDetailsList.add(wlsDetails);
  * Lookup the MBeanHome for the specified weblogic server
  * @param wlsDetails
  * @throws Exception
  public synchronized void connect(WLSecurityTest.WLSDetails wlsDetails) throws Exception
  Context ctx = null;
  MBeanHome mbHomeLocal = null;
  try
  Environment env = new Environment();
  env.setProviderUrl("t3://" + wlsDetails.hostName);
  env.setSecurityPrincipal(wlsDetails.userId);
  env.setSecurityCredentials(wlsDetails.password);
  Hashtable hashtable = env.getProperties();
  System.out.println(hashtable.toString());
  ctx = env.getInitialContext();
  wlsDetails._mBeanHome = (MBeanHome) ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
  catch (Exception e)
  e.printStackTrace();
  * Gets weblogic information using MBeans
  * @param wlsDetails
  public synchronized void getWeblogicInfo(WLSDetails wlsDetails)
  try
  boolean reconnectEachIteration =
  Boolean.getBoolean("reconnect.each.iteration");
  if( (reconnectEachIteration) || ((wlsDetails._mBeanHome == null) && (!reconnectEachIteration) ))
  connect(wlsDetails);
  MBeanHome mbHomeLocal = wlsDetails._mBeanHome;
  String domainName = mbHomeLocal.getDomainName();
  Set allMBeans = mbHomeLocal.getAllMBeans();
  System.out.println("Size: " + allMBeans.size());
  Set clusterMBeans = mbHomeLocal.getMBeansByType("Cluster", domainName);
  System.out.println(clusterMBeans);
  MBeanServer mBeanServer = mbHomeLocal.getMBeanServer();
  catch (Exception ex)
  ex.printStackTrace();
  * Class that holds weblogic server details
  class WLSDetails
  String hostName = "";
  String userId = "";
  String password = "";
  MBeanHome _mBeanHome = null;

  If Server version is 61.
  Make user "system" password of all weblogic servers same.
  If Server version above 61(70,81)
  In the Security Advanced Settings un check generated credential and specify a common credentail for all the weblogic servers(domains).

• No new mail notification in Outlook - CAS Exchange RPC Client Access problem

  Hi, we're facing this problem:
  Users start complaining they suddenly don’t receive new mail notifications in Outlook (2010/2013)  anymore
  Inbox does not show the new mail either
  When the user changes folders in outlook, the new mail does show in the Inbox folder
  Restarting Outlook shows the new mail as well.
  The same new e-mail arrives instantly (with notifications) in Owa and on mobile devices
  Sometimes the new mail notification pops up after a longer period of time (from 30 seconds to 10 minutes). But more often not at all.
  This issue seems to occur at random. We’ve been problem free for a week, and sometimes it comes back three times a day.
  Clients running Outlook 2010, 2013 cached or online, on site and off site. So it seems server related, not client.
  It was seen first around January 8th. We did not make any changes around that time that we can link to this problem.
  Only one CAS server (EXCH1-RTD) shows this issue. CAS servers on other sites are ok
  EXCH1-RTD has CAS and HUB transport roles. The same site has two mailbox only servers. EXCH2-RTD (mailbox server for normal mailboxes). And EXCH3-RTD (mailbox server for archive mailboxes)
  No entries in the event logs that seems to be related
  As the problem only occurs with Outlook clients, I suspected RPC issues. We cannot gracefully stop the “Microsoft Exchange RPC Client Access” service on EXCH1-RTD  while the issue occurs. We
  can only kill the process and restart the service, solving the issue instantly.
  What we’ve tried until now:
  Updated all Exchange servers from Exchange 2010 SP3 RU6 to RU8-v2 (server OS=W2K8R2)
  Updated all Exchange servers  to latest critical Windows updates
  Recalculated requirements using MS Sizing tool.  Upgraded EXCH1-RTD  VM from 8GB and 2 vCPU (1 core/cpu) to 16GB
  and 4vCPU (1 core/cpu)
  Ran various perfmon counters and compared them with other Exchange servers, not finding any obvious anomalies.
  Any ideas would be greatly appreciated!
  Ron

  Hi Ron,
  From your description, OWA works well, the issue is related to Outlook side. In your case, I recommend you use Outlook safe mode to determine whether the issue is related to add-ins. If the issue persists, you can create a new profile to check the result.
  Hope this can be helpful to you.
  Best regards,
  Amy Wang
  TechNet Community Support

• Ask the Expert: Single-Site and Multisite FlexPod Infrastructure

  With Haseeb Niazi and Chris O'Brien 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about Single-Site and Multisite FlexPod Infrastructure with experts Haseeb Niazi and Chris O'Brien.
  This is a continuation of the live webcast.
  FlexPod is a predesigned and prevalidated base data center configuration built on Cisco Unified Computing System, Cisco Nexus data center switches, NetApp FAS storage components, and a number of software infrastructure options supporting a range of IT initiatives. FlexPod is the result of deep technology collaboration between Cisco and NetApp, leading to the creation of an integrated, tested, and validated data center platform that has been thoroughly documented in a best practices design guide. In many cases, the availability of Cisco Validated Design guides has reduced the time to deployment of mission-critical applications by 30 percent.
  The FlexPod portfolio includes a number of validated design options that can be deployed in a single site to support both physical and virtual workloads or across metro sites for supporting high availability and disaster avoidance. This session covers various design options available to customers and partners, including the latest MetroCluster FlexPod design to support a VMware Metro Storage Cluster (vMSC) configuration.
  Haseeb Niazi is a technical marketing engineer in the Data Center Group specializing in security and data center technologies. His areas of expertise also include VPN and security, the Cisco Nexus product line, and FlexPod. Prior to joining the Data Center Group, he worked as a technical leader in the Solution Development Unit and as a solutions architect in Advanced Services. Haseeb holds a master of science degree in computer engineering from the University of Southern California. He’s CCIE certified (number 7848) and has 14 years of industry experience.   
  Chris O'Brien is a technical marketing manager with Cisco’s Computing Systems Product Group.  He is currently focused on developing infrastructure best practices and solutions that are designed, tested, and documented to facilitate and improve customer deployments. Previously, O'Brien was an application developer and has worked in the IT industry for more than 20 years.
  Remember to use the rating system to let Haseeb and Chris know if you have received an adequate response. 
  Because of the volume expected during this event, Haseeb and Chris might not be able to answer every question. Remember that you can continue the conversation in the Data Center community, subcommunity Unified Computing shortly after the event. This event lasts through September 27, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
  Webcast related links:
  Single-Site and Multisite FlexPod Infrastructure - Slides from live webcast
  Single-Site and Multisite FlexPod Infrastructure: FAQ from live webcast
  Single-Site and Multisite FlexPod Infrastructure - Video from live webcast

  I would suggest you read this white paper which details the pros and cons of direct connect storage. 
  http://www.cisco.com/en/US/partner/prod/collateral/ps10265/ps10276/whitepaper_c11-702584.html   This paper captures all the major design points for Ethernet and FC  protocols.
  I would only add that in FlexPod we are trying to create a highly  available solution and "flexible" solution; Nexus switching helps us  deliver on both with vPC and unified ports.
  NPV equats  to end-host mode which allows the system to present all of the servers  as N ports to the external fabric.  In this mode, the vHBAs are pinned  to the egress interfaces of the fabric interconnects.  This pinning  removes the potential of loops in the SAN fabric.  Host based multipathing of the  vHBAs account for potential uplink failures.  The NPV mode (end-host  mode) simplifies the attachment of UCS into the SAN fabric and that is  why it is in NPV mode by default.
  So for your last question, I will have to put my  Product Manager hat on so bear with me.   First off there is no drawback  to enabling the NPIV feature (none that I am aware of) the Nexus 5000  platform simply offers you a choice to design and support multiple FC  initiators (N-Ports) per F-Port via NPIV.  This allows for the  integration of the FI end-host mode described above.  I  imagine being a  unfied access layer switch, the Nexus team enabled standard Fibre  Channel switching capability and features first.  The implementatin of  NPIV is a customer choice based on their specific access layer  requirements.
  /Chris