Have had Exchange 2013 running on a Virtual machine for a couple of months now without issues other than some serious throttling issues we bypassed exchange and resolved.

I installed a second Exchange 2013 server on a physical server and Created an active passive DAG on Sunday the 18th.  Everything tested as far as email flowing inbound and outbound, both plain text and through our ZIX server.

On Thursday the 23rd, everyone in the company received a certificate warning when logging into outlook any versin.

At the same time, noticed that any job from any of our 4 job servers that had email tasks going through the exchange server also failed with the following error.

Source: Send Duplicate Attempt Send Mail Task     Description: An error occurred with the following error message: "Service not available, closing transmission channel. The server response was: 4.3.2 Service not available".

We drained the Physical Exchange server queues and powered it down, no more certificate errors, and no more jobs failing.

Not sure where to begin looking.

• Edited by timwtaylor Wednesday, July 29, 2015 4:16 PM

Hi rimwtaylor,

Thank you for your question.

By the error, we suggest you do the following steps to check if the issue persist:

1.        Login Exchange server and choose default receive connector
2.        In Remote Network Setting, add IP address of other Exchange server
3.        Click Save
4.        The same step should be done on the other Exchange server

When you deploy the second Exchange server, you should deploy certificate ono it, then rebuild the outlook profile to check if there is still certificate warning. If the issue persist, you could post certificate warning for our troubleshooting.

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

Hi Tim,

As said by other the 2nd exchange server would have a self-signed certificate when installed, this wouldn't be trusted by your clients and hence the error\warning popups.

You should assign valid trusted certificate to the server. If you want loadbalancing you can use the same existing SAN certifcate.

One more thing when you are installing deploying new servers to production. It is best to have them a different subnet IP so that it belongs to a separate site altogether(Create one if you don't have one) and hence wouldn't interfere with your clients and no popups.

Once tested and functional, change the IP and its back into your production mix.

Hello

Please check the certificate and which pop up in warning. Check the exchange certificates installed on exchange server using Get-ExchangeCertificate command.

Verify that the proper certificate is installed on the new server with valid date.

Hi Tim,

You are correct you need the private key to be exportable. However you don't need to use GPO to deploy it. Ideally you should use the EAC to generate and import the certificates to exchange and not use IIS directly.