I have a two-node DAG with FSW that is configured for co-existence with a single Exchange 2007 Server that has mailbox, hub, and CAS roles installed.  Each Exchange 2013 mailbox server has the CAS role installed. The Exchange 2013 servers are in the same AD site but on different subnets.

When both mailbox servers are up and running I can log into the EAC on either server and administer the environment.  If I shut down either DAG member and try to log into the EAC on the remaining node, I am presented with the EAC logon screen and asked for credentials.  When I enter my credentials and press enter it just seems to hang forever at a blank screen.

If I open the Exchange Management Shell on the remaining member and do a get-DatabaseAvailabilityGroup -Status | Fl I can see the DAG is up and the mailbox database is mounted.

I haven't had time to test connectivity to mailboxes with Outlook or via OWA but I plan to do that.

Any suggestions would be very much appreciated.

Jerome

Hi,

let's say you have the below settings :

• Servers : MBX1 & MBX2
• you have turned of MBX2.
• access url : https://mail.domain.com/ecp

have you tried https://mbx1.domain.com/ecp ?

Are you using a hardware load balancer? how mail.domain.com is being dealt with?

Hi,

Yes, I have used https://mbx1.domain.com/ecp with MBX2 shut down (as well https://mbx2.domain.com with MBX1 shut down).  They both produce the same result that after authentication the browser screen hangs.

No HW load balancer is being used.

Thanks.

Jerome

Can you have look on the application log an tell us if there is any relevant error/warning that is logged in the same time as the screen hangs?

Hi Joerome,

Thank you for your question.

When the member of DAG MBX2 down, we could use the following command to check if we could logon EAC:

https://mbx1.domain.com/ecp/?ExchClientVer=15

In addition, follow Amines advice to check application log, then send log to ibsexc@microsoft.com for our troubleshooting.

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,

Jim

Sorry if I didn't make this completely clear...

On each mailbox server there is a IE shortcut that points to the correct local URL

On MBX1 it is https://mbx1.domain.com/ecp/?ExchClientVer=15

On MBX2 it is https://mbx2.domain.com/ecp/?ExchClientVer=15

To repeat, the problem symptom is that with both DAG members up and running I can log into the EAC on either machine and administer the Exchange environment.  If either DAG member is shut down, when I log into the EAC on the remaining node I am presented with the logon screen and after supplying credentials the browser hangs.  I have tried with it IE and Firefox, from the local mailbox server and from a remote workstation.

I did check the application log several days ago and did not see any entries when I tried to log into the EAC in this scenario.  But I will check it again during the next availability window I have to work on the problem and will pass it along to the email address provided.  Probably this evening

Many thanks.

Jerome

Hi Jerome,

The account you are using to login, where the primary copy of the database resides in normal scenario.

Is it Ex2013 Mbx1 or Mbx2 or Ex2007.

Test this, under normal operations, do a switchover of the Databases, don't shutdown the DAG member, and check if it works. Also try with https://IPaddress/ecp during failed phase.

Also confirm if you have DNS round robin or WindowsNLB configured on th

Hi,

Can't do Windows NLB as both Exchange 2013 Mailbox servers in the DAG also have the CAS role installed.  Using DNS round robin for now but will be using a third party remote service to monitor and fail over DNS in production.

I did not try the EAC using the IP address but will do so during my next downtime window.

The location of the mailbox that I am using to log into the EAC is on a mailbox database in the Exchange 2013 DAG.  That database mounts on the remaining DAG member and the DAG status is good when one of the members is shut down.

I will have a testing window this evening and will run some additional checks and tests and then update the thread with all of the details.

Thanks again.

Jerome

Hi Jerome,

Thanks for the update, we will wait untill you finish the tests.

You can add one more, during the failover.

As the Admin account is on a DAG mailbox database. When failover occurs its DB would be mounted on the other DAG member.

Does https://domain.com/owa works under all conditions for the same account.

What happens when you are already login in mbx1/ecp and mbx2 goes down.

You should have a look at the IIS Logs, C:\inetpub\logs\LogFiles\

I could not reproduce the problem during last night's testing window.  I spent a couple of hours thoroughly testing mailbox access with OWA and Outlook with a downed node, and also access to the EAC on the remaining node.  I did that on both mailbox/CAS servers  I did not have any issues using the IP address, the hostname, localhost, or public name that the certificate uses.

The only change I made last night was to delete the default mailbox database on both mailbox servers as I forgot to do that.  These did not have any HA copies in the DAG and they held no user or arbitration mailboxes as I already moved them.  So it should not have mattered whether they were mounted or not.

There was nothing in the application log on either server that would suggest a problem with Exchange other than the typical cluster service entries when a DAG member goes down.

Thanks to all who responded.  If anyone has additional thoughts I'd love to read them.  I'm not a big fan of technical mysteries and wished I knew what caused the problem in the first place.  I will probably do another test or two on different nights before moving forward just to be sure.

Jerome