OWA, OMA/ActiveSync breaks with decommissioned domain controller all sitting behind ISA 2006
We have a 2003 Exchange server that has been working for years with OWA and ActiveSync customers connecting flawlessly thru ISA. ISA and Exchange/IIS has self signed certificates created by our enterprise CA. Yesterday we decommissioned one of our legacy DC's, a 2003 server and now nobody outside the network can use any Exchange service. The ISA server reports "Description: ISA Server was unable to establish an SSL connection with mail2.ourdomain.com. No connection could be made because the target machine actively refused it. The failure is due to error: No connection could be made because the target machine actively refused it.". ISA is configured to use either of our 2 DC's for authentication and both are 2008R2 using 2003 functional level. The ssl certificate installed on ISA and Exchange/IIS both show a certificate status of "OK". One final note, the DC that was taken out of service was also functioning as a Certificate Authority. Does anybody have any idea what may have happened and how to resolve or further troubleshoot? On the internal network we can connect to OWA ok, but on the ISA server or from the Internet we get access denied, but the denial appears to come from Exchange.
April 27th, 2012 12:00pm

Are you sure Listener>Authentication Servers>LDAP/RADIUS/Whatever doesn't have the old servers listed? is your isa server joined to the domain? Mike Crowley | MVP My Blog -- Planet Technologies
Free Windows Admin Tool Kit Click here and download it now
April 27th, 2012 3:17pm

We found our issue. It was a bonehead mistake that had produced so many issues as we later discovered, that it made it interesting to diagnose. It turned out, the server that was demoted also had DNS and DHCP installed. DNS was Active Directory integrated. DHCP had DNS scope options for the server that was demoted. So DNS had no zones, and therefore any node using that demoted server for DNS resolution was failing all queries and resulted in all kinds of issues. The error message from ISA was a bit odd though and very misleading.
April 27th, 2012 4:10pm

Hello, Thanks for sharing the final solution with us. It's really appreciated. Thanks, Simon
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 7:07am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics