varous clients randomly unable to connect to ex2k7
I am having wierd random issues happen. Thank you for your time and any help you may give me. Scenario: We have a corporate office hosting 3 exchange 2k7 sp1 rollup 4 servers. A mailbox, hub transport, client access server. We have 17 branch offices and all email is hosted at the corporate headquarters and outlook connects using a dns entry - mail.domain.com which points to our mailbox server. I have rpc over https configured, but not rolled out yet. 99% of our users are connecting using whatever outlook uses by default - outlook 2003 sp3. Issue: Randomly, users from a site will lose connectivity to exchange within their outlook clients. I'll be speaking with a user and their outlook will read 'disconnected' and the person next to them will be 'connected' and the two people next to that person wont be connected. I have yet been able to put any logic to why some people can connect and some can't and what causes it. Even more strange, just as randomly as the issue starts - it 'fixes' itself. A couple hours later and no one is having issues. Might be a couple days before others start to have the smae problem and it might be the same branch office and it might be a different branch office - once again - no logic to the problem. Can anyone help me in where to start trying to troubleshoot this issue? One thing I have done is if users are having issues - if I change their outlook to use outlook over hhtps, then it goes into a connected state. ONce i remove the outlook over https settings, its back to disocnnected. Not using outlook over https is how 99% of the company connects to email and has been working flawlessly up until the past couple of weeks. I did find an article describing a possibility in maxing out tcp connections - not sure if that is related - still researching. We have 1650 maiboxes on a server with 16GB of RAM. Is it possible our server has too many connections and therefore some timeout? Oh yea - the send/receive error is this: Task 'Microsoft Exchange Server' reported error (0x8004011D) : 'The server is not available. Contact your administrator if this condition persists.' If I figure anything out i'll post. Thanks again for your help. Zach Zach Smith
July 8th, 2010 6:34pm

Any reason you are so out of date on updates? Exchange 2007 SP2 has been around for some time, and Exchange 2007 SP3 has now been released. Are your network card drivers up to date? They should be dated at least 2008, preferably later. Network connectivity is certainly where I would be looking as the cause of the problem. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2010 7:51pm

Drivers are dated 1/2008. I checked for updates and did not find any. I have not upgraded because I have 1600+ mailboxes for the entire organization. Everything has been working great up until now. I am not opposed to upgrading, however I need everything working before I upgraded. Since it has been working for a couple of years now at this SP / patch level, it should again. I will then upgrade if deemed necessary. Thanks for the reply. I have opened a ticket with Microsoft. Will report when have more info. ZachZach Smith
July 8th, 2010 9:52pm

In this security environment, the "ain't broke don't fix it" as a support method isn't really valid. If the server is exposed to the Internet then you are exposed to vulnerabilities that are in the product that were fixed by an update. As soon as Microsoft release an update the bad guys attempt to reverse engineer it so that they can try and compromise the product. The Exchange 2007 updates have been rock solid and I would encourage you to keep things as up to date as possible. I have a client with in excess of 5,000 mailboxes and that is maintained at current or at most current minus one on patch level. It wouldn't surprise me if Microsoft support suggest something very similar. Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
July 8th, 2010 10:04pm

While talking with Microsoft support, the issue 'fixed' itself. I will have to wait until the next time there is a problem and will resume where we left off. This should be within the next few business days. If anyone has any information or other troubleshooting ideas, please let me know. ZachZach Smith
July 9th, 2010 12:37am

Hi ZachSmith, What operation did you do, As Sembee, it is a good habit to upgrade the exchange server for the latest update. Sometimes the network not stable issue also could cause the random problem. Regards! Gavin
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 2:20pm

I should not have to upgrade my exchange to sp2 or any other rollup to fix this issue. Everything has been working fine and now these intermitant issues. I would prefer to have my exchange in a stable environment before applying any patches/sp's. One thing that is interesting - If I attempt to create a new outlook profile while this is going on, outlook gives me an error message of "outlook could not log on. CHeck to make sure you are connected to the network and are using the proper server and mailbox name. The conection to the microsoft exchange server is unavailable. outlook must be online or connected to complete this action." However, If I use the domain controller of the site having the issues as the exchange server instead of using my mailbox server, it will resolve my name, but when I hit finish to complete the profile creation, it will then not be able to connect and prompt me with a 'retry, work offline, cancel' options. Thanks again for the help ZachZach Smith
July 13th, 2010 3:38pm

Also - it is my understanding that in exchange 2007 - If i set up a DNS entry - mail.domain.com - this should point to my mailbox server - can you confirm/deny this information. Also, I used from command line from affected site - telnet 'hub transport server' 25 and was able to successfully send email this way. Outlook still is a no go unless I use rpc over https. I would like to fix this without having to use rpc over https. thanks again for the help. ZachZach Smith
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 3:45pm

One more question - From my exchange admin console - under Server Configuration - Hub Transport - right-click server name - properties - system settings tab. This displays "Domain controller servers being used by Exchange" and "Global catalog servers being used by Exchange" My exchange servers are only located at the corp office. Everyone at branch offices does email over the WAN - we have the bandwidth to support this. Now, the only DC and GC listed are the servers at the corporate 'site' in AD. None of the other DC, GC at the other sites are in the list. My exchange is NOT installed on a DC. How can I add servers, assuming I need to, in this list. I'm under the impression that we should have a DC/GC from each AD site in this list. Thanks for the help ZachZach Smith
July 13th, 2010 3:55pm

I have seen similar problems before and have found several contributing factors. One thing to keep in mind is how deeply Exchange is embedded into AD, and often such connectivity issues are a DC problem and NOT the Exchange server. That DC issue can be the DC's in the site the Exchange server is using or at the remote site the users are authenticated by. In my trouble shooting processes I have had users use the connection status in Outlook 2007. this is available when you hold the "Ctrl" key and right clich on the system try Icon for Outlook. In there it will report what servers the client is connected to. I have seen other issues with Outlook 2003/2007 and Exchange 2007 when Outlook is in Cached mode. The Domain controllers used by your Exchange server are simply those GC's located in the Exchange Servers AD site. Microsoft actually recommends having dedicated DC's/GC's in a dedicated Subnet/site for performance enhancements. Anyway the list of DC's is automatic based on site membership in AD. Also the preliminary processes in running setup for Exchange 2007 include checking for prerequisites like DNS and Domain and forest prep. It's not a bad idea to re-run these to double check things, and lastly, use MEBPA as this will do extensive reviews of many aspects of your Exchange environment. Good Luck!
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 7:50pm

Dan, Thanks for the reply. My ticket with microsoft is still open and I am now being referred to an AD engineer for the following reason. (is this normal). We have 13 sites. The site affected right now has one domain controller. The corporate site (where exchange servers are) has 3 DCs. ALL DC's in domain (single domain, single forest 2003 native) are also GC servers. The affected site is being replicated to corpdc00. corpdc02 hosts all 5 fsmo roles. When using repadin to run the below: repadmin /replicate 'affected_site_dc'.domain.com corpdc[00, 01, 02].domain.com dc=domain,dc=com, I get failures for two of the corp domain controllers and success for one. 00,02 fail, 01 succeed. The error is "DsReplicaSync() failed with status 8452 (0x2104): The naming context is in the process of being removed or is not replicted from the specified server. I'm thinking this is by design. The exchange engineer at Microsoft is referring this error message to an AD engineer for my issues. I will keep looking into the possibility of this being an AD issue and post back any findings. Thanks again. ZachZach Smith
July 13th, 2010 8:02pm

On Tue, 13 Jul 2010 17:02:18 +0000, ZachSmith wrote: >Thanks for the reply. My ticket with microsoft is still open and I am now being referred to an AD engineer for the following reason. (is this normal). It is if the problem is related to the AD and Exchange. >We have 13 sites. The site affected right now has one domain controller. The corporate site (where exchange servers are) has 3 DCs. ALL DC's in domain (single domain, single forest 2003 native) are also GC servers. The affected site is being replicated to corpdc00. corpdc02 hosts all 5 fsmo roles. When using repadin to run the below: > >repadmin /replicate 'affected_site_dc'.domain.com corpdc[00, 01, 02].domain.com dc=domain,dc=com, I get failures for two of the corp domain controllers and success for one. 00,02 fail, 01 succeed. The error is "DsReplicaSync() failed with status 8452 (0x2104): The naming context is in the process of being removed or is not replicted from the specified server. > >I'm thinking this is by design. The exchange engineer at Microsoft is referring this error message to an AD engineer for my issues. I will keep looking into the possibility of this being an AD issue and post back any findings. In the meantime, you can try forcing an Outlook client to use a specific GC (or the closest, network-wise) with a minor registry change: http://support.microsoft.com/kb/319206 If your problem goes away when you stop using whatever GC it is that's having the problem then you can be pretty sure the problem is with the AD. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 11:49pm

Thanks for the reply. When this issue comes up again (it 'went away by itself' again already today) then i'll try that. Unfortunately, this crops up every couple of days for about 4-6 hours. I have no indication of why it comes/goes. PRobably be a day or so and i'll try your suggestion to see if that helps. Thanks again. ZachZach Smith
July 13th, 2010 11:52pm

Hi Zach Smith, Any new update for your issue? Regards! Gavin
Free Windows Admin Tool Kit Click here and download it now
July 17th, 2010 5:33am

I had the issue happen a few days ago - July 14 or 13. Worked with Exchange engineer, he then referred me to a ActiveDirectory engineer to look at DC replication. No issues were found and by the time the Exchange engineer called me back the issue had 'fixed itself' again. I did (yesterday) upgrade the hub transport and client access servers OS from SP1 to SP2. Doubt this will fix anything - it was a recommendation from Microsoft to do this. When the issue happens again, they are going to refer me to one of their networking engineers. What I don't understand is the following: -Outlook will work if profile is setup using rpc over https -Outlook will not resolve a mailbox name using default method (mapi i believe?) -Outlook will resolve a mailbox name is using domain controller as mailbox server, but will not connect to the exchange server to download email. So, there has to be some good information in that. How exactly does outlook authenticate using default methods? Can anyone shed some light on why outlook will resolve a mailbox if using a domain controller as the mailbox server, but won't resolve anything if I input the mailbox server? What is different betweeen the authentication methods of the default vs rpc over https? Thanks for the help. ZachZach Smith
July 19th, 2010 3:59pm

I believe I have the next step in this process. Here is a little bit more detail about our environment. We used to run Exchange 2003. The - then-exchange-engineer (this has now become me) decided to build 3 new exchange 2007 servers into our existing exchangee 2003 organization. We built a mailbox, hub transport, and client access server. I now have all mailboxes migrated over to the exchange 2007 server and I believe anything else running off of our exchange 2003 environment migrated to the exchange 2007 server. I believe what I need to do is remove all of the exchange 2003 servers from the exchange organization. The server that is the 'first' exchange server will eventually be decommissioned. Do I need to set our new mailbox server as the 'first' server in an exchange organization? Do I need to do anything at all other than uninstall the exchange software from each exchange 2003 server? Thanks for the help. ZachZach Smith
Free Windows Admin Tool Kit Click here and download it now
July 19th, 2010 9:07pm

Update on this issue. This morning, a terminal server and thin clients on that terminal server could not get email via outlook. The exchange server was unable to ping the terminal server. I could ping the terminal server from the switch the server is connected to and from every client I tested. I could only NOT ping the terminal server from the exchange server. Clearing the arp cache on the terminal server resolved the issue. This exact scenario happened 1 day last week as well. So, any ideas on his? Why does the apr cache appear to get corrupt? Next time I will look at the arp cache before clearing it to see what mac it is using for that ip address. I have this issue with a terminal server here as well - it can't ping printers on that server, but I can ping them from my desktop - clearing the arp cache on the TS resolves the issue. Any help is greatly apreciated. ZachZach Smith
July 26th, 2010 5:10pm

ISsue occurred again. Deleting the arp cache on the mailbox server resolves the issue immediately. I have a question open on a different forum about this as an arp issue may be out of the scope of this forum. I'll post any important information I get from that here. Below is a link to that question. http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/ddc528e5-5e74-454e-bf40-0cb762dd79dd Zach Smith
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2010 9:39pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics