Hello Everyone,
Â
Would really appreciate if someone might be able to shed some light on this as I am a bit stumped.
We have 2 x Exchange (on prem) 2013 (cluster with witness failover which is online and working).
The following symptoms have been noted.
When we mount the DB on Server 1 and it acts as the holder of the cluster group, etc. everything seems to work fine in/out for mail flow. Outside staff can access OWA webmail, email on their corporate iPhone through IBM MAAS and even through a web browser on a web browser (we don’t have BYOD so those do not get MAAS suite client).
But when we mount the DB on Server 2 and it acts as the holder of the cluster group, etc. then after a few days the OWA (sometimes) and Web Browser access on Android (always) stop working.
Failing back to Server 1 fixes it right away.
Now we have (past 2 weeks) a new symptom in that some users (very few maybe 3-4 and both new and existing accounts) suddenly have issues with their profile loading in Outlook (it errors out) on some machines, but it works fine for others on the same machine. It struggles to resolve autodiscover Exchange name for the users that have the issue, but it can ping the exchange servers and DAG as well as resolve the name if direct IP is entered, but not connect. These users are (we have 2 DB) spread over both databases so no common factor. Failover (manual) to other server fixes it right away.
Then we started seeing some users having issues accessing shared calendars were they have the ability to make appointments. They can see the calendar but adding something is greyed out. Failover (manual) to other server fixes it for a while.
This morning when I tried to failover I got an error when making the DB active on the other server while I expand a disk. See below. It took several attempts (GUI), before it moved over, but it indicates healthy (on GUI and through Ex powershell) and all mail works in/out.
The only other issue that slightly (few weeks) predates these oddities is that we had an expired certificate on both Exchange servers, but even with it expired it was working perfectly since it was not the main GEO cert (external authority we bought). We removed the expired CERTS and got totally locked out of everything. Ex PowerShell and GUI on both servers. Eventually we realized that although the valid SSL (port 443) certs were present in IIS under default website bindings it was gone from the Exchange Backend bindings for https: (in our case port 444) on both servers. I can only assume when we removed the expired one it needed an adjustment to the SSL Cert and once we added that in the backend everything came back right away.
Â
I can’t seem to find a common thread to follow on this… any insights appreciated.
Â
Many thanks in advance for your time.
Â
Regards,
Â
Laszlo
Â
Laszlo Denes
Technical Analyst Servers
Information Systems
The Salvation Army Toronto Grace Health Centre
650 Church Street, Toronto, ON M4Y 2G5
f: 416-925-3211
Â
Â
Exceptional and compassionate care for all.
Â
Just an idea but maybe a good place to start would be with the latest Exchange health checker scripts?
Â
 https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/
Â
-Bonnie
Â
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com>
On Behalf Of Denes, Laszlo
Sent: Friday, January 27, 2023 5:03 AM
To: 'ntexc...@googlegroups.com' <ntexc...@googlegroups.com>
Cc: Denes, Laszlo <lde...@torontograce.org>
Subject: [ntexchange] Interesting Exchange 2013 U23 issue
Â
***EXTERNAL: This message is not from Mukilteo School District. Use caution responding to or opening attachments and links in this email.***
Â
Exceptional and compassionate care for all.
Â
________________________________________
NOTICE: This message, including any attachments, may contain privileged or confidential information and is intended for use only by the individual to whom it is specifically addressed (or those responsible for the delivery of the message to such person). Any
distribution, copying or disclosure is strictly prohibited without the written consent of the sender. If you are not the intended recipient or have received this message in error, please notify us by reply email and permanently delete the original transmission
from us. Thank you for your cooperation. If you have any questions about this message please contact the Information Systems Department, Salvation Army Toronto Grace Health Centre, 650 Church St., Toronto, ON M4Y 2G5. Phone: (416) 925-2251
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntexchange+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntexchange/5bffa083b50a487da70280aa63b51da7%40TGHVSEX2013PASS.torontograce.org.