Problems after installing 2nd exchange server
-
Thursday, May 31, 2012 2:28 PM
We are running Exchange 2007 SP1 on both of our servers. Our primary mail server is here in the office. I installed a 2nd one at the co-location, which we're connected to via 100mbps VPN with no ports blocked. I installed the 2nd server with all defaults.
While testing mailboxes on the 2nd server, I noticed the following anomalies:
1. Mailboxes from our in-office stores cannot email mailboxes that are on the 2nd server. But the 2nd server's mailboxes can email our in-office stores just fine. I tried using the message tracking feature to see what happened to the emails, but it doesn't display them. It's as if the emails were never sent. I found the following forum post from someone having a similar issue on Exchange 2003, but I'm not sure if this would apply to me:
"Managed to solve the problem with help from people on the internet.
Problem was that I had a Smart Host on the SMTP Virtual Server of the 1st exchange server.
Had to remove the Smart Host from the SMTP Virtual Server. Then create an SMTP Connector in the Routing Groups. Set the 1st Exchsrvr as Local Bridgehead, and for Smart Host, use the one I had in the SMTP Virtual Server before."We are using SmartHosts here. If the above does apply to me, what would be the correct process for resolving this in Exchange 2007 SP1?
2. After moving my mailbox to the 2nd server, I noticed that when I open outlook, I get a certificate error saying: "The security certificate was issues by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. I was told that an SSL certificate did not need to be installed on the 2nd server since email is being sent through our in-office server.
3. After moving my mailbox to the 2nd server, I am no longer able to connect to it through my iPhone's email client. It gives me a password error.
Any ideas?
- Edited by ProTranslating-Frank Thursday, May 31, 2012 2:29 PM
- Edited by ProTranslating-Frank Thursday, May 31, 2012 3:19 PM
All Replies
-
Thursday, May 31, 2012 5:22 PM
Frank,
A multisite environment takes a bit to configure. You need to have the ritght certificates, the write virtual directories configured for site proxying (what you experienced with your iphone) as well as SMTP configuration as well. None of these things are easy to solve through the forums.
1) If you are using Smart Hosts you do not need to reconfigure anything. The difference between 2003 and 2007 is that an Exchange 2003 server could send to the Internet without a send connector and thus have the Smart Host setting local to itself which could prevent mail routing to other servers. In the case of 2007/10 there needs to be a Send Connector and a server assigned to it. Because this is 'global' it should not affect mail flow internally.
To solve your mail flow issue, you need to turn on Verbose Protocol logging on your Default Receive connector (Exchange Management console, Server Configuration, Hub Transport - select server, right click on the 'Default <server name>' connector, select properties and change the level to Verbose) - you can view these logs under the TransportRoles directory under your Exchange install. I would also open up the Queue viewer on the server sending the messages to see if anything shows up there as well.
2) This is because you have a self signed certificate installed on the server. Usuaully what is done here is that you have one site that is Internet Facing and one that is not. The Internet facing gets the external trusted certificate (from Verisign, EndTrust, GoDaddy, etc) and the internal facing site gets an internal certificate from an internal CA. The Internet site has its URLs for OWA, ActiveSync,Outlook Anywhere, etc all configured for the external DNS name. For the internal facing site, the URLs match the name on the internal certificate. See here for mroe information - http://technet.microsoft.com/en-us/library/bb310763(v=exchg.80).aspx
3) This is related to #2 and it needs to be configured properly in order for it to work.
If you want to take this offline for more help, just let me know. Thanks.
JAUCG
-
Thursday, May 31, 2012 8:01 PM
Frank,
A multisite environment takes a bit to configure. You need to have the ritght certificates, the write virtual directories configured for site proxying (what you experienced with your iphone) as well as SMTP configuration as well. None of these things are easy to solve through the forums.
1) If you are using Smart Hosts you do not need to reconfigure anything. The difference between 2003 and 2007 is that an Exchange 2003 server could send to the Internet without a send connector and thus have the Smart Host setting local to itself which could prevent mail routing to other servers. In the case of 2007/10 there needs to be a Send Connector and a server assigned to it. Because this is 'global' it should not affect mail flow internally.
To solve your mail flow issue, you need to turn on Verbose Protocol logging on your Default Receive connector (Exchange Management console, Server Configuration, Hub Transport - select server, right click on the 'Default <server name>' connector, select properties and change the level to Verbose) - you can view these logs under the TransportRoles directory under your Exchange install. I would also open up the Queue viewer on the server sending the messages to see if anything shows up there as well.
2) This is because you have a self signed certificate installed on the server. Usuaully what is done here is that you have one site that is Internet Facing and one that is not. The Internet facing gets the external trusted certificate (from Verisign, EndTrust, GoDaddy, etc) and the internal facing site gets an internal certificate from an internal CA. The Internet site has its URLs for OWA, ActiveSync,Outlook Anywhere, etc all configured for the external DNS name. For the internal facing site, the URLs match the name on the internal certificate. See here for mroe information - http://technet.microsoft.com/en-us/library/bb310763(v=exchg.80).aspx
3) This is related to #2 and it needs to be configured properly in order for it to work.
If you want to take this offline for more help, just let me know. Thanks.
JAUCG
Thanks JAUCG.
1) Under Organization Configuration -> Hub Transport -> Send Connectors, I see our one send connector listed. When I go to Properties -> Source Server, I see our first exchange server listed there. Should I create a separate send connector for the other server or should I just add the 2nd server to the list under the Source Server tab?
In the logs I can see the messages being logged and I can see in the Queue Viewer that messages are being delayed to that mailbox. But I don't know where to go from there.
2) The document you posted appears to be pretty easy to understand. However, in the future the 2nd exchange server will eventually become our primary one. Once I am ready for it to be the primary server for the whole company (it will be the one sitting behind the router sending email), is it just a matter of reversing all the settings listed in the document and then installing a trusted certificate from a CA?
-
Thursday, May 31, 2012 8:30 PM
1) If you want both to send out, yes you can add the second server. Just be aware of what the default route is for Internet bound traffic. If an email goes out one link and the reverse DNS for your MX record does not match that IP, some mail servers might think you are sending spam and you might be blacklisted. Usually more of an issue with the bigger commercial domains like hotmail, MSN, Comcast, etc.
2) When you want to change sites, yes you can completely flip your URLs so that the current second site gets all the external URLs and the current first site can be the non Internet Facing site andhave the internal URLs.
JAUCG
-
Friday, June 01, 2012 1:38 PM
1) If you want both to send out, yes you can add the second server. Just be aware of what the default route is for Internet bound traffic. If an email goes out one link and the reverse DNS for your MX record does not match that IP, some mail servers might think you are sending spam and you might be blacklisted. Usually more of an issue with the bigger commercial domains like hotmail, MSN, Comcast, etc.
2) When you want to change sites, yes you can completely flip your URLs so that the current second site gets all the external URLs and the current first site can be the non Internet Facing site andhave the internal URLs.
JAUCG
1) If we are using smarthosts, doesn't this become an irrelevant point? It's my understanding that the IP that everyone sees when we send email is from our smart host and not the actual site where the mail serve resides. So even if I configure the smart host to accept emails from our other site, even if our other site sends out an email, shouldn't the IP address that the receiving mail server sees be the same as if it were sent from our main exchange server here in the main office, since it's using the smart host?
-
Friday, June 01, 2012 3:41 PMSorry, yes, if you are using an external relay (like Postini or MessageLabs) then using them as a SmartHost woul deliminate that concern.
JAUCG
-
Friday, June 01, 2012 6:35 PM
When I added the second server to the Source Server tab, I get the warning "The source transport servers specified for the connector do not belong to the same AD site".
Would this cause anything to not work? I'm guessing this has to do with load balancing and the fact that exchange will not load balance across sites. (correct me if I'm wrong)
-
Friday, June 01, 2012 9:56 PM That is correct, I only suggested this as it sounded like this was a temporary setup. If this is going to be longer term, then I would create two connectors, same address space and then configure each connector with a different source server. Here is why this should be done - http://technet.microsoft.com/en-us/library/bb267003(EXCHG.80).aspx
JAUCG
- Proposed As Answer by Xiu Zhang - MSFT Monday, June 04, 2012 6:29 AM
.png)
