none
High Availability does not work

    Question

  • Hi, help me please.

    I have 2 Domain Controllers (AD1, AD2, AD1 has all FSMO roles, AD2 only global catalog + role witness for DAG ) and 2 Exchange 2013 CU1 (EX1, EX2) servers (all mail roles in each + DAG). It's one Domain Site and one Network Sub-net. AD1 and EX1 are in office, AD2 and EX2 are in data-center.

    All work is good.

    If I will lose connect with office, my users can't send email over 587 port. There have authentication error on client, mail client require a password and return an error. But, users were used protocol HTTP-over-RPC worked without of problem.

    How can I fix the problem for Frontend connector on 587 port ?


    Monday, September 23, 2013 8:59 PM

All replies

  • I hope you mean roles.  Talking about rolls is making me hungry.

    Clients using port 587 (not 578) are POP or IMAP clients trying to send mail, right?  That setting is a static setting in Outlook.  The way to make that highly available is to use a load balancer.  If you need high availability between sites, you're going to need to use a load balancer that works between sites.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Tuesday, September 24, 2013 3:06 AM
  • All setting is a static setting in Outlook. I know about load balancer, but it's not this situation. 

    for example:

    Client settings: IMAP/smtp 587 on EX2.

    Situation: Network between office and datacentre is down.

    Client: for Web interface all works,

    Client: for IMAP/smtp 587, IMAP works, users can't send email over 587 port. There have authentication error on client, mail client require a password and return an error.

    what happens to the 587 port ?

    Tuesday, September 24, 2013 6:00 AM
  • If the client is in the office and the Exchange servers and DCs are in the datacenter, when the network between them, the users in the office won't be able to send mail because they can't connect to the server.  That's what you are reporting, right?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Tuesday, September 24, 2013 6:12 AM
  • I talk about external users. Every exchange server have private gateway and external white IP.
    Tuesday, September 24, 2013 7:54 AM
  • Why are you using POP or IMAP with Outlook?  Outlook Anywhere offers so much more.

    With regards to sending via SMTP to port 587, the only difference between internal and external users would be the firewall and network between them.  It wouldn't be an Exchange thing.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Tuesday, September 24, 2013 3:06 PM
  • You do not understand what's going on? Everything is working fine! Internal and external users is working fine! No problem. BUT !!!! Only if EX2 server loses its connection to the server AD1, then there are problems with the shipment.
    Tuesday, September 24, 2013 7:02 PM
  • Hi,

    Here are some suggestions below:

    1. Make sure the firewall has port 587 open.

    2. Please check the followings in Outlook client:

    a. File > Info > Click on 'Account Settings'> Click the drop-down button titled 'Account Settings...'

    b. Select your email account from the list > Click the 'Change...' button.

    Please check whether 'Require logon using Secure Password Authentication' is checked in outlook client email account.
      
    c. Click the 'More Settings...' button > Select the 'Outgoing Server' tab.
      
    Please tick 'My outgoing server (SMTP) requires authentication' and 'Use same settings as my incoming mail server'.

    d. Select the 'Advanced' tab.

    Ensure the 'Outgoing server (SMTP)' port field is set to '587' and next to Use the following type of encrypted connection, select TLS.

    3. Is the frontend connector you mentioned a Default FrontEnd Connector or Client Frontend Connector?

    If it is the Client Frontend Connector, we should configure the followings:

       a. Check "Transport Layer Security(TLS)"

       b. Check "Basic Authentication" and "Offer Basic authentication only after starting TLS"

       c. Check "Integrated Windows authentication"

    If the issue persists, in order to troubleshoot the issue more efficiently, could you please post the error message when users send email over 587 port?

    Best regards,
    Belinda


    Wednesday, September 25, 2013 1:41 AM
  • Is AD2 a GC?  If not, make AD2 a GC.

    Please understand that even when everything works properly, Exchange will take some time before it will switch to another DC when the DC it is using goes down.

    I'm trying to help you, but it's hard when you don't explain things precisely and completely and there are obvious language problems, so please be patient.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


    Wednesday, September 25, 2013 4:26 PM
  • 1. Yes sure the firewall has port 587 open.

    2. Everything is set up similarly.

    3. Client Frontend Connector

    Which log file is written error. ?

    Wednesday, September 25, 2013 9:54 PM
  • Hi,

    Is there any error tip when users send email?

    Are there any related events in the event log?

    Best regards,

    Belilnda

    Thursday, September 26, 2013 1:01 AM
  • Windows Event log on client system ?
    Thursday, September 26, 2013 7:29 AM
  • Hi,

    Application log and protocal log on the Exchange server, If you have not enabled protocal logging, I recommend you enable the protocal logging to narrow down the issue.

    Best regards,
    Belinda

    Friday, September 27, 2013 12:32 AM