locked
Server 2012, Exchange Server 2007SP3, PowerShell, 2003 Domain RRS feed

  • Question

  • So this is what I’m trying to do, basically testing upgrading domains to 2012(Server and Level), and because we use a complicated account creation process. I want to make sure everything will work fine

    Domain/Forest Level: Windows2003

    Exchange Schema Domain Level: Exchange Server 2010 SP1

    Network topology

    Network1:

    1. DC1 (not GC), Server 2003
    2. Exchange Server 2007 SP3

    Network2:

    1. DC2: GC, Server 2003
    2. DC3: GC, Server 2008R2SP1
    3. DC4: GC, Server 2008R2SP1
    4. Server2012Std, PowerShell

    Scenario 1)

    From Server2012Std using PowerShell if I run enable-Mailbox … I get ‘An Exchange 2007 server on which an address list service is active cannot be found’

    From Server2012Std using Exchange Management Console, if I try to enable a mail-box for a user I get ‘An Exchange 2007 server on which an address list service is active cannot be found’

    Scenario 2)

    From DC3: I can enable-mailbox successfully for the same user (Note DC3 is in the same network as Server2012Std)*

    Scenario 3)

    If I move Server2012Std to Network1 (Where Exchange2007SP3 lives), I can successfully enable-mailbox using PowerShell & EMC.

    Notes:

    * For test purpose the network administrator granted the same firewall roles to Server2012 as DC3

    * In Exchange Event viewer -> Application: I can see a repeated warning Event ID: 9144, NSPI Proxy

    * Nothing seems to be blocked by client-based firewalls

    * I already restarted ‘Microsoft Exchange System Attendant’ service on Exchange

    Any help will be really appreciated


    Noor

    Wednesday, May 1, 2013 5:15 PM

Answers

  • Can you make DC1 a global catalog?

    If it is not, you have a situation where the Exchange server is trying to "talk" to the global catalog servers across a firewall (hardware in this case).

    This can be so complex to configure correctly that it is simply recommended to have no firewall between Exchange servers and domain controller / global catalog servers.

    In particular, the Exchange CAS role can use dynamic ports (ports selected at random within a port range) and unless you allow that entire port range, communication can be hindered or simply prevented.

    Apparently, Active Directory replication is functioning through the firewall - although I cannot be 100% sure myself. 


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    Thursday, May 2, 2013 9:43 PM

All replies

  • What distinguishes Network 1 from Network 2?

    Are they in the same Active Directory forest?

    Are they in the same Active Directory site or in different sites?

    Looking at your description, I can make some assumptions but it would help if you could clarify that.

    *

    *

    Is Exchange 2010 SP1 running on Server 2012 then?

    *

    *

    How can you run Exchange cmdlets on DC3? Do you have the Exchange Management Tools installed? Not Exchange "itself", right?

    *

    *

    What do you mean by firewall roles? Usually, you just install Exchange and let the installation process configure the client... well server firewall automatically.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    Thursday, May 2, 2013 12:04 AM
  • Is DC1 holding any roles?  I think this has to do with DC1 not being a GC.  Is there any specific reason that you didn't make DC1 a GC as well?
    Thursday, May 2, 2013 12:32 PM
  • A hardware firewall is placed between the 2 networks

    One forest and all in the same AD site

    No Exchange 2010 SP1 in the network, the forest schema for exchange is 2010 SP1 (I think because someone while ago tried to introduce it so they run adprep or whatever command necessary)

    Yes, Exchange Management Tools are installed on DC3 and the new Server2012

    Because a firewall separate the 2 networks, I’ve asked the network admin to grant the same roles


    Noor

    Thursday, May 2, 2013 2:02 PM
  • DC1 is a read/write AD, not GC and does not have any other roles

    Noor

    Thursday, May 2, 2013 2:03 PM
  • Can you make DC1 a global catalog?

    If it is not, you have a situation where the Exchange server is trying to "talk" to the global catalog servers across a firewall (hardware in this case).

    This can be so complex to configure correctly that it is simply recommended to have no firewall between Exchange servers and domain controller / global catalog servers.

    In particular, the Exchange CAS role can use dynamic ports (ports selected at random within a port range) and unless you allow that entire port range, communication can be hindered or simply prevented.

    Apparently, Active Directory replication is functioning through the firewall - although I cannot be 100% sure myself. 


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.


    Thursday, May 2, 2013 9:43 PM