After installing Exchange 2016, we ran in a heap of trouble when opening the Exchange 2016 Administrative Center, or when we tried to open OWA on Exchange 2016.
When browsing ECP/OWA, we would not even receive a login screan, We merely got "500 Unexected Error".
Searching the internet lead me to following Technet Forum post:
https://social.technet.microsoft.com/Forums/ie/en-US/777b51ee-330d-43cc-a56e-4614d44aed7b/unable-to-access-owa-or-ecp-something-went-wrong-or-500-unexpected-error?forum=exchangesvrclients
After removing the value's in MSEXchCanaryData, and recycling the Application pools in IIS I was able to login.
You have to open the ADSI editor on the primary domain controller (start-->administrative tools-->ADSI edit), go to CN=Services --> CN=Microsoft Exchange --> CN=[Quote]Marshall Lucas[/unquote]Right click CN=Client Access and click properties. Scroll down to msExchCanaryData0. You have to click edit and copy the data from Data0, Data1 and Data2 (you may have more or less) to a notepad file. Then erase the data from those settings. Now log onto the CAS server and open IIS management. Go to application pools and right click MSExchangeOWAAppPool and click Recycling. Then restart all of the mailbox servers.
A collegae tried to login as well, but he failed. He did get a login screen but after logging in he would still received " 500 Unexected Error". It could not be an infrastructural problem because i was able to login, wherefore we excluded any issue on part of ISS. We compared both our admin accounts and discover that my admin account was fitted with a mailbox (probably created during a test, and neglected to clean afterwards). We enabled his account with a mailbox, and now he was able to login.
I know from experience that Administrator do not need a mailbox to logon to ECP, if the Administrator does not have a mailbox attached, it would use a system mailbox instead. So the next step was to verify the arbitration mailboxes:
Get-Mailbox -arbitration | fl name, DistinguisgedName
Which returned me 5 arbitration mailboxes, 3 SystemMailboxes, one discoverymailbox and one Migration mailbox. Which looks more or less OK, wherefore i dismissed that the issue was being caused by the lack of a missing arbitration mailbox.
Moved all retrieved arbitration mailboxes to Exchange 2016, but it did resolve the issue either.
Whent on seaching for two more days, and everything kept on pointing in the direction of a missing arbitration mailbox. I decided to verify the accounts in AD against the mailboxes retrieved from Powershell:
Get-Mailbox -arbitration | fl name, DistinguisgedName
Get-ADUser -Filter "Name -like 'SystemMailbox*'" -server Root
Where i saw the catch, In Active Directory we had 6 SystemMailbox accounts, and we only had 3 SystemMailboxes which we actually mailbox enabled. I decided to make every SystemMailbox account mailbox enabled, which resolved the issue.
Get-ADUser -Filter "Name -like 'SystemMailbox*'" -server Root -Property Mail | ? {$_.Mail -eq $null} | foreach {Get-User $_.DistinguishedName | Enable-Mailbox -Database "Exchange2016DB"}
No comments:
Post a Comment