Announcement

Collapse
No announcement yet.

Win2k3 / Exch2k3, OMA stopped working :(

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Win2k3 / Exch2k3, OMA stopped working :(

    Hi guys, Microsoft can't support me b/c I disclosed that I dcpromo'd after installing exchange, so I'm hoping I can get some support here before blowing away exchange and starting over (will be a nightmare).

    Let me start by saying that i did a dcpromo about a month ago and after several reboots, etc, I have been totally fine. I use Exclaimer for archiving and global signatures and when that stopped wroking, the support rep installed IE7 thinking that would refresh some libraries needed to display its control panel.

    The moment IE7 was installed, Activesync/Exchange stopped working. I could not browse OMA at all, got a permissions denied error. By the way, my handheld clients get 0x85010014 (typical error as expected). None of the troubleshooting steps are helping. Since I gathered up all of this concise information for having M$ helping me I figure it would be helpful to post that.

    In short, I think it's a permissions thing b/c I had, in one of the folders or something in IIS (don't remember which) a GUID instead of user. I have made sure, since, that NT Authority/Network Service has rights to everything. I have reporting services on this box and it broke after promoting to a DC.. i had to add Network Service back b/c the GUID changed.

    Here goes:

    Some background:
    1. Front-end, back-end configuration. Users on other backend mailbox server sync just fine.
    2. OWA, HTTPS-RPC, and connection via MAPI directly on the backend work just fine
    3. Stopped working after installing IE7 (which was done b/c a support rep from an email disclaiming company was trying to fix problems with xml and hta usage on this server.
    4. I had upgraded this server to a domain controller b/c I had to due to 2 other servers failing on my network.
    5. In the early part of investigating this problem, in one of the IIS objects there was an account that just showed a GUID. I removed it since it wasn't doing anything. I should have left it for you to see. I also had problems with reporting services and permissions on this computer, especially with NT Authority/Network Service.
    6. server is running windows 2003 sp2 R2, exchange server 2003 sp2

    What I have tried:
    1. verified that SSL and FBA are not enabled on back-end.
    2. recreated virtual directories but deleting all virtual directories and restarting Exchange System Attendant.
    3. Have made sure ntlm,kerberos set on iis6 metabase
    (from http://support.microsoft.com/?kbid=215383)
    4. I have made sure permissions are set for nt authority/network service on the appropriate inetpub folders
    5. I have tried to remove .net framework Device Update 4.0 and I get an error 1720, script could not be found for the installer, so I can't uninstall and reinstall that.
    (http://support.microsoft.com/kb/817311)
    6. When OMA was attempting to be browsed, was giving an error message about security like this: Server Error in '/OMA' Application.
    --------------------------------------------------------------------------------

    Security Exception
    Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

    Exception Details: System.Security.SecurityException: Request for the permission of type System.Security.Permissions.RegistryPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.
    >>>>>>.....so i added <trust level="Full" originUrl="" /> into web.config and restarted IIS. Now I just get a blank page.

    7. In trying to fix the blank page, I have tried creating the ExchangeVDir entry in the MasSync \ Parameters registry key.

    I get this in event log (can't paste in here for some reason so it's abbreviated).. event ID 1503.. An unknown error occurred while processing the current request: Message: Session state is not available in this context.

    I can see this in w3svc log: cs(User-Agent) sc-status
    2008-11-16 14:44:10 192.168.168.7 GET /oma/oma.aspx - 80 highsierra\chris 192.168.168.7 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CL R+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506 .30) 200

    I can see all of the microsoft-active-sync connections happening in that log as well.

    Any hints to try before I blow it away and start over from scratch in typical microsoft recommended fashion?

  • #2
    Re: Win2k3 / Exch2k3, OMA stopped working

    by the way,

    I'm running .net 1.1

    and my app pool is:
    ExchangeMobileBrowseApplicationPool

    I have reset the web.config file back to the original and it gives me my beloved error:
    oma SecurityException: Request for the permission of type System.Security.Permissions.RegistryPermission, mscorlib, Version=1.0.5000.0

    I looked in the .net 1.1 configuration console and see 2 entries for mscorlib in the GAC but it appears that is normal after some research. It is normal on my backend box that is working.

    I'm tempted to remove IE7 via add/remove programs but am hesitant for obvious reasons.

    thanks

    Comment


    • #3
      Re: Win2k3 / Exch2k3, OMA stopped working

      You are going to swing to another machine and rebuild the box.
      DCPROMO of Exchange is not supported and this is the classic reason why not. It breaks IIS.

      IE7 shouldn't have broken this feature - that is not something I have seen before. It has caused problems elsewhere with Exchange 2003, but those have been resolved now. Therefore I suspect that the machine was already pretty broken and IE7 install just finished it off. Removing it almost certainly will not fix the problem because you cannot really remove everything IE7 installs - it has other things that occur in the background.

      As far as I can tell, you have no other option but to rebuild the machine. I would never DCPROMO exchange, even if other servers started failing. A virtual machine would do the job an emergency, running a trial edition of Windows 2003, until replacement hardware could be sourced.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Win2k3 / Exch2k3, OMA stopped working

        Well, okay, it sounds like you're 100% committed to that. I wish there was a way around it. What's extra strange is I (gulp) dcpromo'd my other backend exchange server as well. It's been functioning like that without a problem for the past 3 months actually. Several reboots included. I don't understand the technical reasons re: why it would continue to work fine and then ie7 breaks it, i'd love to find out. Very esoteric i'm sure.

        Comment


        • #5
          Re: Win2k3 / Exch2k3, OMA stopped working

          I have seen plenty of posts from people saying that they DCPROMO Exchange servers all the time without any issues, therefore it can be done without causing major issues.

          However I call that the drunk driver syndrome. A drunk driver can drive home over the limit every day for 25 years, doesn't mean that the next day that person will not have an accident.

          There are reasons why it isn't a supported action. It would appear to be completely unpredictable.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Win2k3 / Exch2k3, OMA stopped working

            That's a good analogy, Simon, thanks..

            Although I've resigned myself to exmerging out the mailboxes, reinstalling exchange, and bringing them back in, I'm the kind of inquiring mind that wants to know so sorry if I'm beating a dead horse.

            I found this very applicable KB and it sounds like what happened:
            http://support.microsoft.com/kb/818486
            (installing asp.net after dcpomo on existing exchange 2003 box)

            Based on this, I am wondering if anyone knows if it's an asp.net permissions related error that can actually be solved somehow. I have tried aspnet_regiis -i as well as adding trust=full in the web.config but neither of those work. I know next to nothing about asp.net and related permissions so I'm thinking there has to be someone knowledge enough out there to be able to look at the appropriate permissions and ascertain if that is the problem.

            I just know that once I blow it away and start over I don't have another opportunity to learn how to fix this problem and that bothers me a tad.

            Thanks again for your expert response.

            chris

            Comment


            • #7
              Re: Win2k3 / Exch2k3, OMA stopped working

              Do you not have anything that can take Exchange while you rebuild the box?
              I have used workstations, anything with enough storage on it. I will do anything to avoid having to exmerge export/import because that puts the data at risk.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment

              Working...
              X