Hello everyone,
I am slowly coming to the end of my tether and frankly a bit exhausted. I apologize for the "long" text below, but I just want to explain it in detail and possibly be able to rule out a few points.
What was done?
Migration 2010 to 2016 completed... everything is great... (runs behind an NginX). Continued migration and strictly followed the instructions here on Frankysweb, everything worked great until this morning.
- Exchange installed
- Certificates knocked in
- URLs set
- Authentication customized
- NginX bent over to the new 2019Exchange as a proxy
Everything went great... Tonight I migrated the mailboxes (as described, first the system, then the users, that's all I managed to do).
Since I'm a friend of absolutely clean Windows logs, I had a look in there and found an entry (as I read it here: https://www.frankysweb.de/community/exchange2016/events-id-1-quelle-msexchange-autodiscover-seit-update-2016-cu14/) Found a beauty flaw that I wanted to fix...
By the way, here is the solution: https://support.microsoft.com/de-de/help/4532190/autodiscover-event-id-1-after-installing-exchange-server-2019-cu3-or-e
Now comes the crux of the matter:
My colleague said "you used a script from Franky back then, with which you set the links manually"... he meant the one from the link here:
https://www.frankysweb.de/migration-von-exchange-2010-zu-exchange-2016-teil-1/
directly under the point Preparation. Well... the script was executed (of course the server and URLs were adapted to us at the top) and bäääm... nothing works anymore... A login mask for Outlook appears for all employees... and I could no longer log in to ECP (even locally). ECP opens and error 500 appears after logging in, but OWA was working at the time!
You can imagine what kind of pressure that was!!! After a while my idea was... just let the Exchange 2016 play proxy and just bent the NginX back and then the employees could work again.
First of all, a "half" relief that the pressure was taken out.
The troubleshooting continued... and then I found this link here in the forum:
https://blog.ollischer.com/exchange-2016-http-error-500-after-logging-into-ecpowa
Well... except that I didn't pay attention to the fact that if I don't specify a server, it makes the settings on both servers... (I just copied and pasted) and after that no login worked on this server (Exchange 2016) neither OWA nor ECP. I could have cried. Instead of getting better, it got worse.
After I had organized my thoughts, I used the following CMDlets to restart OWA AND ECP on both servers:
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -FormsAuthentication $true -BasicAuthentication $true -WindowsAuthentication $false
Get-OWAVirtualDirectory| Set-OWAVirtualDirectory -FormsAuthentication $true -BasicAuthentication $true -WindowsAuthentication $false
Iisrest
Restart AppPools:
MSExchangeOWAAppPool
MSExchangeECPAppPool
Of course I was very happy and thought JIPPY... now I can switch the NginX back to the new Exchange2019 just before the end of the day... yes, kiss my ass... all employees get a login again... I will soon no longer know where I can change or look up anything... either I'm too stupid or I don't know which logs I have to look in to see the problem... only the NginX gives me the info, Authentication failed (if I enter the Exchange in the hosts, Outlook works). Sounds to me that the type of authentication has to be changed somewhere.
I'm telling you, everything worked until this morning... until someone had the idea... oh come on... have the URLs ironed over it... I could puke.
With:
Get-OwaVirtualDirectory
Get-EcpVirtualDirectory
Get-WebServicesVirtualDirectory | fl name,*auth*
Get-ActiveSyncVirtualDirectory
Get-OabVirtualDirectory
Get-MapiVirtualDirectory
Get-OutlookAnywhere
Get-ClientAccessService
Do you get the same information from both servers... I can't see any difference... so I ask myself the question... what is different about Exchange 2016 compared to 2019?
I know .... a hell of a lot of text... but I'm just as desperate... I frankly don't feel like migrating everything back to 2016... uninstall the 2019 and start everything from scratch. :(
I hope you have another idea for me?
Greetings Mike
PS: I'll be glad when it's over, even if it's actually fun.
Servus,
Does your post say Exchange 2019 and Exchange 2016? Which version did you migrate to? I'm just going to assume that you migrated from Exchange 2010 to Exchange 2016. Have you activated MapioverHTTP by any chance? If so, you would probably have to adjust the nginx configuration before switching to the new Exchange server. However, this is just a guess and depends on the configuration. If the connection to Exchange works without nginx, the problem will not be the Exchange server.
Greetings,
Frank
Hello Frank,
maybe written a bit confusingly... but I have successfully completed 2010 to 2016. Yesterday I installed Exchange 2019 according to your instructions and everything worked great (yes also behind NginX)... as I said until this morning everything worked as it should... only had to move the PublicMailbox and resource mailboxes and would have been done.
I made the URLs according to your instructions (Exchange 2016 to 19). My colleague said "afterwards" (after everything was already working) just for the above-mentioned flaw that we can simply iron over the URLs with the script from your 2010 to 2016 instructions.
Since it still worked this morning and the NginX was not changed but only the URLs ironed over it, it sounds to me more like a problem with the authentication type... but I don't know where I have to look or what has to be set for which URL. I don't know if I have explained this clearly, otherwise just ask =) I am grateful for any help.
Hello again...
I followed your instructions: https://www.frankysweb.de/neuer-exchange-2016-server-outlook-fragt-nach-anmeldeinformationen/
also checked: Server --> Virtual directories --> Mapi (both servers are set the same).
?
Me again :D Problem solved... so simple and so nasty at the same time.
There was ONE little thing that was no longer set... the NginX requires standard authentication also on MAPI... exactly that was missing in IIS and also the only difference between the two Exchange servers... we are now running on Ex19 again :D *frrreu*
Sometimes I wonder what admins would have done in the early IT years without the internet... when even I have been searching for a while despite having the internet.
With this in mind.
Greetings M!ke
?ok... I had understood it the way he blogged it here:
https://www.frankysweb.de/neuer-exchange-2016-server-outlook-fragt-nach-anmeldeinformationen/
Because that's exactly what we got... but the hooks, as in the screen, were also set... so be it and yes of course... thanks of course!!! :)
