Yesterday I came across very interesting thing while creating mailbox or distribution group so I thought to share with you.
Single forest (domain.com) with multiple domains (child.domain.com, child1.domain.com and child2.domain.com)
Exchange 2010 SP2 RU5 installed on Child.domain.com. Recently 5 Exchange 2010 CAS & Hub servers are brought it down for decommission.
Exchange Management Console (EMC) & Exchange Management Shell (EMS) are published to multiple teams through Citrix.
When we access exchange management console from non-exchange servers for creating/updating mailbox or creating/modifying distribution group which is not allowing do the necessary changes.
Error Message: -
The Microsoft Exchange Active Directory Topology service on the server localhost can't be contacted via RPC. Error 0x6D9.
Error 0x6D9 (There are no more endpoints available from the endpoint mapper) from HrGetServerromDomain
Further close eye on the Exchange Management Console (EMC) Connection Point I found it’s pointing single server continuously, when we change the Exchange Management Console pointing to some other exchange server URL in Exchange Management Console and I got the below error message,
"The attempt to connect to https://EXCH.child.domain.com/PowerShell using "Kerberos" authentication failed: connecting to remote server failed with the following error message : The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooting Help topic."
Possible causes are: -The user name or password specified are invalid. -Kerberos is used when no authentication method and no user name are specified. -Kerberos accepts domain user names, but not local user names. -The Service Principal Name (SPN) for the remote computer name and port does not exist. -The client and remote computers are in different domains and there is no trust between the two domains. After checking for the above issues, try the following: -Check the Event Viewer for events related to authentication. -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport. Note that computers in the TrustedHosts list might not be authenticated. -For more information about WinRM configuration, run the following command: winrm help config. For more information, see the about_Remote_Troubleshooting Help topic.
i) When I verified EXCHCTX853 & EXCHCTX854 found following registry key "HKCU\Software\Microsoft\ExchangeServer\v14\AdminTools\NodeStructureS" mapped with CAS01.Child.domain.com and removed the same.
ii) Verified all users Rooming profile and found Exchange Management Console saved in Cache in the following location "Under C:\users\<specific User>\AppData\Roaming\Microsoft\MMC\Exchange Management Console. Delete it
iii) Changed the Exchange connection to auto by following command which will automatically switch the server if any server not available.
After replication, I have verified by login to Citrix server and webapps both place Exchange Management Console & Exchange Management Shell connecting live production exchange servers.
Hope it will help you.