Skip to main content

Exchange 2010 - A server-side database availability group administrative operation failed. Error: Windows Failover Clustering timed out while trying to validate server 'exchange03'. If this is in a disjoint DNS namespace, the DNS suffixes for all servers in the database availability group must be present on every server.

I was adding amailbox server to a DAG, the mailbox server was in another site than the original DAG members, the wizard fails with the errror "A server-side database availability group administrative operation failed. Error: Windows Failover Clustering timed out while trying to validate server 'exchange03'. If this is in a disjoint DNS namespace, the DNS suffixes for all servers in the database availability group must be present on every server."

as in the screen shot below:


after googling a bit i found this very useful post (http://www.exchangemaster.net/index.php?option=com_content&task=view&id=143&Itemid=1&lang=en) thank you Dejan, you really saved my day.

The issue was that there was an ISA server separating the two sites , the solution was to turn off the option called "Enforce Strict RPC Compliance" in ISA server.

SOLUTION


Turn off the Enforce Strict RPC compliance option in ISA Server.



This option can be found in 2 places:

1) On the firewall rule properties.

2) In the ISA System Policy. This policy is applied to new rules when you create them.



1) To disable the Enforce Strict RPC Compliance option on the firewall rule, right click the firewall rule and selelct Configure RPC Protocol.

















Clear the Enforce Strict RPC compliance option.




2) To disable this option in ISA Server System Policy, select Edit System Policy from the task pane on the right, select Authentication Services, Active Directory. Clear the Enforce Strict RPC compliance.



Credits goes to : http://www.exchangemaster.net/

 

Update

I found also that one of the reasons for this error is if you have multiple AD sites and the computer for the DAG has not replicated  to the site where you are adding the mailbox server to the DAG.
Labels:

Comments

Post a Comment

Popular posts from this blog

(A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

I was deploying a Lync Server Director in a Multi-Tenant configuration after i assigned the certificate a went to start the services, the Front-End services couldn't start with the following errors Log Name:      Lync Server Source:        LS Protocol Stack Date:          3/12/2013 1:52:06 PM Event ID:      14397 Task Category: (1001) Level:         Warning Keywords:      Classic User:          N/A Computer:      Lync Director FQDN Description: A configured certificate could not be loaded from store. The serial number is attached for reference. Extended Error Code: 0x800B0109 (A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.). Event Xml: http://sch...
Post a Comment
Read more

Attack Surface Reduction Rules (ASR) reporting using Microsoft 365 Security Center

This is my forst post since very long time I have decied to come back and blog about some of my findings. If you have an E5 License you can use the Microsoft 365 Security portal (security.microsoft.com) to access reports for ASR configuration and detection. As far as I remember last time I want to access the reports they were in a different placce , it took me a while to figure out where they are locate , so I thought to blog about this. To access the ASR report , From the home page of  security.microsoft.com , scroll down use the navigation pane on the left and select Reports Then under General click on Security Report Scroll down till you find the Attack Surface reduction rules section, click on the title and it will tack you  to a another page to view more details From the configuration tab you can get an overview of  the configuration and which machines has ASR rules off,  enforced or in audit mode. If you click on the name of a specific machine it will sho...
Post a Comment
Read more

No static address matched networks "Cluster Network Name" . Specified static addresses: x.x.x.x

While I was working on a DAG with separate MAPI and Replication Networks whenever I  make any changes to DAG like running start-DatabaseAvailabilityGroup or Set-DatabaseAvailabilityGroup I get the following warning message: "No static address matched networks "Cluster Network ". Specified static addresses: x.x.x.x". The Cluster Network was the Replication Network whose subnet is different than that of the DAG IP addresses. Seems that Exchange wanted to utilize this network for MAPI traffic. Although When I run the command get-DatabaseAvailabilityGroupNetwork I find that MAPIEnabled is false on the replication network. when I compared the cluster networks of this DAG with another healthy DAG I found that the checkbox "allow clients to connect through this network" was checked. when I uncheck it, it gets checked by itself again  !. The reason was that one of the DAG members had the "register this connection's address in dns" che...
1 comment
Read more