Front-End and Back-End Topology Troubleshooting

  • Article

 

Problems experienced with front-end and back-end architectures are frequently caused by the inability of network traffic to flow from the front-end server to the correct back-end servers because of incorrect configurations on the server or the network routers. In all cases, event log entries may help troubleshoot the particular issue. When you troubleshoot reported or observed problems with a front-end and back-end topology, step through the issues below to see if they might apply to your problem.

Troubleshooting Tools

When troubleshooting problems in a front-end and back-end topology, the following tools can help you.

  • Network Monitor   Use Network Monitor to monitor the traffic and determine exactly what is happening between the front-end and the other servers. Set up a client to connect to the front-end server and monitor the traffic between the front-end servers and the intranet servers. You can also use Network Monitor to monitor between the client and the front-end server if SSL is not being used.

  • Event Viewer   Check the event logs on the front-end and back-end servers and any other involved servers (DNS, global catalog, and other servers). There may be entries indicate what the problem is.

  • RPC Ping   To test RPC connectivity between the front-end server and a global catalog or back-end server, use the Rpings.exe tool. It is in the support directory of the Exchange CD.

  • Telnet   Use telnet.exe to attempt to connect directly to the user's back-end server using the port that the mail protocol uses. For example, if Outlook Web Access is not working when you connect to the front-end server, try using Telnet from the front-end server to port 80 on the back-end server.

General Troubleshooting Steps

  • Make sure that all the appropriate services are started on the front-end and back-end servers. This includes the relevant Exchange services in addition to the World Wide Web Publishing service and SMTP service, if applicable.

  • If you have a perimeter network, make sure that the appropriate ports are open on the internal firewall as described in Configuring Firewalls.

  • Ensure that the front-end server can successfully connect to the global catalog servers and DNS server. This is particularly important when the front-end server is in a perimeter network. Use Telnet from the front-end server to the appropriate ports on the servers in the intranet—389, 3268, 53, and other ports.

    Note

    Windows Telnet uses TCP/IP and cannot be used to connect to UDP ports.

  • If you cannot connect to the back-end server from the front-end server using the hostname with any protocol, try to use the IP address. If this works, verify that you can connect to the DNS server the front-end server is using. Also verify that the name to IP mapping is correct in DNS.

  • If the front-end server is configured with the list of domain controllers and global catalog servers in the registry, verify that the front-end can reach each of those servers exactly as specified in the registry entry.

  • Make sure that the combination of IP address and host header is unique for each virtual server.

  • If you have a load balancing solution for the front-end servers, make sure that the shared IP can be reached from client computers.

  • Administration: If you want to use Exchange System Manager, ensure that the System Attendant service is running. Also recall that you cannot use the Internet Services Manager after deleting the stores on the front-end server.

  • If users complain that the state of read and unread messages in public folders fluctuates, consider the following:

    • Was a back-end public folder server added or removed?

    • Is authentication enabled on the front-end?

    • Are any back-ends that host the folder down?

Logon Failures

If your users have problems logging on to POP, IMAP or Outlook Web Access, consider the following common problems:

  • Is the user entering the username in the correct format—domain\username, username@domain.com, username?

  • If UPN or a default domain is configured and the user is entering the username in the correct format, verify that the default domain setting is correct on all virtual servers and virtual directories in Exchange System Manager. Verify the same setting in Internet Services Manager. If the domain is correct in Exchange System Manager but not in Internet Services Manager, there is most likely a problem replicating settings from Exchange System Manager to Internet Services Manager. Try restarting the MSExchangeSA service to fix this.

  • Verify that the host headers for the HTTP virtual server match exactly what the client browser is using to connect to the server. Verify that the host headers are correct and there are no typing mistakes on the back-end and front-end virtual servers and directories.

  • If you have multiple virtual servers for multiple domains, make sure that the SMTP domain is configured correctly.

  • Ensure that the user attempting to log on has an e-mail address for the domain configured on the virtual server the user is accessing.

Troubleshooting Outlook Web Access

For detailed information about troubleshooting Outlook Web Access for Exchange 2000 Server, see Troubleshooting Outlook Web Access in Microsoft Exchange 2000 Server.