Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Not able to add cross-forest Exchange Server

Created: 29 Aug 2013 • Updated: 25 Oct 2013 | 7 comments
sujith.poojari's picture
This issue has been solved. See solution.

Hello,

I am doing a POC implementation for a customer (who are on say Domain A) who has a hosted exchange server in their parent company (say Domain B)

Linked mailboxes are created for users in Domain A on Exchange server in Domain B

The POC is on a purely test environment. Please find the brief overview of the environment:

Domain A:

Machine 1: Primary Domain Controller

Machine 2: Exchange 2010 HUB/CAS

Machine 3: Exchange 2010 MB

Domain B:

Machine 1: Primary Domain Controller

Machine 2: EV/SQL Server

I have created a two-way transitive trust between both domains. I am able to create linked mailboxes for domain A on domain B.

Vault service account is created on Domain A. This is the local administrator on EV server and permissions and throttling policy is applied through PS scripts provided with the installation.

I am able to create an outlook profile on EV server for DomainA\vaultadmin and it is able to reach the Exchange server.

There are no Exchange related errors on the Deployment Scanner.

Problem Faced:

I am able to add Domain B on my EV server without any issues. But when I try to add the MB server in the Domain B. I get an error "Unable to connect to Exchange server . Kindly check that the Computer is in the Network."

I am able to ping all the Domain B servers from my EV server. I even tried manually adding the GC server for Domain B in EV Target Domain properties.

But still EV is somehow not able to reach the Exchange server.

Is there anything I might have missed during the configuration that might be causing this?

Are there any additional permissions required on Exchange server for VSA in a cross-domain environment?

Operating Systems:

Comments 7 CommentsJump to latest comment

Pradeep_Papnai's picture

The validation steps in such scenario where exchange & EV reside in different forest can be found in Tech note below.

http://www.symantec.com/docs/HOWTO84839

Can you create entry for your exchange mbx server (netbios & dns both) in EV server's host file and then try adding exchange server.

If again fails then take dtrace of MMC and reproduce the issue.

RahulG's picture

It might be some issue with DNS , are you able to ping the server with FQDN name  ?

sujith.poojari's picture

Hello,

thanks for the reply.

I am able to ping the mbx server from EV server.

I am able to nslookup into the trusted domain from my ev server.

Pradeep_Papnai's picture

HiSujith,

CAn you take dtrace on 'MMC' and reproduce the issue by adding exchange server target?

Is your RPC communication working between EV & Exchange server, check http://support.microsoft.com/kb/323790

Regards
EV-C
 

sujith.poojari's picture

Thanks!

I will obtain a trace and post soon as I get the chance.

Pradeep_Papnai's picture

Hi Satish,

Is this problem solved now?

Regards

EV-C

SHI-CRO's picture

I've had this problem before.  I don't know that EV uses FQDNs when you add Exchange servers as targets.  Check that the DNS suffixes for the other domains with Exchange servers are configured in the IPv4 settings of the EV server.  In the advanced settings, on the DNS tab, there is a spot to list DNS suffixes that should be automatically appended when just hostnames are used.

SOLUTION