This article explains why GSX Monitor displays "An error occurred while trying to access mailbox... [Microsoft.Exchange.Data.Storage.WrongServerException]" while scanning the CAS role in your Exchange organization.
Microsoft ExchangeIn this article "Servername" references the actual Exchange server you are scanning CAS protocols on, "extest_yourActiveDirectoryGUID" is the dedicated Microsoft Exchange diagnostic account where yourActiveDirectoryGUID is the Active Directory site GUID.
Symptoms
- The CAS role related LED may be displayed in red, also affecting the CAS Array associated to this server.
- The information tooltip is displaying an error for selected protocols (either ActiveSync, POP3, IMAP, OWA or Outlook) in the server scanning configuration:
[Protocolname] An error occurred while trying to access mailbox Servername on behalf of user "DOMAIN\extest_yourActiveDirectoryGUID" ...[Microsoft.Exchange.Data.Storage.WrongServerException]
How it Works
The "trying to access mailbox Servername on behalf of user" error occurs because the CAS server is not accepting user connections coming from the account configured in GSX Monitor to scan the CAS.
GSX Monitor relies on PowerShell tests run at the server level, to validate Mailbox connectivity. Given specific conditions, when the Mailbox Database copy is mounted on a Mailbox server from a different Active Directory site, the CAS server may prevent user connections. In particular, if the AllowCrossSiteRPCClientAccess setting for the DAG is set to False then all user connections coming from different Active Directory sites than the server hosting the mounted copy of the database will be rejected.
These specific conditions can be met in some Disaster Recovery configurations or when running in high availability configuration for example. A Mailbox Database using a DAG may replicate some databases across multiple Active Directory sites. A CAS server in ADSite A may try to connect to a mailbox stored in a mailbox database mounted on a server in ADSite B. In all these cases, if the AllowCrossSiteRPCClientAccess setting for the DAG is set to False then all user connections coming from different Active Directory sites than the server hosting the mounted copy of the database will be rejected.
NB: Active Directory sites are associated to network subnets (for example ADSite A is including 192.168.1.0/24 and ADSite B is including 192.168.2.0/24).
Only enable CAS checks when user connections are possible from the Active Directory site where the CAS server is located. When no user connection can be performed during normal operation conditions, we recommend to simply disable all the CAS checks for the concerned server.
Microsoft Related Links
- More information directly from Microsoft is available in this Technet Article about Set-DatabaseAvailbilityGroup.