Applies to Exchange 2010 DAG
When you try to add a mailbox copy to a database in Exchange 2010 DAG you get the following error and cannot replicate the database
Exception has been thrown by the target of an invocation
Exchange Management Shell command attempted:
Add-MailboxDatabaseCopy –identity ‘TestDB’ –MialboxServer DRExc –ActivationPreference ‘2’
Checkpoint Firewall between main site and disaster site Exchange servers blocks port TCP 6007. Although you allow any to any (all ports) between Exchange Servers. Checkpoint blocks X11 protocol (port 6007 falls into the port range of X11) even if you allow any to any ports. If you enable logging on the firewall you can see the dropped packets to 6007 with the description “If you allow any port you must also allow X11 protocol….”
Allow both X11 protocol and X11 -verify service between Exchange servers on CheckPoint Firewall in both directions.
A network trace clearly showed that firewall blocks packets destined to port 6007
You can check with the following command in windows powershell that needs port 6007 access too.
Get-WmiObject Win32_ComputerSystem –ComputerName DREXC
Get-WmiObject: The Rpc Server is unavailable. (Exception from HRESULT 0X800706BA
When X11 allowed the command runs without an error.