EMC and Microsoft Exchange Service Host issues
As best as I can tell we have an issue in our enviornment that us related to the NetBios namespace we have and it not being contained in the FQDN.
Before I go any further I have already read probably every EMC related issue 5 times in the pas 20 days and our issue is not due to either DUP SIS or a . in the namespace.
I've also spent over 60 hours on the phone with MS support and while we are still working that case they have nor had any new idea in over a week.
To narrow down the exact exact symptoms
-EMC doesn't open from any system with any user. The Shell on the other hand works fine and its not in any way related to WINRM
I believe I've seen 2 variations on the error it generates, One stating it could not find the user on the DC when running get-logonuser and it is looking up the user by domain\user. The one that we are currently getting is that it was unable to find the
user SID. If I log onto the Exchange shell, it givvems me the same error if I run get-user and use on of those formats. With the EMS I can user upn, fqdn\user or just user and it finds the user. The other thing I find even more confusing is that if I open
the AD Shell on the same server and try and run get-user with domain\user or -identity and use the SID, it works just fine.
The seccnd piece and the 2 issues started at the same time is the bigger issue as without Service Host you can;t mange Exchange certs. This piece has been causing a partial user outage for almost a month now.
-Service Host, its will run through some amount of its start up sequence and then crashes logging only this in rhw logs
- System
[ Name] MSExchange Common
- EventID 4999
[ Qualifiers] 16388
Level 2
Task 1
Keywords 0x80000000000000
- TimeCreated
[ SystemTime] 2011-05-01T06:49:50.000000000Z
EventRecordID 73949
Channel Application
Computer MAIL(FQDN)
Security
- EventData
1412
E12
c-RTL-AMD64
14.01.0287.000
M.Exchange.ServiceHost
M.Exchange.SACLWatcherServicelet
M.E.S.S.Servicelet.VerifyAndRecoverSaclRight
System.NullReferenceException
deab
14.01.0285.000
False
We've pulled both crash dumps and debug logs and I still have no idea whats causing it.
There were also no major changes made to our system in any close proximity to these issues.
I was able to get past one of this issue or at least identify a possible fix and confirmation of what I thought the cause was since I saw the issue with looking up domain\user.
Also the issue will also present it self when additional servers are bought into the enviornment. Meaning we deploy the server and immediately the console doesn;t function. It was also persistent through a recovery install.
I did try something that worked in a limited test bed. I made a clone of our PDC\GC that hold all the FSMO roles as well and isolated onto another network. I then brought up a new Exchange server and as soon as it came up it had the same issues. I then performed
a domain rename so that our NetBios was the first part of FQDN and once the changes were applied and both server were rebooted for good measure, Console fired right up and lookups from the shell worked too. While this is a possible fix the AD domain has been
configured in this was for 8 years now, why is it all of a sudden a problem? More more importantly would the be a less drastic way to address this. Last I checked the rename did not help the service host crash either.
Pat
May 1st, 2011 3:19am
I am sorry to say but you have posted such a big post ;) its hard find error message
Post the Error Message.Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2011 1:04pm
Its a complex issue hence the reason for the post One error is clearly in the and while the the data in what the event logs isn;t very helpful that's alos the reason for the post.
[ Name] MSExchange Common
- EventID 4999
[ Qualifiers] 16388
E12
c-RTL-AMD64
14.01.0287.000
M.Exchange.ServiceHost
M.Exchange.SACLWatcherServicelet
M.E.S.S.Servicelet.VerifyAndRecoverSaclRight
System.NullReferenceException
deab
14.01.0285.000
False
The second issue is shown in the management logs as
Cmdlet failed. Cmdlet Get-User, parameters {Identity=S-1-5-21-42551687-897454085-1861945104-XXXX}.
If
you need more info than what is above let me know also agaoin, i don;t want this post to just be another link to the same info already posted on simliar cases
As best as I can tell we have an issue in our enviornment that us related to the NetBios namespace we have and it not being contained in the FQDN.
Before I go any further I have already read probably every EMC related issue 5 times in the pas 20 days and our issue is not due to either DUP SIS or a . in the namespace.
I've also spent over 60 hours on the phone with MS support and while we are still working that case they have nor had any new idea in over a week.
May 2nd, 2011 12:00pm
Hello Pat-
I found your case and it looks like we gave you some good information to help. Please let us know if you need anything further. Here is some detail:
LsaLookupNames() can’t take a SID as input. It can only take account names.
http://msdn.microsoft.com/en-us/library/ms721798(VS.85).aspx
Thanks
Dan
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2011 4:30pm