Error when Microsoft Exchange Best Practices Analyze connects to a certain DC, HELP!
I am running Exchnage 07. We get intermittent authentication drops and users get prompts to re-logon. As a new symptom, when I specify DC3, to run a best practice analyzer it says it cant connect and to try different credentails.
I can use DC1 and DC2 for a BPA scan and it connects just like it should. I see no event log errors or any messages to help find whats causing the pain.
Do you recommend that I dcpromo the machine down and back up into AD? the DC looks good so I'm not sure where the weirdness is coming from.
August 11th, 2010 11:07pm
Sounds like you have some issues with AD health. I wouldn't just start dcpromo'ing things. Can you run a DCDiag and post the results? Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2010 11:13pm
Sounds like you have some issues with AD health. I wouldn't just start dcpromo'ing things. Can you run a DCDiag and post the results?
Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Very true. Dcdiag results:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC-3
Starting test: Connectivity
......................... DC-3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC-3
Starting test: Replications
......................... DC-3 passed test Replications
Starting test: NCSecDesc
......................... DC-3 passed test NCSecDesc
Starting test: NetLogons
......................... DC-3 passed test NetLogons
Starting test: Advertising
Warning: DC-3 is not advertising as a time server.
......................... DC-3 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC-3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC-3 passed test RidManager
Starting test: MachineAccount
......................... DC-3 passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [DC-3]
w32time Service is stopped on [DC-3]
......................... DC-3 failed test Services
Starting test: ObjectsReplicated
......................... DC-3 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC-3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC-3 failed test frsevent
Starting test: kccevent
......................... DC-3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 14:44:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 14:44:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 14:44:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 14:44:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 14:44:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 14:44:32
(Event String could not be retrieved)
......................... DC-3 failed test systemlog
Starting test: VerifyReferences
......................... DC-3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adomain
Starting test: CrossRefValidation
......................... adomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adomain passed test CheckSDRefDom
Running enterprise tests on : adomain.com
Starting test: Intersite
......................... adomain.com passed test Intersite
Starting test: FsmoCheck
......................... adomain.com passed test FsmoCheck
C:\>
August 11th, 2010 11:27pm
Can you start the Windows Time Service (it appears to be stopped)? Should be set to Automatic. Then try to manually replicate with AD Sites and Services, see if you get any errors.Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
August 11th, 2010 11:40pm
Started w32 time, forced replication.
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\-DC-3
Starting test: Connectivity
......................... -DC-3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\-DC-3
Starting test: Replications
......................... -DC-3 passed test Replications
Starting test: NCSecDesc
......................... -DC-3 passed test NCSecDesc
Starting test: NetLogons
......................... -DC-3 passed test NetLogons
Starting test: Advertising
......................... -DC-3 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... -DC-3 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... -DC-3 passed test RidManager
Starting test: MachineAccount
......................... -DC-3 passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [-DC-3]
......................... -DC-3 failed test Services
Starting test: ObjectsReplicated
......................... -DC-3 passed test ObjectsReplicated
Starting test: frssysvol
......................... -DC-3 passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... -DC-3 failed test frsevent
Starting test: kccevent
......................... -DC-3 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 15:55:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 15:55:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 15:55:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 15:55:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 15:55:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 08/11/2010 15:55:28
(Event String could not be retrieved)
......................... -DC-3 failed test systemlog
Starting test: VerifyReferences
......................... -DC-3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on :
Starting test: CrossRefValidation
......................... passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... passed test CheckSDRefDom
Running enterprise tests on : .com
Starting test: Intersite
......................... .com passed test Intersite
Starting test: FsmoCheck
......................... .com passed test FsmoCheck
August 12th, 2010 12:01am
Anyway to reboot that DC? After reboot, check all the event logs for errors.Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
August 12th, 2010 12:14am
I can tomorrow morning. This machine had NIC driver package loaded and rebooted today, so it didnt come up with static IP. Thanks for all the help!
August 12th, 2010 12:19am
Any update on your issue?Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
August 12th, 2010 8:41pm