Exchange 2007 2nd server install 4001 error message
I'm installing a 2nd Exchange server on 2003 x64 with all of the roles installed. We plan to move the mailboxes from the original server to the new server then remove the original server from the Organization. Installation goes well, no failures then I reboot - the IS and SA services don't start.
From the Event Logs:
Event Type: ErrorEvent Source: MSExchange System Attendant MailboxEvent Category: General Event ID: 4001Date: 12/14/2009Time: 2:44:02 PMUser: N/AComputer: PROD-ZMAIL-10Description:A transient failure has occurred. The problem may resolve itself in awhile. The service will retry in 56 seconds. Diagnostic information:
Cannot open mailbox /o=contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=PROD-ZMAIL-10/cn=Microsoft System Attendant.Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException: Cannot open mailbox /o=contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=PROD-ZMAIL-10/cn=Microsoft System Attendant. ---> Microsoft.Mapi.MapiExceptionNetworkError: MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227)Diagnostic context: ...... Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2 Lid: 14744 dwParam: 0x6D9 Msg: EEInfo: Status: 1753 Lid: 9624 dwParam: 0x6D9 Msg: EEInfo: Detection location: 501 Lid: 13720 dwParam: 0x6D9 Msg: EEInfo: Flags: 0 Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters: 4 Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string: prod-zmail-10.parentdomain.com Lid: 12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1527653632 Lid: 15000 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Pointer val: 0x000000000795F290 Lid: 19778 Lid: 27970 StoreEc: 0x80040115 Lid: 17730 Lid: 25922 StoreEc: 0x80040115 at Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Int32 ec, DiagnosticContext diagCtx) at Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize) at Microsoft.Mapi.ConnectionCache.OpenMapiStore(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId) at Microsoft.Mapi.ConnectionCache.OpenMailbox(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, WindowsIdentity windowsIdentityAs, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId) at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry) --- End of inner exception stack trace --- at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry) at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry) at Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString) at Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags) at Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString) at Microsoft.Exchange.Data.Storage.MailboxSession.OpenAsAdmin(ExchangePrincipal mailboxOwner, CultureInfo cultureInfo, String clientInfoString, Boolean useLocalRpc, Boolean ignoreHomeMdb) at Microsoft.Exchange.Data.Storage.MailboxSession.OpenAsAdmin(ExchangePrincipal mailboxOwner, CultureInfo cultureInfo, String clientInfoString) at Microsoft.Exchange.Servicelets.SystemAttendantMailbox.Servicelet.Work()
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: ErrorEvent Source: MSExchangeISEvent Category: General Event ID: 5000Date: 12/14/2009Time: 1:40:48 PMUser: N/AComputer: PROD-ZMAIL-10Description:Unable to initialize the Microsoft Exchange Information Store service. - Error 0x96f.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: ErrorEvent Source: MSExchangeISEvent Category: General Event ID: 1121Date: 12/14/2009Time: 1:40:48 PMUser: N/AComputer: PROD-ZMAIL-10Description:Error 0x96f connecting to the Microsoft Active Directory.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I'm able to start it up manually with no problem, but it won't start up itself during reboot. I've tried a lot of suggestions over the last 3 days but I am not getting any closer to resolving this problem. I open up the Exchange console and all of the information from Active Directory and the original email server is there. The new server is showing up in the original server as well. When I start the services, I'm able to mount it successfully with no errors.
I'm able to log into my domain account successfully, ping the domain controllers successfully, dcdiag results:
C:\>dcdiag /s:prod-dc-10
Domain Controller Diagnosis
Performing initial setup: Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PROD-DC-10 Starting test: Connectivity ......................... PROD-DC-10 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PROD-DC-10 Starting test: Replications ......................... PROD-DC-10 passed test Replications Starting test: NCSecDesc ......................... PROD-DC-10 passed test NCSecDesc Starting test: NetLogons ......................... PROD-DC-10 passed test NetLogons Starting test: Advertising ......................... PROD-DC-10 passed test Advertising Starting test: KnowsOfRoleHolders ......................... PROD-DC-10 passed test KnowsOfRoleHolders Starting test: RidManager ......................... PROD-DC-10 passed test RidManager Starting test: MachineAccount ......................... PROD-DC-10 passed test MachineAccount Starting test: Services ......................... PROD-DC-10 passed test Services Starting test: ObjectsReplicated ......................... PROD-DC-10 passed test ObjectsReplicated Starting test: frssysvol ......................... PROD-DC-10 passed test frssysvol Starting test: frsevent ......................... PROD-DC-10 passed test frsevent Starting test: kccevent ......................... PROD-DC-10 passed test kccevent Starting test: systemlog ......................... PROD-DC-10 passed test systemlog Starting test: VerifyReferences ......................... PROD-DC-10 passed test VerifyReferences
Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom
Running partition tests on : parentdomain Starting test: CrossRefValidation ......................... parentdomain passed test CrossRefValidation Starting test: CheckSDRefDom ......................... parentdomain passed test CheckSDRefDom
Running enterprise tests on : parentdomain.com Starting test: Intersite ......................... parentdomain.com passed test Intersite Starting test: FsmoCheck ......................... parentdomain.com passed test FsmoCheck
NetDiag report:
C:\>netdiag
................................
Computer Name: PROD-ZMAIL-10 DNS Host Name: prod-zmail-10.parentdomain.com System info : Microsoft Windows Server 2003 (Build 3790) Processor : EM64T Family 6 Model 26 Stepping 5, GenuineIntel List of installed hotfixes : Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Private
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : prod-zmail-10.parentdomain.com IP Address . . . . . . . . : 192.168.65.202 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.65.1 NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : 192.168.65.11 192.168.66.11
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Skipped There are no interfaces that have NetBT enabled. [Test skipped]
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Skipped There are no interfaces that have NetBT enabled. [Test skipped]
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Skipped There are no interfaces that have NetBT enabled. [Test skipped]
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed Secure channel for domain 'parentdomain' is to '\\prod-dc-20.parentdomain.com'.
Kerberos test. . . . . . . . . . . : Failed [FATAL] Cannot lookup package Kerberos. The error occurred was: (null)
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
I've updated the Broadcom 1Gig NIC drivers and disabled the checksum offload. Enterprise Exchange Servers and Exchange Server is configured correctly in the Default Domain Controller Policy. The original server reboots just fine.
Help please!
So - Network is fine. Connectivity to AD is fine, because it pulled all the information and I'm able to log in and access all the domain resources just fine as well. I've confirmed that the times on the domain controllers is the same as the email server. The global catalog servers is with the domain controllers.
I did find this http://support.microsoft.com/default.aspx/kb/932599 but I am wary of dong this because it will affect the original email server.
December 15th, 2009 12:06am
Hi,Did you made changes to IPv6 ?Regards,JohanExchange-blog: www.johanveldhuis.nl
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2009 12:52am
There's no integrated IPv6 on the NICs.
December 15th, 2009 1:08am
Hi,Have you read this post?:http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/2a9e0fde-ea91-46f9-a113-82c870aee609
Frank Wang
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2009 9:38am
I did some more digging in the Event Logs and found these errors - it's to do with Active Directory and missing certain permissions.Event Type:ErrorEvent Source:MSExchange ADAccessEvent Category:General Event ID:2501Date:12/15/2009Time:9:05:13 AMUser:N/AComputer:PROD-ZMAIL-10Description:Process MSEXCHANGEADTOPOLOGY (PID=1352). The site monitor API was unable to verify the site name for this Exchange computer - Call=HrSearch Error code=80040a01. Make sure that Exchange server is correctly registered on the DNS server.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type:WarningEvent Source:MSExchange ADAccessEvent Category:General Event ID:2601Date:12/15/2009Time:9:05:13 AMUser:N/AComputer:PROD-ZMAIL-10Description:Process MSEXCHANGEADTOPOLOGY (PID=1352). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=DC1301662F547445B9C490A52961F8FC,CN=Microsoft Exchange,CN=Services,CN=Configuration,...> - Error code=80040a01. The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type:ErrorEvent Source:MSExchange ADAccessEvent Category:Topology Event ID:2120Date:12/15/2009Time:9:04:37 AMUser:N/AComputer:PROD-ZMAIL-10Description:Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1352). Error ERROR_TIMEOUT (0x800705b4) occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain csdcomm.comThe query was for the SRV record for _ldap._tcp.dc._msdcs.csdcomm.com. The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:192.168.66.11192.168.65.11
. Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.For information about correcting this problem, type in the command line:hh tcpip.chm::/sag_DNS_tro_dcLocator_messageB.htm
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type:ErrorEvent Source:MSExchange ADAccessEvent Category:Topology Event ID:2104Date:12/15/2009Time:9:04:25 AMUser:N/AComputer:PROD-ZMAIL-10Description:Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1352). None of the domain controllers in the domain are responding. This event can occur if the domain controllers in local or all domains become unreachable because of network problems. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers. Run the Dcdiag command line tool to test domain controller health.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.I'll be doing some research about this today.
December 15th, 2009 5:12pm
Hi,Have you read this post?:http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/2a9e0fde-ea91-46f9-a113-82c870aee609
Frank Wang
Hi,Did you follow th post to disable checksum offloading?And any error?Frank Wang
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2009 10:50am
Yep, I did.I determined the problem to be Kerberos authentication between Exchange and AD. However, I don't need to worry about fixing it since we are going to be keeping the current server in its original state.Thanks!Megan
December 16th, 2009 4:47pm