Exchange Server Sees Only 1 GC
<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} @font-face {font-family:Consolas; panose-1:2 11 6 9 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-1610611985 1073750091 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} p.MsoPlainText, li.MsoPlainText, div.MsoPlainText {mso-style-noshow:yes; mso-style-priority:99; mso-style-link:"Plain Text Char"; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.5pt; font-family:Consolas; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} span.PlainTextChar {mso-style-name:"Plain Text Char"; mso-style-noshow:yes; mso-style-priority:99; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:"Plain Text"; mso-ansi-font-size:10.5pt; mso-bidi-font-size:10.5pt; font-family:Consolas; mso-ascii-font-family:Consolas; mso-hansi-font-family:Consolas;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} -->
Hi all,
We have a secondary domain controller that is also set up as a GC. When I look in the ESM's properties I only see the PDC as the GC. I set the topology logging to maximum and this is what I got:
Process MAD.EXE (PID=3112). DSAccess has discovered the following servers with the following characteristics:
(Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
pdc.subdomain.domain.xy CDG 7 7 1 0 1 1 7 1
gc2.subdomain.domain.xy CDG 7 7 1 0 0 1 7 1
Out-of-site:
I have changed the server names but the server that isn't showing up in ESM is "gc2.subdomain.domain.xy" even though the log shows it. I'm unsure what the problem could be. Any insights on this issue would be great.
Thanks in advance!
November 6th, 2009 11:26pm
Both the GC's are in the same AD site where exchange is? Normally exchange will not pick up the GC which is in the other AD site. Are AD replications fine? If you try SET L command from command promt on the exchange what do you get. Try to run exbpa and when it asks the DC name, punch in the gc2 over there and see the results of exbpa and paste it over here.Raj
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2009 11:45pm
Yes, both the GC's are in the same AD site. The AD replications look fine to me. The SET L command shows the PDC server. What part of the exbpa output would you like me to attach here since it is a big file. Thanks Raj!
November 7th, 2009 1:11am
Exchange isnt installed on the PDC is it?As for ExBpa, post any critical warnings.
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2009 1:45am
Here are some of the warnings: Items of severity Warning: - Network interface driver file is more than two years old - Storage driver is more than two years old - Symantec Mail Security for Exchange update available - Temporary file path optimization - Virus scanning API (VSAPI) plain text scanning Items of severity Best Practices: - Application log size - Consider setting 'TarpitTime' - Single global catalog in toplogy - BIOS update available - Outlook connection range
November 7th, 2009 2:33am
Even exbpa is detecting single global catalog in the AD site. Try runnning dcdiag and net diag on the problematic domain controller. Check with replmon /showreps on the dc. Also run the commands from nltest with dclist, dcname and dsgetsite.Raj
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2009 9:17am
Check your local DNS server for _gc (SRV) records.. Stop the firewall service on both the domain controllers and even exchange 2003 restart the new DC which has been promoted to GC once done restart the Exchange 2003 Server (take downtime time) Hari Bylapudi
November 7th, 2009 2:42pm
In addition to Hari's suggestion, I would check the event logs on that new GC.
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2009 6:47pm
On Sat, 7-Nov-09 15:47:01 GMT, Andy David wrote:>In addition to Hari's suggestion, I would check the event logs on that new GC. Heck, I'd reboot the GC first. I didn't see any info on what O/S or SPthe GC is using and it used to be that a GC needed a reboot after itwas made a GC before it would show up.---Rich MatheisenMCSE+I, Exchange MVP---
Rich Matheisen
MCSE+I, Exchange MVP
November 7th, 2009 9:02pm
Oh, I agree. In fact, I should have looked closer at the dsacess 2080 the OP posted earlier.gc2.subdomain.domain.xy CDG 7 7 1 0 0 1 7 1The DC doesnt have the SACL right.Exad, here are some articles on how to troubleshoot that if a simple restart doesnt solve it:http://support.microsoft.com/kb/316300http://ntoskrnl.wordpress.com/2008/08/20/eventid-2080-dsaccess-sacl-right-fix/http://social.technet.microsoft.com/Forums/en/exchangesvrgeneral/thread/d57c4227-ab6b-4833-93b5-99616b52a2af
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2009 10:12pm
Hi all,Thanks for all your help. When I ran the dsdiag command on the exchange server I saw the message about not having the proper security. In addition, I checked the DC gc2's "Manage Auditing and Security Log" and it does give the Exchange Enterprise Servers the permission. Since everything looks good except that the exchange server doesn't have the required privilege on the DC I feel that I should run the setup.exe command with the /domainprep flag (as described in Article 314294). Do you folks think that that is a good way to go about it? Since the exchange server is in production I hope it doesn't mess anything up?Thanks once again!
November 8th, 2009 9:30am
I think that should be fine. Make sure you take a system state back up from the domain controller.Raj
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2009 10:11am
Hi Raj,Should I be running the setup command with the /domainprep switch on the exchange server or the DC gc2?Thanks!
November 9th, 2009 12:42am
Did you check the 'read nTSecurityDescriptor" referenced in:http://ntoskrnl.wordpress.com/2008/08/20/eventid-2080-dsaccess-sacl-right-fix/Also check:http://social.technet.microsoft.com/Forums/en/exchangesvrgeneral/thread/4cfab637-4d82-4c03-9362-5fa11777c70d
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2009 12:57am
On Sun, 8-Nov-09 21:42:13 GMT, exad wrote:>Hi Raj,Should I be running the setup command with the /domainprep switch on the exchange server or the DC gc2?Thanks! It doesn't matter, as long ss you're on a machine that's a member ofthe domain you're preparing.But I don't know if /domainprep will fix your problem. If it doesn't,this may be the more appropriate reference:http://support.microsoft.com/kb/328662---Rich MatheisenMCSE+I, Exchange MVP---
Rich Matheisen
MCSE+I, Exchange MVP
November 9th, 2009 1:17am
I would go for /domainprep on the second GC so that it will fix Manage Auditing and Security Log. and then replicate the changes between both GC'S i would also try restarting the SA so that DSACCESS cache can pick both GC'sVinod
|CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
Free Windows Admin Tool Kit Click here and download it now
November 9th, 2009 3:36pm
Thanks to all of you as now my exchange server sees both GCs.
November 9th, 2009 8:09pm