Exchange errors when specific DC is rebooted
Originally this exchange server existed in a smaller environment.
Over time more DC’s have been added to the environment but I suspect something about the exchange installation is not recognizing this fact. There is another DC in this same site and 6 more DC’s in other AD Sites.
When I reboot a specific DC, I get errors in the exchange server application and system logs as follows:
System log:
Event Type:
Error
Event Source:
NETLOGON
Event Category:
None
Event ID:
5783
Date:
11/21/2011
Time:
10:08:17 AM
User:
N/A
Computer:
EXCHANGE
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\DC1.MyDomain.local for the domain MYDOMAIN is not responsive.
The current RPC call from Netlogon on \\EXCHANGE to \\DC1.MyDomain.local has been cancelled.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Application Log:
Event Type:
Error
Event Source:
MSExchangeAL
Event Category:
Service Control
Event ID:
8365
Date:
11/21/2011
Time:
10:11:28 AM
User:
N/A
Computer:
EXCHANGE
Description:
Could not read the Security Descriptor from the Exchange Server object with guid=C1480C845E983C49A392553A0BA0529B. As a result the Proxy Address Calculation RPC interface
will not be available on the local Exchange Server.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event Type:
Error
Event Source:
MSExchangeSA
Event Category:
General
Event ID:
9385
Date:
11/21/2011
Time:
10:11:30 AM
User:
N/A
Computer:
EXCHANGE
Description:
Microsoft Exchange System Attendant failed to read the membership of the universal security group '/dc=local/dc=MYDOMAIN/ou=Microsoft Exchange Security Groups/cn=Exchange
Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.
If this computer is not a member of the group '/dc=local/dc=MYDOMAIN/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft
Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange services.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
As soon as the DC comes back up the Exchange server is happy again but I would like it to simply look elsewhere when that DC is rebooting.
Where can I inform the Exchange server to look for a different DC when that one is rebooting?
The DC in question is the domain naming master and schema master but does not hold any of the other three master roles.
Exchange 2007 SP 2 Rollup 5 running on Server 2003 R2
November 21st, 2011 12:45pm
Hi there,
May us know where is your Global Catalog resides in that site, because exchange will only contact the DC which has the GC.
If GC is resides on your first DC(rebooting one) try to move it to other one and see how it goes.
Thanks & Regards, Kottees R
Free Windows Admin Tool Kit Click here and download it now
November 21st, 2011 3:20pm
All DC's are GC's.
November 21st, 2011 3:49pm
Hello,
please check your DNS settings on the Exchange server. Please also check if the replication between your DCs is working correctly.
Greetings,
Toni
Free Windows Admin Tool Kit Click here and download it now
November 21st, 2011 4:45pm
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-21-5E-DB-91-18
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.19
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.5
<--This is DC1, the one that causes errors when I reboot it
192.168.2.6 <--This
is DC2, the other one in the same site
192.168.1.10
<--This is DC5, located at another site
C:\Documents and Settings\Administrator.MYDOMAIN>nslookup mydomain.local dc2
Server: dc2.mydomain.local
Address: 192.168.2.6
Name: mydomain.local
Addresses: 192.168.2.6, 192.168.2.5, 192.168.112.11, 192.168.7.5 <--
These are all of the various DCs
192.168.7.6, 192.168.1.9, 192.168.1.10, 192.168.112.10
C:\Documents and Settings\Administrator.MYDOMAIN>nslookup mydomain.local dc1
Server: dc1.mydomain.local
Address: 192.168.2.5
Name: mydomain.local
Addresses: 192.168.2.6, 192.168.2.5, 192.168.7.6, 192.168.112.10
192.168.7.5, 192.168.112.11, 192.168.1.9, 192.168.1.10
I can't see anything wrong with this part. When I ping mydomain.local it resolves to the DC1 IP address but since that is also the primary DNS server for the Exchange server that doesn't seem amiss. No replication problems. All DCs are
DNS servers and DNS is AD integrated.
November 21st, 2011 5:11pm
Hi there,
Based on my research, the network connection between Exchange server and the three DC/GC is unstable and this cause Exchange server have difficulty
to access DC/GC.
We recommend to update all the physical network cards’ drivers to the latest version on your Exchange server, GC/GC and then reboot servers.
Only when there is not any network connection problem between the Exchange server and DC/GC, the event 8365 could disappear.
Regarding error ID 9385, please verify the group “Exchange Servers” in “Exchange servers security group”, make sure your Exchange
server is one of the members.
Additionally, restart Microsoft Exchange System Attendant service if the issue error ID reoccurs when you reboot the GC server.
Best Regards Fiona Liao E: v-fiolia@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
November 21st, 2011 10:28pm
Any update?Best Regards Fiona Liao E: v-fiolia@microsoft.com
November 28th, 2011 9:40pm
Hi there,
Based on my research, the network connection between Exchange server and the three DC/GC is unstable and this cause Exchange server have difficulty
to access DC/GC.
We recommend to update all the physical network cards’ drivers to the latest version on your Exchange server, GC/GC and then reboot servers.
Only when there is not any network connection problem between the Exchange server and DC/GC, the event 8365 could disappear.
Regarding error ID 9385, please verify the group “Exchange Servers” in “Exchange servers security group”, make sure your Exchange
server is one of the members.
Additionally, restart Microsoft Exchange System Attendant service if the issue error ID reoccurs when you reboot the GC server.
Best Regards Fiona Liao E: v-fiolia@microsoft.com
As far as updating the NIC drivers, broadcom says this:
"Due to the advanced software architecture of the NetXtreme II 1 Gigabit adapter, the installation/uninstallation of drivers is only supported through a driver installer. Manually installing/uninstalling the drivers through the Device Manager is not recommended.
To ensure a more seamless upgrade, please attempt to update the drivers for the NetXtreme II 1 Gigabit adapter through the drivers provided by the manufacturer of the system containing this device."
Doing this is going to require a server reboot which means I have to come in after hours to do so. I am skeptical this will fix this issue but I will try it. As for the NIC's on the DC's they are all Hyper-V VM's so I would assume any better
driver packages would have shown up in microsoft update for either the guest or the host and all updates are current on both.
The exchange server is a member of the Exchange Servers group in AD.
Free Windows Admin Tool Kit Click here and download it now
November 29th, 2011 1:29pm