Exchange server DAG (Cluster failure)
Hi,

Here is my issue: In our organization, Exchange server 2013 is installed on windows server 2012,

From few months we are having issue with cluster fail-over.

We have a DAG with 8 nodes and in that 4 servers are having this issue

Here is the below event logs we are receiving  and exchange DBs will get fail-over to the passive node

Let me know if you need any more detail

Could you please let me know the cause and resolution for this issue. 

Here is the flow of event logs..

 "IMPORTANT thing is this is happening every 3rd or 4th day the month, depends on the number of days in the month (30/31 days ) "

1 : NETLOGON 

 

This computer was not able to set up a secure session with a domain controller in domain VCN due to the following: 

The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. 

This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

 

ADDITIONAL INFO 

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

 

event : 5719

 

 

2 : Security Kerberos:

 

The digitally signed Privilege Attribute Certificate (PAC) that contains the authorization information for client Server-name$ in realm(FQDN) could not be validated.

 

 This error is usually caused by domain trust failures; Contact your system administrator

 

event iD 7

 

 

3 : DNS Client event 

 

The system failed to register host (A or AAAA) resource records (RRs) for network adapter

with settings:

 

           Adapter Name : {******-3175-888-9999-******}

           Host Name : Server-name

           Primary Domain Suffix : FQDN 

           DNS server list :

              131.**.***.*, 131.**.***.*

           Sent update to server : <?>

           IP Address(es) :

             131.**.***.***

 

The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time.

 

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

 

Even ID : 8015

 

4 : Fail-over cluster:

 

File share witness resource 'File Share Witness \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)' failed to arbitrate for the file share \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)'. Please ensure that file share \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)' exists and is accessible by the cluster.

 

Segotn5102 - witness server

segotn5110 - DAG name (Virtual name)

event : 1564

 Thank you,

Pradeep K



  • Edited by Pradeep KS Friday, February 06, 2015 6:38 AM
February 5th, 2015 7:15pm

Hi,

Please check if you can ping this DC from affected Exchange server.

Please make sure you have configured NIC settings correctly on all DAG members. Each member is recommended to have two NICs, one for MAPI, and one for Replication.

And please make sure the file share is accessible. You can look at the following artilcle.

https://technet.microsoft.com/en-gb/library/cc756221(v=ws.10).aspx

Besides, you can increase the subnet delay for the network to check result.

Hope this is helpful to you.

Best regards,

Free Windows Admin Tool Kit Click here and download it now
February 9th, 2015 3:20am

Do you think, it is the password related issue..

when i check the last password reset, it was showing a month back, (system password)

Usually it is set as never expiry, but still the logs says, the account was tried to reset the password,

We found this is due to some permission issue and we have granted the permission also

But still the issue is exist.

Could you please help to narrow down this issue..

//Pradeep

July 30th, 2015 9:50am

Checked with AD..

All the above things are working fine..

//Pradeep

Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 9:51am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics