Hello @all dear readers. I have a serious problem with our Exchange 2007 on Windows 2003 64Bit. We have 2 DC who are also both global catalog and dns servers. When i shut down the dc1 and then reboot exchange, the exchange server stops at "applaying computer settings" When i then restart dc1 10 seconds after i can login at dc1 the exchange server is also ready for login. The exchange server does not use dc2 and i found several information in the eventlog. dc1 CDG 1 7 7 1 0 1 1 7 1 dc2 - - G 1 1 7 1 0 0 1 7 1 Roles: The second column shows whether or not the particular server can be used as a configuration domain controller (column value C), a domain controller (column value D), or a global catalog server (column value G) for this particular Exchange server --------> why can dc2 not be used as D---->domain controller? dc2 IS a Domain Controller with G--->global catalog. I also tried to fix the SACL right column but i dont know why it does not work. I edited on dc2 the security, added exchange server to security and allowed the "READ NTSECURITY DESCRIPTOR" with ADSIedit on dc2. What is the feature "C"-->configuration domain controller---> I read in an other forum that it is not necessary to configure a special configuration domain controller on exchange, exchange would find the config DC by itself. A few weeks ago i tried to fix that problem with "configuration domain controller" entry and i set it to NULL but that did not work so i set it back again to ntsrik03. **************************************************************************************************************************************** Exchange Config setings get with "get-exchangeServer -status | fl on the exchangeserver Name : NTSRIK09 DataPath : C:\Program Files\Microsoft\Exchange Server\ Mailbox Domain : company.net Edition : Standard ExchangeLegacyDN : /o=company/ou=Exchange Administrative Gro up (FYDIBOHF23SPDLT)/cn=Configuration/cn=Se rvers/cn=NTSRIK09 Fqdn : ntsrik09.company.net IsHubTransportServer : True IsClientAccessServer : True IsExchange2007OrLater : True IsEdgeServer : False IsMailboxServer : True IsMemberOfCluster : No IsProvisionedServer : False IsUnifiedMessagingServer : False NetworkAddress : {ncacn_vns_spp:NTSRIK09, netbios:NTSRIK09, ncacn_np:NTSRIK09, ncacn_spx:NTSRIK09, ncac n_ip_tcp:ntsrik09.company.net, ncalrpc:N TSRIK09} OrganizationalUnit : company.net/NTSRIK09 AdminDisplayVersion : Version 8.1 (Build 240.6) Site : company.net/Configuration/Sites/Standard name-des-ersten-Standorts ServerRole : Mailbox, ClientAccess, HubTransport ErrorReportingEnabled : False StaticDomainControllers : {ntsrik03.company.net, ntsrik05.companyrik on.net} StaticGlobalCatalogs : {} StaticConfigDomainController : StaticExcludedDomainControllers : {} CurrentDomainControllers : {ntsrik03.company.net} CurrentGlobalCatalogs : {ntsrik03.company.net} CurrentConfigDomainController : ntsrik03.company.net ProductID : 111111-111-111111-111111 IsExchange2007TrialEdition : False IsExpiredExchange2007TrialEdition : False RemainingTrialPeriod : 00:00:00 IsValid : True OriginatingServer : ntsrik03.company.net ExchangeVersion : 0.1 (8.0.535.0) DistinguishedName : CN=NTSRIK09,CN=Servers,CN=Exchange Administ rative Group (FYDIBOHF23SPDLT),CN=Administr ative Groups,CN=company,CN=Microsoft Exch ange,CN=Services,CN=Configuration,DC=company ,DC=net Identity : NTSRIK09 Guid : e2dda503-5353-408e-96e1-a0b7aa7a62d5 ObjectCategory : company.net/Configuration/Schema/ms-Exch -Exchange-Server ObjectClass : {top, server, msExchExchangeServer} Thank you very much for your help!

Similar Thread here: http://social.technet.microsoft.com/Forums/en-US/exchangesvravailabilityandisasterrecovery/thread/51d053de-e4c6-4b96-a0e2-6f1ba5e35eae Essentially, the Exchange Server cant bind to port 389 or ping that DC. Is that DC new? Been rebooted? Have any other errors in the Exchange or its own event logs?

Hi Andy. Thank you for your reply. Our dc2 is also RAS server so he has 2 Ip's 192.168.0.5 and 192.168.0.209 (RAS IP) ---->SHOUD I MOVE RAS TO OTHER SERVER? Ping from exchange (ntsrik09) to dc2 (ntsrik05) ----->ping ntsrik05 =192.168.0.209 telnet command on exchange server : telnet 192.168.0.5 389 ---->cursor is blinking telnet 192.168.0.209 389 ---->cursor is blinking telnet command on exchange server : telnet 192.168.0.5 3268 ---->cursor becoms bigger telnet 192.168.0.209 3268 ---->cursor becoms bigger ???? (never seen befor) nslookup ntsrik05 on exchange server returns this: C:\>nslookup ntsrik05 Server: ntsrik05.company.net Address: 192.168.0.5 Name: ntsrik05.company.net Addresses: 192.168.0.209, 192.168.0.5 dc2 was created when we migrated from exchange 2003 to 2007 (may 2009, the old exchange was also DC and MS says, "don't install exchange on a DC" so we made old DC to member server after the migration, created a new dc (ntsrik05) with dcpromo and uninstalled exchange 2003 ********************************************************************************************************************* here are a few warnings we had after starting exchange server while dc1 was down: Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=2316). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers. ****** Process w3wp.exe (AirSync) (PID=2620). An remote procedure call (RPC) request to the Microsoft Exchange Active Directory Topology service failed with error 1753 (Error 6d9 from HrGetServersForRole). Make sure that the Remote Procedure Call (RPC) service is running. In addition, make sure that the network ports that are used by RPC are not blocked by a firewall. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ****** Exchange ActiveSync experienced a transient error when it tried to access Active Directory information for user "". Exchange ActiveSync will try this operation again. If this event occurs infrequently, no user action is required. If this event occurs frequently, check network connectivity using PING or PingPath. You can also use the Test-ActiveSyncConnectivity cmdlet. More information: Microsoft.Exchange.Data.Directory.ADTransientException: Exchange Active Directory Topology Service on server localhost cannot be contacted via RPC interface. Error 0x6D9. ---> Microsoft.Exchange.Rpc.RpcException: Error 6d9 from HrGetServersForRole at Microsoft.Exchange.Rpc.ADTopology.ADTopoRpcClient.HrGetServersForRole(String[] currentlyUsedServers, ServerRole role, Int32 serversRequested, ServerInfo[]& suitableServers, Int32[]& mapping) at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetServersForRole(String[] currentlyUsedServers, ADServerRole role, Int32 serversRequested, Int32[]& mapping) --- End of inner exception stack trace --- at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetServersForRole(String[] currentlyUsedServers, ADServerRole role, Int32 serversRequested, Int32[]& mapping) at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetConfigDCInfo(Boolean throwOnFailure) at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts() at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext() at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.GetReadConnection(String preferredServer, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCtor, CreateObjectsDelegate arrayCtor) at Microsoft.Exchange.Data.Directory.ADSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties) at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.FindBySid(SecurityIdentifier sId) at Microsoft.Exchange.AirSync.ADHelper.TryGetADEntryFromSid(Byte[] sid) at Microsoft.Exchange.AirSync.AirSyncUser.InitializeFromLoggedOnIdentity() at Microsoft.Exchange.AirSyncHandler.Handler.BeginProcessRequest(HttpContext context, AsyncCallback asyncCallback, Object extraData) For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ****** Process MSEXCHANGEADTOPOLOGY (PID=2316). The site monitor API was unable to verify the site name for this Exchange computer - Call=HrSearch Error code=80040a01. Make sure that Exchange server is correctly registered on the DNS server. For more information, see Help and Support Center at ****** Process MSEXCHANGEADTOPOLOGY (PID=2316). When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object NTSRIK09 - Error code=80040a01. The Exchange Active Directory Topology service will continue with limited permissions. ****** Process MAD.EXE (PID=4952). All Domain Controller Servers in use are not responding: ntsrik03.kuhn-rikon.net ****** The Microsoft Exchange Replication Service attempted to start the RPC server but failed because an error occurred when attempting to read the Exchange Servers Universal Security Group SID from the Active Directory. Error message: The Exchange Topology service on server localhost did not return a suitable domain controller. ****** Process STORE.EXE (PID=5512). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: ntsrik03.kuhn-rikon.net CDG 1 7 7 1 0 1 1 7 1 ntsrik05.kuhn-rikon.net --G 1 1 7 1 0 0 1 7 1 Out-of-site:

Can you disable one of the NICs on the DC and rtest? Ensure of course that firewalls and DNS are ok as well per the errors.

Hi Andy. Thank you for your help. What do you think about the RAS funktion. Could this be a problem? Should i move it to an other server maybe? There is no firewall between exchange and dc2. local firewalls are disabled, both server are also in the same subnet. I will try to diable a NIC on dc2 but for that i have to deactivate the teaming of the two nic's, that can i only do on saturday evening or sunday. i will give you a feedback as soon as possible!!! Thank you again!

Hi, After you shut down the DC1, try to change the DC2 to PDC and see if the issue persists: 1. Open Active Directory Users and Computers. 2. Right click domain.com and choose Operations Masters. 3. In PDC tab, click Change. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks

Hi Gen Thank you or your hint. I will try this also. Could you tell me the reason why this should help with my problem? Telnet on Port 389 from exchange to dc2 should be ok, test gets an other result than a real failed test (cursor gets bigger) a failed test on 389 returns the message "connecting to....... then a few seconds later a error message.