exchange 2007 does not use second Domain Controller
Hello @all dear readers.
I have a serious problem with our Exchange 2007 on Windows 2003 64Bit. We have 2 DC who are also both global catalog and dns servers.
When i shut down the dc1 and then reboot exchange, the exchange server stops at "applaying computer settings" When i then restart dc1 10 seconds after i can login at dc1 the exchange server is also ready for login. The exchange server does not use dc2 and
i found several information in the eventlog.
dc1 CDG 1 7 7 1 0 1 1 7 1
dc2 - - G 1 1 7 1 0 0 1 7 1
Roles: The second column shows whether or not the particular server can be used as a configuration domain controller (column value
C), a domain controller (column value D), or a global catalog server (column value
G) for this particular Exchange server
--------> why can dc2 not be used as D---->domain controller? dc2 IS a Domain Controller with G--->global catalog.
I also tried to fix the SACL right column but i dont know why it does not work. I edited on dc2 the security, added exchange server to security and allowed the "READ NTSECURITY DESCRIPTOR" with ADSIedit on dc2.
What is the feature "C"-->configuration domain controller---> I read in an other forum that it is not necessary to configure a special configuration domain controller on exchange, exchange would find the config DC by itself. A few weeks ago i tried
to fix that problem with "configuration domain controller" entry and i set it to NULL but that did not work so i set it back again to ntsrik03.
****************************************************************************************************************************************
Exchange Config setings get with "get-exchangeServer -status | fl on the exchangeserver
Name : NTSRIK09
DataPath : C:\Program Files\Microsoft\Exchange Server\
Mailbox
Domain : company.net
Edition : Standard
ExchangeLegacyDN : /o=company/ou=Exchange Administrative Gro
up (FYDIBOHF23SPDLT)/cn=Configuration/cn=Se
rvers/cn=NTSRIK09
Fqdn : ntsrik09.company.net
IsHubTransportServer : True
IsClientAccessServer : True
IsExchange2007OrLater : True
IsEdgeServer : False
IsMailboxServer : True
IsMemberOfCluster : No
IsProvisionedServer : False
IsUnifiedMessagingServer : False
NetworkAddress : {ncacn_vns_spp:NTSRIK09, netbios:NTSRIK09,
ncacn_np:NTSRIK09, ncacn_spx:NTSRIK09, ncac
n_ip_tcp:ntsrik09.company.net, ncalrpc:N
TSRIK09}
OrganizationalUnit : company.net/NTSRIK09
AdminDisplayVersion : Version 8.1 (Build 240.6)
Site : company.net/Configuration/Sites/Standard
name-des-ersten-Standorts
ServerRole : Mailbox, ClientAccess, HubTransport
ErrorReportingEnabled : False
StaticDomainControllers : {ntsrik03.company.net, ntsrik05.companyrik
on.net}
StaticGlobalCatalogs : {}
StaticConfigDomainController :
StaticExcludedDomainControllers : {}
CurrentDomainControllers : {ntsrik03.company.net}
CurrentGlobalCatalogs : {ntsrik03.company.net}
CurrentConfigDomainController : ntsrik03.company.net
ProductID : 111111-111-111111-111111
IsExchange2007TrialEdition : False
IsExpiredExchange2007TrialEdition : False
RemainingTrialPeriod : 00:00:00
IsValid : True
OriginatingServer : ntsrik03.company.net
ExchangeVersion : 0.1 (8.0.535.0)
DistinguishedName : CN=NTSRIK09,CN=Servers,CN=Exchange Administ
rative Group (FYDIBOHF23SPDLT),CN=Administr
ative Groups,CN=company,CN=Microsoft Exch
ange,CN=Services,CN=Configuration,DC=company
,DC=net
Identity : NTSRIK09
Guid : e2dda503-5353-408e-96e1-a0b7aa7a62d5
ObjectCategory : company.net/Configuration/Schema/ms-Exch
-Exchange-Server
ObjectClass : {top, server, msExchExchangeServer}
Thank you very much for your help!
August 4th, 2010 2:10pm
Similar Thread here:
http://social.technet.microsoft.com/Forums/en-US/exchangesvravailabilityandisasterrecovery/thread/51d053de-e4c6-4b96-a0e2-6f1ba5e35eae
Essentially, the Exchange Server cant bind to port 389 or ping that DC. Is that DC new? Been rebooted? Have any other errors in the Exchange or its own event logs?
Free Windows Admin Tool Kit Click here and download it now
August 4th, 2010 2:17pm
Hi Andy.
Thank you for your reply. Our dc2 is also RAS server so he has 2 Ip's 192.168.0.5 and 192.168.0.209 (RAS IP) ---->SHOUD I MOVE RAS TO OTHER SERVER?
Ping from exchange (ntsrik09) to dc2 (ntsrik05) ----->ping ntsrik05 =192.168.0.209
telnet command on exchange server : telnet 192.168.0.5 389 ---->cursor is blinking telnet 192.168.0.209 389 ---->cursor is blinking
telnet command on exchange server : telnet 192.168.0.5 3268 ---->cursor becoms bigger telnet 192.168.0.209 3268 ---->cursor becoms bigger ???? (never seen befor)
nslookup ntsrik05 on exchange server returns this:
C:\>nslookup ntsrik05
Server: ntsrik05.company.net
Address: 192.168.0.5
Name: ntsrik05.company.net
Addresses: 192.168.0.209, 192.168.0.5
dc2 was created when we migrated from exchange 2003 to 2007 (may 2009, the old exchange was also DC and MS says, "don't install exchange on a DC" so we made old DC to member server after the migration, created a new dc (ntsrik05) with dcpromo
and uninstalled exchange 2003
*********************************************************************************************************************
here are a few warnings we had after starting exchange server while dc1 was down:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=2316). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge
Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
******
Process w3wp.exe (AirSync) (PID=2620). An remote procedure call (RPC) request to the Microsoft Exchange Active Directory Topology service failed with error 1753 (Error 6d9 from HrGetServersForRole). Make sure that the Remote Procedure Call (RPC) service
is running. In addition, make sure that the network ports that are used by RPC are not blocked by a firewall.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
******
Exchange ActiveSync experienced a transient error when it tried to access Active Directory information for user "". Exchange ActiveSync will try this operation again. If this event occurs infrequently, no user action is required. If this event occurs frequently,
check network connectivity using PING or PingPath. You can also use the Test-ActiveSyncConnectivity cmdlet. More information:
Microsoft.Exchange.Data.Directory.ADTransientException: Exchange Active Directory Topology Service on server localhost cannot be contacted via RPC interface. Error 0x6D9. ---> Microsoft.Exchange.Rpc.RpcException: Error 6d9 from HrGetServersForRole
at Microsoft.Exchange.Rpc.ADTopology.ADTopoRpcClient.HrGetServersForRole(String[] currentlyUsedServers, ServerRole role, Int32 serversRequested, ServerInfo[]& suitableServers, Int32[]& mapping)
at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetServersForRole(String[] currentlyUsedServers, ADServerRole role, Int32 serversRequested, Int32[]& mapping)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetServersForRole(String[] currentlyUsedServers, ADServerRole role, Int32 serversRequested, Int32[]& mapping)
at Microsoft.Exchange.Data.Directory.DSAccessTopologyProvider.GetConfigDCInfo(Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts()
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext()
at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, ADObjectId& rootId)
at Microsoft.Exchange.Data.Directory.ADSession.GetReadConnection(String preferredServer, ADObjectId& rootId)
at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate
arrayCreator)
at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCtor, CreateObjectsDelegate arrayCtor)
at Microsoft.Exchange.Data.Directory.ADSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties)
at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.FindBySid(SecurityIdentifier sId)
at Microsoft.Exchange.AirSync.ADHelper.TryGetADEntryFromSid(Byte[] sid)
at Microsoft.Exchange.AirSync.AirSyncUser.InitializeFromLoggedOnIdentity()
at Microsoft.Exchange.AirSyncHandler.Handler.BeginProcessRequest(HttpContext context, AsyncCallback asyncCallback, Object extraData)
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
******
Process MSEXCHANGEADTOPOLOGY (PID=2316). The site monitor API was unable to verify the site name for this Exchange computer - Call=HrSearch Error code=80040a01. Make sure that Exchange server is correctly registered on the DNS server.
For more information, see Help and Support Center at
******
Process MSEXCHANGEADTOPOLOGY (PID=2316). When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object NTSRIK09 - Error code=80040a01.
The Exchange Active Directory Topology service will continue with limited permissions.
******
Process MAD.EXE (PID=4952). All Domain Controller Servers in use are not responding: ntsrik03.kuhn-rikon.net
******
The Microsoft Exchange Replication Service attempted to start the RPC server but failed because an error occurred when attempting to read the Exchange Servers Universal Security Group SID from the Active Directory. Error message:
The Exchange Topology service on server localhost did not return a suitable domain controller.
******
Process STORE.EXE (PID=5512). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
ntsrik03.kuhn-rikon.net CDG 1 7 7 1 0 1 1 7 1
ntsrik05.kuhn-rikon.net --G 1 1 7 1 0 0 1 7 1
Out-of-site:
August 4th, 2010 3:13pm
Can you disable one of the NICs on the DC and rtest?
Ensure of course that firewalls and DNS are ok as well per the errors.
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2010 1:48am
Hi Andy.
Thank you for your help.
What do you think about the RAS funktion. Could this be a problem? Should i move it to an other server maybe?
There is no firewall between exchange and dc2. local firewalls are disabled, both server are also in the same subnet.
I will try to diable a NIC on dc2 but for that i have to deactivate the teaming of the two nic's, that can i only do on saturday evening or sunday.
i will give you a feedback as soon as possible!!!
Thank you again!
August 5th, 2010 10:09am
Hi,
After you shut down the DC1, try to change the DC2 to PDC and see if the issue persists:
1.
Open Active Directory Users and Computers.
2. Right click domain.com and choose Operations Masters.
3. In PDC tab, click Change.
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2010 12:31pm
Hi Gen
Thank you or your hint. I will try this also.
Could you tell me the reason why this should help with my problem?
Telnet on Port 389 from exchange to dc2 should be ok, test gets an other result than a real failed test (cursor gets bigger) a failed test on 389 returns the message "connecting to....... then a few seconds later a error message.
August 5th, 2010 4:35pm