exchange 2007 not showing 2008 domain controllers
We have just inherited an exchange 2007 server running on a 2003 domain with a single 03 DC that predates exchange and also an 08 and 08 R2 server that came later. For some reason those server do not show up in the dsaccess 2080 topology scan. So whenever the 03 dc is offline exchange is not responsive. We are wanting to take this server offline and would like to fix the underlying problem. I did find that the Default DC group policy had been changed so I reset it back to defaults and now the permissions show to be correct when I run a policy test from the exchange server but for whatever reason the servers are not populating in the exchange query for topology. The DC servers are replicating properly and all other network services stay online if any one of the servers is offline. They are all listed as GCs with all roles currently running on the 08 R2 DC. I am getting no AD errors in the logs on any of the 3 servers and no errors on the exchange server related. I have run the BPA and the only note is about a certificate mismatch from a starred cert. Any idea on how to troubleshoot from here or what the problem might be? Thanks in advance.
June 27th, 2011 5:42am

HI Cal, I have seen this problem does arrive if you did not enabled IPV6 in TCP/IP in Exchange 2007/2010 server which does not catch new introduced DC, So please check it.Anil MCC 2011,ITIL V3,MCSA 2003,MCTS 2010, My Blog : http://messagingschool.wordpress.com
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 5:58am

ipv6 was disabled on the exchange server and also one of the dcs. I enabled it and 10 minutes later the topology scan ran and did not catch the other servers. I guess I will see if it gets any better by morning. Thanks for the tip.
June 27th, 2011 6:13am

Did you disable IP6 in the registry also? if not, go to HKLM\system\currentcontrolset\services\tcpip6\parameters with the following entry DWORD: DisabledComponents Value: ffffffff Then reboot the server. I hope that work if you have have not do so already.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2011 6:44am

I re-enabled ipv6 on the exchange server but it still does not see the AD servers listed in the 2080 or the exchange console. I have not rebooted yet but I will not be able to until this weekend. Not sure if that would make a difference or not but my old trusty solution. :) Cal Roberson
June 27th, 2011 8:03pm

Hi You can read these case case2. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2011 5:05am

Done and Done but the other domain controllers are still not showing in event 2080 or in the system settings tab of the exchange server. I did try and run a setup.com /preparead and /preparedomain. They both fail organization checks saying that a previous install is requiring a reboot. I guess I will just have to reboot it and try again.
June 28th, 2011 6:03am

I"m betting you lost sacl right after the local policies got mucked with. You can verify when it does a toplogy rediscover and see if Sacl value is 0 o 1 (should be 1) This will confirm if you lost permissions to access those DCs. The article is for 2003 but still same. Yeah reboot and re-run prepareAD. Event ID 2080 from MSExchangeDSAccess http://support.microsoft.com/kb/316300 James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2011 8:47pm

James, I have referrenced in a couple of the other posts that part of my problem is that the AD servers do not show up at all during the topology discovery. That is probably the largest portion of my problem really. I did some digging back in the event log and I found one instance where there is a referrence to the other servers in the 2080 event. I think it correlates to a time when the 03 domain controller was offline. Strange thing is that all servers are actually domain controllers with verified events and listed in the Sites and Services as well as the PTR records in DNS. (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: snad02.hq.surgicalnotes.com CDG 1 7 7 1 0 1 1 7 1 SNAD08.hq.surgicalnotes.com CD- 1 6 7 0 0 1 1 7 1 SN-DC1.hq.surgicalnotes.com CD- 1 6 7 0 0 0 1 7 1
June 28th, 2011 9:06pm

Ahh read the details too fast. I don't trust resetting the default DC policy, reason being alot of GPOs "tattoo" the setting, meaning setting them back to defaults don't actaully undo some policies. Mucking with this was probably the root cause, what I would do is fire up group policy from your 2008 server, and run a group policy results against your 2003 server since it's working and compare that to a group policy results output from your 2008 server. I would also just re-run the prepareAD you might save more time trying this first.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
June 28th, 2011 9:31pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics