No announcement yet.

Exchange2003-DC2000 replication issue at Exchange startup ??

  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange2003-DC2000 replication issue at Exchange startup ??

    Hi experts,

    Our system includes 2 DC 2000, 2 FE Exch 2003, 4 BE Exch 2000, and all run normally. We need more so we buildup a new Win 2003 sp2, Exchange 2003 sp1. Installation and operation is normal, except that: sometimes when we restart the new Exchange 2003, then this new server faces problem contacting DCs at startup, that lead to many services stop at and after startup (Exchange, NAV client, Symantec Mail security, remote desktop (Ping OK), ... ).

    This happens often. In event viewer, at each time, we see event ID 2104 as follow:


    Product: Exchange

    ID: 2104

    Source: MSExchangeDSAccess

    Version: 6.5.0000.0

    Message: Process %1 (PID=%2). All the DS Servers in domain are not responding.


    This error indicates that the Exchange Server was unable to contact a DC in the local domain. DSAccess needs an in-domain DC to perform topology discovery. If no DCs respond at startup, this is a fatal error, as the System Attendant (MAD) will not start. If this occurs after startup, this is not fatal, unless for some reason ALL DCs and GCs go down (in which case topology discovery would become necessary).
    This can happen if the DC or DCs in question become unreachable because of a network problem.

    User Action

    Check all the DCs in the same domain as the Exchange Server and make sure that at least one of them is up and running and reachable from the Exchange Server.


    and after event ID above is event ID 9157:


    Product: Exchange

    ID: 9157

    Source: MSExchangeSA

    Version: 6.5.6940.0

    Component: Microsoft Exchange System Attendant

    Message: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objectsin Active Directory. Wait for replication to complete and then check to make sure the computer account is a memberof the "Exchange Domain Servers" security group.


    See the message text for the event.

    User Action

    No user action may be required because Exchange will make additional attempts to read Exchange configuration objects during the replication process.

    If this event occurs after all domain controller replication has occurred, ensure that the required permissions have been assigned to the Exchange Domain Servers group for this domain. To ensure that the required permissions are configured, run Exchange setup again and select Reinstall. Running setup again will set permissions on the necessary Active Directory objects on a nearby domain controller, and those permissions will then be replicated to other domain controllers.

    You can also manually ensure that the required permissions have been configured. To do this, ensure that the Exchange server is a member of the Exchange Domain Servers group of its domain using the Active Directory Users and Computers snap-in. You must also use the Active Directory Service Interfaces (ADSI) Edit snap-in to ensure that the Exchange Domain Servers group of this domain is assigned Full Control permissions on the Configuration/Services/Microsoft Exchange object.


    So in short, Exch cant contact DCs timely, so replication failed, leading to permission problems, that stop many services. We often fix this issue just by restarting the server, 1 times or more, sometimes we have to wait for about 30 minutes with about 4 restart to make the server run normally. That's all, restart only, that fix problem, but that's too bad for us since this Mail server will contain at least 1000 users.

    We think in terms of system aspect, there must be some registry value that control the timeout time, that can be adapted. Or we must start, for example, SRS in Exchange server, though we have only 1 site. Or we must delete the dc03, that no longer exist but its object still remain (see via Site and service mmc, or ntdstuil / metadata cleanup). And ...

    And in terms of network, we think of moving the server to beside the 2 DCs, so traffic dont have to traverse long before reaching the DCs/GCs (not very long, since all in one building). And finally, portfast of Cisco switch (we use 2950 and 3750 only) that may help reduce time when switching packet. .....

    But we still can't specify the real reason and how to fix it. Pls recommend us something to help us overcome this problem, since as u know Email system is very urgen and important, and Exchange restart is important to since it help offline-defrag and release memory (we see that Symantec mail security occupy too much Ram until we restart the server, store.exe not very much).

    Thank u so much in advance.

  • #2
    Re: Exchange2003-DC2000 replication issue at Exchange startup ??

    Sounds like you've got networking issues. You might ultimately need to ask this in a networking thread, but stay with us and we'll see what we can do first!

    You've probably tried a ping test from your new server to your DC. Have you tried a tracert? Compare that with a tracert from one of your ex2000 boxes.

    One thing I usually do for all but trivial networks is to run nltest and netdiag first, before installing Exchange. They test network connectivity.



    You'll need to install the Windows Support Tools on your new Exchange Server first. Then go to c:\program files\support tools to locate and use netdiag and nltest. No reason why you can't still run these tests even though you've installed Exchange. You'd be looking for all the tests to pass successfully. If they don't, you should show the reports to your network team (or post then here).

    You should as a good practice keep your Exchange Server as close to your DCs as possible, anyway. You indicate that it is presently not near. But in theory, in the same building, I wouldn't expect that keeping the Exchange server reasonably far would impact on it finding a DC too much.

    You've not got it connected to a switch on your floor using an impossibly long cable, have you ? What are CAT5 limits? 100M? Past that, and you can expect packets to be dropped...

    I suppose the ultimate test would actually be to move your Exchange server (especially as there are no users on it at present?) back to your server room or wherever your keep your nearest DC. Power it up and test it over a day or so. If it stays well and is working as expected, then you do have network or routing issues.

    On to your other questions:
    • No, there isn't such a registry key.
    • SRS won't help.
    • Your DC03 shouldn't really be the problem, you've got other DC's.
    • Not sure about the Cisco thing, but I find that modifying your switches should be the last thing you try - you'll want to rule out everything else and perform lots of tests. Checking your ping times should convinve you that the switches (and that aspect of the network) is working OK.
    • As you load your users up on your new server, you'll see that store.exe will muscle in and take more memory.

    Good luck. Let us know how you get on.



    • #3
      Re: Exchange2003-DC2000 replication issue at Exchange startup ??


      Thank u very much for your suggestion.

      I'll follow your guide, check st and re-think some problems. Our network is simple enough for me to focus more on system issue. We just use many 2950 and several 3750, and in the building in question (where all DC and Exchange servers reside) there's only 2 swithc layer3 3750; and more all these servers reside in the same Vlan (tracert show only one line), 2 floor seperate from the Exchange server 2003 (in problems) to the two DCs. We use Cat5. So network routing is rather simple, and distance seems not to be the problem, though we absolutely place all in a server room (now 2 server room 2 floor away in a building).

      Turn to System aspect, I'll do some check in working hours, when everything runs normal. I know when server is in trouble, checking will show more, but I can't restart this Exchange 2003 server in working hours, it's just waiting to be died when we expect to improve performance and apply hot fix by restarting. And more, only serveral restart can recover everything, seem like a frequency of replication between DCs and between Exchange and DCs.

      Some Nltest results show in Netdiag, relating to dclist, pdc and trust ... and I find them OK when running netdiag. Dcdiag show some errors.

      As I said, dc02 no longer exist, but some objects still remains, that attract FRS. FRS still try to replicate many times from DC02 to DC01 (pdc), fail of course (and each time showing a yellow warning, ID 1350, before timeout, and initialize starting FRS (each time showing white Infromation, ID 13501) and then white Information ID 13516 saying FRS no longer prevent DC01 becoming DC:

      The File Replication Service is no longer preventing the computer FSOFT-DC01 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

      Type "net share" to check for the SYSVOL share.

      So what I mean is that, DC02 (no longer exist) affect FRS operation, that affect Sysvol and Netlogon, that can affect the whole system. And this happens frequently, following FRS replication frequency. Is there st to do with DC2000-Exchange2003 replication at Exchange startup ? that's what I'm not sure. Does removing DC02 (ntdsutil metadata cleanup) will resolve problems, or we must upgrade to DC 2003 to make the couple Exchange2003-DC2003 a sweet one ?

      That's our picture. And we're just on the way to be artist.
      Thanks all for any suggestions.

      Best regards,


      • #4
        Re: Exchange2003-DC2000 replication issue at Exchange startup ??

        I don't think that trying to clean up that dead DC would make any difference. Exchange would look to other DC's for the information it needs.

        I don't think that installing a Windows 2003 server DC will help either.

        One of the errors you listed (ID 2104) indicates that Exchange is trying to find any DC but can't find any. It might be as simple as a DNS issue on your new Exchange Server. See if DNS is configured the same as your Exchange 2000 server.

        I can't see how you got Exchange 2003 to install in the first place with a notwork like this

        Either something changed on your network after you installed Exchange or it would seem that you have installed Exchange 2003 when your network was less than perfect.

        Has a new firewall been installed that is blocking ports perhaps?

        You indicated that you didn't run any of the tests I mentioned before installing Exchange 2003. One of the tests that you ran for us (DCDIAG) indicated some errors. You need to investigate these. This may be key to your problem.

        Get to a perfect network first! Exchange likes perfect networks.

        Focus on your DC's and check the event logs. Take every recent error and research each one to resolution. Get that FRS working. It's not a requirement for Exchange, but it's all indicative of an unhealthy network. I'm not a network expert but for example, I'd reckon that your DC02 was an FRS root before it met its end. Someone needs to go into DFS and reconfigure.

        Ensure that DNS is working well.

        Unless your network is working well, other issues as well as Exchange will haunt you. So you should take the time here to really push to get the problems sorted.

        You might have some physical error with your network. It is abnormal to have to reboot an Exchange Server several times for it to find a DC and continue.

        Consider getting a network contractor in for a week or two! I reckon that once you sort your network out, Exchange will 'just' start to work.

        Good luck.

        Let us know how you get on. If you do focus on your network and come across problems, post away in the network section here and I'm sure someone will help!



        • #5
          Re: Exchange2003-DC2000 replication issue at Exchange startup ??

          I am having this same issue. It sounds to me that I have the same set-up and the same intermittant issue.

          1) DCDiag and Netdiag are running clean
          2) This only happens when both the DC and the Exchange Server are rebooted, example: when MS updates occur, or everything needs to be shut down for power maintenance.
          3) There is only 6 feet cables between the swtich and the servers.
          4) This is a very small network.
          5) We are not seeing any network issues.

          Any more ideas?



          • #6
            Re: Exchange2003-DC2000 replication issue at Exchange startup ??

            Look at the Directory Access tab on the properties of the Exchange server, is the old DC listed? If so, you need to get rid of it. Also, there is a registry key that can be modified and also a GP setting. The registry key is:

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "WaitForNetwork"=dword:00000001

            This will be created if you enable the "Computer Configuration|Administrative Templates|System|Logon|Always wait for the network at computer startup and logon" GP setting that applies to the Exchange server. Try this and see if it helps, if it doesn't disable the GP setting and delete the registry key and there's no harm done.

            You may have other network issues but take a look at these as well:

            Duplex setting on Exchange server NIC and switch port.
            Errors on Exchange server switch port
            Broadcast storm or ARP flooding
            Loop in the network due to STP problem