Announcement

Collapse
No announcement yet.

AD and exchange troubles here

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD and exchange troubles here

    Hi,

    We have a Exchange 2003 on a win2003 box (and web server win2003 on a seperate box)

    The Exchange wasn't administratored for a while and now we experience some issues with it (though it's working) i.e. authentication take a long time and also different error messages on the event viwer.


    I run the DCDIAG and see some failed test, please see below:

    Domain Controller Diagnosis
    Performing initial setup:
    * Verifying that the local machine exch03, is a DC.
    * Connecting to directory service on server exch03.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 2 DC(s). Testing 1 of them.
    Done gathering initial info.
    Doing initial required tests

    Testing server: Default-First-Site-Name\EXCH03
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... EXCH03 passed test Connectivity
    Doing primary tests

    Testing server: Default-First-Site-Name\EXCH03
    Starting test: Replications
    * Replications Check
    [Replications Check,EXCH03] A recent replication attempt failed:
    From SERVER to EXCH03
    Naming Context: DC=ForestDnsZones,DC=USERLAND,DC=local
    The replication generated an error (1256):
    The remote system is not available. For information about network troubleshooting, see Windows Help.
    The failure occurred at 2009-02-24 15:52:52.
    The last success occurred at 2006-10-17 11:53:35.
    20645 failures have occurred since the last success.
    [SERVER] DsBindWithSpnEx() failed with error 1722,
    The RPC server is unavailable..
    Printing RPC Extended Error Info:
    Error Record 1, ProcessID is 6084 (DcDiag)

    Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
    Detection location is 311
    NumberOfParameters is 3

    [Replications Check,EXCH03] A recent replication attempt failed:
    From SERVER to EXCH03
    Naming Context: DC=DomainDnsZones,DC=USERLAND,DC=local
    The replication generated an error (1256):
    The remote system is not available. For information about network troubleshooting, see Windows Help.
    The failure occurred at 2009-02-24 15:52:52.
    The last success occurred at 2006-10-17 11:53:35.
    20645 failures have occurred since the last success.
    [Replications Check,EXCH03] A recent replication attempt failed:
    From SERVER to EXCH03
    Naming Context: CN=Schema,CN=Configuration,DC=USERLAND,DC=local
    The replication generated an error (1722):
    The RPC server is unavailable.
    The failure occurred at 2009-02-24 15:53:35.
    The last success occurred at 2006-10-17 11:53:35.
    20645 failures have occurred since the last success.
    The source remains down. Please check the machine.
    ...

    WARNING: This latency is over the Tombstone Lifetime of 180 days!
    Latency information for 1 entries in the vector were ignored.
    1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer

    ......................... EXCH03 passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC EXCH03.
    * Security Permissions Check for
    DC=ForestDnsZones,DC=USERLAND,DC=local
    (NDNC,Version 2)
    * Security Permissions Check for
    DC=DomainDnsZones,DC=USERLAND,DC=local
    (NDNC,Version 2)
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=USERLAND,DC=local
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=USERLAND,DC=local
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=USERLAND,DC=local
    (Domain,Version 2)
    ......................... EXCH03 passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Verified share \\EXCH03\netlogon
    Verified share \\EXCH03\sysvol
    ......................... EXCH03 passed test NetLogons
    Starting test: Advertising
    The DC EXCH03 is advertising itself as a DC and having a DS.
    The DC EXCH03 is advertising as an LDAP server
    The DC EXCH03 is advertising as having a writeable directory
    The DC EXCH03 is advertising as a Key Distribution Center
    The DC EXCH03 is advertising as a time server
    The DS EXCH03 is advertising as a GC.
    ......................... EXCH03 passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS Settings,CN=EXCH03,CN=Servers,CN=Default-First-Site-

    ......................... EXCH03 passed test RidManager
    Starting test: MachineAccount
    Checking machine account for DC EXCH03 on DC EXCH03.
    * SPN found :LDAP/exch03.USERLAND.local/USERLAND.local
    * SPN found :LDAP/exch03.USERLAND.local
    * SPN found :LDAP/EXCH03
    * SPN found :LDAP/exch03.USERLAND.local/USERLAND
    * SPN found :LDAP/2a58593e-da54-4f91-84cb-26a25cd09d6c._msdcs.USERLAND.local
    * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2a58593e-da54-4f91-84cb-26a25cd09d6c/USERLAND.local
    * SPN found :HOST/exch03.USERLAND.local/USERLAND.local
    * SPN found :HOST/exch03.USERLAND.local
    * SPN found :HOST/EXCH03
    * SPN found :HOST/exch03.USERLAND.local/USERLAND
    * SPN found :GC/exch03.USERLAND.local/USERLAND.local
    ......................... EXCH03 passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    IsmServ Service is stopped on [EXCH03]
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... EXCH03 failed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    EXCH03 is in domain DC=USERLAND,DC=local
    Checking for CN=EXCH03,OU=Domain Controllers,DC=USERLAND,DC=local in domain DC=USERLAND,DC=local on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS Settings,CN=EXCH03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=USERLAND,DC=loca l in domain CN=Configuration,DC=USERLAND,DC=local on 1 servers
    Object is up-to-date on all servers.
    ......................... EXCH03 passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... EXCH03 passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 02/24/2009 09:35:56
    (Event String could not be retrieved)
    ......................... EXCH03 failed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last 15 minutes.
    ......................... EXCH03 passed test kccevent
    Starting test: systemlog
    * The System Event log test
    Found no errors in System Event log in the last 60 minutes.
    ......................... EXCH03 passed test systemlog

    ......................... EXCH03 passed test VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : USERLAND
    Starting test: CrossRefValidation
    ......................... USERLAND passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... USERLAND passed test CheckSDRefDom

    Running enterprise tests on : USERLAND.local
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the scope
    provided by the command line arguments provided.
    ......................... USERLAND.local passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\exch03.USERLAND.local
    Locator Flags: 0xe00001fd
    PDC Name: \\exch03.USERLAND.local
    Locator Flags: 0xe00001fd
    Time Server Name: \\exch03.USERLAND.local
    Locator Flags: 0xe00001fd
    Preferred Time Server Name: \\exch03.USERLAND.local
    Locator Flags: 0xe00001fd
    KDC Name: \\exch03.USERLAND.local
    Locator Flags: 0xe00001fd
    ......................... USERLAND.local passed test FsmoCheck
    Test omitted by user request: DNS
    Test omitted by user request: DNS


    see if you can help,

    TIAAvi

  • #2
    Re: AD and exchange troubles here

    Do you still have a machine called "SERVER" ?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: AD and exchange troubles here

      good q.
      (I didn't set it all up, but got the chance to monitor the whole thing when i arrived here.. )

      I think "SERVER" is the name of the other DC name on the exchange machine..

      We have 2 boxes one is EXCH03 which is the Exchange 2003 and the
      other box name WEBSERVER (it is our web server only).

      I take it that the replication should take place between two different machines.. if that's the case do i need to disable it..? how?


      Thanks

      Comment


      • #4
        Re: AD and exchange troubles here

        I think "SERVER" is the name of the other DC name on the exchange machine..

        Sorry to ask but could you clarify the above sentence a little please?

        If this machine no longer exists (which seems to be the case) then you need to remove it from AD.
        Please also bear in mind that having only 1 server with AD is a single point of failure, not in the least because that 1 AD server is also your Exchange box!


        Only if that machine is definitely gone should you read this:
        http://www.petri.com/delete_failed_dcs_from_ad.htm
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: AD and exchange troubles here

          well, i need to reboot the exchange since i can't get to the AD users and computers (if i try to get to it i get an error message:
          "Naming information cannot be located because: The specific domain either does not exist or could not be contacted.
          Contact your system administrator to verify that your domian is properly configured and is currently online. "


          If I reboot the exchange box it's fine again (it happens on a daily basis, however I can't reboot the exchange now since people are working and
          need their email etc i didn; I didn't manage to do this AM..).
          Do you know if there is a way i can restart the DC without rebooting the machine itself? once i start the DC i should be able to lookup what DCs
          the AD shows..

          anyway this is how all started than i run the DCDIAG and got the error messages that i posted.

          Comment


          • #6
            Re: AD and exchange troubles here

            Not on a w2k3 server. You can on a w2k8 one. You could try restarting the netlogon service. Not sure if that will help though.

            Comment


            • #7
              Re: AD and exchange troubles here

              sorry for the late response, yes "SERVER" is no longer part of our network.
              I guess i need to right click and remove that DC to eliminate the replication error. verify that the problem is gone and move to the next one

              As for your comment : "Please also bear in mind that having only 1 server with AD is a single point of failure, not in the least because that 1 AD server is also your Exchange box!"

              It's true we are a small company running on a tight budget so we currently keep two servers one with AD and Exchange 2003 and the other functions as
              a web server.
              that being said would you advise what's the best way to be on the safe side and be best possibly prepared for any system failures etc..

              Thanks for your comments

              Avi

              Comment


              • #8
                Re: AD and exchange troubles here

                Originally posted by aviz70 View Post
                It's true we are a small company running on a tight budget so we currently keep two servers one with AD and Exchange 2003 and the other functions as
                a web server.
                that being said would you advise what's the best way to be on the safe side and be best possibly prepared for any system failures etc..
                The most effective and secure way would be to have an additional server configured also as a DC. You can't use the web server for anything else as it would be a security risk.

                If budget doesn't allow that, you can only ensure that the existing server is under a hardware maintenance agreement and/or you have parts to hand in case of hardware failure as well as good backups. NTBACKUP is good to backup Exchange and system state on the DC. You can also backup the usual data you need to do so and create an ASR restore disk. However, should you ever need to use the ASR disk, there is a issue when resoring the FSMO role holder, so you would need to research before using that method of restoration.

                It depends on the cost of downtime to your business with regards to what you do. There are many ways but will require budget allocating.
                Last edited by Virtual; 4th March 2009, 00:22.

                Comment


                • #9
                  Re: AD and exchange troubles here

                  Thanks for the input and help!
                  yes i have NTBACKUP that I'm doing on a weekly basis with the System State. thanks for the headsup on the FSMO.

                  On a different note let me shade some more light about my situation maybe I can explain better what i'm trying to achieve, see if it make sense since my experience is limited with that.
                  We are a small company total of 9 people in this office, we have Exchange 2003 and Webserver both on Win 2003.
                  Several months ago we started to experience a very slow connectivity to our Excahnge Server on some of ours stations when we try to browse exchange folders. (we are using the Exchange server Hard Drive to save our work and we browse from our stations to it's H.D.).
                  Also when loggin in the A.M. to our machine it's slow.

                  Rulling out any hardware issue I suspect the slowness is coming from slow authentication coming from our A.D. (DNS etc) as if the A.D. database got currupted or something and it take longer periode to authenticate the users for whatever reason.
                  So I've started running DCDIAG in order to get to the bottom of it also the event viewer i see different error messages.

                  If any one of you encounter this type of problem or has an idea how to try to tackle this issue please share your thoughts.

                  Thanks.

                  Comment

                  Working...
                  X