Solved

Exchange Connection Errors

Posted on 2004-04-15
15
7,496 Views
Last Modified: 2008-09-04
Hello,

    I have an Exchange 2003 server in our network and I keep getting Topology and LDAP errors.  It seems to disconnect authentication from our PDC and BDC.  For no apparent reason, the Exchange server will become unavailable causing users to get the login box from Outlook which keeps popping up.  During this time I ran netdiag which fails to find domain controllers or group controllers but dcdiag works fine.  I can also ping and browse both DCs.  I see that its not a network connectivity issue since I can ping and browse and when I browse a DCs files I am not prompted for a password.  When the Exchange server get unavailable, it lasts for about 15 minutes then reconnects to one of the DCs and everything is fine for a while.  Netlogon also fails either before or after the initial Topology errors.  I tried adding the MaxDgrambuffer registry trick but it didnt work. ONCE Exchange comes back online with the PDC and BDC netdiag works fine, all passed.  Here are some of the logs as I get about 50-60 Topology and LDAP errors in a row when Exchange does this.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2102
Date:            4/15/2004
Time:            7:16:06 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Process MAD.EXE (PID=952). All Domain Controller Servers in use are not responding:
PDC.internalnetwork.com
BDC.internalnetwork.com
 

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Information
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2070
Date:            4/15/2004
Time:            7:16:06 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Process MAD.EXE (PID=952).  DSAccess lost contact with domain controller PDC.internalnetwork.com.  Error was 80040951 ().  DSAccess will attempt to reconnect with this domain controller when it is reachable.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Warning
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2107
Date:            4/15/2004
Time:            7:16:06 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Process MAD.EXE (PID=952). DSAccess failed to obtain an IP address for DS server PDC.internalnetwork.com, error 11004.  This host will not be used as a DS server by DSAccess.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2119
Date:            4/15/2004
Time:            7:16:07 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Process MAD.EXE (PID=952). Error DNS_ERROR_RCODE_NAME_ERROR (0x8007232b) occurred when DNS was queried for the service  location (SRV) resource record used to locate a domain controller for domain internalnetwork.com
 The query was for the SRV record for _ldap._tcp.dc._msdcs.internalnetwork.com
 Common causes of this error include the following:
 - The DNS SRV records required to locate a domain controller for the domain are not registered in DNS.  These records are registered with a DNS server automatically when a domain controller is added to a domain.  They are updated by the domain controller at set intervals.  This computer is configured to use DNS servers with following IP addresses:
192.168.X.X
192.168.X.X

 - One or more of the following zones do not include delegation to its child zone:
internalnetwork.com
INTERNAL.com
com
. (the root zone)
 For information about correcting this problem,  type in the command line:
hh tcpip.chm::/sag_DNS_tro_dcLocator_messageE.htm

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:      Warning
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2107
Date:            4/15/2004
Time:            7:16:07 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Process MAD.EXE (PID=952). DSAccess failed to obtain an IP address for DS server PDC.internalnetwork.com, error 11004.  This host will not be used as a DS server by DSAccess.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      LDAP
Event ID:      2066
Date:            4/15/2004
Time:            7:19:11 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Process INETINFO.EXE (PID=1640). An LDAP Notify call failed - Server=BDC.internalnetwork.com Error code=800704d5. Base DN=CN=Connections,CN=First Routing Group,CN=Routing Groups,CN=First Administrative Group,CN=Administrative Groups,CN=Internal,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=internal,DC=internalps,DC=com, Filter=, Scope=1.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2114
Date:            4/15/2004
Time:            7:21:09 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Process MAD.EXE (PID=952). Topology Discovery failed, error 0xffffffff.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      MSExchangeSA
Event Category:      General
Event ID:      9153
Date:            4/15/2004
Time:            7:27:00 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
Microsoft Exchange System Attendant reported an error '0x80004005' when setting DS notification.

For more information, click http://www.microsoft.com/contentredirect.asp.

Event Type:      Error
Event Source:      POP3SVC
Event Category:      Authentication
Event ID:      1019
Date:            4/15/2004
Time:            7:29:59 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
MDAGetInfo() failed with error 0x80004005.

For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 5c 09 1b 00               \...    


Heres the Netlogn Error from the System Eventlog

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            4/15/2004
Time:            7:30:05 AM
User:            N/A
Computer:      EXCHANGESERVER
Description:
This computer was not able to set up a secure session with a domain controller in domain INTERNAL due to the following:
The RPC server is unavailable.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 02 c0               ...À  

Any help will be greatly appreciated.
0
Comment
Question by:obeshawd
15 Comments
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
There are a lot of knowlegebase articles pointing to that, but let me ask first:
Do you have a second NIC in your Domain Controller?
Also have a look at you DNS Server, do you see the _udp, _tcp entries there within your forward zone?
0
 
LVL 1

Author Comment

by:obeshawd
Comment Utility
Yes,  I have both with SVR records for LDAP, GC, kpasswd, and kerberos entries that point to both of my DCs.
0
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
What is about the second NIC?
0
 
LVL 1

Author Comment

by:obeshawd
Comment Utility
No 2nd NIC
0
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
OK, lets talk about your configuration. How many servers, which OS, which services DNS, WINS, DHCP, EXCH, Domain Controllers
Which server hosts the global catalog (see AD Sites and Services), RID, PDC, Infrastructure (see AD Users and Computers - right click)?

What is the setting with Exchange MC:
Administrative Groups - Domain - Servers - Right Click YOur Server - Properties - Directory access? Is this set to use any domain controller or have you assigned a dedicated DC?

Do the following to activate mor event logs:
http://support.microsoft.com/default.aspx?scid=kb;en-us;316300&Product=exch2003
0
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:obeshawd
Comment Utility
OK, All servers are running Win2003 Server Standard.  Roles are as follows:

PDC:  DNS, DHCP, WINS, File, Terminal Services
BDC:  DNS, WINS, File, Terminal Services
EXCH:  Exchange 2003 Standard, File, Application Server

Both DCs are Global Catalogs
Under directory access Both DCs show up as DCs, GCs, and either will show as the config DC

Directory access is checked to auto-discover servers and neither DC is dedicated only to Exchange.
0
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
Using numbers for short answers

1.) I assume both DNS are AD integrated?
2.) Assume, Wins replication is setup and working (no errors within event log)
3.) Have you configured WINS Lookup / WINS Reverse lookup within DNS?

OK, lets have a look at the network settings, just for exclusion
4.) DNS is pointing to one or both DNS servers?
5.) WINS is pointing to one of the WINS servers? NETBIOS over TCP/IP is enabled
6.) Standard-Gateway?

7.) Does one of the servers have heavy load, less memory (total used memory > physical memory) or other bottlenecks?
8.) Have you ever run "browstat status" while the server makes trouble? Also have an eye on Master-Browser service within WINS (which may change)
9.) Any replication errors within replication event log?

The 15 minutes value points me to NETBIOS
0
 
LVL 1

Author Comment

by:obeshawd
Comment Utility
Ok both DNSs are AD integrated, WINS works without error.  WINS lookup exists in DNS forward lookup with both WINS servers listed.  DNS servers point to itself except for replication.  WINS replicates without error.  Netbios over TCP/IP enabled.  Standard gateway.  Server has minimal load.  I have not run browstat status yet.  No replication errors.  This is what is bugging me about this.  Its all set up fine and since I can connect and ping either DC when this is happening, I can see it as a Netbios or authentication error.  I think maybe a Kerberos ticket timing out or something but then it should switch to use the other DC.  Netlogon says the RPC procedure fails which would explain the DCAccess and LDAP errors, but since it reconnects to a DC, RCP is fine.  RCP ports open.  This problem happens about 1-3 times per day and even at night when there is no load from users.
0
 
LVL 35

Expert Comment

by:Bembi
Comment Utility
Yeah, Netbios was also my idea

OK, try browstat to check your browser services and see, where the master browser service is located. The master browser server should be on one of your servers, allways. Have a look at event log and search for browser messages, which says that "the master browser has terminated as another computer has logged on and seems to the the master browser" or something similar. Its usualy only an information event or a warning. If you have them, then compare the times of these events with you other events. Also have a look at "Redirector" messages near by your other errors. If this is the case, you may fix your master browser service to run on one of the service.

Usualy this will not happen on W2K with a single NIC, this is a problem of multihomed domain controlers, but have a look on that issue, and have also in mind, that also other hardware like ISDN cards are installing as NICs.

Another point to check out is your switch. For easy exclusion, you may use a SOHO Switch, connect the servers to the switch and connect this switch to your productive switch. Idea is to have a switch between the servers with no additional functionality. See the last MS KB article.  You should also have a look at the error log of your switch, if you have a management console. If not, the switch usually do not have functionalities, which can make trouble (i.e. spanning tree or spoof detection).

You forgot one answer, what is about your standard gateway? Set or empty? Most issues with exchange trouble are somewhere  disguised within your network configuration, name resolution etc.

What do you meand by: DNS servers point to itself EXCEPT for replication?
0
 
LVL 1

Author Comment

by:obeshawd
Comment Utility
I figured out the problem.  There were extrernal DNS IPs in the DHCP configuration.  Thanks
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
Closed, 190 points refunded.

modulo
Community Support Moderator
Experts Exchange
0
 

Expert Comment

by:tansaz
Comment Utility
Dear all,

One of my clients had a similar problem using Exchange Server 2003 in a cluster configuration (A/A). Exchange Servers weren't DC and had to communicate with DC's through a routed network.

-----------------------------------------------
Event ID 2114
Process STORE.EXE (PID=4684). Topology Discovery failed, error 0x8007077f.
For more information, click http://www.microsoft.com/contentredirect.asp.
For more information, see Help and Support Centre at http://go.microsoft.com/fwlink/events.asp.

Process IISIPM51E6B0E2-2DC0-4DC4-A78B-A8654EFCE230 -AP "EXCHANGEAPPLICATIONPOOL (PID=3552). Topology Discovery failed. error 0x8007077f.
-----------------------------------------------

I used NLTEST “nltest /dsgetsite” tool to verify whether the Exchange Servers were able to get site information or not, which resulted in an error. Subsequently I checked the Active Directory Site and Services to see if all used Subnets were registered. To my surprise the Exchange Cluster Subnet wasn’t registered in AD Site and Services. After registering the Subnet I also registered SPN’s for ldap service for each virtual server using SETSPN tool.

to list the registered SPN’s
Setspn –l VSSERVER01                        

To add ldap SPN
Setspn –a ldap/ VSSERVER01 VSSERVER01
Setspn –a ldap/ vsserver01.domein.intra VSSERVER01

After a reboot I again used NLTEST to verify the site communication. The results were satisfying.
The MSExchangeDS errors were gone and no more communication failures between the Virtual Servers and the DC’s.

I think this answer can be useful in some cases.

Best regards,

OT
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now