dchaseman
asked on
Domain upgrade/rename RUS issue
I'm managing a small company with offices in CA and NJ. Running Windows Server 2003 and Exchange 2003 in LA where main domain is hosted (COMPANY) LA servers are (mailNAME) and (mainNAME). NJ office had been running 2000 platform until February 2004 when we did a full back up, strip down and re-install to upgrade to Exchange 2003 and Server 2003, during which we renamed the server and email server from (mailNJ) to (NJcom) and (NJname) to (NJ). Time well spent with no major issues (miraculously) fortunately. Or so I thought. We haven't had to add any new users since then, but now we have several new employees and are unable to create e-mail user accounts for them at the LA office on the LA 2003 Exchange Server. We can walk through all the steps to create the new user accounts but after we complete the configuration the new users don't appear and the e-mail addresses vanish. I've manually 'pushed' the RUS and set it to run hourly over the past few weekends just to see if there was an issue there, but no luck. Haven't delved into it much further than that as it hasn't been a pressing issue until now, because the new employees are arriving in the coming week. Did we miss a step somewhere in the renaming of the NJ domain(s) that has blown out our RUS? We've got loads of error messages that seem to be coming from the WINS database looking for the old NJ names and we're taking the steps to walk through that as well, but that's an aside - and will probably be another question posted in the near future.
We are considering renaming the LA domain names to simplify the configuration overall and I'm interested in investigating the 2003 Domain Rename tool - but first I would like to get those new email accounts set up. My on site tech guy in LA wants to do a back up, strip down and re-install and rename but I'm thinking that's like cutting off your arm because you have a hang nail. I'm just arriving at this company full time after being a consultant for the past few months and I want to nail this one down pretty quickly. And I knew this would be the place to turn.
I don't feel lost yet but my main issue is the fact that I'm not right there on site and need to be able to give my tech in LA the step by step procedures and a heads up on what error messages to look for to guide us through retroactive logic to the root cause of the problem. And so here I am.
I'm sure there are a boatload of details I need to provide but I hope this enough to get the ball rolling!
We are considering renaming the LA domain names to simplify the configuration overall and I'm interested in investigating the 2003 Domain Rename tool - but first I would like to get those new email accounts set up. My on site tech guy in LA wants to do a back up, strip down and re-install and rename but I'm thinking that's like cutting off your arm because you have a hang nail. I'm just arriving at this company full time after being a consultant for the past few months and I want to nail this one down pretty quickly. And I knew this would be the place to turn.
I don't feel lost yet but my main issue is the fact that I'm not right there on site and need to be able to give my tech in LA the step by step procedures and a heads up on what error messages to look for to guide us through retroactive logic to the root cause of the problem. And so here I am.
I'm sure there are a boatload of details I need to provide but I hope this enough to get the ball rolling!
ASKER
sorry for my delay in answers Vahik - I will be back in touch with the on site techs on Tuesday with the answers to the questions.
By strip down we're referring to backing up the servers to separate machines then doing a reinstall (and potentially renaming at the same time) from the ground up - as a last case scenario. Need to do quite a bit more familiarizing myself with the current states of the system before considering this, obviously.
By strip down we're referring to backing up the servers to separate machines then doing a reinstall (and potentially renaming at the same time) from the ground up - as a last case scenario. Need to do quite a bit more familiarizing myself with the current states of the system before considering this, obviously.
ASKER
Here's what I've been able to glean -
CA and NJ are separate AD domains
Exchange servers ARE part of the same Exchange Orginazation.
NJ was the first established with everything, and they hold our Domain Controller permissions.
As I understand it, NJ only followed the prompts during install, which was an upgrade from 2K to 2K3. But LA was upgraded first, in autumn of 03, NJ followed in Feb 04, which was when the flurry of ERROR messages began. Thus potentially leading to me to think something went "blooey" (for lack of a better technical term) in the connectivity.
I can only get cursory information from the on-site techs, so please give me your ultimate patience in this part of the processs. I need to retroactively educate them on where to go to give me information, plus I am traveling in the midst of this.
I can't begin to tell you all how much I've been able to sort from my literal years as a lurker on E-E! Ya'll are the best!
CA and NJ are separate AD domains
Exchange servers ARE part of the same Exchange Orginazation.
NJ was the first established with everything, and they hold our Domain Controller permissions.
As I understand it, NJ only followed the prompts during install, which was an upgrade from 2K to 2K3. But LA was upgraded first, in autumn of 03, NJ followed in Feb 04, which was when the flurry of ERROR messages began. Thus potentially leading to me to think something went "blooey" (for lack of a better technical term) in the connectivity.
I can only get cursory information from the on-site techs, so please give me your ultimate patience in this part of the processs. I need to retroactively educate them on where to go to give me information, plus I am traveling in the midst of this.
I can't begin to tell you all how much I've been able to sort from my literal years as a lurker on E-E! Ya'll are the best!
So the Exchange installs were only upgraded? No servers were wiped out and reinstalled - is that correct?
What about in LA - same thing? Did they only do an upgrade, or did they wipe out and reinstall? BIG difference.
Can you post some of the specific error messages you are receiving?
Also, if you open Exchange System Manager in LA, do you see both servers in the Org? If you open it in NJ, do you see both servers in the Org?
What about in LA - same thing? Did they only do an upgrade, or did they wipe out and reinstall? BIG difference.
Can you post some of the specific error messages you are receiving?
Also, if you open Exchange System Manager in LA, do you see both servers in the Org? If you open it in NJ, do you see both servers in the Org?
ASKER
NJ was was a wipe out and rename during the 2K to 2K3 upgrade process, LA was only an upgrade from 2K to 2K3. (LA was done first (autumn 03) then NJ (Feb 04))
I am getting a log of the specific error messages - I know that's where I should have started, and I appreciate the patience. It's tough being on the road!
Will ask reps at both sites to open ESM for the views and report back.
More in a bit - and THANK YOU.
I am getting a log of the specific error messages - I know that's where I should have started, and I appreciate the patience. It's tough being on the road!
Will ask reps at both sites to open ESM for the views and report back.
More in a bit - and THANK YOU.
Okay - here's the killer question, and quite possibly the cause of your migraine.
When they wiped out the NJ server, did they remove the server from the Exchange environment? And, if not, when they brought it back up did they install as a disasterrecovery to pull the information about the server out of AD?
Get as much information as you can as to the steps they followed for the Wipeout - sounds like mistakes may have been made there, but more information will tell. Also, the errors will help.
When they wiped out the NJ server, did they remove the server from the Exchange environment? And, if not, when they brought it back up did they install as a disasterrecovery to pull the information about the server out of AD?
Get as much information as you can as to the steps they followed for the Wipeout - sounds like mistakes may have been made there, but more information will tell. Also, the errors will help.
ASKER
Sorry for the delay - on the road again!
The NJ tech who did the upgrade is no longer with the company so we're piecing together things as best we can. I am leaning pretty hard toward thinking that any remnants of remaining references to Exchange 2000 server are creating our issues. Via a NetOP remote I ran across a reference in Administrative Tools/Active Directory Domains & Trusts for the LA domain which showed Domain Functional level @ Windows 2000 (NATIVE) and under Forest Functional level also showed Windows 2000.
I finally got a chance to see with my own eyes the LA Exchange 2003 event log - there are several recurring errors logs:
Source: DCOM
Event ID: 10009
Source: NetLogOn
Event ID: 5783
and 5719
Source: LSASRV
Category: SPNEGO
Event ID: 40961
and the two which are probably the most telling which occur after we attempt to create the new e-mail accounts:
Source: MSExchangeIS
Event ID: 9562
which specifically referenced "Failed to read attribute MSExchUserAccountControl from active directory for..."
and
Source: MSADC
Event ID: 8108
(Initialization failed)
For the first time, this morning the following also appeared:
Source: MSExchangeIS
Event ID: 9528
referencing a previously existing adminstrator account conflict.
I will be physically back in that office as of Monday 24 May so I can get information much more readily and finally get a feel for where we're headed.
The NJ tech who did the upgrade is no longer with the company so we're piecing together things as best we can. I am leaning pretty hard toward thinking that any remnants of remaining references to Exchange 2000 server are creating our issues. Via a NetOP remote I ran across a reference in Administrative Tools/Active Directory Domains & Trusts for the LA domain which showed Domain Functional level @ Windows 2000 (NATIVE) and under Forest Functional level also showed Windows 2000.
I finally got a chance to see with my own eyes the LA Exchange 2003 event log - there are several recurring errors logs:
Source: DCOM
Event ID: 10009
Source: NetLogOn
Event ID: 5783
and 5719
Source: LSASRV
Category: SPNEGO
Event ID: 40961
and the two which are probably the most telling which occur after we attempt to create the new e-mail accounts:
Source: MSExchangeIS
Event ID: 9562
which specifically referenced "Failed to read attribute MSExchUserAccountControl from active directory for..."
and
Source: MSADC
Event ID: 8108
(Initialization failed)
For the first time, this morning the following also appeared:
Source: MSExchangeIS
Event ID: 9528
referencing a previously existing adminstrator account conflict.
I will be physically back in that office as of Monday 24 May so I can get information much more readily and finally get a feel for where we're headed.
ASKER
Should have specified above the first listings in the error logs were for SERVER 2003 - the others were the EXCHANGE 2003 errors.
Jet lag you know.
Jet lag you know.
ASKER
Having reached an impasse now, I'm ready to jump into this again with both feet. I'm now on-site daily so I can respond to specific questions in the search for my answer. I hope you haven't abandoned me!
This morning I attempted to rebuild the RUS on each of the (3) listed services to no avail.
I've seen several references in other questions to running the /domain prep switch on the existing server - any insight on this step? Other than a back-up, what should I prepare for were I take this route, or are we barking up the wrong tree entirely? It's looking more and more each day like we might just strip down and reinstall, but I was hoping for those little magic missing pieces to fall into place somewhere for my own edification.
Was thinking maybe I should close this question out and rebuild it with a bit more clarity - any advice on that is welcome, too. The disjointed nature of my answers to some of the queries is baffling even to me as I review them now.
This morning I attempted to rebuild the RUS on each of the (3) listed services to no avail.
I've seen several references in other questions to running the /domain prep switch on the existing server - any insight on this step? Other than a back-up, what should I prepare for were I take this route, or are we barking up the wrong tree entirely? It's looking more and more each day like we might just strip down and reinstall, but I was hoping for those little magic missing pieces to fall into place somewhere for my own edification.
Was thinking maybe I should close this question out and rebuild it with a bit more clarity - any advice on that is welcome, too. The disjointed nature of my answers to some of the queries is baffling even to me as I review them now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It appeared as though nothing was replicating when I checked the public folders - the last dates on file updates was (oddly enough!) the day NJ did the upgrade. Go figure.
So, here's what I did. From the NJ side (domain controller) we went into Administrative Tools, Active Directory Domains & Trusts, selected the domain name for the LA server, properties, then Validate.
I repeated from the same from LA side to NJ side and bingo, the new names appeared in the Global Address book and all the new names entered as tests over the past months were available. So at least I thought that part was over - thanks knikkij. But now this has opened up more interesting little hiccups - like tombstone expirations due to the terms on last replications, etc, so we're sorting through that.
NOW - here's the next interesting part - a new mailbox was created for a new user, added to the existing Administrative Outlook, welcome email sent, and the user logged onto the network and set up a new Outlook account with Outlook 2000 and there were all sorts of emails waiting. He could send email on the network and even to external addresses, but he can only receive messages from local domain network connected users - not from the other domains and nothing external. Now, when I go look at the mailboxes in the Administrator account for Outlook, instead of first.last as the name, it reads Mailbox - first.last, and when you click on it, it tells you it can not open the folders or information store. The LA adminstrator admits he might have fudged a step or two somewhere and isn't sure where to turn next. I know I sure don't. All the new users show up this way now Mailbox - first.last - I'm stumped. Am I missing a permissions setting somewhere or a policy application? The rest of the system is sailing right along as always!
So, here's what I did. From the NJ side (domain controller) we went into Administrative Tools, Active Directory Domains & Trusts, selected the domain name for the LA server, properties, then Validate.
I repeated from the same from LA side to NJ side and bingo, the new names appeared in the Global Address book and all the new names entered as tests over the past months were available. So at least I thought that part was over - thanks knikkij. But now this has opened up more interesting little hiccups - like tombstone expirations due to the terms on last replications, etc, so we're sorting through that.
NOW - here's the next interesting part - a new mailbox was created for a new user, added to the existing Administrative Outlook, welcome email sent, and the user logged onto the network and set up a new Outlook account with Outlook 2000 and there were all sorts of emails waiting. He could send email on the network and even to external addresses, but he can only receive messages from local domain network connected users - not from the other domains and nothing external. Now, when I go look at the mailboxes in the Administrator account for Outlook, instead of first.last as the name, it reads Mailbox - first.last, and when you click on it, it tells you it can not open the folders or information store. The LA adminstrator admits he might have fudged a step or two somewhere and isn't sure where to turn next. I know I sure don't. All the new users show up this way now Mailbox - first.last - I'm stumped. Am I missing a permissions setting somewhere or a policy application? The rest of the system is sailing right along as always!
CA and Nj same AD domain?
exchange servers in CA and NJ part of same exchange organization?
which one was the first exchage installed in ur organization?
what do u mean strip down?
did u follow MS articals for how to remove an exchange from ur organization?