netbeheer
asked on
Problems after an upgrade from exchange 2000 to 2003
Evening
It seems i ran in some problems when i was doing an upgrade from a w2k server with exchange 2000 enterprise to w2k3 server with exchange 2003 enterprise.
This is the situation:
We have 2 dc's. 1 is a w2k file and print server, the other a w2k exchange 2000 server. The main problem with the file and print server is that the are running applications for finance that we are not sure of that they will work under windows 2003. So we decided to first upgrade the exchange server.
The upgrade went fine, there where no problems during the exchange upgrade and no problems after that during the windows 2003 upgrade.
All accounts are still working and mail is comming in. Even the web access is working internal. And that was one of the main reasons to do the upgrade. But right after the compleet install i found out that the eventviewer wasn't accesable. After some reading i found out that the administrator account probably belongt to the quest group and that was the case. So one problem solved.
When i looked in the eventviewer i saw 2 kinds of errors. Userevent errors and MSExchangeSA errors. We found out that when a user opend the outlook from office xp the server displayed an error. It wasn't possible to mail from clients, outlook just closed. On clients that have outlook 2003 on them it is possible to send email, but still new errors are shown in the eventviewer.
The 2 MSExchangeSA are
Event ID: 9074
Source MSExchangeSA
Type Error
Description The Directory Service Referral interface failed to service a client request. RFRI is returning the error code:[0x3f0].
Event ID: 9143
Source MSExchangeSA
Type Error
Description Description: Referral Interface cannot contact any Global Catalog that supports the NSPI Service. Clients making RFR requests will fail to connect until a Global Catalog becomes available again. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.
For more information, click http://www.microsoft.com/contentredirect.asp.
I have looked them up, to solve the problems but that didn't work.
as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;279742 i tried to resolve the 9143 error, but this didn't work.
If i try to solve error 9074 as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q314294, the following happens. If i use the Policytest.exe on the exchange server i get an Right found: "SeSecurityPrivilege" on both dc's. If i try it on the w2k file and print server i get an !! LsaEnumerateAccountRights returned error 5 !! on the exchange server.
If i try to do it the way as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q300114 the ipconfig /flushdns and the ipconfig /registerdns work, but if i try it from the w2k file and print server the ipconfig /registerdns doesnt work.
I also found out that if i go to users and computers, and try to edit the policies on the exchange server i get an error, and i cant see the policies. If i do this on the file and print server everything works fine.
I personaly think the problems are there because there is one w2k server and 1 windows2003 server. Some how there is a problem with right on the exchange server, other wise i should be possible to change the policies. I use the administrator account, which has all the rights.
But do you know how to solve this. It will take several weeks before we will know for sure if we can safely upgrade the file and print server to windows 2003.
Greetings
R Bosch
It seems i ran in some problems when i was doing an upgrade from a w2k server with exchange 2000 enterprise to w2k3 server with exchange 2003 enterprise.
This is the situation:
We have 2 dc's. 1 is a w2k file and print server, the other a w2k exchange 2000 server. The main problem with the file and print server is that the are running applications for finance that we are not sure of that they will work under windows 2003. So we decided to first upgrade the exchange server.
The upgrade went fine, there where no problems during the exchange upgrade and no problems after that during the windows 2003 upgrade.
All accounts are still working and mail is comming in. Even the web access is working internal. And that was one of the main reasons to do the upgrade. But right after the compleet install i found out that the eventviewer wasn't accesable. After some reading i found out that the administrator account probably belongt to the quest group and that was the case. So one problem solved.
When i looked in the eventviewer i saw 2 kinds of errors. Userevent errors and MSExchangeSA errors. We found out that when a user opend the outlook from office xp the server displayed an error. It wasn't possible to mail from clients, outlook just closed. On clients that have outlook 2003 on them it is possible to send email, but still new errors are shown in the eventviewer.
The 2 MSExchangeSA are
Event ID: 9074
Source MSExchangeSA
Type Error
Description The Directory Service Referral interface failed to service a client request. RFRI is returning the error code:[0x3f0].
Event ID: 9143
Source MSExchangeSA
Type Error
Description Description: Referral Interface cannot contact any Global Catalog that supports the NSPI Service. Clients making RFR requests will fail to connect until a Global Catalog becomes available again. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.
For more information, click http://www.microsoft.com/contentredirect.asp.
I have looked them up, to solve the problems but that didn't work.
as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;279742 i tried to resolve the 9143 error, but this didn't work.
If i try to solve error 9074 as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q314294, the following happens. If i use the Policytest.exe on the exchange server i get an Right found: "SeSecurityPrivilege" on both dc's. If i try it on the w2k file and print server i get an !! LsaEnumerateAccountRights returned error 5 !! on the exchange server.
If i try to do it the way as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q300114 the ipconfig /flushdns and the ipconfig /registerdns work, but if i try it from the w2k file and print server the ipconfig /registerdns doesnt work.
I also found out that if i go to users and computers, and try to edit the policies on the exchange server i get an error, and i cant see the policies. If i do this on the file and print server everything works fine.
I personaly think the problems are there because there is one w2k server and 1 windows2003 server. Some how there is a problem with right on the exchange server, other wise i should be possible to change the policies. I use the administrator account, which has all the rights.
But do you know how to solve this. It will take several weeks before we will know for sure if we can safely upgrade the file and print server to windows 2003.
Greetings
R Bosch
Make sure that you are having a working Global Catalog in your domain. if not, make a Global catalog server and restart it.
ASKER
If i go to the Active Directory Sites and Services on the exchange server and click on sites and the on sites name, i see 3 domain controlers. ! is the file and print server with ntds settings under it, 1 is the exchange server but that one is empty, and 1 is the exchange server with exchange setttings and ntds settings under it. when i look at the properties i see on the file and printserver that global catalog is on and has a dns alias, and it was created bij the exchange server.
The same goes for the exchange server, it has global catalog on en the ntds settings where created bij de file and print server.
I dont know what the do with the dc exchange server that has nothing under it.
The same goes for the exchange server, it has global catalog on en the ntds settings where created bij de file and print server.
I dont know what the do with the dc exchange server that has nothing under it.
ASKER
I am unable to view or modify the GPO. I get an error
when I do the following on the Domain Controller:
Start>Program>Administrati
and Computers. I select Domain Controllers>Right
Click>Properties>Group Policy Tab. I select 'Default
Domain Controllers Policy' and Edit. I get message box
coming up: GROUP POLICY ERROR - Failed to open the Group
Policy Object. You may not have appropriate rights.
Details: The system connot find the path specified.
And i also get userevent errors on the exchange server every 5 minutes
when I do the following on the Domain Controller:
Start>Program>Administrati
and Computers. I select Domain Controllers>Right
Click>Properties>Group Policy Tab. I select 'Default
Domain Controllers Policy' and Edit. I get message box
coming up: GROUP POLICY ERROR - Failed to open the Group
Policy Object. You may not have appropriate rights.
Details: The system connot find the path specified.
And i also get userevent errors on the exchange server every 5 minutes
ASKER
I searched the web and found an artikel about not being able to access the gpo. http://support.microsoft.com/?id=237675
I have done exactly as desribed but dont get any result. I have all the structures
%SystemRoot%\Sysvol\Sysvol
%SystemRoot%\Sysvol\Sysvol
%SystemRoot%\Sysvol\Sysvol
%SystemRoot%\Sysvol\Sysvol
\Machine
%SystemRoot%\Sysvol\Sysvol
and used the Ldp.exe from the windows 2000 cd.
This is wath i got in the programm window.
ld = ldap_open("spielberg", 389);
Established connection to spielberg.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: 8/14/2004 11:51:31 W. Europe Standard Time W. Europe Daylight Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=
1> dsServiceName: CN=NTDS Settings,CN=SPIELBERG,CN=S
5> namingContexts: DC=zthollandia,DC=nl; CN=Configuration,DC=ztholl
1> defaultNamingContext: DC=zthollandia,DC=nl;
1> schemaNamingContext: CN=Schema,CN=Configuration
1> configurationNamingContext
1> rootDomainNamingContext: DC=zthollandia,DC=nl;
21> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange;
1> highestCommittedUSN: 756718;
4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
1> dnsHostName: SPIELBERG.zthollandia.nl;
1> ldapServiceName: zthollandia.nl:spielberg$@
1> serverName: CN=SPIELBERG,CN=Servers,CN
3> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
1> domainFunctionality: 0;
1> forestFunctionality: 0;
1> domainControllerFunctional
-----------
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='Administrator'; Pwd= <unavailable>; domain = 'zthollandia.nl'.}
Authenticated as dn:'Administrator'.
Expanding base 'dc=zthollandia.nl,dc=ztho
Error: Search: Referral. <10>
Result <10>: 0000202B: RefErr: DSID-031006D9, data 0, 1 access points
ref 1: 'zthollandia.nl.zthollandi
Matched DNs:
Getting 0 entries:
-----------
maybe somebody can see something in it
I have done exactly as desribed but dont get any result. I have all the structures
%SystemRoot%\Sysvol\Sysvol
%SystemRoot%\Sysvol\Sysvol
%SystemRoot%\Sysvol\Sysvol
%SystemRoot%\Sysvol\Sysvol
\Machine
%SystemRoot%\Sysvol\Sysvol
and used the Ldp.exe from the windows 2000 cd.
This is wath i got in the programm window.
ld = ldap_open("spielberg", 389);
Established connection to spielberg.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: 8/14/2004 11:51:31 W. Europe Standard Time W. Europe Daylight Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=
1> dsServiceName: CN=NTDS Settings,CN=SPIELBERG,CN=S
5> namingContexts: DC=zthollandia,DC=nl; CN=Configuration,DC=ztholl
1> defaultNamingContext: DC=zthollandia,DC=nl;
1> schemaNamingContext: CN=Schema,CN=Configuration
1> configurationNamingContext
1> rootDomainNamingContext: DC=zthollandia,DC=nl;
21> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413; 2.16.840.1.113730.3.4.9; 2.16.840.1.113730.3.4.10; 1.2.840.113556.1.4.1504; 1.2.840.113556.1.4.1852; 1.2.840.113556.1.4.802;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn; MaxValRange;
1> highestCommittedUSN: 756718;
4> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO; EXTERNAL; DIGEST-MD5;
1> dnsHostName: SPIELBERG.zthollandia.nl;
1> ldapServiceName: zthollandia.nl:spielberg$@
1> serverName: CN=SPIELBERG,CN=Servers,CN
3> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1670; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
1> domainFunctionality: 0;
1> forestFunctionality: 0;
1> domainControllerFunctional
-----------
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, 1158); // v.3
{NtAuthIdentity: User='Administrator'; Pwd= <unavailable>; domain = 'zthollandia.nl'.}
Authenticated as dn:'Administrator'.
Expanding base 'dc=zthollandia.nl,dc=ztho
Error: Search: Referral. <10>
Result <10>: 0000202B: RefErr: DSID-031006D9, data 0, 1 access points
ref 1: 'zthollandia.nl.zthollandi
Matched DNs:
Getting 0 entries:
-----------
maybe somebody can see something in it
ASKER
wel as far as it looks now, the problems have been solved. I tried the Ldp.exe another time, but saw i made a mistake in the first attempt. I had to type dc=zthollandia,dc=nl instead of dc=zthollandia.nl,dc=zthol
I am now abel to enter and edit the gpo. The last 2 hours when i was at the office, there where no new userevents, or MSExchangeSA errors. And the outlook clients where working. Will see what the eventviewer will say tomorrow. I hope all will be fine.
I am now abel to enter and edit the gpo. The last 2 hours when i was at the office, there where no new userevents, or MSExchangeSA errors. And the outlook clients where working. Will see what the eventviewer will say tomorrow. I hope all will be fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your DNS is working Properly?
Check the Network of the exchange server with Network Monitor and find any error in Network . ( check NIC settings for Half/Full/AUTO ) .
GPO are applied properly on exchnage server ? check seccli events .