Solved

Exchange Server 5.5 running on w2k server. domain got changed, service account got trashed

Posted on 2004-10-22
491 Views
Last Modified: 2008-01-09
Here's the deal.
Been running Exchange 5.5 on windows 2k server for about 6 months.  It has been in an exisiting win nt domain.
recently they decided to upgrade to a w2k3 active directory domain.
They decided to one night shut down the old PDC, and start up the new 2k3 server with the same computer name, same domain name, same ip address etc, so that they would not have to remap any drives, or go around to each computer and switch the domains etc.
Exchange stopped working, so they decided to disjoin the server from the domiain, then re-join it to the domain.
this killed the SID for the Service Account in Exchange, and now nothing is working right.
I have been able to get it to a point where i can get the directory and the system attendant to start, but nothing else.
i have tried to start the information store, i figured that if i get that going, i can move the mailboxes back to the old exchange server, re-install exchange, then move the mailboxes back.
When i try to start the info store, get an error code 1011.
I have tried running isinteg -patch, but i get an error DS_E_INSUFFICIENT_ACCESS_RIGHTS.
any help at this point would be great.
They are complaining to me because i can't fix a problem that they created.  
I want to be done with these people so anything would be great.
Thank you in advance.
0
Question by:mikebaril
    30 Comments
     
    LVL 3

    Expert Comment

    by:PLeclair
    I'm not %100 certain, but I can't see why you couldn't just install a fresh exchange server, move the pub.edb and priv.edb and dir.edb over to the new server you installed (using the same org name etc..).. Just make sure to install it with a valid system account that has service account admin..  That should get it back up..
    But because all mailbox associations are to old SID, you'd likely have to remap the mailboxes to the user accounts in AD or NT4 if you're reverting..

    Also, there are a number of products out there (some pretty cheap!) that wil read contents right out of the .edb files without using exchange.. Just look for something like ".edb reader"

    Food for though..
    0
     

    Author Comment

    by:mikebaril
    PLeclair,
    Thank you for your response.
    i do have the .edb files from the old config, and have moved them over. the dir.edb came over fine.
    but like i said, the information store service is not starting.  I am sure that if i can get the permissions on the store, everything will work.
    problem is, i don't know how to get by that problem.
    0
     
    LVL 21

    Accepted Solution

    by:
    The problem is your Dir.  The service account sid is stored in there, so without the old service account being present this Dir will never work (I know the service is starting but trust me, its still the dir).  Here is the quickest way to recover:

    - Remove Exchange
    - Reinstall, same Org/Site Name
    - Keep the newly installed dir.edb in place.  Bring in the priv and pub from the old server
    - Run isinteg -patch, and start the IS
    - Launch Admin, drill down and highlight the server object.
    - File/Properties/advanced, click consistency adjustor.   Check the 1st box, select all inconsistencies, and run it
    - Now your mailboxes should be back, you will have to manually re-associate the primary NT account with the mailbox

    0
     

    Author Comment

    by:mikebaril
    marc nivens
    Tank you very much for the comment.
    I have to spend my saturday there, so I will give that a try first thing when i get in there.
    I know the site name, and i am pretty sure of the org name, but just to be safe, any way to look that up?
    again thank you for the help!
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    Actually yes, there are a few ways.  If you have the Exchange Server Progress.log from the initial installation you can find it there.  You can also stop the directory service, open the dir.edb in notepad, and search for "ou=" (no quotes).  You will find something that resembles /o=Org Name/ou=Site Name, it could be spaced out but it still should be readable.

    Good Luck, let us know how it works out for you.
    0
     

    Author Comment

    by:mikebaril
    again marc, thank you.
    I will definately let you know how it works out.
    0
     

    Author Comment

    by:mikebaril
    marc,
    sadly this did not work.
    I am back to the point where i can see all my mailboxes, but the information store will not start, and i do not have rights to do anything to it.
    any more suggestions would be great.
    thanks again.
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    I've been through these steps more times than I can count... if its not starting now then there is something else going on.  However, I can't tell you what without more information.  What error do you get when you start the information store?   Also, any information from the application log would help too.
    0
     

    Author Comment

    by:mikebaril
    marc,
    I get the error code 1011 when i try to start the service.  
    I have seen elsewhere to run the Isinteg -patch when that error occurs, i try that and i get the permissions error above.
    from anther thread i am running the following utils.
    Eseutil /p /ispriv
    Eseutil /p ispub

    Isinteg -pri -fix -test alltests
    isinteg -pub -fix -test alltests

    so far the first two went through fine, running the isinteg on the pri right now which is taking some time on the 9gb ebd file.
    I will be sure to report back when those are done.
    thanks again.
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    Make sure that you're logged in as the new service account when running the isinteg -patch...
    0
     

    Author Comment

    by:mikebaril
    well those just ran had some fixed in there, but i am still unable to start the information store, and the -patch attempt is still giving me DS_E_INSUFFICIENT_ACCESS_RIGHTS as an error

    I look in the application log, and this is what i get.

    Event Type:      Error
    Event Source:      MSExchangeIS Private
    Event Category:      General
    Event ID:      1005
    Date:            10/23/2004
    Time:            3:13:03 PM
    User:            N/A
    Computer:      MSO-EXCHANGE2
    Description:
    Unable to start the Microsoft Exchange Information Store. Error 0x3f3.
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    Yep, the 0x3f3 is hex for 1011.  It means that the isinteg -patch needs to be ran.  Be sure to login as the new service account and try isinteg -patch again.
    0
     

    Author Comment

    by:mikebaril
    OK, i had set the server up from scratch
    and now it is telling me that the service account again is an unknown account, and i do not have permissions to add a new one!
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    It sounds like you tried to restore or bring over the old dir.edb.  You cannot do this, you have to use the dir.edb from the fresh install you just did.
    0
     

    Author Comment

    by:mikebaril
    I followed your steps to the T.
    I have a backup copy of the old dir.edb, but it is not in the exchsrvr folder.
    Is that the only thing that would cause this?

    0
     

    Author Comment

    by:mikebaril
    my old dir.edb is 180MB and the clean one is 3MB.  Is there information in that edb that i am going to need?
    and if so, how do i extract that?
    0
     

    Author Comment

    by:mikebaril
    i copied back the dir.edb from the backup i did right after i reinstalled exchange.
    i was able to run the isinteg -patch
    but i do not have any of my mailboxes, and the rest of the organizations that were showing in the tree before are no longer showing.
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    You're on the right track.  BTW, I'm assuming this was the only server in this site.  If that assumption is incorrect then ignore the rest of this and let us know (the recovery steps are different, I can give them to you if needed).  Otherwise, do this:

    - Launch Admin, drill down and highlight the server object.
    - File/Properties/advanced, click consistency adjustor.   Check the 1st box, select all inconsistencies, and run it
    - Now your mailboxes should be back, you will have to manually re-associate the primary NT account with the mailbox

    Once these are done you will need to re-establish dirrep and site/x.400 connectors to the other sites.
    0
     

    Author Comment

    by:mikebaril
    Marc,
    again thank you for the response,
    This is the only server that they have in their site, but they connect to the rest of the state, and can see all of those sites as well.
    I have found something that is wrong, and need a bit to fix it, think it might help out.
    i will report back when that is updated
    thanks again.


    0
     

    Author Comment

    by:mikebaril
    Alright, my client had given my wrong information and I had the org name wrong.
    I have removed exchange again, reinstalled, put in the correct info.
    isinteg -patch ran, \
    i ran the consistency adjuster,
    but when i try tostart the info store, i get error code 1276.
    Here are the errors from the application log.

    Event Type:      Error
    Event Source:      MSExchangeIS
    Event Category:      General
    Event ID:      1089
    Date:            10/23/2004
    Time:            4:19:35 PM
    User:            N/A
    Computer:      MSO-EXCHANGE2
    Description:
    The information store was not started because the system distinguished name (DN) of /o=COMMONWEALTH OF MASSACHUSETTS/ou=SDM-CAMBRIDGE/cn=Configuration/cn=Servers/cn=MSO-EXCHANGE2/cn=Microsoft Private MDB in the mailboxes table could not be found.

     The database may have been restored to a computer that does not contain the original database. Run ISINTEG -patch before attempting to start the information store again.

    Event Type:      Error
    Event Source:      MSExchangeIS Private
    Event Category:      General
    Event ID:      1005
    Date:            10/23/2004
    Time:            4:19:35 PM
    User:            N/A
    Computer:      MSO-EXCHANGE2
    Description:
    Unable to start the Microsoft Exchange Information Store. Error 0x4fc.
    0
     

    Author Comment

    by:mikebaril
    marc,
    since they are in the site with other systems, can whoever control the site add items to the service account?
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    I'll address the errors first.  This event has a few possible causes:

    - The Org or Site names display names were changed on the previous install.  This would make you think by looking at Exchange Admin that the names were one thing, when in fact they were another.  Can I ask how you determined the Org/Site names?  Also, check the 1089 event.  It tells you the Org/Site its looking for.   Make sure they're correct.

    - A registry key.  Go to HKLM\System\CurrentControlSet\Services\MSExchangeIS\Parameters System.  There are 3 values that contain the server name (DSA Computer, MTA Computer and This Server).  Make sure they are correct.  

    - Corrupt DB.  This is the most unlikely scenario, but possible since you did repair the databases it could have happened.  If you have another copy of these databases you could try them.  Just so you know, repair will remove any pages from the DB that are corrupt without caring about what is in them.  If these are required system pages, repair can render a DB unusable.


    As for your last question, I'm not sure what you mean by add items to the service account.  If you mean change permission on your site, they will need to be logged in as an account that has been given permissions admin or better.
    0
     

    Author Comment

    by:mikebaril
    Marc,

    The first time i reinstalled exchange today i used what they had told me, and after viewing a log, there was a mismatch of what it was looking for, so i reinstalled again with the info that it was looking for.  

    I checked the registry keys, and they are all correct.

    I am pulling over a database from before all of this started, and i am going to take a crack with that.

    again, thank you for your help
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    Good luck, let us know how it goes.  And remember, pull only the priv and pub over.  The dir can't be used.
    0
     

    Author Comment

    by:mikebaril
    I'm still having no luck.
    no matter what priv and pub's i use, if i do not use the dir from the old setup, i do not see any of my users, or any of the other servers in the organization.

    any more thoughts?
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    Again, that is completely expected.  You need to follow the rest of the steps to get the users back.  Here they are one more time:

    - Launch Admin, drill down and highlight the server object.
    - File/Properties/advanced, click consistency adjustor.   Check the 1st box, select all inconsistencies, and run it
    - Now your mailboxes should be back, you will have to manually re-associate the primary NT account with the mailbox

    You will need to re-establish connectors (site or x.400) and directory replication once this is complete.

    0
     

    Author Comment

    by:mikebaril
    I am trying your steps again.
    This might be the last time for tonight, getting too frustrated and client is being a pain.
    So i am running isinteg -patch, then going to run the consistency adjustor

    I have done this, i see no mailboxes, and i can not start the information store.  I am still getting the error 1011.
    0
     

    Author Comment

    by:mikebaril
    scratch that, ran isinteg again, now i get error code 1276
    0
     
    LVL 21

    Expert Comment

    by:marc_nivens
    Then its back to the Org/Site problem.  If you're still getting the 1089 error in the app log it could be because this database was patched before when the dir with the wrong org/site name was in place.  If that is the case you need to copy the databases again from their original location.  

    Questions:  Is the Org/Site listed in the 1089 event what you installed with?  If so, have you ever installed with the wrong Org/Site name and patched these databases against that install?
    0
     

    Author Comment

    by:mikebaril
    Thanks for all your help.
    Finally done with them!
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    846 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    6 Experts available now in Live!

    Get 1:1 Help Now