dcgimo
asked on
Exchange server not seeing local Global Catalog server
We have 3 servers running Windows 2003 in a child domain. DC1 & DC2 are my domain controllers and both are currrently global catalogs as well. The third server is NOT a domain controller and is only running Exchange 2003. The problem we are experiencing is that users are having problems with Outlook 2003 timing out connections to other global catalog servers in our enterprise. We have a root domain and 4 child domains; The root and 2 of the child domains have Exchange 2003 servers that both connect to the root domain via the same T1 line.
DNS shows all 3 servers as global catalog servers. We recently added DC1 as a GC for testing purposes...
In the Directory Access tab in the Exchange System Manager:
In "Domain Controllers" it shows all my domain controllers EXCEPT the 2 in its domain.
In "Global Catalog Servers" it shows all our global catalogs except the local one(s).
On the Exchange server in question, I am receiving Event IDs
8213 (System Attendant Service failed to create session for virtual machine Name . The error number is 0xc007054b.)
&
9153 (Microsoft Exchange System Attendant reported an error '0xc007056b' when setting DS notification.)
We are not running in native mode because we have some users still using Exchange 5.5 (there is a plan to remove it but it is in the near future, then we will go native)
DNS shows all 3 servers as global catalog servers. We recently added DC1 as a GC for testing purposes...
In the Directory Access tab in the Exchange System Manager:
In "Domain Controllers" it shows all my domain controllers EXCEPT the 2 in its domain.
In "Global Catalog Servers" it shows all our global catalogs except the local one(s).
On the Exchange server in question, I am receiving Event IDs
8213 (System Attendant Service failed to create session for virtual machine Name . The error number is 0xc007054b.)
&
9153 (Microsoft Exchange System Attendant reported an error '0xc007056b' when setting DS notification.)
We are not running in native mode because we have some users still using Exchange 5.5 (there is a plan to remove it but it is in the near future, then we will go native)
ASKER
The sites are configured in AD and the 2 exchange servers in the child domains are configured almost identically...The other child's exchange server is on a DC that is also the GC.
Can you be more specific about the DNS config question?
Can you be more specific about the DNS config question?
What is the Exchange server using for DNS? The local GCs?, something else? A unix box? External DNS (please no).
Simon.
Simon.
ASKER
The Exchange server is using DC1 as the primary for DNS & WINS
Just DC1?
Have you got DNS on the other domain controller? If so, try adding that, and swapping them round (so the second DC is the primary DNS).
There is a heavy reliance on DNS to find the global catalog, then it starts broadcasting (yuk).
Simon.
Have you got DNS on the other domain controller? If so, try adding that, and swapping them round (so the second DC is the primary DNS).
There is a heavy reliance on DNS to find the global catalog, then it starts broadcasting (yuk).
Simon.
ASKER
It is using DC1 in this domain and DC1 in the other child that is in the same complex (fiber connecting both bldgs).
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There is only 1 DNS server in each child and 2 in the root. The 2 in the root forward to the outside world.
In DNS on the local and root domains, the domain controllers & GCs are listed correctly in the _msdts.domain.com zone.
In DNS on the local and root domains, the domain controllers & GCs are listed correctly in the _msdts.domain.com zone.
In your original question, you stated that the server cannot see the two domain controllers in it's domain.
Now you have just said that there is only one domain controller in the child domain.
Where is the Exchange server with the problem? In a child domain or in the root domain?
Simon.
Now you have just said that there is only one domain controller in the child domain.
Where is the Exchange server with the problem? In a child domain or in the root domain?
Simon.
ASKER
The problem exchange server is in a child domain.
In the Directory Access tab of the Exchange system Manager, it sees all the DCs & GCs except the ones in its own domain. There are 2 domain controllers in each domain except the root which has 3 and 1 GC in each domain except the problem one where we set up its DC1 as a second GC.
ROOT: DC1(DNS/WINS); DC2(GC)(DNS/WINS); DC3_______________________
|------T1 connection-------| |(Fiber) |(VPN tunnel)
DOM1<---------Fiber------>
DC1, DC2, Exchange DC1, DC2(Exchange) DC1, DC2 DC1, DC2
DOM1 & DOM2 are connected to each other via fiber, then use the same T1 to connect to the root
DOM3 connects tot he root via fiber
DOM4 connects to the root using a VPN tunnel through our internet connection (T1)
DC1 in each child runs both DNS & WINS, DC2 is the Global Catalog
DC1 & DC2 in the root are both DNS/WINS servers, DC2 is the GC; DC3 is only a domain controller
Exchange servers:
ROOT: member server
DOM1: member server
DOM2: DC2
DOM1 is the one having problems
Does this help?
In the Directory Access tab of the Exchange system Manager, it sees all the DCs & GCs except the ones in its own domain. There are 2 domain controllers in each domain except the root which has 3 and 1 GC in each domain except the problem one where we set up its DC1 as a second GC.
ROOT: DC1(DNS/WINS); DC2(GC)(DNS/WINS); DC3_______________________
|------T1 connection-------| |(Fiber) |(VPN tunnel)
DOM1<---------Fiber------>
DC1, DC2, Exchange DC1, DC2(Exchange) DC1, DC2 DC1, DC2
DOM1 & DOM2 are connected to each other via fiber, then use the same T1 to connect to the root
DOM3 connects tot he root via fiber
DOM4 connects to the root using a VPN tunnel through our internet connection (T1)
DC1 in each child runs both DNS & WINS, DC2 is the Global Catalog
DC1 & DC2 in the root are both DNS/WINS servers, DC2 is the GC; DC3 is only a domain controller
Exchange servers:
ROOT: member server
DOM1: member server
DOM2: DC2
DOM1 is the one having problems
Does this help?
Hi!
Did you restart the Domain Controllers when you configured them as GC?
Dean
Did you restart the Domain Controllers when you configured them as GC?
Dean
Reboot your local GC which is not being picked up by Exchange server. Reboot your Exchange server after that.
Check the application log or increase the diagnostic logging on DSAccess (specially for topology discovery events)
Use tools like DCDiag and Netdiag to troubleshoot DNS and other networking issues.
Thanks,
Amit Aggarwal.
Check the application log or increase the diagnostic logging on DSAccess (specially for topology discovery events)
Use tools like DCDiag and Netdiag to troubleshoot DNS and other networking issues.
Thanks,
Amit Aggarwal.
ASKER
The DCs were reboted when they were made GCs. Exchange was rebooted after the DCs came back online.
Is there anything specific I should look for when using dcdiag & netdiag?
Is there anything specific I should look for when using dcdiag & netdiag?
ASKER
We added a third domain controller in the problem domain and made it a global catalog as well to see if it "kick's" Exchange into seeing its own domain servers.
One of my coworkers tried setting Exchange's DS manually to look only at the local global catalog servers, but some of the Exchange services would not even start. We set it back to "Automatic" and were able to start those sevices again.
One of my coworkers tried setting Exchange's DS manually to look only at the local global catalog servers, but some of the Exchange services would not even start. We set it back to "Automatic" and were able to start those sevices again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Pressure to get this resolved came from higher up in my office so I ended up calling in MS on this one and paying their fees.
It turns out that the exchange server in the troubled domain did not have permission to browse the local AD structure. I added the Exchange Enterprise Servers group to the "HEALTHDEPT\Exchange Enterprise Servers" to the "Manage auditing and security log" policy in "\Windows settings\Local Policies\User Rights Assignment\", force replication to all the DCs, and restart the Exchange System Attendant services.
Once that was done, the local DC & GC servers showed up in the directory Access tab.
Thank you all for your assistance.
Rick
It turns out that the exchange server in the troubled domain did not have permission to browse the local AD structure. I added the Exchange Enterprise Servers group to the "HEALTHDEPT\Exchange Enterprise Servers" to the "Manage auditing and security log" policy in "\Windows settings\Local Policies\User Rights Assignment\", force replication to all the DCs, and restart the Exchange System Attendant services.
Once that was done, the local DC & GC servers showed up in the directory Access tab.
Thank you all for your assistance.
Rick
How is your DNS configured?
Do you have sites configured in AD?
Simon.