Solved

Exchange 2003 SA wont start -- one DC moved to new AD Site and AD Subnet

Posted on 2006-11-27
7
285 Views
Last Modified: 2010-04-18
I have 3 DCs, all GCs.
I created an AD site and subnet for a remote network.
I moved one DC to the new AD site/subnet and it is NOT the FSMO role
owner.
AD DNS has the correct Default-First-Site-Name DNS info (DCs are the
other two, etc.).
Rebooted Exchange server,and get Topology failure, though netdiag and
dcdiag HAVE NO FAILURES!!!

Forced to move the DC back into the original site -- and SA starts
right up.
Any ideas?
Thanks in advance!
0
Comment
Question by:OnvioAdmin
  • 2
  • 2
7 Comments
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18023268
how are your sites structured physically? layout, connectivity subnets etc
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18024113
After moving a server that contains the GC role, it takes time for Exchange to figure out what hit it.  Because Exchange uses the GC heavily, any changes to GC placement normally cause Exchange to hiccup.

Move the server back, both physically and in AD Sites and Services - be sure you re-IP it and delete ALL references to it in DNS by it's old IP (in EVERY container).  Restart the server in the new location while pointed to the main site's DNS so it registers properly at the main site.  Then repoint it to itself.

Leave things alone for a period - so that KCC can recalculate what happened.  You should now be able to restart the Exchange server without too many issues.

0
 

Author Comment

by:OnvioAdmin
ID: 18028201
Jay: Two subnets (in two physical locations), one AD Site (Default-First-Site-Name). All computers at the main office (subnet1) were authenticating against the DC/GC at the COLO (subnet2) via S2S VPN. So all I did was create the new AD Site with a subnet definition to ensure that machines on subnet1 authenticate against either of the two existing DCs/GCs that are on subnet1, and that the machines at the COLO on subnet2 authenticate against only the DC/GC on subnet2.

I didn't re-IP anything. All three DCs/GCs kept the same IPs. I simply added a new site called "COLO" and associated it with the new subnet2 definition I created in AD. I then "moved" the machine into the AD site "COLO", and left the other two machines alone.
The DNS immediately changed (because it is AD enabled) and added another site, and removed the subnet2 DC from the Default-First-Site-Name DNS.
So why would Exchange have the topology failure, even after a reboot, even after dcdiag and netdiag passed all tests?

When Exchange SA stopped and failed, I moved the Dc/GC on subnet2 back to "Default-First-Site-Name" and deleted the subnet definition in AD. No IP change needed. Exchange SA immediately started up again once that was complete.
Thats where we stand now.

Netman: If I move that Dc/GC into the new AD site/subnet, Exchange will seize. Any other thoughts?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 125 total points
ID: 18032170
You can't have the same subnet in two sites.  Sites are used for Replication (topolgy generation) and authentication.  If you create a second site and associate the same subnet as your default site you will have issues.

If the server at the "COLO" is keeping the same IP then leave it in the Site it's in.

Sorry about the delay - I'm not getting any email from EE - so I'm trying to check manually.

0
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 125 total points
ID: 18049268
ouch, just to add to above, you may want to have a little read through this to make things a touch more clear on the use of sites and their config
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/adsrv.mspx
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question