jmstkoi99
asked on
System Attendant won't start after Exchange 2003 install
The System Attendant service won't start after I have installed Exchange 2003 installation on an Windows Server 2003 box. The exact error logged is: Unexpected error Logon failure: unkown user name or bad password: LDAP Provider ID no: 8007052e Microsoft Exchange System Attendant occurred.
The installation circumstances are like so: W2000 domain with Exchange 2000 running on single DC. The W2003 server was already installed as member server, and I kept it that way, installing Exchange 2003 on it. I did get a Kerberos error and an LDAP error during netdiag/dcdiag, but in troubleshooting those errors, none of the KB support advice led to any improvments. Kerberos runs on the DC and tests out OK. LDAP runs on another server on a different subnet, and while this sounds suspicious, the LDP.exe tests that the KB advised tested OK.
I will gladly provide more details as needed.
Thanks,
John
The installation circumstances are like so: W2000 domain with Exchange 2000 running on single DC. The W2003 server was already installed as member server, and I kept it that way, installing Exchange 2003 on it. I did get a Kerberos error and an LDAP error during netdiag/dcdiag, but in troubleshooting those errors, none of the KB support advice led to any improvments. Kerberos runs on the DC and tests out OK. LDAP runs on another server on a different subnet, and while this sounds suspicious, the LDP.exe tests that the KB advised tested OK.
I will gladly provide more details as needed.
Thanks,
John
ASKER
Sembee:
Thanks for the reply. Now for my follow up questions: How do I properly uninstall Exchange 2003? Also, how specifically do I make it "find the domain controller"? AD on the DC sees both Exchanges right now, so some kind of visibility had to exist. Do I just focus on Kerberos and LDAP, or something else?
Thanks again,
John
Thanks for the reply. Now for my follow up questions: How do I properly uninstall Exchange 2003? Also, how specifically do I make it "find the domain controller"? AD on the DC sees both Exchanges right now, so some kind of visibility had to exist. Do I just focus on Kerberos and LDAP, or something else?
Thanks again,
John
Hi John,
Theoretically you can uninstall Exchange 2003 from Add/Remove Programs, but in practice this often does not produce the results you would like to get.
You can use this article to manually remove Exchange from the server: http://support.microsoft.com/kb/833396.
Regards, Arjan.
Theoretically you can uninstall Exchange 2003 from Add/Remove Programs, but in practice this often does not produce the results you would like to get.
You can use this article to manually remove Exchange from the server: http://support.microsoft.com/kb/833396.
Regards, Arjan.
ASKER
Dela-D:
Thank you for that. Not to get too far ahead of myself here, but how do I remedy the Exchange 2003 installation not finding the domain controller? It seems that the W2003 server where EX2003 is installed can see the DC just fine, as it logs on successfully. Again, if it is Kerberos and/or LDAP as in the netdiag/dcdiag errors, how do I go about "fixing" those? Here are the specific errors returned:
In netdiag: "Kerberos test failed. Kerberos does not have a ticket for host/serv2"
in dcdiag, LDAP test: "Warning: Failed to Query SPN registration on DC 'AQUATRACSERV'"
This last message is the most curious. The "real" DC is actually called "serv", and for some reason (I inherited this installation), LDAP is installed on another server on another subnet. Don't know if this is an issue but it looks funky so I have to mention it.
Thanks again.
John
Thank you for that. Not to get too far ahead of myself here, but how do I remedy the Exchange 2003 installation not finding the domain controller? It seems that the W2003 server where EX2003 is installed can see the DC just fine, as it logs on successfully. Again, if it is Kerberos and/or LDAP as in the netdiag/dcdiag errors, how do I go about "fixing" those? Here are the specific errors returned:
In netdiag: "Kerberos test failed. Kerberos does not have a ticket for host/serv2"
in dcdiag, LDAP test: "Warning: Failed to Query SPN registration on DC 'AQUATRACSERV'"
This last message is the most curious. The "real" DC is actually called "serv", and for some reason (I inherited this installation), LDAP is installed on another server on another subnet. Don't know if this is an issue but it looks funky so I have to mention it.
Thanks again.
John
Try using add/remove programs as the first attempt. Only if that doesn't work and you cannot fix the problems do a manual hack out.
If you work on resolving the LDAP issues then other things should fall in to place. It is all so inter-related that fix one element and you will often find other elements will also start to work.
Simon.
If you work on resolving the LDAP issues then other things should fall in to place. It is all so inter-related that fix one element and you will often find other elements will also start to work.
Simon.
This looks like an AD issue rather than Exchange, so you may have to concentrate on AD. Things like the use of Sites and Services.
Simon.
Simon.
ASKER
Sembee:
Thanks. I'll focus on Sites and Service and see what I find.
John
Thanks. I'll focus on Sites and Service and see what I find.
John
ASKER
The W2000 DC has AD Sites and Services running, but it does not show anything configured beyond itself. The W2003 server with the new Exchange 2003 does not seem to have AD Sites and Services available; I can only find AD Users and Computers, which does see the other Exchange (2000) server, the W2000 DC. Sorry to be moving backwards here, but I'm not at all sure how to proceed.
Thanks again.
John
Sites and Services is a domain functionality, so the tools are only available on domain controllers.
Have subnets been configured? What is the reason the domain controllers are on a different subnet? I would have expected that if multiple subnets were being used that AD would have been configured to take that in to account, otherwise advantages of using another subnet could be reduced.
Simon.
Have subnets been configured? What is the reason the domain controllers are on a different subnet? I would have expected that if multiple subnets were being used that AD would have been configured to take that in to account, otherwise advantages of using another subnet could be reduced.
Simon.
ASKER
Sembee:
I'm not sure the other subnets are an issue (but I can't rule them out). I reran netdiag from the W2003/EX2003 server, and it still has the "Fatal" and "Warning" messages under the LDAP tests, but it also says that the tests "Passed". Kerberos still "Failed", unable to get ticket from the DC host.
Is AD Sites/Services on the DC supposed to have anything explicitly configured to recognize the new W2003/EX2003 installation? Those two servers are on the same subnet, and the DC is the only one for that domain, as far as it's concerned.
Thanks again,
John
I'm not sure the other subnets are an issue (but I can't rule them out). I reran netdiag from the W2003/EX2003 server, and it still has the "Fatal" and "Warning" messages under the LDAP tests, but it also says that the tests "Passed". Kerberos still "Failed", unable to get ticket from the DC host.
Is AD Sites/Services on the DC supposed to have anything explicitly configured to recognize the new W2003/EX2003 installation? Those two servers are on the same subnet, and the DC is the only one for that domain, as far as it's concerned.
Thanks again,
John
You will not see the Exchange server, this actually has nothing to do with Exchange at all. The problem you have is AD related, or poor AD design.
Can the Exchange server not go on the same subnet as the domain controller?
The issue looks like that machine is having problems communicating with the domain controller over the subnet, or cannot find it. I would also expect to see issues with any workstations on that subnet, as they may be broadcasting to find the DC.
You aren't trying to install Exchange in to a DMZ or anything like that?
Simon.
Can the Exchange server not go on the same subnet as the domain controller?
The issue looks like that machine is having problems communicating with the domain controller over the subnet, or cannot find it. I would also expect to see issues with any workstations on that subnet, as they may be broadcasting to find the DC.
You aren't trying to install Exchange in to a DMZ or anything like that?
Simon.
ASKER
Sembee:
The DC and the new W2003/EX2003 server are on the same subnet, and it's not in a DMZ. There are other servers in different subnets that shouldn't (I'm hoping) have anything to do with this subnet, but it's disturbing that the other subnets have servers that were put together from acquired companies, and it looks like the original domains of those servers were not wiped clean. All the servers on all subnets have joined the one domain, but there are remnants of at least two other domains in the other subnets.
According to the W2000/EX2000 DC that we are working from, it is the only DC in the whole domain. It was originally a mixed mode W2000 domain, but since there were no more 5.5 Exchange installations, I converted it to a native mode W2000 domain.
I have resisted promoting the new W2003 server to a DC, since we're not decommissioning the W2000 server, just trying to migrate off the EX2000. Would dcpromo solve or workaround any of these issues? Any other ideas?
Thanks again,
John
The DC and the new W2003/EX2003 server are on the same subnet, and it's not in a DMZ. There are other servers in different subnets that shouldn't (I'm hoping) have anything to do with this subnet, but it's disturbing that the other subnets have servers that were put together from acquired companies, and it looks like the original domains of those servers were not wiped clean. All the servers on all subnets have joined the one domain, but there are remnants of at least two other domains in the other subnets.
According to the W2000/EX2000 DC that we are working from, it is the only DC in the whole domain. It was originally a mixed mode W2000 domain, but since there were no more 5.5 Exchange installations, I converted it to a native mode W2000 domain.
I have resisted promoting the new W2003 server to a DC, since we're not decommissioning the W2000 server, just trying to migrate off the EX2000. Would dcpromo solve or workaround any of these issues? Any other ideas?
Thanks again,
John
If Exchange is installed on a domain controller then things start to change. Exchange will only use that domain controller for its tasks. You need to ensure that the DC with Exchange is a Global Catalog and preferably also has DNS on it.
Simon.
Simon.
ASKER
Sembee:
I will verify that the current Exchange 2000 installation on the DC is set up as a Global Catalog. Since it's the only DC, I probably took this for granted. I'll post back what I find.
Thanks,
John
I will verify that the current Exchange 2000 installation on the DC is set up as a Global Catalog. Since it's the only DC, I probably took this for granted. I'll post back what I find.
Thanks,
John
ASKER
Sembee:
One more thing to confirm: With the netdiag failure error for Kerberos, "Kerberos does not have a ticket for host/serv.domain.local", serv is the corrent hostname of the DC, which does have Kerberos running as a service, so why wouldn't the W2003/EX2003 server be able to get a ticket?
Thanks again,
John
One more thing to confirm: With the netdiag failure error for Kerberos, "Kerberos does not have a ticket for host/serv.domain.local", serv is the corrent hostname of the DC, which does have Kerberos running as a service, so why wouldn't the W2003/EX2003 server be able to get a ticket?
Thanks again,
John
Thats an AD issue. My AD skills are not brilliant. I can troubleshoot the basic stuff to get Exchange installed and that is about it. There is either something wrong with the domain/domain controllers or the way that the server can communicate with the domain controllers.
Simon.
Simon.
ASKER
May we throw this (preceeding) question out to the member population at large, for someone who knows AD/Kerberos?
Thanks to all,
John
Create a new question in the Windows 2000 and/or the 2003 zone, plus the AD zone (you can have a question in three zones). Get a resolution to it and then see how that affects the Exchange side.
Simon.
Simon.
ASKER
Thanks for the directions. I'll do that and see where it leads...
ASKER
Sembee, et al:
I was able to confirm from the other Zones that Kerberos is not a problem, nor is LDAP (most likely). It seems to bring us back to AD, although I have some new symptoms to describe. In studying differences between the existing EX2000 installation and the troubled EX2003 install, I noticed that several protocols (HTTP, NNTP, POP3, IMAP4) are missing from the new EX2003 install. The only protocol (and associated Service) that is present is X.400. The other service missing is MSEX Routing Engine. I'm at a loss as to why these would not be present, as I remember installing them as a prerequisite prior to the actual EX2003 install. Nevertheless, what does it all mean, and what can I do now to make it better?
Thaniks again,
John
I was able to confirm from the other Zones that Kerberos is not a problem, nor is LDAP (most likely). It seems to bring us back to AD, although I have some new symptoms to describe. In studying differences between the existing EX2000 installation and the troubled EX2003 install, I noticed that several protocols (HTTP, NNTP, POP3, IMAP4) are missing from the new EX2003 install. The only protocol (and associated Service) that is present is X.400. The other service missing is MSEX Routing Engine. I'm at a loss as to why these would not be present, as I remember installing them as a prerequisite prior to the actual EX2003 install. Nevertheless, what does it all mean, and what can I do now to make it better?
Thaniks again,
John
This looks like a duff installation. I would be looking to get Exchange out, possibly manually and then wiping the box and rebuilding it.
Simon
Simon
ASKER
Sembee:
Ouch. I was considering the setup.exe /disasterrecovery option prior to more drastic uninstalls/rebuilds. Any thoughts on that?
Thanks,
John
Ouch. I was considering the setup.exe /disasterrecovery option prior to more drastic uninstalls/rebuilds. Any thoughts on that?
Thanks,
John
If an Exchange server doesn't go in first time, it gets removed and then wiped. I don't trust the build. For the sake of saving a few hours to build, I would like the guarantee that the server is clean and there are no problems with the server from a previous installation.
Simon.
Simon.
ASKER
Sembee:
Then I'll remove it and wipe the server. Where is the best set of step-by-step instructions for installing W2003 Server Standard and then Ex2003 Standard? I've followed MSFTs and they're OK, and there are other floating around the web, but if you've got some you can recommend, I'm all ears.
Thanks,
John
Then I'll remove it and wipe the server. Where is the best set of step-by-step instructions for installing W2003 Server Standard and then Ex2003 Standard? I've followed MSFTs and they're OK, and there are other floating around the web, but if you've got some you can recommend, I'm all ears.
Thanks,
John
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you were getting LDAP errors in the netdiag/dcdiag those should have been resolved before you installed Exchange. Exchange needs constant access to the domain controllers so any errors are a red flag. You will probably need to remove Exchange and then fix those problems first. Then you will have to reinstall Exchange so that it updates the domain correctly.
Simon.