We help IT Professionals succeed at work.

How to force Exchange to authenticate to different DC

1,291 Views
Last Modified: 2012-08-13
How do I force Exchange 2003 to authenticate to a different DC (Windows 2003).  Our DC is currently down, all other servers (IIS, SQL) are fine but Exchange is giving netlogon errors and the main services (MTA, Info Store etc) won't start.
Comment
Watch Question

Brian PiercePhotographer
CERTIFIED EXPERT
Awarded 2007
Top Expert 2008

Commented:
Presumably the exchange server is set to use the DC that is down for its DNS also. You need to male sure that another DC/DNS server is added as the alternate DNS server and that that DC/DNS server also holds a global catalog. On the second DC, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Commented:
To make the Exchange server change DC you can either wait 35 minutes or try this (won't always work):
ESM: Properties for the Exchange server, tab Directory Access, select Domain Controllers in the drop-down list, select a working DC in the window and delesect Automatically discover servers.
Expert of the Year 2007
Expert of the Year 2006

Commented:
Presuming that the other server is a global catalog, restart the Exchange services. That will force Exchange to find another DC to use.

Simon.

Author

Commented:
Thanks...
KCTS: there is no GC checkbox available to select.
peakpeak: I cannot deselect as the option is greyed out.
Expert of the Year 2007
Expert of the Year 2006

Commented:
This is Microsoft's article on how to set a new Global Catalog.
http://support.microsoft.com/default.aspx?kbid=313994

It is important that you verify that there is another GC available as Exchange needs a GC to talk to. It will also impact your users ability to login to the domain.

Simon.
If the resource kit utilities are loaded on the Exchange server you can also use the "nltest" utility to reset the secure channel to another domain controller.  However this DC must have a global catalog as stated above.  I forget the exact syntax but its comething like nltest /sc_reset:domain\domancontroller.

Use the /? switch to view the command's help.  You'll see the proper syntax to be used.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.