?
Solved

Directory Binding Error 5: Access is Denied. & Cannot email Universal Distribution Group (NDR)

Posted on 2007-10-03
7
Medium Priority
?
2,568 Views
Last Modified: 2012-05-05
Edit by Asker request -
Complete new text to replace Corporate/Personal data.

Vee_Mod

This is an Active Directory Domain environment with two Server 2003 domain controllers.
One of them acts as the Exchange 2003 server.

We configured a Universal Distribution Group with 8 contacts in it. These contacts have email addresses configured that are external to our organization.

A few days ago, I got a report that they could not send emails to this distribution group anymore.
This is the error received back from postmaster:

Your message did not reach some or all of the intended recipients.
Subject: Test Email
Sent: 10/3/2007 6:44 PM
The following recipient(s) could not be reached:
  CN=Person's Name 1- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>
  CN=Person's Name 2- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>
  CN=Person's Name 3- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>
  CN=Person's Name 4- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>
  CN=Person's Name 5- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>
  CN=Person's Name 6- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>
  CN=Person's Name 7- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>
  CN=Person's Name 8- Offsite,OU=Off Site Contacts,DC=company,DC=com on 10/3/2007 6:44 PM
  The e-mail address could not be found. Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address. Check the address and try again.
  <mail.company.com #5.1.0>

When I go into Exchange System Manager under status it shows "Unreachable" however all the services are running.
If I run a DCDIAG on the server, I get the following results:
Domain Controller Diagnosis
Performing initial setup:
   [SERVER2-EXCHANGE] Directory Binding Error 5:
   Access is denied.
   This may limit some of the tests that can be performed.
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\SERVER2-EXCHANG
      Starting test: Connectivity
         ......................... SERVER2-EXCHANG passed test Connectivity
Everything else passes.
There were replication issues which seem to have been caused by DNS issues. I flushed DNS on the DNS server (not the EXCHANGE server) and then replication started working again. I thought that it would clear up this issue, but it has not. I have rebooted both servers (at separate times) to no avail.
The Exchange server is the Infrastructure master but that is it. The other server is the Global Catalog and holds the other 4 roles.

Any help would be greatly appreciated.

Thanks in advance.
0
Comment
Question by:lawrencet-d
  • 5
  • 2
7 Comments
 
LVL 9

Expert Comment

by:Veerappan Sundaram
ID: 20011970
Did you try to send an email toany one these contacts directly, without calling the DL?
If yes, what was the result?

Check the below:
Numeric Code:     5.1.1
Possible Cause:
"  The e-mail account does not exist at the organization the message was sent to. This issue may occur if there was a problem when users were moved between sites. For example, if a former Administrative_Group_1 user moves to Administrative_Group_2 and then replies to an old e-mail message, or if the user does not re-create his or her Outlook profile, an old Administrative Group style LegDN address will be used, and an NDR is generated.  
"  The message was sent to obsolete personal address book entries.
"  The categorizer rejected delivery because you configured your SMTP contact with see comment SMTP RFC821 characters.

Troubleshooting:
Verify the recipient address and resend the message. Verify that the recipient address is formatted correctly and that the categorizer was able to correctly resolve the recipient.

>>>>Veera.
0
 

Author Comment

by:lawrencet-d
ID: 20013882
There have been no modifications to the system since the time this was last KNOWN working and the time it "broke" other than SP2 and the latest patches being applied.

I will check the individual email choice and see if that fixes it.

I do believe this mail issue is tied into the Directory Binding Error 5: Access is denied. error that I receive when doing a dcdiag.

Thanks.
0
 

Author Comment

by:lawrencet-d
ID: 20014784
Okay, so here is what I found. I can email the users directly (at their email addresses) if I explicitly put it in. I cannot find these Contacts in the Global Address List (should I be able to?). I can however find the Universal Distribution Group in the GAL.

I should reiterate that this was working for a couple months and then just last week stopped, without any changes being made to either DC, other than the forementioned patches.

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 9

Expert Comment

by:Veerappan Sundaram
ID: 20032392
For that "Directory Binding Error 5: Access is denied", it could be your machine account credential issue - try to reset machine account using netdom.
Also try disabling the Kerberose service - restart the server and check. if you don't get the above error, then check the patches for kerbrose related fix. Don't forget to enable kerbrose again.

Please do the above only in a week-end or holiday.

>>>> Veera.
0
 

Author Comment

by:lawrencet-d
ID: 20033746
I think you are on the right track Veera1675. I will give that a shot (netdom) as I also read something related to this that made the same suggestion. Thank you for the suggestion. :)
0
 

Author Comment

by:lawrencet-d
ID: 20045463
I  have reset the account using netdom as outlined in the KB article (the process you described above) and it has not improved the situation. I decided that before I make any other changes, I wanted to do a System State backup. The NTBACKUP fails with the following log and error in eventvwr:

Backup Status
Operation: Backup
Active backup destination: File
Media name: "SYSTEM STATE COMPANY-Exchange 10-09-07.bkf created 10/9/2007 at 6:45 PM"

Volume shadow copy creation: Attempt 1.
Backup (via shadow copy) of "System State"
Backup set #2 on media #1
Backup description: "Set created 10/9/2007 at 6:45 PM"
Media name: "SYSTEM STATE COMPANY-Exchange 10-09-07.bkf created 10/9/2007 at 6:00 PM"

Backup Type: Copy

Backup started on 10/9/2007 at 6:45 PM.
The Active Directory service on \\COMPANY-EXCHANG has
reported an error. Check the event log for more information.
Backup completed on 10/9/2007 at 6:47 PM.
Directories: 190
Files: 2802
Bytes: 533,278,204
Time:  1 minute and  28 seconds

The message in event logs shows:

The 'Active Directory' returned 'Unable to update the password. The value provided as the current password is incorrect.
' from a call to 'BackupPrepare()' additional data '\\VENTURI-EXCHANG'



0
 

Accepted Solution

by:
lawrencet-d earned 0 total points
ID: 20045467
Could this all be caused by the fact that the name of the Exchange server is 16 characters long?
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question