rivey_210901
asked on
NDR on Exchange 2003 - Internal mail bounses to new users, but not older users.
We're using Exchange Server 2003 running on Windows Server 2003. The mail server has worked perfectly for over a year. We recently added a new batch of users to the AD. When sending mail to these new users, we receive an NDR (Exchange error #5.1.1).
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mail.DOMAIN.COM #5.1.1>
Email sent between the older users still works fine.
The weirdest part of the problem is that when I send two emails to a user in succession, the first will bounce and return an NDR and the second will go through just fine.
We've tried removing users and readding them to the domain and updating and rebuilding the Recipient Update Services.
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mail.DOMAIN.COM #5.1.1>
Email sent between the older users still works fine.
The weirdest part of the problem is that when I send two emails to a user in succession, the first will bounce and return an NDR and the second will go through just fine.
We've tried removing users and readding them to the domain and updating and rebuilding the Recipient Update Services.
Last time I saw something like that there was something wrong with the mailbox database. We fixed it by creating a new mailbox database and moving the users over to the new database. We then deleted the old database after everything was moved over.
can you pease advise if the RUS auto adds these email addresses and the x400 address?
check your AD logs to make sure replication is okay. also ensure the mailboxes have been created.
ASKER
The SMTP, X400 records get added when we create a new account with exchange privlidges.
is this DC in a differnt domain or site to where the actual exchange server is?
ASKER
We have noticed that there are replication errors at times, however, we can force the replication and still not get emails to send. When checking the mailboxes and some of the mailboxes are there, while others are not.
ASKER
only one domain. This dc and 6 other DCs are all in the same network / domain.
to test create a new test user
force replication on all DCs
connect to all 6 DCs, do you see the AD object with the SMTP address and X400 address which you just created? In ADUC
or atleast see the AD object if ESM isnt installed.
force replication on all DCs
connect to all 6 DCs, do you see the AD object with the SMTP address and X400 address which you just created? In ADUC
or atleast see the AD object if ESM isnt installed.
ASKER
Created a user and verified account after replication to PDC. However, replication to a different server failed.
ASKER
THe replication error references that the time since the last replication has exceeded the tombstone lifetime
oh dear! ok please can you provide a dcdiag log?
we need to find out which DCs are Tomb stoned
we need to find out which DCs are Tomb stoned
also please provide how many Global Catalogs you have, how many of the 6 are GC?
ASKER
I know the one that is tomb stoned - what do I need to do with it. It is called AMD-BACKUP and it doesnt really do anything special. I can demote it if I need to. Otherwise, please tell me how to produce a "dcdiag log"
ASKER
5 of 8 (not six sorry) have the global catalog checked.
was AMD-BACKUP a global catalog?
ASKER
yes - adm-backup was / is a global catalog.
to get dcdiag
install support tools on one of the DCs http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en
if not already installed
click start > program files > wiindows support tools > command prompt
type dcdiag /f:c:\dcdiag.log
on that same server go to the root of C:
open the dcdiag.log and paste the text here.
install support tools on one of the DCs http://www.microsoft.com/downloads/details.aspx?FamilyId=6EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en
if not already installed
click start > program files > wiindows support tools > command prompt
type dcdiag /f:c:\dcdiag.log
on that same server go to the root of C:
open the dcdiag.log and paste the text here.
ASKER
ok: here goes:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: GilmerISD\GISD-MAIL
Starting test: Connectivity
......................... GISD-MAIL passed test Connectivity
Doing primary tests
Testing server: GilmerISD\GISD-MAIL
Starting test: Replications
[Replications Check,GISD-MAIL] A recent replication attempt failed:
From ADM-BACKUP to GISD-MAIL
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2008-10-07 15:25:51.
The last success occurred at 2008-07-08 09:45:52.
2154 failures have occurred since the last success.
[Replications Check,GISD-MAIL] A recent replication attempt failed:
From ADM-BACKUP to GISD-MAIL
Naming Context: CN=Configuration,DC=GISD,D
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2008-10-07 15:25:51.
The last success occurred at 2008-07-08 09:57:59.
2154 failures have occurred since the last success.
[Replications Check,GISD-MAIL] A recent replication attempt failed:
From ADM-BACKUP to GISD-MAIL
Naming Context: DC=GISD,DC=LAN
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2008-10-07 15:25:51.
The last success occurred at 2008-07-08 10:00:26.
2158 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
GISD-MAIL: Current time is 2008-10-07 15:28:00.
CN=Schema,CN=Configuration
Last replication recieved from ADM-BACKUP at 2008-07-08 09:56:21.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=GISD,D
Last replication recieved from ADM-BACKUP at 2008-07-08 09:58:08.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=GISD,DC=LAN
Last replication recieved from ADM-BACKUP at 2008-07-08 10:00:26.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... GISD-MAIL passed test Replications
Starting test: NCSecDesc
......................... GISD-MAIL passed test NCSecDesc
Starting test: NetLogons
......................... GISD-MAIL passed test NetLogons
Starting test: Advertising
......................... GISD-MAIL passed test Advertising
Starting test: KnowsOfRoleHolders
......................... GISD-MAIL passed test KnowsOfRoleHolders
Starting test: RidManager
......................... GISD-MAIL passed test RidManager
Starting test: MachineAccount
......................... GISD-MAIL passed test MachineAccount
Starting test: Services
......................... GISD-MAIL passed test Services
Starting test: ObjectsReplicated
......................... GISD-MAIL passed test ObjectsReplicated
Starting test: frssysvol
......................... GISD-MAIL passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... GISD-MAIL failed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/07/2008 15:25:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/07/2008 15:25:51
(Event String could not be retrieved)
......................... GISD-MAIL failed test kccevent
Starting test: systemlog
......................... GISD-MAIL passed test systemlog
Starting test: VerifyReferences
......................... GISD-MAIL passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : GISD
Starting test: CrossRefValidation
......................... GISD passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... GISD passed test CheckSDRefDom
Running enterprise tests on : GISD.LAN
Starting test: Intersite
......................... GISD.LAN passed test Intersite
Starting test: FsmoCheck
......................... GISD.LAN passed test FsmoCheck
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: GilmerISD\GISD-MAIL
Starting test: Connectivity
......................... GISD-MAIL passed test Connectivity
Doing primary tests
Testing server: GilmerISD\GISD-MAIL
Starting test: Replications
[Replications Check,GISD-MAIL] A recent replication attempt failed:
From ADM-BACKUP to GISD-MAIL
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2008-10-07 15:25:51.
The last success occurred at 2008-07-08 09:45:52.
2154 failures have occurred since the last success.
[Replications Check,GISD-MAIL] A recent replication attempt failed:
From ADM-BACKUP to GISD-MAIL
Naming Context: CN=Configuration,DC=GISD,D
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2008-10-07 15:25:51.
The last success occurred at 2008-07-08 09:57:59.
2154 failures have occurred since the last success.
[Replications Check,GISD-MAIL] A recent replication attempt failed:
From ADM-BACKUP to GISD-MAIL
Naming Context: DC=GISD,DC=LAN
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2008-10-07 15:25:51.
The last success occurred at 2008-07-08 10:00:26.
2158 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
GISD-MAIL: Current time is 2008-10-07 15:28:00.
CN=Schema,CN=Configuration
Last replication recieved from ADM-BACKUP at 2008-07-08 09:56:21.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=GISD,D
Last replication recieved from ADM-BACKUP at 2008-07-08 09:58:08.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=GISD,DC=LAN
Last replication recieved from ADM-BACKUP at 2008-07-08 10:00:26.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... GISD-MAIL passed test Replications
Starting test: NCSecDesc
......................... GISD-MAIL passed test NCSecDesc
Starting test: NetLogons
......................... GISD-MAIL passed test NetLogons
Starting test: Advertising
......................... GISD-MAIL passed test Advertising
Starting test: KnowsOfRoleHolders
......................... GISD-MAIL passed test KnowsOfRoleHolders
Starting test: RidManager
......................... GISD-MAIL passed test RidManager
Starting test: MachineAccount
......................... GISD-MAIL passed test MachineAccount
Starting test: Services
......................... GISD-MAIL passed test Services
Starting test: ObjectsReplicated
......................... GISD-MAIL passed test ObjectsReplicated
Starting test: frssysvol
......................... GISD-MAIL passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... GISD-MAIL failed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/07/2008 15:25:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/07/2008 15:25:51
(Event String could not be retrieved)
......................... GISD-MAIL failed test kccevent
Starting test: systemlog
......................... GISD-MAIL passed test systemlog
Starting test: VerifyReferences
......................... GISD-MAIL passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : GISD
Starting test: CrossRefValidation
......................... GISD passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... GISD passed test CheckSDRefDom
Running enterprise tests on : GISD.LAN
Starting test: Intersite
......................... GISD.LAN passed test Intersite
Starting test: FsmoCheck
......................... GISD.LAN passed test FsmoCheck
ok looks like your best bet is to manually remove this server from AD as i dont think you can just use DCpromo to remove it as its hit the tombstone.
does adm-backup hold any of the FSMO roles? if so move/seizr them over to the other DCs.
you are going to needto follow this guide to remove that server manually from AD.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
does adm-backup hold any of the FSMO roles? if so move/seizr them over to the other DCs.
you are going to needto follow this guide to remove that server manually from AD.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
ASKER
ok, will attempt to follow and remove this server. Do you think this would cause the problem we are expericncing with Exchange? on just the new users?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
looks like that fixed it!!!!!!!!!!! I'll test again in the morning and award points then! Thanks
which one? resetting of excahnge to bind to the other GC? or removing the bad DC?
ASKER
removing the dc fixed it. i did a reboot for good measure overnight and problem is solved
GOOD! glad i can help