Solved

Unable to access the GAL with OWA after replacing our main Domain controller.

Posted on 2008-10-16
28
1,165 Views
Last Modified: 2012-05-05
notes
=====================
-we upgraded our main domain controller from 2003 to 2008.  When i say "main" i am referring to the DC that host our 3 catalogs.  We have 2 other 2003 domain controllers on the network.
-we have not demoted the older 2003 DC yet
-the issue only happens when we power down the older 2003 DC (we currently keep it online for this reason)
-it does not matter if we connect to OWA on the local network or while off-site
-if the old dc is turned off and a user has their default address list set to one of the secondary address list then it goes back to the global address list.
-Outlook web access, and outlooks ssl(using http) both do not show the global address book.
-the "main DC" is also our DNS, WINS, and DHCP server. (if it matters)
-not sure if its related but when clients authenticate to the "site A" DC they do not show up in the network neighborhood.

It almost like there is a setting in exchange 2003 that needs to be set to the new DC however we cannot find anything.
0
Comment
Question by:jab56
  • 16
  • 6
  • 3
  • +3
28 Comments
 
LVL 4

Assisted Solution

by:FourBeers
FourBeers earned 100 total points
ID: 22733365
Sorry to be vague, but I recall having to set a manual registry key to force our exchange server to authenticate against a particular DC.  Although I can't remember which key, I guess you could search the registry for your old DC name in there, might be worth checking in case someone has set this up.
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 100 total points
ID: 22733684
If the retired DC is your only Global Catalog Server, you need to designate at least one additional DC as a GC or Exchange will not function.
0
 
LVL 18

Assisted Solution

by:exx1976
exx1976 earned 100 total points
ID: 22734142
+! on global catalog issue..

Also check in ESM to make sure someone didn't specify a DC to be used..
0
 
LVL 1

Author Comment

by:jab56
ID: 22734727
Hi FourBeers:  I do a search on the registry for the name or IP of our old DC server.

Hi LauraEHunterMVP: We moved all the catalogs to the new 2008 server and removed them from the 2003 server - these all seem to be okay.

Hi exx1976: We looked around the Exchange system manager for the dc server name(or IP) but could not find anything.
0
 
LVL 33

Assisted Solution

by:Exchange_Geek
Exchange_Geek earned 100 total points
ID: 22734751
Please check events 2080 on your Exchange server to check which server your Exchange is looking for for GC / Dc / Config DC.

Which server is your Exchange server pointing for DNS in your NIC Card ??

Also, please copy paste the screen shot as to what is this secondary address list.

"-if the old dc is turned off and a user has their default address list set to one of the secondary address list then it goes back to the global address list."

Once this DC is down - please check your event viewer of Exchange server for errors. Please post it here.
0
 
LVL 1

Author Comment

by:jab56
ID: 22734857
I did a search in the registery and found..

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\CN=Aggregate,CN=Schema,CN=Configuration,DC=subdivision,DC=division,DC=company,DC=com\File  
  =  %SystemRoot%\SchCache\pdc2003.subdivision.division.company.com_389.sch

HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExBPA\DCSpecified
  =PDC2003

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\ExchangeAdmin EXCHANGE_SVR 0x14d12d40:0x24d771d4\dca740c8c042101ab4b908002b2fe182
  = PDC2003
(I found about 30 of these in a row)
0
 
LVL 1

Author Comment

by:jab56
ID: 22734868
when i say "I found about 30 of these in a row" they are all the same like the last registry entry above.
0
 
LVL 1

Author Comment

by:jab56
ID: 22734949
C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : exchange_srv
   Primary Dns Suffix  . . . . . . . : subdivision.division.company.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : subdivision.division.company.com
                                       division.company.com
                                       company.com

Ethernet adapter Broadcom NetXtreme Gigabit Ethernet Adapter - Onboard - Link A:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-0F-1F-6B-XX-XX
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : (IP of our mail server - this server)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.1.1
   DNS Servers . . . . . . . . . . . : (IP of our new 2008 DC server)
                                       (IP of a secondary 2003 DC"Site B")
   Primary WINS Server . . . . . . . : (IP of our new 2008 DC server)
   Secondary WINS Server . . . . . . : IP of a secondary 2003 DC "Site B")

PPP adapter RAC Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.234.235
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : (empty)
0
 
LVL 3

Assisted Solution

by:Azyre
Azyre earned 100 total points
ID: 22735051
http://support.microsoft.com/kb/313994

Take a look at that and make sure that you have another computer set-up as a GC.  
0
 
LVL 3

Expert Comment

by:Azyre
ID: 22735079
How to create a new global catalog on the destination global catalog server
To create a new global catalog:
1.      On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2.      In the console tree, double-click Sites, and then double-click sitename.
3.      Double-click Servers, click your domain controller, right-click NTDS Settings, and then click Properties.
4.      On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server.
5.      Restart the domain controller.
Note Allow sufficient time for the account and the schema information to replicate to the new global catalog server before you remove the global catalog from the original domain controller.


You'll also want to make sure that you move over all the other FISMO roles if they were residing on the old PDC.
0
 
LVL 1

Author Comment

by:jab56
ID: 22735164
FYI - I see this error....

Event Type:      Warning
Event Source:      MSExchangeSA
Event Category:      OAL Generator
Event ID:      9327
Date:            10/16/2008
Time:            12:53:50 PM
User:            N/A
Computer:      PLEASMAIL
Description:
OALGen skipped some entries in the offline address list '\Global Address List'.  To see which entries are affected, event logging for the OAL Generator must be set to at least medium.
- Default Offline Address List

For more information, click http://www.microsoft.com/contentredirect.asp.
0
 
LVL 1

Author Comment

by:jab56
ID: 22735183
2080 error... I looked and i don't see this event in the event viewer.
0
 
LVL 1

Author Comment

by:jab56
ID: 22735224
FYI - in the GAL our local domain addresses show up however the  lists on other domains don't show up.
0
 
LVL 1

Author Comment

by:jab56
ID: 22735308
Hi Azyre, I looked and all of our domain contollers show that "Global Catalog" is checked. (even the new 2008 and the older 2003 DC)
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22735442
2080 is an informational item - not error.

Btw your NIC card setting looks fine - i think once the issue comes up it would be good to have a look again at what is going wrong.

Check the errors those appear at the time the issue came up.
0
 
LVL 3

Expert Comment

by:Azyre
ID: 22735474
You shouldn't need them all to be GC's, and in fact you may want to only have the 08 server act as the GC (at least until you bring another machine up to 08)  Also this takes time to replicate so if it was just done you may need to wait for replication.  
0
 
LVL 1

Author Comment

by:jab56
ID: 22736085
sorry for not being clear... It the GAL does show the names for our domain however it does not show the names in the other subdivisions.  This issue has been going on for about 2 months since the day we replaced the main domain controller.

I'll look for the 2080 informational error. BTW would the 2080 msg be in the application Log?

Thanks everyone for your help.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22742349
Requesting you to please look into the comment i had posted earlier

"""Also, please copy paste the screen shot as to what is this secondary address list."""

Event id 2080 is an informational event and not informational error.

Could you also increase OAL Generator under MSExchangeSA - server properties - diagnostic logging.
Once, done please rebuild Offline Address List under recepients. Please check events those follow from 9106 in application log - post any errors if you face. Thanks
0
 
LVL 1

Author Comment

by:jab56
ID: 22742676
-These other locations are syncrinized by "identity manager(?)".
-In the outlook 2003 client everything shows up just fine. (see screen shot 2)
untitled.GIF
untitled2.GIF
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22743453
Seems, to me that the offline mode client is not downloading the correct oab files. Please follow the steps given above.
0
 
LVL 1

Author Comment

by:jab56
ID: 22744724
CURRECTION - It does show everyone from all the departments.  It does not show them in the dropdown.

2080 Message:

Process MAD.EXE (PID=2176). DSAccess has discovered the following servers with the following characteristics:
 (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
New2008DC.ci.pleasanton.ca.us      CDG 7 7 1 0 1 1 7 1
Old2003DC.ci.pleasanton.ca.us      CDG 0 0 1 0 0 0 0 0
 Out-of-site:
offsiteDC1.ci.pleasanton.ca.us      CDG 0 0 1 0 0 0 0 0
OffsiteDC2.ci.pleasanton.ca.us      CDG 7 7 1 0 1 1 7 1
 
Then Again after I turned the older 2003 DC back on.....

Event Type:      Information
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2080
Date:            10/17/2008
Time:            1:01:01 PM
User:            N/A
Computer:      PLEASMAIL
Description:
Process MAD.EXE (PID=2176). DSAccess has discovered the following servers with the following characteristics:
 (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
New2008DC.ci.pleasanton.ca.us      CDG 7 7 1 0 1 1 7 1
Older2003DC.ci.pleasanton.ca.us      CDG 7 7 1 0 1 1 7 1
 Out-of-site:
OffsiteDC1.ci.pleasanton.ca.us      CDG 0 0 1 0 0 0 0 0
OffisetDC2.ci.pleasanton.ca.us      CDG 7 7 1 0 1 1 7 1
 
0
 
LVL 1

Author Comment

by:jab56
ID: 22744745
When OLD DC was offline.....

Event Type:      Information
Event Source:      MSExchangeSA
Event Category:      OAL Generator
Event ID:      9106
Date:            10/17/2008
Time:            9:55:40 AM
User:            N/A
Computer:      MAILSERVER
Description:
Offline address list generation started.
- Default Offline Address List

For more information, click http://www.microsoft.com/contentredirect.asp.
0
 
LVL 1

Author Comment

by:jab56
ID: 22744759
a warning message....

Event Type:      Warning
Event Source:      MSExchangeSA
Event Category:      NSPI Proxy
Event ID:      9144
Date:            10/16/2008
Time:            4:59:56 PM
User:            N/A
Computer:      MAILSERVER
Description:
NSPI Proxy failed to connect to Global Catalog pleas_pdc.ci.pleasanton.ca.us over transport Rpc/HTTP.  This server is down or unreachable. Clients will not be directed to this GC until it is available again.
0
 
LVL 1

Author Comment

by:jab56
ID: 22791703
no luck on this ... we are going to let this sit for now until we do our exchange 2007 upgrade in a few months.

Thanks everyone for your help.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22791764
"Global Catalog pleas_pdc.ci.pleasanton.ca.us" which box is this new2008 or old2003.

Since, you mentioned "We moved all the catalogs to the new 2008 server and removed them from the 2003 server - these all seem to be okay." and why would Exchange announce that we are not going to talk to this GC for a while - also if there is another GC - Exchange should announce it.

How many GC do you have locally in this site ????
0
 
LVL 1

Author Comment

by:jab56
ID: 22797959
Hello, The current three DCs have catalogs on them except the old 2003 server, "pleas_pdc", that we removed them from.  (we removed them from this server when we did the upgrade). So yeah, the pleas_pdc should not be showing up there.

BTW - I ran into this - (http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22821237.html)  What if we update our mail server to windows server 2003 SP2?
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22798167
I haven't seen any major concern with SP2 - only problem was seen was with TCP/IP Packets - and MSFT has documented the fix for it long time back.
0
 
LVL 1

Accepted Solution

by:
jab56 earned 0 total points
ID: 23157622
Close ticket.  We are going to be upgrading to Exchange 2007 soon and hopefully that will fix the problem.

Thanks.
0

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now