prostarnetworking
asked on
Exchange is down after Domain Controller upgrade
We recently replaced a taxed Server 2003 DC with a newer one running 2008 Standard. All computers and other servers can authenticate to the new DC but the Exchange server is down.
Exchange System Attendant hangs at starting and Exchange Store gives an error 1053: service cannot start error when it is manually started. Our e-mail is currently down and we are out of ideas. Any help would be appreciated guys/gals.
Exchange System Attendant hangs at starting and Exchange Store gives an error 1053: service cannot start error when it is manually started. Our e-mail is currently down and we are out of ideas. Any help would be appreciated guys/gals.
ASKER
Yes, the server is a GC. We transferred the FSMO roles before the old server was DCPromo'd. There are no other active DC's. There are 9 other 2003 servers in the network.
ASKER
Also, we are getting the following error, among others, which are all refering to topology errors.
Process MAD.EXE (PID=2944). Topology Discovery failed, error 0x80040a02.
I'm wondering if it could be a group policy issue, as when you try to access the group policy (the only one that exists is the default policy), you receive an error that you are not allowed to access it from a 2003 server.
THis is the first time I have we have put a 2008 DC into a 2003 network, so I don't know if maybe there is something with 2008 that you have to grant permission to other servers to access the group policy.
Process MAD.EXE (PID=2944). Topology Discovery failed, error 0x80040a02.
I'm wondering if it could be a group policy issue, as when you try to access the group policy (the only one that exists is the default policy), you receive an error that you are not allowed to access it from a 2003 server.
THis is the first time I have we have put a 2008 DC into a 2003 network, so I don't know if maybe there is something with 2008 that you have to grant permission to other servers to access the group policy.
The server cannot see the domain controller - simple as that. Have you checked DNS is set correctly? Can the Exchange server do NSLOOKUPs against the Windows 2008 DC?
Have you checked the Windows 2008 firewall, or turned it off?
So you only have one DC? What would you do if that failed? You should have at least two - both of which being GCs. I even have two at home.
If you were to lose that domain controller then you would lose Exchange - a DR would be very difficult because you would only have the raw files. With a second DC you wouldn't lose everything.
-M
Have you checked the Windows 2008 firewall, or turned it off?
So you only have one DC? What would you do if that failed? You should have at least two - both of which being GCs. I even have two at home.
If you were to lose that domain controller then you would lose Exchange - a DR would be very difficult because you would only have the raw files. With a second DC you wouldn't lose everything.
-M
ASKER
Windows firewall is off on the 2008 box. All computers can ping it, browse it and are authenticating with no problems. It leads me back to the 2003 servers not being allowed to access the group policy.
ASKER
Also, in looking we had 4 dc's. 2 were downgraded. There is still another DC in the domain.
Is the other DC a Global Catalog? If so, what version of Windows is it?
For some reason, Exchange is unable to communicate with that new DC. Something must be blocking that traffic, or it cannot find that machine.
You could try running netdiag and DCDIAG from the Exchange server and see what it can find. That might give you an idea as to the source of the problem.
-M
For some reason, Exchange is unable to communicate with that new DC. Something must be blocking that traffic, or it cannot find that machine.
You could try running netdiag and DCDIAG from the Exchange server and see what it can find. That might give you an idea as to the source of the problem.
-M
ASKER
The other DC is running Server 2003 Standard; it is not a GC.
Ran netdiag and dcdiag; all tests passed.
Any other suggestions?
Ran netdiag and dcdiag; all tests passed.
Any other suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
One little problem. We do not have physical access to the server. It is on a customers site and can't get to it. I have made all DCs a GC as well. Looking through the error log, the code that is consistant is error 0x80040a02.
I believe the best practise is that you should have two global catalogs, and unless you have enough DCs to separate the roles, all DCs should be global catalogs. It all gets a bit complicated, so on small sites I just make them all GCs. After about an hour restart the system attendant and Exchange should pick it up.
The error code is topology, which basically means it cannot communicate with the domain controllers. This KB article covers some of the more common causes:
http://support.microsoft.com/kb/919089
-M
The error code is topology, which basically means it cannot communicate with the domain controllers. This KB article covers some of the more common causes:
http://support.microsoft.com/kb/919089
-M
ASKER
Both of the DC's are now GC's. System attendant is now starting but there is still an error starting the Exchange store.
What is the error when you start the store? It may just be the server catching up with the change to the domain.
-M
-M
ASKER
"Windows could not start the Microsoft Exchange Information Store on Local Computer. For more information, review the system Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 0."
ASKER
Here are the errors in the event logs:
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 1/4/2009
Time: 10:35:04 AM
User: N/A
Computer:
Description:
Process MAD.EXE (PID=2876). Topology Discovery failed, error 0x80040a02.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeMU
Event Category: General
Event ID: 1042
Date: 1/4/2009
Time: 10:35:02 AM
User: N/A
Computer:
Description:
Metabase Update failed to read the Configuration namespace property from the domain controller. Error code is 80040a01.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 1/4/2009
Time: 10:35:04 AM
User: N/A
Computer:
Description:
Process MAD.EXE (PID=2876). Topology Discovery failed, error 0x80040a02.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 1/4/2009
Time: 10:35:04 AM
User: N/A
Computer:
Description:
Process IISIPM3B433D86-1165-4A52-9 09C-BFBC04 C43263 -AP "EXCHANGEAPPLICATIONPOOL (PID=3968). Topology Discovery failed, error 0x80040a02.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 1/4/2009
Time: 10:35:04 AM
User: N/A
Computer:
Description:
Process MAD.EXE (PID=2876). Topology Discovery failed, error 0x80040a02.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeMU
Event Category: General
Event ID: 1042
Date: 1/4/2009
Time: 10:35:02 AM
User: N/A
Computer:
Description:
Metabase Update failed to read the Configuration namespace property from the domain controller. Error code is 80040a01.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 1/4/2009
Time: 10:35:04 AM
User: N/A
Computer:
Description:
Process MAD.EXE (PID=2876). Topology Discovery failed, error 0x80040a02.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 1/4/2009
Time: 10:35:04 AM
User: N/A
Computer:
Description:
Process IISIPM3B433D86-1165-4A52-9
For more information, click http://www.microsoft.com/contentredirect.asp.
Is there a way you can copy the CD to the server remotely? I'm thinking this is a rights issue based on the 0x80040a02 error. I'm keep going back to domainprep.... which would resolve two of the suggested resolutions below.
To resolve this problem, verify the following:
" The default domain policy or the default domain controllers policy is not blocked by a "No override" configuration on an organizational unit object or on the domain object.
" The Manage Auditing Security Privilege user right in the default domain controllers policy is applied to the Exchange Enterprise Servers group.
" The computer account of the affected Exchange server is included in the Exchange Domain Servers group.
To resolve this problem, verify the following:
" The default domain policy or the default domain controllers policy is not blocked by a "No override" configuration on an organizational unit object or on the domain object.
" The Manage Auditing Security Privilege user right in the default domain controllers policy is applied to the Exchange Enterprise Servers group.
" The computer account of the affected Exchange server is included in the Exchange Domain Servers group.
ASKER
I am having someone go to the office right now and put the disc into the drive. I need to run setup /domainprep from the setup directory on the disc, correct?
Yes, that is correct.
Domainprep will verify the bottom two resolutions i listed, but you still need to check the top one to be sure.
" The default domain policy or the default domain controllers policy is not blocked by a "No override" configuration on an organizational unit object or on the domain object.
" The default domain policy or the default domain controllers policy is not blocked by a "No override" configuration on an organizational unit object or on the domain object.
ASKER
I have verified that is not the case on both the default domain policy and the default domain controllers policy
Good deal, let's see if domainprep helps.
ASKER
Running setup /domainprep after running dcgpofix on the DC (on default DC policy) seems to have resolved the issue. Exchange store starts now; OWA and ActiveSync are now functioning as well. Thanks for the help guys.
Did the old server hold any of the FSMO roles?
Do you have any other domain controllers?
-M