troubleshooting Question

Cannot apply Exchange RUS connections to parent/child domains

Avatar of FADVMSAdmin
FADVMSAdmin asked on
ExchangeWindows Server 2003Active Directory
26 Comments1 Solution1345 ViewsLast Modified:
I hope someone can help.  I am setting up a test AD/Exchange environment and am having some issues with Exchange.

One Forest/domain (ForestA), with 2 child domains (DomainA, DomainB).
Each domain has 2 DCs (i.e. ForestA-DC1/ForestA-DC2).  
All DCs in entire forest located in single AD site.
GC located on *-DC2 server in each domain (3 GCs total).
All windows 2003 Standard R2 SP2.  
Exchange 2003 SP2.
One exchange server installed into DomainA domain (Exchange1).
Domainprep ran in all 3 domains.
Forest prep ran in forest domain.

Problem:  When I mail enable accounts in DomainA the recipient policy works fine.  Mail-enabled accounts in either the parent/forest domain, or second child domain never get SMTP addresses applied.

Troubleshooting steps:
Turned up logging on ExchangeAL/SA to find any issues.  Noted LDAP operations seem to only occur for DomainA (no other domain).  It's as if exchange isn't even trying to look for accounts in the other domains.

Figured the above was due to lack of RUS for the other domains.  Tried to add RUS for ForestA and DomainB, but get error:  
     > The specified group type is invalid.
     > Facility: Win32
     > ID no: c0072141
     > Exchange System Manager

Early research hints at problem being related to lack of GC for those domains.  I have proper GCs and replication looks good.  I did note that under the DSAccess tab in the Exchange server, the only GC listed is the one GC in DomainA.  Is this a problem?  Discovery is set to Auto.  Why isn't it pulling a GC from each domain?

I also found some posts saying when a child domain is patched with Windows Service Pack 2, this problem ends up as a result.  Could this be?  I see nothing on MS's site relating to this.  See post here:

I don't know what else to do.  I tried re-running domainprep on DomainB and it completed successfully but still cannot apply RUS for that domain.

*EDITED* I enabled some higher logging on the DSAccess itself and found that it is indeed seeing everything it needs to see in terms of topology discovery.  It doesn't look like my issue is lack of GCs or ability to see them.

>     Process MAD.EXE (PID=2112). DSAccess has discovered the following servers with the following characteristics:
>      (Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
>     In-site:
>     ForestA-DC1.ForestA.Local      CD- 6 6 0 0 0 1 6 1
>     ForestA-DC2.ForestA.Local      CDG 7 7 1 0 0 1 7 1
>     DomainA-DC1.DomainA.ForestA.Local      CD- 6 6 0 0 1 1 6 1
>     DomainA-DC2.DomainA.ForestA.Local      CDG 7 7 1 0 1 1 7 1
>     DomainB-DC1.DomainB.ForestA.Local      CD- 6 6 0 0 0 1 6 1
>     DomainB-DC2.DomainB.ForestA.Local      CDG 7 7 1 0 0 1 7 1

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 26 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 26 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros