Avatar of Manzoor_A
Manzoor_AFlag for United States of America asked on

Exchange 2003 Cannot reach configuration domain controller



I received event id 2090 from MSExchangeDSAccess
 
1."Process WMIPRVSE.EXE -EMBEDDING (PID=236). The Configuration Domain Controller specified in the registry (DC1) is unreachable. DSAccess will choose the Configuration Domain Controller from the list of available Domain Controllers."
 
2."Process EMSMTA.EXE (PID=3784). The Configuration Domain Controller specified in the registry (DC1) is unreachable. DSAccess will choose the Configuration Domain Controller from the list of available Domain Controllers. "
 
3."Process INETINFO.EXE (PID=736). The Configuration Domain Controller specified in the registry (DC1) is unreachable. DSAccess will choose the Configuration Domain Controller from the list of available Domain Controllers. "
 
4."Process STORE.EXE (PID=3688). The Configuration Domain Controller specified in the registry (DC1) is unreachable. DSAccess will choose the Configuration Domain Controller from the list of available Domain Controllers."
 
5."Process MAD.EXE (PID=2616). The Configuration Domain Controller specified in the registry (DC1) is unreachable. DSAccess will choose the Configuration Domain Controller from the list of available Domain Controllers. " 

I have 2 domain controllers, a PDU with active directory connector installed on it (DC1), and a secondary DC2 for backup. I've added the DC1 as the configuration dc. When I add the user, the exchange doesn't create a mailbox or email address (AD connector on exchange does update and shows the user though). But no email address still.
When I let the exchange server automatically select domain controllers and/or configuration server, it automatically selects the second one, and never sees the primary one. This configuration of course doesn't help my situation. Please note that an exchange expert had set it up (added DC1 to list of configuration and domain controllers manually) and it had been working fine till now.

Please help.
DatabasesActive DirectoryExchange

Avatar of undefined
Last Comment
MightySW

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Bembi

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Manzoor_A

I have tried sending email to the created account, but it never goes through. These messages have been appearing frequently so there's definitely something wrong.
How do I make sure the DC has a global catalog?

NOTE: I am sorry, but I never mentioned that we have 3 other vpn sites with a domain controller each, and I just checked the exchange server and it selects those 3 as global catalog server (and not dc1 or dc2) when set to automatic.

I'm not an expert in exchange server, all I see has been set up by a consultant the company hired before I started here. So please bear with me if I ask a dumb question.
Thanks.
SOLUTION
MightySW

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Manzoor_A

DC1 "is" a global catalog server. DC2 "is not".
I tried to go into exchange tasks for the new user I created (with no mailbox), and tried moving it from one store to another and it fails. When I view the detailed failure report, I see DC2 listed as the domain controller.....how do I change it back to DC1??
I've tried manually adding DC1 in Exchange server's system manager -> server properties under directory access tab.
thanks.
Bembi

Have you checked, if all services are running on DC1?
Is there something between exchange - DC1, routers, firewall etc.
Are there any windows firewalls enabled?

What do you mean by creating a new user without mailbox and move it?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER
Manzoor_A

My first hunch was also the windows firewall, but when I try to access it on DC1, it says cannot run the firewall, another program might be using it "ipnat.sys". I found a similar article in EE knowledgebase, and am following the recommendations there but that solution is not complete. Any sugestion are welcome.
NOTE: Exchange and DC1 are in the same network. not firewalls.
Creating new user: means I create the use in AD, but exchange never creates a mail box. although exchange tasks show up in the properties window.
ASKER
Manzoor_A

okay..I just stopped the RRAS service, opened the firewall and found out that it is set to "off". So no problems there.
Bembi

IPNAT is either windows firewall or ISA, is this a SBS box?
As you said Routing and RAS, there is also a native port filter.
Is there something set in RRAS? Do you use it?
I assume, all DCs have only one (active) NIC, right?
All protocols enabled?

Can you post a IPConfig /all for Exchange and DC1?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Manzoor_A

Exchange:
C:\Documents and Settings\administrator.QUAD1>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : quadmail
   Primary Dns Suffix  . . . . . . . : Quad1.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Quad1.local

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP Network Team #1
   Physical Address. . . . . . . . . : 00-13-21-07-FB-31
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.162
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.14
                                       192.168.0.11

DC1:
C:\Documents and Settings\administrator.QUAD1>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : qdc-dc1
   Primary Dns Suffix  . . . . . . . : Quad1.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : Quad1.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
   Physical Address. . . . . . . . . : 00-0C-29-65-34-40
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.14
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.14
                                       192.168.0.11
Bembi

  Node Type . . . . . . . . . . . . : Unknown
   WINS Proxy Enabled. . . . . . . . : No

   Node Type . . . . . . . . . . . . : Broadcast
   WINS Proxy Enabled. . . . . . . . : Yes

What should this be? Do you have a WINS server enabled? Net Bios over TCP/IP enabled winin the enhanced settings of the LAN connection?
 
This may not be the issue, simply point so some networks issues. This would also point me to the question, if the DNS service settings are correct, as these are used to find the DCs ad GC and whatelse.

What do netdiag say on these machines, any errors or unespected results?
 
ASKER
Manzoor_A

I don't think netdiag is installed on the machines. DC2 is a WINS server (we still have 2 win2000 servers). Here's the ipconfig on DC2:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : QDC-DC2
   Primary Dns Suffix  . . . . . . . : Quad1.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Quad1.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
   Physical Address. . . . . . . . . : 00-0C-29-B9-6A-94
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.14
                                       192.168.0.11

I haven't changed anything, I believe these settings worked until now.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
Manzoor_A

I am not sure what the node types should be.
Bembi

For WINS, you should set Node type to Hypbrid = 0x8. If you publish WINS via DHCP, you can also add the node type there, near the WINS setting.

Nevertheless, this may be a minor issue, you should check your DNS server, if all the services there and you can find your DC1 as gc. You have a lot of settings there in different orders like
_tcp/_gc and whatever. Check these settings if DC1 is all there and maybe you find some settings for other servers (i.e DC2) which should not have a _gc value, as ist is no global calatog.

These settings are dermining, which server provides with DC - role.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Manzoor_A

I will try these recommendations and update this thread on Monday. Thank you so much you all for the help.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Manzoor_A

I just checked the DNS server, and all entries look okay. DC2 does not have a _gc entry, the ones that do actually have the global catalog. The only thing left to do is may be make DC2 also a catalog, but I donot want to do that. I wand to bind the exchange server to DC1, so it is not dependent on DC2.
I am restarting DC1 at this time, will check and see if the exchange server sees it now.

Any other suggestions???
ASKER
Manzoor_A

the exchange server just cannot see DC1, it sees all other domain controllers, all other global catalog servers (which are on other sites, and are not listed under domain controllers), just not DC1. I am puzzled!!!

please help!
ASKER
Manzoor_A

RE: Bembi

I looked at the network configs for the domain controller and the exchange server, and I felt like the different node types might be the problem. So I researched on Microsoft KB site, and fixed the problem. DC1, DC2 and Exchange all have the WINS configuration added to them, and all node types now say "Hybrid" (I had to modify registry for DC1 to change it from "unknown" since EnableProxy for some reason stayed on).

Anyways, just thought I'd update it here. I am open to any suggestions at this time because my problem is still unsolved.

Thanks..
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
Manzoor_A

Good News, I've figured it out. It was actually the different Node types that hampered the communication between the two servers. After matching the node types, the mailboxes are starting to appear again (Although in the Exhange Best Practices Analyzer, it still says DC1 is non-functional/unreachable). But account creation and mailbox creation work.

Thanks Bembi (and the rest of you).

If anyone has a comment, please post it now. i will close the question tomorrow.

Thanks once again.
MightySW

Nice job.  I can't believe that Netbios could cause that problem...  What if you didn't have a WINS server in the environment?  Would the GC's just flush the information after 180 days and Exchange would operate normally?

Again, nice job MZ!