Exchange / Domain controller issue

setup: 2 windows 2003 servers 64bit: both domain controllers, both with Exchange 2007. Second copy largely redundant, except to try and recover some databases. Email seems to flow OK, but cannot manage anything within exchange. I think it might be a problem with domain controller access from the first server. Puzzling since AD is synchronising properly and the sysvol folder is viewable both ways. Errors shown below

Error Message when opening Server Config->Mailbox
--------------------------------------------------------
Microsoft Exchange Error
--------------------------------------------------------
The following error(s) were reported while loading topology information:

get-receiveconnector
Failed
Error:
The Exchange group with GUID "6c01d2a7-f083-4503-8132-789eeb127b84" was not found. This group was automatically created during Exchange Setup, but has been subsequently removed.
Could not find any available Global Catalog in <domain.co.uk>


---------------------------------------------------------------------------------------------------------

Message received on opening of Recipient Configuration Tab:
Could not find any available Domain Controller in domain <domain.co.uk>. It was running command 'get-recipient -ResultSize '1000' -SortBy 'DisplayName -Ricipient Type
'DynamicDistricutionGroup','UserMailbox','MailContact','MailUser','MailUniversalDistributionGroup','MailUniversalSecurityGroup','MailNonUniversalGroup'.


-------------------------------------------------

Event Type:      Error
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12014
Date:            17/02/2009
Time:            21:11:39
User:            N/A
Computer:      <server>
Description:
Microsoft Exchange couldn't find a certificate that contains the domain name sf-server.domain.co.uk in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Default server with a FQDN parameter of server.domain.co.uk . If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.

---------------------------------------------------------------------------------------------------------------

Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      13
Date:            17/02/2009
Time:            21:10:59
User:            N/A
Computer:      server
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x80070005).  Access is denied.

-----------------------------------------------------------------------------------------------------------
Event Type:      Error
Event Source:      MSExchange ADAccess
Event Category:      Topology
Event ID:      2130
Date:            17/02/2009
Time:            21:03:05
User:            N/A
Computer:      server
Description:
Process mmc.exe (EMC) (PID=6268). Exchange Active Directory Provider could not find an available domain controller in domain DC=<..........>,DC=co,DC=uk. This event may be caused by network connectivity issues or configured incorrectly DNS server. This event may also occur if you have not configured correctly your multiple Active Directory sites.

--------------------------------------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12015
Date:            17/02/2009
Time:            20:56:30
User:            N/A
Computer:      server
Description:
An internal transport certificate expired. Thumbprint:6CF1649AD73BC80850D3E713F36B240DADD8C8FA
Ice123Asked:
Who is Participating?
 
MesthaConnect With a Mentor Commented:
You have two types of errors there - certificate errors and domain controller errors. The certificate errors wouldn't cause a problem with Exchange talking to the DC, except for that certificate enrolment error. That one is a concern. Take a look at this very long event ID post on the error: http://www.eventid.net/display.asp?eventid=13&eventno=2719&source=AutoEnrollment&phase=1

Tends to point to the domain controller having some problems. Now if that is the case then that would cause a problem with Exchange.

-M
0
 
MesthaCommented:
Are both servers a global catalog? If not then they need to be. When Exchange is installed on a domain controller it only uses itself for DC functionality.

-M
0
 
Ice123Author Commented:
Yes -  both are global catalogue servers.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Ice123Author Commented:
nslookup domain.co.uk on server1 returns:

Server:  server1.domain.co.uk
Address:  192.168.254.1

Name:    domain.co.uk
Addresses:  192.168.254.1 (server1), 192.168.254.4 (server2)

This is what I expect since both are DCs and both appear to be registered as such.
0
 
Ice123Author Commented:
thanks Mestha... Will take a look in more detail shortly, but having looked into a couple of the points, doesnt seem to have helped.

forgot to add this error message

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1054
Date:            18/02/2009
Time:            17:03:55
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER1
Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
0
 
MesthaCommented:
That error is basically connected to the above - the server being unable to talk to the domain controller.

-M
0
 
Ice123Author Commented:
Mestha, thanks for the pointers...

I followed the instructions through and ended up having to add the group 'domain controllers' to the security group 'CERTSVC_DCOM_ACCESS'. This cleared the error Auto enrollment Error ID13. However, exchange from server 1 still cannot access the domain controller to find a list of recipients. This seems very wierd since I can access AD users and computers from server1 (local computer).

It says there is no certificate issued for server1 - is this required?

Any further advice appreciated.
0
 
MesthaCommented:
Do you have certificate services running internally? Certificates is not something I have ever had to worry about.

-M
0
 
Ice123Author Commented:
yes - MS cert authority.

On other advice, tried deleting the administrator profile... didnt work.

Then tried this - it now allows communication between the exchange servers...
The directions it suggests are:

1. Click Start, click Run, type control keymgr.dll , and the click OK.
2. Click Back up, and then follow the instructions to save the current entries.
3. Delete any entry that matches the names of the Exchange servers and domain controllers in your organization. Typically, you want to clear all entries.
4. Try to open the Exchange Management Console

further update after restarts....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.