Posted on 2009-04-14
I am having an issue with an Exchange 2007 server. Last week there was domain wide issue.
My problems originated with the "MainDC" Domain Controller. I was getting repeated NTDS replication errors in the error log. Some of the other errors that we were getting included:
DNS: Event 4000, The DNS Server was unable to open Active Directory
Userenv: Evnet 1053, Windows cannot determine the user or the computer name
The MainDC held the Schema Master, Global Catalog, and PDC Operations Master roles for the bob.local domain. Users were reporting issues while trying to login, but drive shares on the MainDC were working. After several hours of trying to make repairs to no avail, we decided to take a "brute force" approach to fixing the issue. These were the steps:
We used the other domain controllers to assume the FSMO roles that the MainDC owned.
We ran a dcpromo /FORCEREMOVAL on the MainDC (Had to force it since it couldn't communicated with AD)
We used the NTDSUTIL utility to clean up the metadata left behind for the MainDC
We removed DNS from MainDC
We rejoined MainDC to the domain as a member server
We reinstalled DNS on the MainDC
We reinstalled Active Directory on the MainDC using DCPROMO.
At that point, everything went back to normal across the domain. The replication errors stopped and there have been no major event IDs since.
Exchange stopped working the same time that the MainDC stopped working. We did nothing on the Exchange server since it wasn't mission critical (it's a brand new install).
The repeated events that i am seeing are:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1808). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1808). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
Dc2.bob.local CDG 1 7 7 1 0 0 1 7 1
DC3.bob.local CDG 1 7 7 1 0 0 1 7 1
DC4.bob.local CDG 1 0 0 1 0 0 0 0 0
DC5.bob.local CDG 1 0 0 1 0 0 0 0 0
MainDC.bob.local CDG 1 7 7 1 0 0 1 7 1
Process MSEXCHANGEADTOPOLOGY (PID=1808). The site monitor API was unable to verify the site name for this Exchange computer - Call=HrSearch Error code=80040a01. Make sure that Exchange server is correctly registered on the DNS server.
Process MSEXCHANGEADTOPOLOGY (PID=1808). When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object MAIL2 - Error code=80040a01.
The Exchange Active Directory Topology service will continue with limited permissions.
Process MAD.EXE (PID=2312). All Domain Controller Servers in use are not responding:
Any help is greatly appreciated.