Fix Exchange Server 2003 and Windows Server 2003 AD DC installed on same machine?

Akhater:

It is it's own DNS Server (running DNS Services).  I have checked the A records and the SRV records, and they look ok.  However, I do get an an error on the Event Log below.  I ran the tests on the "Monitoring" tab and they both passed.  Ran dcdiag and all tests pass.  I get a DLL error on netdiag when I run it.  "Entry point not found" in DNSAPI.DLL, so I can't run that.

Added info:  The whole thing is running on a desktop single processor (AMD) with 2GB Ram, and a 40 GB HDD (arghh).  However, it all works.  I've also got Symantec Information Foundation Mail Security and it's working.  All working perfectly....
--
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Date:            4/21/2009
Time:            8:10:22 PM
User:            N/A
Computer:      EXCHANGE
Description:
The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

Data:
0000: 2a 23 00 00               *#..    
---
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            4/22/2009
Time:            4:33:09 AM
User:            N/A
Computer:      EXCHANGE
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...    

it does look like a dns issue, are you sure the srv records are there ?

do you have the _msdcs zone ?

Hmm, it could be that your DNS server is not an AD-integrated zone? Under your DNS, do you Forward Lookup zones have the comment "Active Directory-Integrated" under Type?
Also can you check if Exchange can detect and connect to the Global Catalog? Launch Exchange System Manager, expand "Servers", right-click your exchange server and select "Properties", then select the "Directory Access" tab. Does your DC show up as DC, Config and GC server? There should be three entries listed there.

>>it could be that your DNS server is not an AD-integrated zone? <<

It is not a must to have it AD-intergrated, there should just be a zone that is well configured

Thanks for your responses.

1.  I have the _msdcs zone. Every SRV record points to my server (along with other numbers in brackets) like this:
[0][100][88]exchange.xxx.net

2.  They are all set as "Active Directory Integrated Zone"

3.  Checking the Exchange System manager shows the three entries specifed by harnamsc

Some other info:

There is an entry in the DNS under Forward Lookup Zone/xxx.net/domains labeled:
af53b1d-9788-4453-<a bunch more hex chars>  

Under that is _tcp and under that is
[0][100][389]exchange.xxx.net

Are these valid entries?  They look like orphaned objects, could this be it?

What if I uninstall and re-install DNS?

.

in Active Directory site and services do you have at least one DC listed as GC ?

if so clear the event log of that GC and restart it check event log for errors

There is only one computer in the domain and it is a DC and a GC.  

"clear the event log of the GC and restart it and check event log for error"

I'm not sure what you mean when you say clear the event log of the GC.  Please be more specific.

Do you mean clear the event log of the only computer in the domain, and restart the computer?

I've done that at least 3 times already...

Thanks.

you have only one computer in the domain !

ok i c


can you paste an ipconfig /all of that computer ?

Yes, please read the first question.  Whomever set it up decided to put everything on one computer.  AD, DNS, Exchange, etc.

Here is the ipconfig

Windows IP Configuration
   Host Name . . . . . . . . . . . . : exchange
   Primary Dns Suffix  . . . . . . . : cordev.net
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cordev.net
 
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
   Physical Address. . . . . . . . . : 00-01-80-4F-43-DD
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.4
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.254
   DNS Servers . . . . . . . . . . . : 192.168.0.4
                                       192.168.0.1

Select allOpen in new window

I did read the first question and told you before it wasn't recommended but it does work.

I just didn't know you have only one computer in the domain, I thought it was a DC acting as Exchange

your dns settings seems ok.

who is 192.168.0.1 ? if you have only one computer than this entry should not be here.

Moreover in your DNS server, do you have _msdcs.domain.com as a separate zone or just an subdomain _msdcs under the domain.com zone ?

There is another domain to which everyone in the office belongs to.  A DC in that domain is 192.168.0.1, that is why the entry is there, although I don't think I need it.

The _msdcs is under cordev.net.  

Below is what the top layer looks like

DNS
  EXCHANGE
     Forward Lookup Zones
         cordev.net
             _msdcs
             _sites
             _tcp
             _udp
             domaindnszones
             forestdnszones
     Reverse Lookup Zones
         192.168.0.x Subnet 
             

Select allOpen in new window

ok thanks for that.

If you know what is a delegation, is the _msdcs a subdomain or a delegation ?

if not then if you open the _msdc can you find anything underneath it ?

finally a screen shot of the dns might help

I don't know the answer to the question.  Attached is the entire DNS with everything expanded...

Earlier I deleted the cordev.net zone, and then added it again.  Since then the errors have disappeared.  It hasn't been a very long time, so I really need to wait a few hours and then check the Event Log again.

Thanks!
dns.JPG

>>Earlier I deleted the cordev.net zone, and then added it again.<<<

I think that solved it , the DNS looks fine as it is in your picture.

Should you experience again the error please update us

Errors started again at 3:59 am.  Same errors.  Later entries in the event log seem to indicate that it has recovered somewhat.  For instance, at 3:59, I got this error:

Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2104
Date:            4/25/2009
Time:            3:59:50 AM
User:            N/A
Computer:      EXCHANGE
Description:
Process MAD.EXE (PID=3020). All the DS Servers in domain are not responding.

Then, later

Event Type:      Information
Event Source:      MSExchangeSA
Event Category:      Monitoring
Event ID:      9095
Date:            4/25/2009
Time:            5:20:12 AM
User:            N/A
Computer:      EXCHANGE
Description:
The MAD Monitoring thread is initializing.

I'm wondering if this has anything to do with backup or antivirus software running...

Can you check to make sure you didn't have a restart at that time ?

also open exchange system  manager, navigate to the server under Admin Groups, go to properties and Directory Access, are they automatic or manual?

No restart.

All are set on Auto

any more errors since ?

are you facing problems ?

Last error was on the 27th.  Email is working fine, though:
----

Event Type:      Error
Event Source:      MSExchangeSA
Event Category:      General
Event ID:      9152
Date:            4/27/2009
Time:            2:10:41 PM
User:            N/A
Computer:      EXCHANGE
Description:
Microsoft Exchange System Attendant reported an error '0x8007203a' in its DS Monitoring thread.

For more information, click http://www.microsoft.com/contentredirect.asp.
---
Event Type:      Error
Event Source:      MSExchangeDSAccess
Event Category:      Topology
Event ID:      2102
Date:            4/27/2009
Time:            2:10:32 PM
User:            N/A
Computer:      EXCHANGE
Description:
Process MAD.EXE (PID=3020). All Domain Controller Servers in use are not responding:
exchange.cordev.net
 

For more information, click http://www.microsoft.com/contentredirect.asp.

Ran DCDIAG and got this error.  The rest of the tests passed.

Doing initial required tests

   Testing server: Default-First-Site-Name\EXCHANGE
      Starting test: Connectivity
         The host 3210013e-7115-411d-9e33-da43b22f994c._msdcs.cordev.net could n
ot be resolved to an
         IP address.  Check the DNS server, DHCP, server name, etc
         Although the Guid DNS name
         (3210013e-7115-411d-9e33-da43b22f994c._msdcs.cordev.net) couldn't be
         resolved, the server name (exchange.cordev.net) resolved to the IP
         address (192.168.0.4) and was pingable.  Check that the IP address is
         registered correctly with the DNS server.
         ......................... EXCHANGE failed test Connectivity

Ran it again, and it passed the above test, as well as all others.  It must have done some garbage collection...

I deleted and reloaded the Forward lookup zone using the DNS wizard.  We'll see what happens...

so seems all is fine now ?

After deleting and reloading the Forward lookup zone using the DNS wizard, all seems to be ok.

Thanks for your help.

Pointed me in the right direction.  Thanks.