Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Getting MSExchangeSA Event ID 1005 Login failure error and services will not start.

Posted on 2009-06-29
12
Medium Priority
?
2,940 Views
Last Modified: 2012-05-07
I have a problem which I think stems from some AD corruption that I have had on SBS 2003.

I have got the server booting up after running ntdsutil offline compression etc. but now Exchange services will not start and I am getting the following error messages:

MSExchangeSA Event: 1005 Category: General
Unexpected error Logon failure: unknown user name or bad password. Facility: Win32 ID no: 8007052e Microsoft Exchange System Attendant  occurred.

MSExchangeDSAccess Event: 2114 Category: Topology
Process INETINFO.EXE (PID=5104). Topology Discovery failed, error 0x80040931.

I have already re-run forestprep and domainprep for exchange in case there were missing components in the AD after a cleanup but this has not helped. Also re-applied Exchange SP2.

This is SBS Single server environment so do not have facility to rebuild AD from another server.

I think the problem is mainly to do with the local service account not being recognized by AD and am also getting

USERENV Event: 1053
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.

Any suggestion greatly appreciated.
0
Comment
Question by:k-meson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24738084
Click on Start, Run, (type) services.msc (press enter)
Look down the list of services for Exchange system Attendant.  In the right-hand column, what is the Log On As name shown?  Is it Local System or something else?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24738101
Try typing the following in a DOS prompt:
nltest /sc_change_pwd:<netbiosdomainname> where netbiosdomainname is the name of your domain name.
0
 

Author Comment

by:k-meson
ID: 24738246
Exchange System Attendant is running as local service.

nltest does not run, not recognised as a command.

Have just spotted that I have a number of items listed as ForeignSecurityPrinciples such as NT AUTHORITY\SYSTEM in the AD Tree. Should these be in a proper container? If so how do I re-create?
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24738353
The ForeignSecurityPrinciples folder is empty by default.
I have never come across this before and googling does not bring up anything useful.
Having had a corrupted AD - do you have a System State backup you can use to restore AD from?
Have a read of the following EE Question:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22074580.html 
0
 

Author Comment

by:k-meson
ID: 24738473
Unfortunateley I have no system state back-ups which is why I had to run a fix on the AD in the first place. I have a copy of the corrupt AD file before fixing which I may try to re-instate to see what happens.

It is all a bit frustrating!

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24738563
0
 

Author Comment

by:k-meson
ID: 24739037
Server will now not boot up at all....

Looks like I may need to set up my new SBS 2008 and start again.

Any other ideas appreciated - will get back to this tomorrow.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24739061
What changed?
I thought we were talking SBS 2003 not SBS 2008?
0
 

Author Comment

by:k-meson
ID: 24740597
Yes currently running 2003.

Tried to swap ntds.dit with previous version before defrag etc. but now server reports security error and will not start. Changed files back and got same result.

I do have a copy of SBS2008 that I was due to implement when hardware became available but wanted to migrate. Fortunateley I have all data backed up so can start from fresh but need new tin to do it with.

Would really like to get this one running again if I can though as didn't really expect to need to purchase at this stage.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24740643
You cannot just copy and paste the NTDS.DIT file and hope it works.  You would have to reboot into Directory Service Restore Mode and restore that way.
Have a read of the following:
http://technet.microsoft.com/en-us/library/bb727048.aspx
If you don't have a proper system state backup, you may well end up spending more time trying to finx than trying to rebuild.
Your best course of action may be to call Microsoft and pay them the small fee to troubleshoot the problem for you.  They should be able to tell you fairly quickly if it can be achieved and save you some time, unless you have plenty to spare.
 
0
 

Accepted Solution

by:
k-meson earned 0 total points
ID: 24754841
Had to get Microsoft involved - turned out to be local security issue stopping DNS accessing AD records and thus causing Exchange to get the DC Access error.
Steps taken by MS Engineer
1.       We tried to start the exchange services, but failed with error message.
2.       Checked the DNSSERVER and didnt find any zones are loaded.
3.       Reset the secure channel using  Netdom resetpwd /server:DOMAINLOCALIP /userd:DOMAINNAME\Administrator /password:*
4.       Rebooted the Server and were able to start Exchange services fine.
5.       Also noticed that we couldnt logon to the domain on client machines. We disjoined and rejoined the machines to the domain.
6.       We were able to successfully logon to the domain.

Thanks to MS Break Fix Support which I get FOC with my action Pack and to alanhardisty for suggesting I call them!


0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24754886
Sorry we could not help, but glad you got it fixed in the end.
Sonds like a nasty problem.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question