• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Problem with Exchange 2003

Hello:

I just demoted a DC peacefully with DCPROMO, and now only have one domain controller and one Exchange Server.  The DC is also a GC.  The Exchange Server is pointing to the DC for DNS.  The Exchange Information Store will not mount and services will not start.   I ran dcdiag and everything passes.

In the event log there are many errors regarding Active Directory.  Can anyone help me in figuring out why the Exchange is not starting?

Thanks in advance.
0
aaccessnet
Asked:
aaccessnet
  • 15
  • 14
  • 5
  • +1
1 Solution
 
shauncroucherCommented:
Have you followed the advice here to make sure that Exchange is looking at the right DC:

http://www.msexchange.org/tutorials/Exchange-System-Manager-Domain-Controller-Selection.html

shaun
0
 
Glen KnightCommented:
Can you post some of the event logs?

Have you restarted the Exchange Server since demoting the DC?
0
 
aaccessnetAuthor Commented:
It is hanging on Applying Computer Policy after I rebooted.  I also rebooted the DC.  It had a few DNS errors, Event ID;  4004 and 4015
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
Glen KnightCommented:
OK, that would indicate that it's not using the correct DNS server.
When you say it's pointing to the DC for DNS, does the DC have DNS installed on it?
0
 
aaccessnetAuthor Commented:
yes
0
 
Glen KnightCommented:
Can you post IPCONFIG /ALL from both the DC and the Exchange Server please.
0
 
aaccessnetAuthor Commented:

Ethernet adapter inside.192:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
   Physical Address. . . . . . . . . : 00-06-5B-F6-00-D8
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.4.26
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.4.1
   DNS Servers . . . . . . . . . . . : 192.168.4.26
                                       192.168.4.22
   Primary WINS Server . . . . . . . : 192.168.4.23

PPP adapter RAC Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : 00-53-45-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.234.235
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

C:\Documents and Settings\Administrator.DFA>





























0
 
Glen KnightCommented:
That's the DC yes?
0
 
aaccessnetAuthor Commented:
yes

This is the Exchange server:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : exch01
   Primary Dns Suffix  . . . . . . . : dav
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dav

Ethernet adapter Linksys-gigabit:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Linksys EG1032
 Network Adapter Driver
   Physical Address. . . . . . . . . : 00-1A-70-13-C7
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.4.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.4.1
   DNS Servers . . . . . . . . . . . : 192.168.4.26
0
 
Glen KnightCommented:
What is: 192.168.4.22

On the PPP adapter can you ensure that when you click on the properties of the adapter it is not set to register this connection in DNS?
If your not using it can you disable it?

Can you also run DCDIAG /FIX and NETDIAG /FIX on the DC

On your exchange server can you change the Primary DNS suffix to your fully qualified domain name, this is set under TCP/IP Properties, advance, DNS
0
 
tusharnextgenCommented:
please run ipconfig/all on exchange server as well and post it.
0
 
Glen KnightCommented:
see comment http:#26208240
0
 
tusharnextgenCommented:
oh sorry page was not updated
0
 
aaccessnetAuthor Commented:
Do you want to see the event logs?
0
 
tusharnextgenCommented:
please also post eventid 2080 description here. so that we could know if dsaccess is able to find required dc or not.
0
 
Glen KnightCommented:
Can you answer the questions in my last post please?
0
 
tusharnextgenCommented:
clear and save the event logs and try to restart system attendant service. let us know which error event you get after that.
0
 
aaccessnetAuthor Commented:
Net Diag and DC Diag  passed
0
 
Glen KnightCommented:
What is: 192.168.4.22

You got no errors at all in DCDIAG and NETDIAG?


0
 
aaccessnetAuthor Commented:
4.22 is the old dc that was demoted
0
 
aaccessnetAuthor Commented:
System attendent fails, attaced is the log
app.bmp
0
 
Glen KnightCommented:
can you remove it from the Network Card configuration of your existing DC then?
If this is no longer a DNS server then the DCDIAG would have failed?!?

Can you post the DCDIAG results?
0
 
Glen KnightCommented:
Can you post the actual text from the eventlog log please?
0
 
aaccessnetAuthor Commented:

C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DFAMAIN
      Starting test: Connectivity
         ......................... DFAMAIN passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DFAMAIN
      Starting test: Replications
         ......................... DFAMAIN passed test Replications
      Starting test: NCSecDesc
         ......................... DFAMAIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... DFAMAIN passed test NetLogons
      Starting test: Advertising
         ......................... DFAMAIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... DFAMAIN passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... DFAMAIN passed test RidManager
      Starting test: MachineAccount
         ......................... DFAMAIN passed test MachineAccount
      Starting test: Services
         ......................... DFAMAIN passed test Services
      Starting test: ObjectsReplicated
         ......................... DFAMAIN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DFAMAIN passed test frssysvol
      Starting test: frsevent
         ......................... DFAMAIN passed test frsevent
      Starting test: kccevent
         ......................... DFAMAIN passed test kccevent
      Starting test: systemlog
         ......................... DFAMAIN passed test systemlog
      Starting test: VerifyReferences
         ......................... DFAMAIN passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : DavidFeldmanAssociates
      Starting test: CrossRefValidation
         ......................... DavidFeldmanAssociates passed test CrossRefVa
lidation
      Starting test: CheckSDRefDom
         ......................... DavidFeldmanAssociates passed test CheckSDRef
Dom

   Running enterprise tests on : DavidFeldmanAssociates.local
      Starting test: Intersite
         ......................... DavidFeldmanAssociates.local passed test Inte
rsite
      Starting test: FsmoCheck
         ......................... DavidFeldmanAssociates.local passed test Fsmo
Check

C:\Program Files\Support Tools>
0
 
Glen KnightCommented:
Is that old DC still a DNS server?
Have you removed the entry from the network configuration?
0
 
aaccessnetAuthor Commented:
App Log
app.txt
0
 
aaccessnetAuthor Commented:
DNS is only point to the on DC on both servers
0
 
Glen KnightCommented:
OK, that error is because you don't have the correct permission on the new DC.

See here for how to fix it: http://support.microsoft.com/kb/919089

The problem is with the Manage Auditing and Security setting in the default domain controller policy, it's all explained in the document.
0
 
aaccessnetAuthor Commented:
I will look now, Thank you!
0
 
Glen KnightCommented:
Your DC also has the other DC as a DNS server:

   DNS Servers . . . . . . . . . . . : 192.168.4.26
                                       192.168.4.22
   Primary WINS Server . . . . . . . : 192.168.4.23

That's from the IPCONFIG you posted earlier.
0
 
aaccessnetAuthor Commented:
I removed that after the post
0
 
tusharnextgenCommented:
thats the only reason i was asking for description of event id 2080 to know the SACL rights

basically 2080 in application log on exchange server gives the list of dc gc where exchange server is looking at and has the information in cached about those dc for some time. It will also tell you if SACL rights are there or not,

one more thing please check your RUS is pointing towards live domain controller and not the old domain controller which you have removed.
0
 
Glen KnightCommented:
we were all asking for the event logs http:#26208187

As it stands I think the resolution is in the Microsoft Article I posted.
we will see.
0
 
Glen KnightCommented:
any joy on this one?
0
 
aaccessnetAuthor Commented:
Thank you
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 15
  • 14
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now