• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 598
  • Last Modified:

Intermittent Exchange Connectivity Errors

I have researched this for weeks now, and have not been able to find a fix:

Our Exchange 2007 server reports a long series of Errors in the App Log, a few times each day. These errors are reported for approximately 10 minutes, and then everything is fine again. During the time that these are reported, end-users are not able to access email either through Outlook or OWA. The errors on the server's App Log vary, but always include the following types:

MSExchange ADAccess
MSExchange Autodiscover
MSExchange System Attendant Mailbox
MSExchange RPC Over HTTP Autoconfig
MSExchange EdgeSync
MSExchangeSA
MSExchangeAL
MSEcxhange ActiveSync
MSExchangeFDS
MSExchangeTransport
MSExchangeTransportLogSearch
MSExchange IS

Some of the first errors that are reported are that all Domain Controllers and all Global Catalog servers are not responding. However, during this time, our network is functioning just fine. Aside from mail access being down, we are able to access all Domain Controllers and Global Catalog servers just fine.

DCDiag on the Exchange server reports the following:
LDAP search failed with error 58,
The specified server cannot perform the requested operation..
The host <SERVER> could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc


NetDiag reports these errors:

Redir and Browser test . . . . . . : Failed
List of transports currently bound to the Redir
NetbiosSmb
NetBT_Tcpip_{AA744127-CA68-4294-BBD8-D8C168242200}
The redir is bound to 1 NetBt transport.

List of transports currently bound to the browser
NetBT_Tcpip_{AA744127-CA68-4294-BBD8-D8C168242200}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to 'MYDOMAIN*' via browser. [ERROR_INVALID_FUNCTION]

And also

Kerberos test. . . . . . . . . . . : Failed
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)


When I run tests on the DNS server, no errors are reported.


BPA does indicate the following: "Cannot contact the DNS server (x.x.x.x) using TCP port 53. Check that the IP address of the DNS server is correct and that the DNS server is reachable, or reconfigure the internal and external DNS servers for the transport server SERVERNAME." The server that it is reporting this error for is the Postini server that is configured to filter outgoing messages. We configured this based on the instructions provided by us to Postini. We have tested and the server is reachable.

Any ideas what these connectivity issues could be caused by?

Thank you,
Jessica
0
cbryant
Asked:
cbryant
  • 3
  • 2
1 Solution
 
markdmacCommented:
Sounds like you have misconfigured DNS on the server.  Verify that on the NIC on the Exchange box, under TCP/IP settings ONLY lists internal DNS servers.  There should be no ISP DNS set there.

You want to set that on your DCs the same way as well.
On your DCs that have DNS installed make sure you either have forwarders configured or are using root hints.
0
 
cbryantIT ManagerAuthor Commented:
Thanks so much for the tip. I will try it out and get back to you. It may be Monday since these errors are so intermittent and usually only happen about two times per day, many hours apart.
Thank you!
Jessica
0
 
SaakarCommented:
Do you have a firewall in between the DC and Exchange?
If yes consider opening all ports or the specified in the BPA.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
cbryantIT ManagerAuthor Commented:
OK, it has taken me forever to look into all of these things, but I think I have finally found some valuable information.

I could not turn up anything obvious with DNS, so I ran NetStat Agent 3.0 and noticed that before we receive the intermittent errors, Netstat always reports the following TCP events:

Event          Remote Address  Status           Process
New           dc.server.net          SYN_SENT  Microsoft.Exchange.Cluster.ReplayService.exe
Removed  dc.server.net          N/A                Microsoft.Exchange.Cluster.ReplayService.exe
New           dc.server.net          SYN_SENT  Microsoft.Exchange.ServiceHost.exe
Removed  dc.server.net          N/A                Microsoft.Exchange.ServiceHost.exe
Netstat does report the "Microsoft.Exchange.Cluster.ReplayService.exe" process and the "Microsoft.Exchange.ServiceHost.exe" process at other times, with no errors, but during those times the status of the two processes is always "ESTABLISHED" or "CLOSE_WAIT." Whenever the status is "SYN_SENT," we then receive our intermittent connectivity errors.
Does this sound like anything obvious?
Thanks!
Jessica
0
 
cbryantIT ManagerAuthor Commented:
Hey there,
I really appreciate everyone's help, and I am happy to report that we found the solution to this.
The problem was with our Symantec Endpoint Security. Early on in troubleshooting this I had disabled Endpoint on the Exchange server with no luck. But the problem ended up being with Endpoint on the Domain Controller. Apparently Endpoint on the DC thought that the Domain Controller was getting "attacked" by our Exchange server at random intervals. This would cause the Domain Controller to cut-off communication with the Exchange server for a brief period of time. Hence all of our errors. The strange thing was that the DC did not report any of this in its Event logs. We determined this was the cause by viewing a Endpoint "Attacks Over Time" firewall report.
So, to fix this, we told Endpoint that all communication between the Exchange server and the Domain Controller was OK. We haven't had our intermittent Exchange errors since.
Hope this can save someone else a lot of time and headache!
Thanks again for your help!
Jessica
0
 
SaakarCommented:
Great to know that piece of information.. so it was basically a kind off firewall, that was causing the issue between the DC & Exchange.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now