Solved

Exchange Domain Server cannot identify its Network type!

Posted on 2010-09-02
20
1,125 Views
Last Modified: 2012-05-10
Talk about loose confidence  !  I have recently build a Windows 2008 R2 Domain with 2 Sites. I have the main Exchange Server in the same Rack as the DC with the FSMO roles. I re-booted the server yesterday and the the network card struggled to identfiy if it was in a home/public/domain. This has to be the worst development by MS!!!! If a server is in a domain all that Cr*p should be off. Thankfully it could see the Internet and was functional. Not happy...The server has 2 NIc's so I disable the spare and the Server then indentified the domain. It happened again after the next re-boot. Looking through articles it mentions opening the firewall TCP/UDP for 389. Ive done that but am not confident. Other things to note is that we have fully disabled IP 6 both through the controller and via the registry.
We have Baclup Exec 2010 with remote agents installed on the Server
Has anyone come across this? Can anyone point me at articles relating to this issue? Could it be the Backup agent?
I've spent many hours preparing this domain with Exchange and cannot believe that Domain Servers cannot remember they are in a domain.
Any help would be very appreciated!
0
Comment
Question by:TCS-UK
  • 10
  • 9
20 Comments
 
LVL 4

Expert Comment

by:xqs
ID: 33585002
Can you share with us how you've configured the nic's (what are the ip settings, dns config etc.).
If the server has two nics, have you considered teaming them, so the two of them "act" as one and the system continues to work if one nic fails?
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33585068
Hmm I must admit I've never seen this and I've installed dozens of Windows 2008 servers, some of them include the BE 2010 Agents, so I'd be surprised if that were the culprit.

Is all the DNS correct on the server? Including the DNS suffix?

Anything in the event logs that could point to a problem?

Can you temporarily disable to Windows Firewall service and reboot to see if there is any problem with the firewall profiles?

You say you have two sites in AD - which site does the Exchange Server sit in?
0
 

Author Comment

by:TCS-UK
ID: 33585076
The Nic settings reflect a static IP address with the DNS reflecting the 2 onsite DC's Ip address's. As to binding the cards, no I do not want to change any spanning tree settings within  the switch.
0
 

Author Comment

by:TCS-UK
ID: 33585276
Since I've made changes to the firewall I havent been able to reboot the server until out of hours. Here are the IP config settings. We do have a DAG setup and the Virtual Failover cluster IP may be the culptit. I cannot reboot the server until tonight (UK time). The sister Exchange Server on the other site does not have an issue by the way.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Server name
   Primary Dns Suffix  . . . . . . . : my domain
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : my domain

Ethernet adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter
   Physical Address. . . . . . . . . : 02-30-48-FC-57-A2
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 169.254.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #3
   Physical Address. . . . . . . . . : 00-30-48-FC-57-A3
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 194.x.x.13(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 194.x.x.1
   DNS Servers . . . . . . . . . . . : 194.x.x.11
                                       194.x.x.10  Default DC (This server is in the same RACK as the exchange)
                                       194.x.x.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


Cheers Tony
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33585358
Your virtual failover adapter is set for APIPA? Normally I would recommend putting this on a static IP on a completely different IP range and subnet 10.0.0.1/8 on one site and 10.0.0.2/8 on the other, for example.

It shouldn't be generally routable but obviously each side should be able to see the other.

I have no way to directly test at the moment this but I suspect that as part of the APIPA configuration, Windows is prompting you for the type of network it's attached to.

0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33585368
Yup thought so: APIPA and addresses from the APIPA range aren't supported for DAG's:

From http://technet.microsoft.com/en-us/library/dd638104.aspx

"Automatic Private IP Addressing (APIPA) is a feature of Microsoft Windows that automatically assigns IP addresses when no Dynamic Host Configuration Protocol (DHCP) server is available on the network. APIPA addresses (including manually assigned addresses from the APIPA address range) aren't supported for use by DAGs or by Exchange 2010."
0
 

Author Comment

by:TCS-UK
ID: 33585526
We have static ip with the DAG:-

RunspaceId                             : 6f6b5cd4-6a7b-45c7-a35c-0c7c1ae435e9
Name                                   : DAG01
Servers                                : {Server1, Server2}
WitnessServer                          : FSW server
WitnessDirectory                       : z:\DAG01_FSW
AlternateWitnessServer                 : Alt server
AlternateWitnessDirectory              : z:\FSW2
NetworkCompression                     : InterSubnetOnly
NetworkEncryption                      : InterSubnetOnly
DatacenterActivationMode               : Off
StoppedMailboxServers                  : {}
StartedMailboxServers                  : {}
DatabaseAvailabilityGroupIpv4Addresses : {194.x.x.14, 77.x.x.14}
DatabaseAvailabilityGroupIpAddresses   : {194.x.x.14, 77.x.x.14}
AllowCrossSiteRpcClientAccess          : False
OperationalServers                     :
PrimaryActiveManager                   :
ServersInMaintenance                   :
ThirdPartyReplication                  : Disabled
ReplicationPort                        : 0
NetworkNames                           : {}
WitnessShareInUse                      :
AdminDisplayName                       :
ExchangeVersion                        : 0.10 (14.0.100.0)
DistinguishedName                      : CN=DAG01,CN=Database Availability Groups,CN=Exchange Administrative Group (FYD
                                         IBOHF23SPDLT),CN=Administrative Groups,CN=Mydomain,CN=Microsoft Exchang
                                         e,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                               : DAG01
Guid                                   : d7908a89-aa01-4e59-b4a5-4595af3b90d0
ObjectCategory                         : mydomain/Configuration/Schema/ms-Exch-MDB-Availability-Group
ObjectClass                            : {top, msExchMDBAvailabilityGroup}
WhenChanged                            : 19/08/2010 14:01:24
WhenCreated                            : 18/08/2010 11:35:51
WhenChangedUTC                         : 19/08/2010 13:01:24
WhenCreatedUTC                         : 18/08/2010 10:35:51
OrganizationId                         :
OriginatingServer                      : AD2.mydomain.com
IsValid                                : True

I may need to look in the Fallover cluster manager for the "Virtual Failover Cluster adapter" perhaps?
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33585576
Ignore me - I was talking rubbish there. My bad.

It doesn't matter now on the virtual adapter:

http://blogs.technet.com/b/askcore/archive/2009/02/13/what-is-a-microsoft-failover-cluster-virtual-adapter-anyway.aspx
0
 

Author Comment

by:TCS-UK
ID: 33586478
Well at least I know to leave well alone, cheers. I will re-boot the server tonight and see if the card does the same again.

It looks like:

network location awareness

http://social.technet.microsoft.com/Forums/en/winserverPN/thread/460f7c52-99d8-4bc0-a357-ef2abb4080f9

It has to be something simillar to the above

The server is on "Local Connection 9". It may not be loading the GPO policy client perhaps as well. We had this issue when we rebooted both DC's at the same time and so they could not issue GPO as they were both rebooting....
0
 

Author Comment

by:TCS-UK
ID: 33587570
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33587617
Nice. So you join it to a child domain and they don't turn off LDAP in the firewall?

Good find.
0
 

Author Comment

by:TCS-UK
ID: 33628331
Hi Tony

 I've restarted the Server and now its the same, opening the ports on the Advanced firewall have not worked! Talking to a friend who said that "Vista" had this issue and turning off NLA may solve the problem.

I'll let you know
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33629075
Cr*p. I guess it could be worth temporarily disabling the firewall completely - stop the service - and that rules that out.

No other AV with integrated FW or anything?
0
 

Author Comment

by:TCS-UK
ID: 33635379
The Server is behind a Sonicwall-The AD Domain controllers are on the same side as the Exchange as well.  I'll turn it off. Under "Advanced Sharing Settings the "Home" "Public" and "Domain" network discovery are set to off.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33635468
Might this be the problem?

The Connection Specific DNS Name must match the “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName” for NLA to detect that it on a Domain.

It would appear that if these two patterns don't match, NLA will prompt for the type of network the computer is attached to.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33635484
Info taken from here:

http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx

Where it also goes on to talk about manually configuring as a private network if the above fails.

Although the article seems to mostly discuss client (XP/Win 7) with R2 it is a very similar process and the article is relevant.
0
 

Author Comment

by:TCS-UK
ID: 33670604
I have just turned off the firewall (Via services) and we lost connections to the mail server. I have then turned the firewll on but stop the firewall via the Network Sharing Center and that seems to have worked. THE CLUE! Whem I did this the NIC went from connection 9 to Connection 3. It had to be Card profiles.
0
 
LVL 25

Accepted Solution

by:
Tony1044 earned 500 total points
ID: 33670622
Wow that is messed up.

Out of interest I assume you don't actually have 9 NIC's?

Assuming two that are teamed, it'd be three which is normal on a server. Nine however seems a heck of a lot...wonder if it's been repeatedly finding a new NIC at reboots - that would also do it.

Glad you've resolved it though at last.
0
 

Author Closing Comment

by:TCS-UK
ID: 33735003
Thanks Tony, the fault seems intermitent and although it cant decide if it is in a domain it does still function. I re-booted again and it worked fined this time.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33735139
Thank you for the points - very generous as I don't think I was of that much help on this one.

Glad it's working for you if all a bit odd - if I come across anything more, I'll post it here.
0

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now