Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1146
  • Last Modified:

Exchange Domain Server cannot identify its Network type!

Talk about loose confidence  !  I have recently build a Windows 2008 R2 Domain with 2 Sites. I have the main Exchange Server in the same Rack as the DC with the FSMO roles. I re-booted the server yesterday and the the network card struggled to identfiy if it was in a home/public/domain. This has to be the worst development by MS!!!! If a server is in a domain all that Cr*p should be off. Thankfully it could see the Internet and was functional. Not happy...The server has 2 NIc's so I disable the spare and the Server then indentified the domain. It happened again after the next re-boot. Looking through articles it mentions opening the firewall TCP/UDP for 389. Ive done that but am not confident. Other things to note is that we have fully disabled IP 6 both through the controller and via the registry.
We have Baclup Exec 2010 with remote agents installed on the Server
Has anyone come across this? Can anyone point me at articles relating to this issue? Could it be the Backup agent?
I've spent many hours preparing this domain with Exchange and cannot believe that Domain Servers cannot remember they are in a domain.
Any help would be very appreciated!
0
TCS-UK
Asked:
TCS-UK
  • 10
  • 9
1 Solution
 
xqsCommented:
Can you share with us how you've configured the nic's (what are the ip settings, dns config etc.).
If the server has two nics, have you considered teaming them, so the two of them "act" as one and the system continues to work if one nic fails?
0
 
Tony JLead Technical ArchitectCommented:
Hmm I must admit I've never seen this and I've installed dozens of Windows 2008 servers, some of them include the BE 2010 Agents, so I'd be surprised if that were the culprit.

Is all the DNS correct on the server? Including the DNS suffix?

Anything in the event logs that could point to a problem?

Can you temporarily disable to Windows Firewall service and reboot to see if there is any problem with the firewall profiles?

You say you have two sites in AD - which site does the Exchange Server sit in?
0
 
TCS-UKAuthor Commented:
The Nic settings reflect a static IP address with the DNS reflecting the 2 onsite DC's Ip address's. As to binding the cards, no I do not want to change any spanning tree settings within  the switch.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
TCS-UKAuthor Commented:
Since I've made changes to the firewall I havent been able to reboot the server until out of hours. Here are the IP config settings. We do have a DAG setup and the Virtual Failover cluster IP may be the culptit. I cannot reboot the server until tonight (UK time). The sister Exchange Server on the other site does not have an issue by the way.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Server name
   Primary Dns Suffix  . . . . . . . : my domain
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : my domain

Ethernet adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter
   Physical Address. . . . . . . . . : 02-30-48-FC-57-A2
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 169.254.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #3
   Physical Address. . . . . . . . . : 00-30-48-FC-57-A3
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 194.x.x.13(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 194.x.x.1
   DNS Servers . . . . . . . . . . . : 194.x.x.11
                                       194.x.x.10  Default DC (This server is in the same RACK as the exchange)
                                       194.x.x.31
   NetBIOS over Tcpip. . . . . . . . : Enabled


Cheers Tony
0
 
Tony JLead Technical ArchitectCommented:
Your virtual failover adapter is set for APIPA? Normally I would recommend putting this on a static IP on a completely different IP range and subnet 10.0.0.1/8 on one site and 10.0.0.2/8 on the other, for example.

It shouldn't be generally routable but obviously each side should be able to see the other.

I have no way to directly test at the moment this but I suspect that as part of the APIPA configuration, Windows is prompting you for the type of network it's attached to.

0
 
Tony JLead Technical ArchitectCommented:
Yup thought so: APIPA and addresses from the APIPA range aren't supported for DAG's:

From http://technet.microsoft.com/en-us/library/dd638104.aspx

"Automatic Private IP Addressing (APIPA) is a feature of Microsoft Windows that automatically assigns IP addresses when no Dynamic Host Configuration Protocol (DHCP) server is available on the network. APIPA addresses (including manually assigned addresses from the APIPA address range) aren't supported for use by DAGs or by Exchange 2010."
0
 
TCS-UKAuthor Commented:
We have static ip with the DAG:-

RunspaceId                             : 6f6b5cd4-6a7b-45c7-a35c-0c7c1ae435e9
Name                                   : DAG01
Servers                                : {Server1, Server2}
WitnessServer                          : FSW server
WitnessDirectory                       : z:\DAG01_FSW
AlternateWitnessServer                 : Alt server
AlternateWitnessDirectory              : z:\FSW2
NetworkCompression                     : InterSubnetOnly
NetworkEncryption                      : InterSubnetOnly
DatacenterActivationMode               : Off
StoppedMailboxServers                  : {}
StartedMailboxServers                  : {}
DatabaseAvailabilityGroupIpv4Addresses : {194.x.x.14, 77.x.x.14}
DatabaseAvailabilityGroupIpAddresses   : {194.x.x.14, 77.x.x.14}
AllowCrossSiteRpcClientAccess          : False
OperationalServers                     :
PrimaryActiveManager                   :
ServersInMaintenance                   :
ThirdPartyReplication                  : Disabled
ReplicationPort                        : 0
NetworkNames                           : {}
WitnessShareInUse                      :
AdminDisplayName                       :
ExchangeVersion                        : 0.10 (14.0.100.0)
DistinguishedName                      : CN=DAG01,CN=Database Availability Groups,CN=Exchange Administrative Group (FYD
                                         IBOHF23SPDLT),CN=Administrative Groups,CN=Mydomain,CN=Microsoft Exchang
                                         e,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity                               : DAG01
Guid                                   : d7908a89-aa01-4e59-b4a5-4595af3b90d0
ObjectCategory                         : mydomain/Configuration/Schema/ms-Exch-MDB-Availability-Group
ObjectClass                            : {top, msExchMDBAvailabilityGroup}
WhenChanged                            : 19/08/2010 14:01:24
WhenCreated                            : 18/08/2010 11:35:51
WhenChangedUTC                         : 19/08/2010 13:01:24
WhenCreatedUTC                         : 18/08/2010 10:35:51
OrganizationId                         :
OriginatingServer                      : AD2.mydomain.com
IsValid                                : True

I may need to look in the Fallover cluster manager for the "Virtual Failover Cluster adapter" perhaps?
0
 
Tony JLead Technical ArchitectCommented:
Ignore me - I was talking rubbish there. My bad.

It doesn't matter now on the virtual adapter:

http://blogs.technet.com/b/askcore/archive/2009/02/13/what-is-a-microsoft-failover-cluster-virtual-adapter-anyway.aspx
0
 
TCS-UKAuthor Commented:
Well at least I know to leave well alone, cheers. I will re-boot the server tonight and see if the card does the same again.

It looks like:

network location awareness

http://social.technet.microsoft.com/Forums/en/winserverPN/thread/460f7c52-99d8-4bc0-a357-ef2abb4080f9

It has to be something simillar to the above

The server is on "Local Connection 9". It may not be loading the GPO policy client perhaps as well. We had this issue when we rebooted both DC's at the same time and so they could not issue GPO as they were both rebooting....
0
 
TCS-UKAuthor Commented:
0
 
Tony JLead Technical ArchitectCommented:
Nice. So you join it to a child domain and they don't turn off LDAP in the firewall?

Good find.
0
 
TCS-UKAuthor Commented:
Hi Tony

 I've restarted the Server and now its the same, opening the ports on the Advanced firewall have not worked! Talking to a friend who said that "Vista" had this issue and turning off NLA may solve the problem.

I'll let you know
0
 
Tony JLead Technical ArchitectCommented:
Cr*p. I guess it could be worth temporarily disabling the firewall completely - stop the service - and that rules that out.

No other AV with integrated FW or anything?
0
 
TCS-UKAuthor Commented:
The Server is behind a Sonicwall-The AD Domain controllers are on the same side as the Exchange as well.  I'll turn it off. Under "Advanced Sharing Settings the "Home" "Public" and "Domain" network discovery are set to off.
0
 
Tony JLead Technical ArchitectCommented:
Might this be the problem?

The Connection Specific DNS Name must match the “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName” for NLA to detect that it on a Domain.

It would appear that if these two patterns don't match, NLA will prompt for the type of network the computer is attached to.
0
 
Tony JLead Technical ArchitectCommented:
Info taken from here:

http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx

Where it also goes on to talk about manually configuring as a private network if the above fails.

Although the article seems to mostly discuss client (XP/Win 7) with R2 it is a very similar process and the article is relevant.
0
 
TCS-UKAuthor Commented:
I have just turned off the firewall (Via services) and we lost connections to the mail server. I have then turned the firewll on but stop the firewall via the Network Sharing Center and that seems to have worked. THE CLUE! Whem I did this the NIC went from connection 9 to Connection 3. It had to be Card profiles.
0
 
Tony JLead Technical ArchitectCommented:
Wow that is messed up.

Out of interest I assume you don't actually have 9 NIC's?

Assuming two that are teamed, it'd be three which is normal on a server. Nine however seems a heck of a lot...wonder if it's been repeatedly finding a new NIC at reboots - that would also do it.

Glad you've resolved it though at last.
0
 
TCS-UKAuthor Commented:
Thanks Tony, the fault seems intermitent and although it cant decide if it is in a domain it does still function. I re-booted again and it worked fined this time.
0
 
Tony JLead Technical ArchitectCommented:
Thank you for the points - very generous as I don't think I was of that much help on this one.

Glad it's working for you if all a bit odd - if I come across anything more, I'll post it here.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now