asked on

Exchange Domain Server cannot identify its Network type!

Talk about loose confidence ! I have recently build a Windows 2008 R2 Domain with 2 Sites. I have the main Exchange Server in the same Rack as the DC with the FSMO roles. I re-booted the server yesterday and the the network card struggled to identfiy if it was in a home/public/domain. This has to be the worst development by MS!!!! If a server is in a domain all that Cr*p should be off. Thankfully it could see the Internet and was functional. Not happy...The server has 2 NIc's so I disable the spare and the Server then indentified the domain. It happened again after the next re-boot. Looking through articles it mentions opening the firewall TCP/UDP for 389. Ive done that but am not confident. Other things to note is that we have fully disabled IP 6 both through the controller and via the registry.
We have Baclup Exec 2010 with remote agents installed on the Server
Has anyone come across this? Can anyone point me at articles relating to this issue? Could it be the Backup agent?
I've spent many hours preparing this domain with Exchange and cannot believe that Domain Servers cannot remember they are in a domain.
Any help would be very appreciated!

xqs

Can you share with us how you've configured the nic's (what are the ip settings, dns config etc.).
If the server has two nics, have you considered teaming them, so the two of them "act" as one and the system continues to work if one nic fails?

Tony J

Hmm I must admit I've never seen this and I've installed dozens of Windows 2008 servers, some of them include the BE 2010 Agents, so I'd be surprised if that were the culprit.

Is all the DNS correct on the server? Including the DNS suffix?

Anything in the event logs that could point to a problem?

Can you temporarily disable to Windows Firewall service and reboot to see if there is any problem with the firewall profiles?

You say you have two sites in AD - which site does the Exchange Server sit in?

TCS-UK

ASKER

The Nic settings reflect a static IP address with the DNS reflecting the 2 onsite DC's Ip address's. As to binding the cards, no I do not want to change any spanning tree settings within the switch.

TCS-UK

ASKER

Since I've made changes to the firewall I havent been able to reboot the server until out of hours. Here are the IP config settings. We do have a DAG setup and the Virtual Failover cluster IP may be the culptit. I cannot reboot the server until tonight (UK time). The sister Exchange Server on the other site does not have an issue by the way.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Server name
Primary Dns Suffix . . . . . . . : my domain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : my domain

Ethernet adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter
Physical Address. . . . . . . . . : 02-30-48-FC-57-A2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #3
Physical Address. . . . . . . . . : 00-30-48-FC-57-A3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 194.x.x.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 194.x.x.1
DNS Servers . . . . . . . . . . . : 194.x.x.11
194.x.x.10 Default DC (This server is in the same RACK as the exchange)
194.x.x.31
NetBIOS over Tcpip. . . . . . . . : Enabled

Cheers Tony

Tony J

Your virtual failover adapter is set for APIPA? Normally I would recommend putting this on a static IP on a completely different IP range and subnet 10.0.0.1/8 on one site and 10.0.0.2/8 on the other, for example.

It shouldn't be generally routable but obviously each side should be able to see the other.

I have no way to directly test at the moment this but I suspect that as part of the APIPA configuration, Windows is prompting you for the type of network it's attached to.

Tony J

Yup thought so: APIPA and addresses from the APIPA range aren't supported for DAG's:

From http://technet.microsoft.com/en-us/library/dd638104.aspx

"Automatic Private IP Addressing (APIPA) is a feature of Microsoft Windows that automatically assigns IP addresses when no Dynamic Host Configuration Protocol (DHCP) server is available on the network. APIPA addresses (including manually assigned addresses from the APIPA address range) aren't supported for use by DAGs or by Exchange 2010."

TCS-UK

ASKER

We have static ip with the DAG:-

RunspaceId : 6f6b5cd4-6a7b-45c7-a35c-0c7c1ae435e9
Name : DAG01
Servers : {Server1, Server2}
WitnessServer : FSW server
WitnessDirectory : z:\DAG01_FSW
AlternateWitnessServer : Alt server
AlternateWitnessDirectory : z:\FSW2
NetworkCompression : InterSubnetOnly
NetworkEncryption : InterSubnetOnly
DatacenterActivationMode : Off
StoppedMailboxServers : {}
StartedMailboxServers : {}
DatabaseAvailabilityGroupIpv4Addresses : {194.x.x.14, 77.x.x.14}
DatabaseAvailabilityGroupIpAddresses : {194.x.x.14, 77.x.x.14}
AllowCrossSiteRpcClientAccess : False
OperationalServers :
PrimaryActiveManager :
ServersInMaintenance :
ThirdPartyReplication : Disabled
ReplicationPort : 0
NetworkNames : {}
WitnessShareInUse :
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=DAG01,CN=Database Availability Groups,CN=Exchange Administrative Group (FYD
IBOHF23SPDLT),CN=Administrative Groups,CN=Mydomain,CN=Microsoft Exchang
e,CN=Services,CN=Configuration,DC=mydomain,DC=com
Identity : DAG01
Guid : d7908a89-aa01-4e59-b4a5-4595af3b90d0
ObjectCategory : mydomain/Configuration/Schema/ms-Exch-MDB-Availability-Group
ObjectClass : {top, msExchMDBAvailabilityGroup}
WhenChanged : 19/08/2010 14:01:24
WhenCreated : 18/08/2010 11:35:51
WhenChangedUTC : 19/08/2010 13:01:24
WhenCreatedUTC : 18/08/2010 10:35:51
OrganizationId :
OriginatingServer : AD2.mydomain.com
IsValid : True

I may need to look in the Fallover cluster manager for the "Virtual Failover Cluster adapter" perhaps?

Tony J

Ignore me - I was talking rubbish there. My bad.

It doesn't matter now on the virtual adapter:

http://blogs.technet.com/b/askcore/archive/2009/02/13/what-is-a-microsoft-failover-cluster-virtual-adapter-anyway.aspx

TCS-UK

ASKER

Well at least I know to leave well alone, cheers. I will re-boot the server tonight and see if the card does the same again.

It looks like:

network location awareness

http://social.technet.microsoft.com/Forums/en/winserverPN/thread/460f7c52-99d8-4bc0-a357-ef2abb4080f9

It has to be something simillar to the above

The server is on "Local Connection 9". It may not be loading the GPO policy client perhaps as well. We had this issue when we rebooted both DC's at the same time and so they could not issue GPO as they were both rebooting....

TCS-UK

ASKER

http://support.microsoft.com/kb/980873

Tony J

Nice. So you join it to a child domain and they don't turn off LDAP in the firewall?

Good find.

TCS-UK

ASKER

Hi Tony

I've restarted the Server and now its the same, opening the ports on the Advanced firewall have not worked! Talking to a friend who said that "Vista" had this issue and turning off NLA may solve the problem.

I'll let you know

Tony J

Cr*p. I guess it could be worth temporarily disabling the firewall completely - stop the service - and that rules that out.

No other AV with integrated FW or anything?

TCS-UK

ASKER

The Server is behind a Sonicwall-The AD Domain controllers are on the same side as the Exchange as well. I'll turn it off. Under "Advanced Sharing Settings the "Home" "Public" and "Domain" network discovery are set to off.

Tony J

Might this be the problem?

The Connection Specific DNS Name must match the “HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName” for NLA to detect that it on a Domain.

It would appear that if these two patterns don't match, NLA will prompt for the type of network the computer is attached to.

Tony J

Info taken from here:

http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx

Where it also goes on to talk about manually configuring as a private network if the above fails.

Although the article seems to mostly discuss client (XP/Win 7) with R2 it is a very similar process and the article is relevant.

TCS-UK

ASKER

I have just turned off the firewall (Via services) and we lost connections to the mail server. I have then turned the firewll on but stop the firewall via the Network Sharing Center and that seems to have worked. THE CLUE! Whem I did this the NIC went from connection 9 to Connection 3. It had to be Card profiles.

ASKER CERTIFIED SOLUTION

Tony J

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

TCS-UK

ASKER

Thanks Tony, the fault seems intermitent and although it cant decide if it is in a domain it does still function. I re-booted again and it worked fined this time.

Tony J

Thank you for the points - very generous as I don't think I was of that much help on this one.

Glad it's working for you if all a bit odd - if I come across anything more, I'll post it here.