TCS-UK
asked on
Exchange Domain Server cannot identify its Network type!
Talk about loose confidence ! I have recently build a Windows 2008 R2 Domain with 2 Sites. I have the main Exchange Server in the same Rack as the DC with the FSMO roles. I re-booted the server yesterday and the the network card struggled to identfiy if it was in a home/public/domain. This has to be the worst development by MS!!!! If a server is in a domain all that Cr*p should be off. Thankfully it could see the Internet and was functional. Not happy...The server has 2 NIc's so I disable the spare and the Server then indentified the domain. It happened again after the next re-boot. Looking through articles it mentions opening the firewall TCP/UDP for 389. Ive done that but am not confident. Other things to note is that we have fully disabled IP 6 both through the controller and via the registry.
We have Baclup Exec 2010 with remote agents installed on the Server
Has anyone come across this? Can anyone point me at articles relating to this issue? Could it be the Backup agent?
I've spent many hours preparing this domain with Exchange and cannot believe that Domain Servers cannot remember they are in a domain.
Any help would be very appreciated!
We have Baclup Exec 2010 with remote agents installed on the Server
Has anyone come across this? Can anyone point me at articles relating to this issue? Could it be the Backup agent?
I've spent many hours preparing this domain with Exchange and cannot believe that Domain Servers cannot remember they are in a domain.
Any help would be very appreciated!
Hmm I must admit I've never seen this and I've installed dozens of Windows 2008 servers, some of them include the BE 2010 Agents, so I'd be surprised if that were the culprit.
Is all the DNS correct on the server? Including the DNS suffix?
Anything in the event logs that could point to a problem?
Can you temporarily disable to Windows Firewall service and reboot to see if there is any problem with the firewall profiles?
You say you have two sites in AD - which site does the Exchange Server sit in?
Is all the DNS correct on the server? Including the DNS suffix?
Anything in the event logs that could point to a problem?
Can you temporarily disable to Windows Firewall service and reboot to see if there is any problem with the firewall profiles?
You say you have two sites in AD - which site does the Exchange Server sit in?
ASKER
The Nic settings reflect a static IP address with the DNS reflecting the 2 onsite DC's Ip address's. As to binding the cards, no I do not want to change any spanning tree settings within the switch.
ASKER
Since I've made changes to the firewall I havent been able to reboot the server until out of hours. Here are the IP config settings. We do have a DAG setup and the Virtual Failover cluster IP may be the culptit. I cannot reboot the server until tonight (UK time). The sister Exchange Server on the other site does not have an issue by the way.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server name
Primary Dns Suffix . . . . . . . : my domain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : my domain
Ethernet adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter
Physical Address. . . . . . . . . : 02-30-48-FC-57-A2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #3
Physical Address. . . . . . . . . : 00-30-48-FC-57-A3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 194.x.x.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 194.x.x.1
DNS Servers . . . . . . . . . . . : 194.x.x.11
194.x.x.10 Default DC (This server is in the same RACK as the exchange)
194.x.x.31
NetBIOS over Tcpip. . . . . . . . : Enabled
Cheers Tony
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server name
Primary Dns Suffix . . . . . . . : my domain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : my domain
Ethernet adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter
Physical Address. . . . . . . . . : 02-30-48-FC-57-A2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 169.254.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #3
Physical Address. . . . . . . . . : 00-30-48-FC-57-A3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 194.x.x.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 194.x.x.1
DNS Servers . . . . . . . . . . . : 194.x.x.11
194.x.x.10 Default DC (This server is in the same RACK as the exchange)
194.x.x.31
NetBIOS over Tcpip. . . . . . . . : Enabled
Cheers Tony
Your virtual failover adapter is set for APIPA? Normally I would recommend putting this on a static IP on a completely different IP range and subnet 10.0.0.1/8 on one site and 10.0.0.2/8 on the other, for example.
It shouldn't be generally routable but obviously each side should be able to see the other.
I have no way to directly test at the moment this but I suspect that as part of the APIPA configuration, Windows is prompting you for the type of network it's attached to.
It shouldn't be generally routable but obviously each side should be able to see the other.
I have no way to directly test at the moment this but I suspect that as part of the APIPA configuration, Windows is prompting you for the type of network it's attached to.
Yup thought so: APIPA and addresses from the APIPA range aren't supported for DAG's:
From http://technet.microsoft.com/en-us/library/dd638104.aspx
"Automatic Private IP Addressing (APIPA) is a feature of Microsoft Windows that automatically assigns IP addresses when no Dynamic Host Configuration Protocol (DHCP) server is available on the network. APIPA addresses (including manually assigned addresses from the APIPA address range) aren't supported for use by DAGs or by Exchange 2010."
From http://technet.microsoft.com/en-us/library/dd638104.aspx
"Automatic Private IP Addressing (APIPA) is a feature of Microsoft Windows that automatically assigns IP addresses when no Dynamic Host Configuration Protocol (DHCP) server is available on the network. APIPA addresses (including manually assigned addresses from the APIPA address range) aren't supported for use by DAGs or by Exchange 2010."
ASKER
We have static ip with the DAG:-
RunspaceId : 6f6b5cd4-6a7b-45c7-a35c-0c 7c1ae435e9
Name : DAG01
Servers : {Server1, Server2}
WitnessServer : FSW server
WitnessDirectory : z:\DAG01_FSW
AlternateWitnessServer : Alt server
AlternateWitnessDirectory : z:\FSW2
NetworkCompression : InterSubnetOnly
NetworkEncryption : InterSubnetOnly
DatacenterActivationMode : Off
StoppedMailboxServers : {}
StartedMailboxServers : {}
DatabaseAvailabilityGroupI pv4Address es : {194.x.x.14, 77.x.x.14}
DatabaseAvailabilityGroupI pAddresses : {194.x.x.14, 77.x.x.14}
AllowCrossSiteRpcClientAcc ess : False
OperationalServers :
PrimaryActiveManager :
ServersInMaintenance :
ThirdPartyReplication : Disabled
ReplicationPort : 0
NetworkNames : {}
WitnessShareInUse :
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=DAG01,CN=Database Availability Groups,CN=Exchange Administrative Group (FYD
IBOHF23SPDLT),CN=Administr ative Groups,CN=Mydomain,CN=Micr osoft Exchang
e,CN=Services,CN=Configura tion,DC=my domain,DC= com
Identity : DAG01
Guid : d7908a89-aa01-4e59-b4a5-45 95af3b90d0
ObjectCategory : mydomain/Configuration/Sch ema/ms-Exc h-MDB-Avai lability-G roup
ObjectClass : {top, msExchMDBAvailabilityGroup }
WhenChanged : 19/08/2010 14:01:24
WhenCreated : 18/08/2010 11:35:51
WhenChangedUTC : 19/08/2010 13:01:24
WhenCreatedUTC : 18/08/2010 10:35:51
OrganizationId :
OriginatingServer : AD2.mydomain.com
IsValid : True
I may need to look in the Fallover cluster manager for the "Virtual Failover Cluster adapter" perhaps?
RunspaceId : 6f6b5cd4-6a7b-45c7-a35c-0c
Name : DAG01
Servers : {Server1, Server2}
WitnessServer : FSW server
WitnessDirectory : z:\DAG01_FSW
AlternateWitnessServer : Alt server
AlternateWitnessDirectory : z:\FSW2
NetworkCompression : InterSubnetOnly
NetworkEncryption : InterSubnetOnly
DatacenterActivationMode : Off
StoppedMailboxServers : {}
StartedMailboxServers : {}
DatabaseAvailabilityGroupI
DatabaseAvailabilityGroupI
AllowCrossSiteRpcClientAcc
OperationalServers :
PrimaryActiveManager :
ServersInMaintenance :
ThirdPartyReplication : Disabled
ReplicationPort : 0
NetworkNames : {}
WitnessShareInUse :
AdminDisplayName :
ExchangeVersion : 0.10 (14.0.100.0)
DistinguishedName : CN=DAG01,CN=Database Availability Groups,CN=Exchange Administrative Group (FYD
IBOHF23SPDLT),CN=Administr
e,CN=Services,CN=Configura
Identity : DAG01
Guid : d7908a89-aa01-4e59-b4a5-45
ObjectCategory : mydomain/Configuration/Sch
ObjectClass : {top, msExchMDBAvailabilityGroup
WhenChanged : 19/08/2010 14:01:24
WhenCreated : 18/08/2010 11:35:51
WhenChangedUTC : 19/08/2010 13:01:24
WhenCreatedUTC : 18/08/2010 10:35:51
OrganizationId :
OriginatingServer : AD2.mydomain.com
IsValid : True
I may need to look in the Fallover cluster manager for the "Virtual Failover Cluster adapter" perhaps?
Ignore me - I was talking rubbish there. My bad.
It doesn't matter now on the virtual adapter:
http://blogs.technet.com/b/askcore/archive/2009/02/13/what-is-a-microsoft-failover-cluster-virtual-adapter-anyway.aspx
It doesn't matter now on the virtual adapter:
http://blogs.technet.com/b/askcore/archive/2009/02/13/what-is-a-microsoft-failover-cluster-virtual-adapter-anyway.aspx
ASKER
Well at least I know to leave well alone, cheers. I will re-boot the server tonight and see if the card does the same again.
It looks like:
network location awareness
http://social.technet.microsoft.com/Forums/en/winserverPN/thread/460f7c52-99d8-4bc0-a357-ef2abb4080f9
It has to be something simillar to the above
The server is on "Local Connection 9". It may not be loading the GPO policy client perhaps as well. We had this issue when we rebooted both DC's at the same time and so they could not issue GPO as they were both rebooting....
It looks like:
network location awareness
http://social.technet.microsoft.com/Forums/en/winserverPN/thread/460f7c52-99d8-4bc0-a357-ef2abb4080f9
It has to be something simillar to the above
The server is on "Local Connection 9". It may not be loading the GPO policy client perhaps as well. We had this issue when we rebooted both DC's at the same time and so they could not issue GPO as they were both rebooting....
Nice. So you join it to a child domain and they don't turn off LDAP in the firewall?
Good find.
Good find.
ASKER
Hi Tony
I've restarted the Server and now its the same, opening the ports on the Advanced firewall have not worked! Talking to a friend who said that "Vista" had this issue and turning off NLA may solve the problem.
I'll let you know
I've restarted the Server and now its the same, opening the ports on the Advanced firewall have not worked! Talking to a friend who said that "Vista" had this issue and turning off NLA may solve the problem.
I'll let you know
Cr*p. I guess it could be worth temporarily disabling the firewall completely - stop the service - and that rules that out.
No other AV with integrated FW or anything?
No other AV with integrated FW or anything?
ASKER
The Server is behind a Sonicwall-The AD Domain controllers are on the same side as the Exchange as well. I'll turn it off. Under "Advanced Sharing Settings the "Home" "Public" and "Domain" network discovery are set to off.
Might this be the problem?
The Connection Specific DNS Name must match the “HKEY_Local_Machine\Softwa re\Microso ft\Windows \CurrentVe rsion\Grou p Policy\History\NetworkName ” for NLA to detect that it on a Domain.
It would appear that if these two patterns don't match, NLA will prompt for the type of network the computer is attached to.
The Connection Specific DNS Name must match the “HKEY_Local_Machine\Softwa
It would appear that if these two patterns don't match, NLA will prompt for the type of network the computer is attached to.
Info taken from here:
http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx
Where it also goes on to talk about manually configuring as a private network if the above fails.
Although the article seems to mostly discuss client (XP/Win 7) with R2 it is a very similar process and the article is relevant.
http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx
Where it also goes on to talk about manually configuring as a private network if the above fails.
Although the article seems to mostly discuss client (XP/Win 7) with R2 it is a very similar process and the article is relevant.
ASKER
I have just turned off the firewall (Via services) and we lost connections to the mail server. I have then turned the firewll on but stop the firewall via the Network Sharing Center and that seems to have worked. THE CLUE! Whem I did this the NIC went from connection 9 to Connection 3. It had to be Card profiles.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Tony, the fault seems intermitent and although it cant decide if it is in a domain it does still function. I re-booted again and it worked fined this time.
Thank you for the points - very generous as I don't think I was of that much help on this one.
Glad it's working for you if all a bit odd - if I come across anything more, I'll post it here.
Glad it's working for you if all a bit odd - if I come across anything more, I'll post it here.
If the server has two nics, have you considered teaming them, so the two of them "act" as one and the system continues to work if one nic fails?