Solved

Exchange 2007 problems post-migration

Posted on 2011-02-15
10
1,372 Views
Last Modified: 2012-08-13
Hi
I was last month in the middle of an SBS2003 to SBS2008 migration, using the Swing Migration method, when a family issue forced me to hand over the job in progress to another individual for completion. Now I am back in the saddle and the customer is having problems with Exchange 2007 SP1 (rollup 10 installed). Specifically, they are having problems both sending and receiving emails *sometimes*, some of the Exchange services will not start after an update, and there are quite a few Exchange errors in the event logs.  I had hoped to revert to the point in the migration where I'd left it but the indiviual in quesiton overwrote the backups I'd made AND formatted the TempDC I was using so I have no fallback.  The TempDC is still listed in the AD and is also the routing group master. Using ADSIEdit I see may references to it but haven't changed any of them for fear of doing further damage.  It's such a mess I'm tempted to start from scratch but the client doesn't want that!

I am hoping someone here can help me with this.  The very first error I see in the Applicaiton Event Log is

CertificationAuthority    91   "Could not connect to the Active Directory. Active directory Certificate Services will retry when processing requres Active Directory access."
THEN
MSExchange ADAccess    2114    "Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1552). Topology discovery failed, error 0x80040952 (LDAP_LOCAL_ERROR (Client-side internal error or bad LDAP message)). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers."

There are quite a few more if you want them.
Cheers
CW

0
Comment
Question by:Seedubya
  • 6
  • 4
10 Comments
 
LVL 4

Assisted Solution

by:RobertParten
RobertParten earned 250 total points
ID: 34901446
Hmmm, check AD sites and services and see if the temp DC is still listed, if so you can try to delete it and then restart the server. Best I can say at this point is take a backup of what you have and in the event that fails you can revert back.
0
 

Author Comment

by:Seedubya
ID: 34901591
Thanks for the VERY swift reply.
It's still listed alright. What are the potential pitfalls in deleting it?
0
 
LVL 4

Expert Comment

by:RobertParten
ID: 34901610
I had the same issue with mine, except that the DC no longer existed and I got those MSEXCHANGETOPOLOGY messages. I deleted the DC from it and ensured that the other DC was in tehre...in your case that should list itself.
0
 

Author Comment

by:Seedubya
ID: 34901750
Ok, here goes....
0
 
LVL 4

Expert Comment

by:RobertParten
ID: 34901820
Let me know how it works out for you.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:Seedubya
ID: 34902466
No improvement - I don't think the CA role is installed properly - which might be why I'm getting Error 91
0
 

Accepted Solution

by:
Seedubya earned 0 total points
ID: 34905155
All the exchange errors are now clear.
I managed this by setting the Exchange Topology Service to Delayed Startup, this appears to give the AD time to come up fully. All the services now start automatically.
I also re-installed my self-genned certificate which has cleared up the CA errors.

Thanks for trying.
0
 
LVL 4

Expert Comment

by:RobertParten
ID: 34906474
Good job on that! I generally don't use self-signed certs though and I wonder why you have to delay start the topology service...sounds like the migration was a little botched because you weren't there. I will keep your solution in my books in the event I run into this as well.
0
 

Author Comment

by:Seedubya
ID: 34916004
We use pop connectors and an ISP smarthost so no need for a proper cert. Although as I'm finding this may not be as clearcut as I thought in SBS2008.  See my other open question for the details on that.  Thanks again Robert.
0
 

Author Closing Comment

by:Seedubya
ID: 34941222
The answer did not directly help me. However it got me investigating other avenues which did help me so it was a catalyst.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now