Solved

Change Global Catalogue affects Exchange 2007

Posted on 2011-02-23
52
1,197 Views
Last Modified: 2012-05-11
Hello,

I am trying to change the Global catalague in our domain. I have went to Active Directory Sites and Services and changed the GC to the other 2 gc servers I wanted. I rebooted the Exchange server and it still does not see the new GC. It seems to be pointing to on particular GC. I went to EMC and right clicked on the Recipient Configuration and selected the specific GC i want it to use and then rebooted the server and it still uses the old GC.

Why can't I change the GC that it is pointing to?Also, I thought that once you restart the exchange topology service it will look for the first avaliable GC.
0
Comment
Question by:rha_mtl
  • 23
  • 12
  • 10
  • +3
52 Comments
 
LVL 33

Expert Comment

by:Busbar
ID: 34961099
is it picking a functional one or an old removed one!
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34961130
Just one thing; how big is your domain?  The reason I ask is because you should try to make all your DCs GCs.

Thanks

Mike
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34961149
Did you try selecting another Configuration DC?
http://technet.microsoft.com/en-us/library/aa998227(EXCHG.80).aspx
0
 

Author Comment

by:rha_mtl
ID: 34961257
My domain is very small. 3 DC's and they are GC's. I want to remove one of them. Lets say I deselect dc2 and then restart the server I can't connect to the server via outlook. I wait 20 minutes and still nothing. I select dc2 again as GC and now I can connect.  

I have selected dc1 as the configuration domain controller which is the one I want and this one is also a GC.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34962032
Hi,

unless you have hardcoded the GC exchange will not pickup the DC/GC of your own choice. The reason being that DC/GC selection is an automatic process. Exchange will look for DC/GC in its own site first and then out of site, in case if you have your DC/GC in same site so exchange will automatically pickup the one. If you haven't change the default DC/GC selection. Once you demote the GC exchange will automatically select the new DC/GC
0
 

Author Comment

by:rha_mtl
ID: 34964331
This is what its suppose to do, I know. But when I unselect a gc. Exchange outlook clients can no longer connect the exchange server. Only until I select that GC again does clients.

This is what I did I removed the gc and then restarted the topolgy service and this is one of the errors in the event viewer

 Unhandled Exception "Could not find any available Global Catalog in forest abc.ca."
Stack Trace:    at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, ADObjectId domain, String serverName, Int32 port, NetworkCredential credential)

The onnly thing that is different is that this is a windows 2003 gc server dc and the other 2 that are to be used are windows 2008 r2 servers. Does this make a difference
0
 

Author Comment

by:rha_mtl
ID: 34964357
This is another error from the Transport service

The service will be stopped. Reason: Microsoft.Exchange.Transport.TransportComponentLoadFailedException: Loading of component 'SmtpOutConnectionHandler' failed. ---> Microsoft.Exchange.Transport.TransportComponentLoadFailedException: Microsoft Exchange couldn't read the configuration from the Active Directory directory service. ---> Microsoft.Exchange.Data.Directory.SystemConfiguration.ErrorExchangeGroupNotFoundException: The Exchange group with GUID "6c01d2a7-f083-4503-8132-789eeb127b84" was not found. This group was automatically created during Exchange Setup, but has been subsequently removed. ---> Microsoft.Exchange.Data.Directory.ADTransientException: Could not find any available Global Catalog in forest abc.ca.
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, ADObjectId domain, String serverName, Int32 port, NetworkCredential credential)
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType)
   at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, ADObjectId& rootId)
   at Microsoft.Exchange.Data.Directory.ADSession.GetReadConnection(String preferredServer, ADObjectId& rootId)
   at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator)
   at Microsoft.Exchange.Data.Directory.ADSession.FindByWellKnownGuid[TResult](Guid wellKnownGuid, String containerDN)
   at Microsoft.Exchange.Data.Directory.ADSession.ResolveWellKnownGuid[TResult](Guid wellKnownGuid, String containerDN)
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.ReceiveConnector.PermissionGroupPermissions.<>c__DisplayClass1.<GetSidForExchangeKnownGuid>b__0()
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.ReceiveConnector.PermissionGroupPermissions.GetSidForExchangeKnownGuid(ADRecipientSession session, Guid knownGuid, String containerDN)
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.SmtpSendConnectorConfig.GetDefaultPermission()
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.SmtpSendConnectorConfig.GetDefaultSDForEnterpriseRelayConnector()
   at Microsoft.Exchange.Protocols.Smtp.SmtpOutConnectionHandler.Load()
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Protocols.Smtp.SmtpOutConnectionHandler.Load()
   at Microsoft.Exchange.Transport.SequentialTransportComponent.<>c__DisplayClass2.<Load>b__0()
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
   at Microsoft.Exchange.Transport.SequentialTransportComponent.Load()
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Transport.SequentialTransportComponent.Load()
   at Microsoft.Exchange.Transport.Components.Activate()

For more information, see Help and Support Center at
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34964630
That 2003 DC? what version is it? Is it SP1+?
0
 

Author Comment

by:rha_mtl
ID: 34964740
It is Windows 2003 SP2 Enterprise
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34964865
It seems that a Exchange Security Group cannot be found. The Group's GUID is "6c01d2a7-f083-4503-8132-789eeb127b84".
What you should do is take a look here:
http://technet.microsoft.com/en-us/library/bb288907(EXCHG.80).aspx

Check first, which group (and if) is missing. Use the guide to "repair" the security groups.
0
 

Author Comment

by:rha_mtl
ID: 34964922
isn't it odd though that once i set it back to gc with 2003 sp2 exchange works fine.As soon as I remove the dc+gc windows 2003 sp2 and only on the windows 2008 r2 domain it starts with these issues. Is it possible there is something wrong with the replication of active directory between 2003 sp2 and 2008 r2.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34965010
Rha,

that is very much possible. Therefor you need to check if the DC's are actually equal (verifying groups etc).

Michael
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34965076
Hi,

issue the following command and check for replication

repadmin /syncall
repadmin /replsummary
0
 

Author Comment

by:rha_mtl
ID: 34965080
ok i did a comparison and I am missing the

Microsoft Exchange System Objects Container

On the 2003 sp2 it has it but not the 2008 r2. Cna I manually create this with the objects as well. Or do I need to run the setup /p to have "repair" it and add in ot the 2008 r2 servers
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34965217
If you create it manually it won't have the GUID that Exchange is looking for; so you need to run the setup /p

BUT

as v-2nas said, if your error come from a bad replication than you might have some other issues going on as well.
I suggest that you do the following:
1. run repadmin /replsummary to check for replication errors.
2. If you find any, solve them first. (btw: you can force a replication by running repadming /syncall)
3. Run the setup /P

Greets,

Michael
0
 

Author Comment

by:rha_mtl
ID: 34965350
i ran the repadmin /syncall and i know see the container that is missing. I will let it run the night and try again tomorrow
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34965379
Also check if you have inbound connection objects created between dc for successful replication to take place.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 34967829
looks like something is wrong with AD, can you check AD and confirm that no errors in AD replication. and that the new GC is promoted to a GC
0
 

Author Comment

by:rha_mtl
ID: 34970557
well I ran a dcdiag and everythng is fine. I am not sure how to do inbound connections verification. I removed the 2003 sp2 gc and i restarted the exchange topology service and it still giving me the error where users cannot connect to the outlook. it is still giving me this erorr message
Event Type:      Information
Event Source:      MSExchangeTransport
Event Category:      Components
Event ID:      7001
Date:            2/24/2011
Time:            10:01:37 AM
User:            N/A
Computer:      RHA-EXCHANGE1
Description:
The service will be stopped. Reason: Microsoft.Exchange.Transport.TransportComponentLoadFailedException: Loading of component 'SmtpOutConnectionHandler' failed. ---> Microsoft.Exchange.Transport.TransportComponentLoadFailedException: Microsoft Exchange couldn't read the configuration from the Active Directory directory service. ---> Microsoft.Exchange.Data.Directory.SystemConfiguration.ErrorExchangeGroupNotFoundException: The Exchange group with GUID "6c01d2a7-f083-4503-8132-789eeb127b84" was not found. This group was automatically created during Exchange Setup, but has been subsequently removed. ---> Microsoft.Exchange.Data.Directory.ADTransientException: Could not find any available Global Catalog in forest rha-dc.mtl.rha.ca.
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, ADObjectId domain, String serverName, Int32 port, NetworkCredential credential)
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType)
   at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, ADObjectId& rootId)
   at Microsoft.Exchange.Data.Directory.ADSession.GetReadConnection(String preferredServer, ADObjectId& rootId)
   at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator)
   at Microsoft.Exchange.Data.Directory.ADSession.FindByWellKnownGuid[TResult](Guid wellKnownGuid, String containerDN)
   at Microsoft.Exchange.Data.Directory.ADSession.ResolveWellKnownGuid[TResult](Guid wellKnownGuid, String containerDN)
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.ReceiveConnector.PermissionGroupPermissions.<>c__DisplayClass1.<GetSidForExchangeKnownGuid>b__0()
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.ReceiveConnector.PermissionGroupPermissions.GetSidForExchangeKnownGuid(ADRecipientSession session, Guid knownGuid, String containerDN)
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.SmtpSendConnectorConfig.GetDefaultPermission()
   at Microsoft.Exchange.Data.Directory.SystemConfiguration.SmtpSendConnectorConfig.GetDefaultSDForEnterpriseRelayConnector()
   at Microsoft.Exchange.Protocols.Smtp.SmtpOutConnectionHandler.Load()
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Protocols.Smtp.SmtpOutConnectionHandler.Load()
   at Microsoft.Exchange.Transport.SequentialTransportComponent.<>c__DisplayClass2.<Load>b__0()
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
   at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
   at Microsoft.Exchange.Transport.SequentialTransportComponent.Load()
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Transport.SequentialTransportComponent.Load()
   at Microsoft.Exchange.Transport.Components.Activate()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34970604
That's because you're still missing an Exchange Group with GUID: "6c01d2a7-f083-4503-8132-789eeb127b84".

Have you recreated the groups in Server 2008?
0
 

Author Comment

by:rha_mtl
ID: 34970637
no I did a repladmin /syncall and it seemed to replicate fine and then I saw the Microsoft Exchange Objects so I fugured it was fine.

How do recreate the groups? Is it setup /p from the installation media?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34970825
Hi,

run setup.com /PrepareAD and setup.com /PrepareDomain

http://www.msexchange.org/tutorials/Installing-Exchange-2007-Part1.html
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34971553
rha,

indeed Setup /P (same as Setup /PrepareAD) and setup /PrepareDomain. Don't forget to add your Exchange Organization name

setup /PrepareAD /On:nameoftheorg

Grts,

Michael
0
 

Author Comment

by:rha_mtl
ID: 34971954
do I only run

setup /PrepareAD /On:nameoftheorg

or do I also run

setup /PrepareDomain
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34972039
There is only 1 exchange org in the forest, so either you can specify your exchange org name or leave it. it will work.

If you have single domain then you can skip prepare domain as suggested by Michaelhvh

For more precise information you can check this technet article
http://technet.microsoft.com/en-us/library/bb125224%28EXCHG.80%29.aspx
0
 

Author Comment

by:rha_mtl
ID: 34972043
After running these commands this is what I see in the event viewer

Process MSEXCHANGEADTOPOLOGY (PID=8152). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=DC1301662F547445B9C490A52961F8FC,CN=Microsoft Exchange,CN=Services,CN=Configuration,...> - Error code=80040934.
 The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34972181
0
 

Author Comment

by:rha_mtl
ID: 34972236
the server that exchange is on is not a gc though. Now that I have put back the gc it is now starting
0
 

Author Comment

by:rha_mtl
ID: 34972510
I find it strange that when I right click on the exchange server under server configuration and on the system settings tab under

Domain Controller server being used by exchange has 2 servers listed and neither is the 2 new 2008 r2 dc+gc. It is listing our 2 old 2003 servers dc 1 and 2. Under global catalogue servers it has dc1 there I as I have removed gc from dc2.

this seems strange for some reason it is not seeing our 2008 r2 dc+gc.

Although I have changed the configuration domain controller to the new dc2008r2-1. on both the server and organization
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34972586
are all  your DC/GC in same site or different site?
0
 

Author Comment

by:rha_mtl
ID: 34972604
they are all on in the same site
0
 

Author Comment

by:rha_mtl
ID: 34972840
after i do the setup.com /preparead and setup.com /preparedomain  should I reboot the server first uncheck the dc 2003 sp2 then reboot the server?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34972958
sorry didn't get this
"first uncheck the dc 2003 sp2 then reboot the server"
0
 

Author Comment

by:rha_mtl
ID: 34973102
i mean

Do I first uncheck the 2003 sp2 server as a gc and then reboot the exhnage server and see if it will pick up the new 2008 r2 gc's. What I have been doing is just stopping the exchange topology server (which stops almost all the services and then restarting the service. If it starts then I start the exchange transport service if it starts then I know it works.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34973126
No need to reboot exch reboot the dc and restart topology service
0
 

Author Comment

by:rha_mtl
ID: 34973147
which dc do i reboot the 2003 sp2 or dc 2008 r2
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34973416
I think there is a communication gap. If it's talking off GC tick from DC. Then you need to reboot the DC otherwise not required.
0
 

Author Comment

by:rha_mtl
ID: 34980323
what i did is reboot exchange and the dc 2003 and the dc 2008 r2 and I still cannot get exchange 2007 to see the dc2008 r2. Strange
0
 
LVL 11

Accepted Solution

by:
MichaelVH earned 250 total points
ID: 34980521
What version of Exchange 2007 are you running?

Something just struck me: There is a known issue with Exchange 2007 SP2 and Windows Server 2008 R2 DCs.
Normally, you cannot upgrade to SP2 when having 2008R2, but since you had a 2003 DC in the game that was possible.

So, if you have SP2 and you did not apply the "patch" for Server 2008R2; that would explain why Exchange 2007 is failing when you remove the 2003 DC.

Try following the steps outlined in this article please:
http://msexchangeteam.com/archive/2009/09/15/452494.aspx

Kind regards,

Michael
0
 

Author Comment

by:rha_mtl
ID: 34980545
I have exchange 2007 sp3 installed though. Does this still apply?
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 34980561
SP3 should normally have support for Server 2008R2. So I'd say no. Nonetheless; try running the exBPA with the xml-files to see whether they bring something up or not.
0
 

Author Comment

by:rha_mtl
ID: 34980569
Is it possible I need to re-apply exchange sp3 because now I have added 2008 r2 dc's?
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34980598
R u already on sp3
0
 

Author Comment

by:rha_mtl
ID: 34980623
yes
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 34982245
Hi,

Run Exbpa report form Exchange 2007 side from the EMC and see if it highlight the problem.
0
 

Author Comment

by:rha_mtl
ID: 34983271
I have run it and it does not show anything out of the ordinary.
0
 
LVL 12

Expert Comment

by:Navdeep
ID: 35031996
So where are we now this. Didn't get to hear from you
0
 

Assisted Solution

by:rha_mtl
rha_mtl earned 0 total points
ID: 35037283
I finally found what the issue was. I ran the best practise ananlyzer on the 2008 r2 dc. It told me that it was missing accounts in the domain policy. I added the groups it was missigng and voila everything is functioning.  Thanks for your help. Since you directed in the right direction with the best practises i will award you the points.
0
 

Expert Comment

by:Modalot
ID: 35146123
Sorry, wrong answer accepted.
0

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now