HELP!! Exchange 2010 won't load after transferring remaining DC Roles

HELP!! Exchange 2010 won't load after transferring remaining DC Roles from SBS 2003 to a new Server 2008 R2 DC. Exchange runs on a separate box and is giving the following error.
Exchange2010.jpg
LVL 1
zequestionerAsked:
Who is Participating?
 
Firmin FrederickConnect With a Mentor Senior IT ConsultantCommented:
Seeing as only two people gave input on this problem might I suggest a 50/50 split?  If you feel that way inclined of course! :)
0
 
zequestionerAuthor Commented:
Also, i just used the link below to migrate everything off of SBS to 2 new servers 1 exchange and 1 DC.

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html

Everything went perfectly until i got to step 13. Will you please confirm that this step should be run on the sbs box or on the new DC?
0
 
Share-ITCommented:
did you ammend/transfer all of the DNS too?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
zequestionerAuthor Commented:
yes, i changed the soa's and all others that i could find. is there a record for the global catalog server?
0
 
Firmin FrederickSenior IT ConsultantCommented:
to be honest if you haven't already fully configured your exchange installation - re-install it.  Looks like exchange doesn't recognize the machine it's installed on and it may just be down to failure to contact AD server via DNS.  Just something quick to keep your fingers busy!
0
 
zequestionerAuthor Commented:
btw, on step 13, i was turned off the global catalog on the sbs, so now there's only 1, which is the new DC. The part where it bombed out was when i was uninstalling active directory, and DID NOT check the box that said it was the last.. then it said it couldn't contact the domain. Which box do I run the final dcpromo from? sbs or the new dc? per the instructions in the link, it's not very clear.
0
 
Share-ITCommented:
There is but first thing's first.

Is the 2008 DC a DNS server and does the Exchange server point to it as it's DNS?
 
0
 
Share-ITCommented:
You would dcpromo on the SBS box to remove the domain contreoller role. It isn;t the last DC so you shouldn't tick that box. it will then become a domain member.
0
 
Firmin FrederickSenior IT ConsultantCommented:
in the Microsoft document the author didn't mention any other references when talking about removing GC reference so we can assume that it's merely a case of removing the role from one server and enabling it for your exchange server:

Active Directory Sites and Services

http://support.microsoft.com/kb/313994

0
 
Share-ITCommented:
Also try running the following from a command prompt on your exchange server

dcdiag /s:<your dc> and let us know what he outcome is.
0
 
zequestionerAuthor Commented:
On that step, GC was already enabled on the new DC, i simply 'unchecked ' the GC for SBS.
0
 
Firmin FrederickSenior IT ConsultantCommented:
since exchange and GC are on different machines it may be worth putting an exception in your exchange firewall for:

"As a general rule of thumb, you should have a global catalog server in any AD site containing an application that requires extensive use of port number 3268 (the global catalog lookup port). Since Exchange Server is such an application, you want a global catalog server in any site that it resides. "
0
 
zequestionerAuthor Commented:
dc diag
Directory Server Diagnosis


Performing initial setup:

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\BRAINSTATE8

      Starting test: Connectivity

         ......................... BRAINSTATE8 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\BRAINSTATE8

      Starting test: Advertising

         Warning: DsGetDcName returned information for

         \\brainstate1.brainstate.local, when we were trying to reach

         BRAINSTATE8.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... BRAINSTATE8 failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... BRAINSTATE8 passed test FrsEvent

      Starting test: DFSREvent

         ......................... BRAINSTATE8 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... BRAINSTATE8 passed test SysVolCheck

      Starting test: KccEvent

         A warning event occurred.  EventID: 0x80000B46

            Time Generated: 04/04/2011   08:49:00

            Event String:

            The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server. 


         A warning event occurred.  EventID: 0x80000828

            Time Generated: 04/04/2011   08:49:06

            Event String:

            Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory Domain Services successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller. 


         A warning event occurred.  EventID: 0x8000082C

            Time Generated: 04/04/2011   08:50:00

            Event String: 


         ......................... BRAINSTATE8 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... BRAINSTATE8 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... BRAINSTATE8 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... BRAINSTATE8 passed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\BRAINSTATE8\netlogon)

         [BRAINSTATE8] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... BRAINSTATE8 failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... BRAINSTATE8 passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,BRAINSTATE8] A recent replication attempt failed:

            From BRAINSTATE1 to BRAINSTATE8

            Naming Context: CN=Schema,CN=Configuration,DC=brainstate,DC=local

            The replication generated an error (1908):

            Could not find the domain controller for this domain.

            The failure occurred at 2011-04-04 08:52:56.

            The last success occurred at 2011-04-04 08:26:08.

            1 failures have occurred since the last success.

            Kerberos Error.

            A KDC was not found to authenticate the call.

            Check that sufficient domain controllers are available.

         [Replications Check,BRAINSTATE8] A recent replication attempt failed:

            From BRAINSTATE1 to BRAINSTATE8

            Naming Context: CN=Configuration,DC=brainstate,DC=local

            The replication generated an error (1908):

            Could not find the domain controller for this domain.

            The failure occurred at 2011-04-04 08:51:43.

            The last success occurred at 2011-04-04 08:26:08.

            1 failures have occurred since the last success.

            Kerberos Error.

            A KDC was not found to authenticate the call.

            Check that sufficient domain controllers are available.

         ......................... BRAINSTATE8 failed test Replications

      Starting test: RidManager

         ......................... BRAINSTATE8 passed test RidManager

      Starting test: Services

         ......................... BRAINSTATE8 passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:23:45

            Event String:

            Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:23:45

            Event String:

            Driver Dell Color Laser 5110cn PCL6 required for printer !!brainstate2!BST5110_106-PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:23:46

            Event String:

            Driver Dell MFP Laser 3115cn PS required for printer !!brainstate2!FrontDesk106-PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:23:46

            Event String:

            Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:23:47

            Event String:

            Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again.

         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 04/04/2011   08:25:30

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         An error event occurred.  EventID: 0xC2000001

            Time Generated: 04/04/2011   08:26:09

            Event String: Unexpected failure. Error code: 490@01010004

         A warning event occurred.  EventID: 0x00000090

            Time Generated: 04/04/2011   08:26:24

            Event String:

            The time service has stopped advertising as a good time source.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:28:12

            Event String:

            Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.

         A warning event occurred.  EventID: 0x000727AA

            Time Generated: 04/04/2011   08:28:12

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/Brainstate8.brainstate.local; WSMAN/Brainstate8. 


         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:28:12

            Event String:

            Driver Dell Color Laser 5110cn PCL6 required for printer !!brainstate2!BST5110_106-PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:28:13

            Event String:

            Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:28:16

            Event String:

            Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:28:17

            Event String:

            Driver Dell MFP Laser 3115cn PS required for printer !!brainstate2!FrontDesk106-PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/04/2011   08:32:37

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/04/2011   08:38:13

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 04/04/2011   08:41:24

            Event String:

            Name resolution for the name _msdcs.brainstate.local timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 04/04/2011   08:41:37

            Event String:

            Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 04/04/2011   08:43:37

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\brainstate.local\SysVol\brainstate.local\Policies\{7CF1D96A-5226-4A83-AC66-B0EC4C90213E}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 


         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 04/04/2011   08:48:52

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 04/04/2011   08:49:21

            Event String:

            Name resolution for the name _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.BRAINSTATE.LOCAL timed out after none of the configured DNS servers responded.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:49:23

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 04/04/2011   08:49:42

            Event String:

            Name resolution for the name brainstate.local timed out after none of the configured DNS servers responded.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:49:50

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC2000001

            Time Generated: 04/04/2011   08:50:10

            Event String: Unexpected failure. Error code: 490@01010004

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:50:17

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x00000086

            Time Generated: 04/04/2011   08:50:21

            Event String:

            NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The requested name is valid, but no data of the requested type was found. (0x80072AFC)

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:50:44

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:51:11

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:51:38

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:52:05

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x000727AA

            Time Generated: 04/04/2011   08:52:22

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/Brainstate8.brainstate.local; WSMAN/Brainstate8. 


         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:52:32

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:52:59

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:53:26

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         An error event occurred.  EventID: 0xC00038D6

            Time Generated: 04/04/2011   08:53:53

            Event String:

            The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/04/2011   08:54:06

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'brainstate.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         An error event occurred.  EventID: 0x0000168E

            Time Generated: 04/04/2011   08:56:34

            Event String:

            The dynamic registration of the DNS record 'gc._msdcs.brainstate.local. 600 IN A 192.168.204.8' failed on the following DNS server:  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/04/2011   08:56:34

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'brainstate.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/04/2011   08:56:34

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.brainstate.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         A warning event occurred.  EventID: 0x00001695

            Time Generated: 04/04/2011   08:56:34

            Event String:

            Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.brainstate.local.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  


         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:58:02

            Event String:

            Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:58:03

            Event String:

            Driver Dell Color Laser 5110cn PCL6 required for printer !!brainstate2!BST5110_106-PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:58:03

            Event String:

            Driver Dell MFP Laser 3115cn PS required for printer !!brainstate2!FrontDesk106-PCL6 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:58:08

            Event String:

            Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.

         An error event occurred.  EventID: 0x00000457

            Time Generated: 04/04/2011   08:58:08

            Event String:

            Driver Snagit 9 Printer required for printer Snagit 9 is unknown. Contact the administrator to install the driver before you log in again.

         ......................... BRAINSTATE8 failed test SystemLog

      Starting test: VerifyReferences

         ......................... BRAINSTATE8 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : brainstate

      Starting test: CheckSDRefDom

         ......................... brainstate passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... brainstate passed test CrossRefValidation

   
   Running enterprise tests on : brainstate.local

      Starting test: LocatorCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.

         ......................... brainstate.local failed test LocatorCheck

      Starting test: Intersite

         ......................... brainstate.local passed test Intersite

Open in new window

0
 
zequestionerAuthor Commented:
I really need to get this fixed asap as it's business hours now... is there any harm in re-enabling the Global Catalog on the SBS box?
0
 
zequestionerAuthor Commented:
To answer the earlier question, yes exchange dns is pointing to the new DC which is also a DNS server.
0
 
Firmin FrederickSenior IT ConsultantCommented:
ok question did you run this on your DC or exchange?  Either way you have DNS problems and also if you ran this on DC it doesn't know it has GC role.  Either run diag on DC (if this isn't DC) just to verify knows GC role holder - I know you said it was already enabled but check again just to be sure :)
0
 
Firmin FrederickSenior IT ConsultantCommented:
there is no harm short term in having GC on SBS box but the amount of potential traffic could be harmful long term when it comes to replication (I'm paraphrasing here btw)

0
 
Share-ITCommented:
it looks like the DC isn't running as a DC at the moment as it cant connect to the Netlogon share. is netlogon running on the DC?

As for enabling the GC on the SBS server - if you have DCpromo'd it down - you cant make a non DC a GC.
0
 
Firmin FrederickSenior IT ConsultantCommented:
SHARE-IT good point on demoted server!
0
 
Firmin FrederickSenior IT ConsultantCommented:
whilst googling this:

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

I found this:

http://support.microsoft.com/kb/839879

might help?
0
 
Share-ITCommented:
Just ckecking - is the new DC pointing to itself for DNS resolution?

Basically everything should point to the new DC server for name resolution.

It looks like DNS issues but at this point it could be dozens of things. Are there any relevant event in the eventlog on the DC?

0
 
zequestionerAuthor Commented:
above instruction said to run this on the exchange server so that's what i did. I double verified this already.... for now, i have re-enabled GC on the SBS box, rebooted the new DC, then rebooted Exchange, and now we are able to send emails...

What do I need to do to make sure I can disable GC from SBS and not break exchange?
0
 
Share-ITCommented:
Glad you got it working.

so your SBS server is still a DC?

You need to ensure that DNS is fully functional on the new DC and that all systems are pointing to it for DNS. You also need to double check that it is a GC.

Then switch off your SBS servers and make sure everything still works.

Then do a DCPromo on the SBS server not exchange.

0
 
zequestionerAuthor Commented:
We can send.....but my Barracuda Spam filter says it is refusing to accept connections... WTH?
0
 
zequestionerAuthor Commented:
Cool. thanks for the help. I will make sure everything is pointing to the new DC, double verify GC, disable GC on SBS, then run DC Promo on SBS.

Any ideas why exchange would be refusing connections now?
0
 
Share-ITCommented:
still sounds like DNS.

Can you rerun the DCdiag and post again?

What does spam filter point to for DNS?

0
 
zequestionerAuthor Commented:
it points to outside dns servers and does not use dns to resolve the mail server.

I get 192.168.x.x - connection refused.


If I use telnet from my desktop and point to the exchange server it does not open a connection.

telnet ExchangeIP  25   ..... times out.
0
 
zequestionerAuthor Commented:
No firewall is turned on in the exchange box.
0
 
Share-ITCommented:
do you have mcafee on your desktop? It closes port 25.

so is your Barracuda a hardware based solution? (not familiar with Barracuda).

Can you try to telnet from your exchange box to the spam filter?

if it accepts the connection, send a mail via telnet from your hub server..

helo
mail from: you:yourdomain.com
rcpt to: you@gmail.com
data
subject: my test
bla blah b;ah

.
quit
0
 
Share-ITCommented:
sorry...

mail from: you@yourdomain.com
0
 
zequestionerAuthor Commented:
For some reason the Microsoft Exchange Transport service had crashed and was 'stopped'. Turned it back on and we are now able to send email, however, there are now messages in the outbound queue stating 'Message EXCHSVR\Unreachable\67xx cannot be routed to 1 recipients.

Unreachable queue on server EXCHSVR has more than one entry.
0
 
zequestionerAuthor Commented:
for some reason, the existing send connector that we've had all along just didn't seem to be working. also would not let me change the authentication to 'none' - so I created a new send connector with 'no' authentication and configured the barracuda to allow relay from exchange. All seems to be working now, what a hell of a morning.
0
 
Share-ITCommented:
where are they sending to? the old exchange server?
0
 
Share-ITCommented:
oops - didn't refresh before posting. :(

So - now it all working, just remember that before you demote the original SBS server, be sure to switch it off BEFORE demoting to ensure all is well. if, after a few hours, even a day or 2, it all good - then demote it.

Go grab a coffee to celebrate! :)
0
 
Share-ITCommented:
you'll have to switch it back on before you actually run the dcpromo demotion obviously.
0
 
zequestionerAuthor Commented:
ok, so you're saying as a test run... simply shutdown the sbs server and see if things work or break. Fix anything that breaks as we should now be able to operate independently of SBS. Then, follow the instructions for removing it. (Unchecking/Disabling Global Catalog on SBS, running dcpromo, shutdown it down.) Then relax and have a homebrew.
0
 
zequestionerAuthor Commented:
PS, is there a time limit for removing sbs from the network? Is it OK if I wait until the weekend to do these things?
0
 
zequestionerAuthor Commented:
CRAP!

So, I've transferred all 5 FSMO roles, etc. but couldn't get the sbs box to allow dcpromo to complete. It kep saying it could not find the other domain. Even though I could ping domain.local and get replies from the new DC. So, i used the dcpromo /force command and now I can't log into any other computers b/c it says it cannot contact the domain controller. All dns records are pointing at the new DC. I am wondering if I need to be patient and allow dns to propagate, etc. but It's a small network.  Here's a DC diag from the new DC - I went ahead and turned off the sbs box, since the forced dcpromo removed AD, it is no longer a domain controller or a member of the domain. I can connect to AD on the new box, but i have to specifically tell it to 'connect to a domain controller' before it shows me the site info. Exchange will not connect to AD now either. Any help would be greatly appreciated.
Directory Server Diagnosis


Performing initial setup:

   * Identified AD Forest. 
   Ldap search capabality attribute search failed on server BRAINSTATE1, return

   value = 81
   Got error while checking if the DC is using FRS or DFSR. Error:

   Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail

   because of this error. 

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\BRAINSTATE8

      Starting test: Connectivity

         ......................... BRAINSTATE8 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\BRAINSTATE8

      Starting test: Advertising

         ......................... BRAINSTATE8 passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... BRAINSTATE8 passed test FrsEvent

      Starting test: DFSREvent

         ......................... BRAINSTATE8 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... BRAINSTATE8 passed test SysVolCheck

      Starting test: KccEvent

         ......................... BRAINSTATE8 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... BRAINSTATE8 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... BRAINSTATE8 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... BRAINSTATE8 passed test NCSecDesc

      Starting test: NetLogons

         ......................... BRAINSTATE8 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... BRAINSTATE8 passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,BRAINSTATE8] A recent replication attempt failed:

            From BRAINSTATE1 to BRAINSTATE8

            Naming Context: DC=ForestDnsZones,DC=brainstate,DC=local

            The replication generated an error (1256):

            The remote system is not available. For information about network troubleshooting, see Windows Help.

            

            The failure occurred at 2011-04-10 01:48:51.

            The last success occurred at 2011-04-10 00:48:51.

            1 failures have occurred since the last success.

         [BRAINSTATE1] DsBindWithSpnEx() failed with error 1722,

         The RPC server is unavailable..
         [Replications Check,BRAINSTATE8] A recent replication attempt failed:

            From BRAINSTATE1 to BRAINSTATE8

            Naming Context: DC=DomainDnsZones,DC=brainstate,DC=local

            The replication generated an error (1256):

            The remote system is not available. For information about network troubleshooting, see Windows Help.

            

            The failure occurred at 2011-04-10 01:48:51.

            The last success occurred at 2011-04-10 01:02:34.

            1 failures have occurred since the last success.

         [Replications Check,BRAINSTATE8] A recent replication attempt failed:

            From BRAINSTATE1 to BRAINSTATE8

            Naming Context: CN=Schema,CN=Configuration,DC=brainstate,DC=local

            The replication generated an error (1753):

            There are no more endpoints available from the endpoint mapper.

            The failure occurred at 2011-04-10 01:48:51.

            The last success occurred at 2011-04-10 00:48:51.

            1 failures have occurred since the last success.

            The directory on BRAINSTATE1 is in the process.

            of starting up or shutting down, and is not available.

            Verify machine is not hung during boot.

         [Replications Check,BRAINSTATE8] A recent replication attempt failed:

            From BRAINSTATE1 to BRAINSTATE8

            Naming Context: CN=Configuration,DC=brainstate,DC=local

            The replication generated an error (1753):

            There are no more endpoints available from the endpoint mapper.

            The failure occurred at 2011-04-10 01:48:51.

            The last success occurred at 2011-04-10 00:48:51.

            1 failures have occurred since the last success.

            The directory on BRAINSTATE1 is in the process.

            of starting up or shutting down, and is not available.

            Verify machine is not hung during boot.

         [Replications Check,BRAINSTATE8] A recent replication attempt failed:

            From BRAINSTATE1 to BRAINSTATE8

            Naming Context: DC=brainstate,DC=local

            The replication generated an error (1753):

            There are no more endpoints available from the endpoint mapper.

            The failure occurred at 2011-04-10 01:48:51.

            The last success occurred at 2011-04-10 01:16:51.

            1 failures have occurred since the last success.

            The directory on BRAINSTATE1 is in the process.

            of starting up or shutting down, and is not available.

            Verify machine is not hung during boot.

         ......................... BRAINSTATE8 failed test Replications

      Starting test: RidManager

         ......................... BRAINSTATE8 passed test RidManager

      Starting test: Services

         ......................... BRAINSTATE8 passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/10/2011   01:36:10

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/10/2011   01:41:12

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/10/2011   01:46:14

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/10/2011   01:51:16

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/10/2011   01:56:19

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/10/2011   02:01:21

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x0000041E

            Time Generated: 04/10/2011   02:06:22

            Event String:

            The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.

         An error event occurred.  EventID: 0x00000422

            Time Generated: 04/10/2011   02:11:23

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\brainstate.local\SysVol\brainstate.local\Policies\{7CF1D96A-5226-4A83-AC66-B0EC4C90213E}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 


         An error event occurred.  EventID: 0x00000422

            Time Generated: 04/10/2011   02:16:23

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\brainstate.local\SysVol\brainstate.local\Policies\{7CF1D96A-5226-4A83-AC66-B0EC4C90213E}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 


         An error event occurred.  EventID: 0x00000422

            Time Generated: 04/10/2011   02:21:24

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\brainstate.local\SysVol\brainstate.local\Policies\{7CF1D96A-5226-4A83-AC66-B0EC4C90213E}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 


         An error event occurred.  EventID: 0x00000422

            Time Generated: 04/10/2011   02:26:24

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\brainstate.local\SysVol\brainstate.local\Policies\{7CF1D96A-5226-4A83-AC66-B0EC4C90213E}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 


         An error event occurred.  EventID: 0x00000422

            Time Generated: 04/10/2011   02:31:25

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\brainstate.local\SysVol\brainstate.local\Policies\{7CF1D96A-5226-4A83-AC66-B0EC4C90213E}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: 


         ......................... BRAINSTATE8 failed test SystemLog

      Starting test: VerifyReferences

         ......................... BRAINSTATE8 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : brainstate

      Starting test: CheckSDRefDom

         ......................... brainstate passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... brainstate passed test CrossRefValidation

   
   Running enterprise tests on : brainstate.local

      Starting test: LocatorCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.


But when I look under the main site, and tcp I see the GC record for the new domain controller.. I deleted the one for the old one too.

Open in new window

0
 
Firmin FrederickSenior IT ConsultantCommented:
diagnostic still shows replication attempts with your now offline SBS box you need to remove those links.

/administration tools/active directory sites and services/sites/default first site/servers/server name/ntds

whilst there you can verify global catalogue role is enabled for "Brainstates"

the diag did not show any problem with the roles so it may be a case of needing to run metadata cleanup.

I know it has been mentioned before but under pressure and stress it's easy to miss things so double check primary DNS on your DC IS itself.  For the purpose of testing turn off all your firewall services on your exchange box and your DC.  You may need to add many exceptions to your DC to allow proper functionality - you can prove this by simply turning off windows firewall.

If you need help with creating custom exceptions let me know.

Again go through DNS and cleanup references to your SBS box.
0
 
Share-ITCommented:
The good news is things generally look healthy.

Things to do...

1. Go into Active Directory Sites & Services and double check that BRAINSTATES8 is definately a GC. This can be seen by expanding Default-first-site-name and clicking on servers.

2. Check that the GC records in DNS do actually point to the right server names and that those names point to the right ip addresses.

3. Whilst in there, see if BRAINSTATES1 is still in there as a DC/GC

4. Assuming that BRAINSTATES8 is the ONLY DC/DNS server on the network, make sure that all PCs, Servers, etc, point to it for DNS.

5. Disable the firewall on the DC (we can make exceptions later if necessary)

6. Run dcdiag from the exchange server pointing to the dc "DCDIAG /S:BRAINSTATES8" see if all is well.

7. As you had to do a forced dcpromo, there will still be references to that server in the Directory so you will need to do a metadata cleanup. It's simple enough but make sure you read through properly and understand as you can do considerable damage if you do it wrong. Make sure you have a system state backup of the DC. Here's a nice, easy to follow guide to get rid of that old DC once and for all...

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Let me know how you get on.


0
 
Firmin FrederickSenior IT ConsultantCommented:
ah great minds thinking alike :)
0
 
Share-ITCommented:
Indeed! :)

Oh and i've been meaning to say, if BRAINSTATES8 is the ONLY DC, make another one ASAP!
0
 
zequestionerAuthor Commented:
After an expensive call with Microsoft they discovered that our domain controller had stopped advertising itself as a domain controller. It advertised GC and other roles, but not DC. (and was the only DC in the domain.) once this was fixed, everything else followed suite.
0
 
Firmin FrederickSenior IT ConsultantCommented:
Son of a b*tch!  I just checked your DC diag post and yes:

Starting test: Advertising

         Warning: DsGetDcName returned information for

         \\brainstate1.brainstate.local, when we were trying to reach

         BRAINSTATE8.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... BRAINSTATE8 failed test Advertising

Sorry dude it was right there in the first line it didn't even click :(
0
 
zequestionerAuthor Commented:
Got a message for being abandoned... tons of great info here, but i''ll let EE decide who gets points.
0
 
Share-ITConnect With a Mentor Commented:
I agree - keeps it simple.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.