[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange Server 2 Domain Controllers, 1 Domain

Posted on 2011-10-18
16
Medium Priority
?
225 Views
Last Modified: 2012-05-12
I am working on installing a second domain controller in our environment as a backup to our current domain controller.  Our current environment is one domain controller and one (separate) exchange server.  I am putting up a second domain controller so that if we were to lose the first it would not render our email server useless.  I installed active directory and added it to the current domain.  I also installed DNS, WINS (made it a replication partner) and DHCP (separate address pool on same subnet) on this second server.  I set my DNS settings on the exchange server to use the first Domain Controller as the primary and the backup as the secondary.  I tested this and it seemed to work fine.  However I tested a "disaster" scenario by removing the first domain controller network cable to see if the exchange server would proceed to continue to function using the second controller.  This did not work (probably for obvious reasons I am overlooking).  Prior to this new configuration the exchange server DNS settings used the first domain controller as the primary DNS server and the internet gateway device as the secondary.

Any ideas on why the new settings are not working?
0
Comment
Question by:R_M_Ron
  • 9
  • 5
  • 2
16 Comments
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 36990412
Exchange server will always query for the domain controllers and list it based on site.  Also, if one DC goes down, it may take few minutes for exchange continue to work using the alternate domain controller. you can try a reboot of the exchange server so that at the time of startup, it will identify the available DC.

In between, which version of exchange you are using?

Shaba
0
 
LVL 14

Expert Comment

by:Shabarinath Ramadasan
ID: 36990415
More over, its important that  you made your second domain control as a Global Catalouge. Exchange require atleast  one GC to be available to work.
0
 

Author Comment

by:R_M_Ron
ID: 36990418
I am running Exchange 2007.  I am double checking the GC setting now.  Also read the following on
http://forums.msexchange.org/m_1800452907/mpage_1/key_/tm.htm#1800452907  (which I am going to look into);

"To fix the SACL right problem here is what you need to follow:

1. open default domain controller security policy on adsrv2.
2. expand local policies and then "user rights management"
3. look at manage auditing and security log.
4. Here you need to have "Exchange enterprise servers" (if E2k3 exists) and "Exchange Servers" group. If not add them.

If there is a group policy applied on this dc make sure it is not remvoing this permission. Once replication completes you should see the SACL right set in the next run of AD discovery by MSExchangeSA. "
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:R_M_Ron
ID: 36990454
The DC wasn't a Global Catalouge so I set this but it still doesn't pick it up.  Going to restart the server now and see if this helps.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36990459
Before you make any changes, can you run this from the second DC and First DC

start > run > cmd
dcdiag /v /e /TEST:DNS > c:\dc1.txt

and similarly dc2.txt

check DNS

Also run this from the second DC
start > run > cmd
netdomin /query fsmo
0
 

Author Comment

by:R_M_Ron
ID: 36990529
dc1 output summary

  Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: rmc-chi.local
               rmc-DC01                     PASS WARN FAIL FAIL PASS FAIL n/a  
               rmc-dc02                     PASS PASS PASS FAIL PASS PASS n/a  
         

dc2 summary


         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: rmc-chi.local
               rmc-DC01                     PASS WARN FAIL FAIL PASS FAIL n/a  
               rmc-dc02                     PASS PASS PASS FAIL PASS PASS n/a
0
 

Author Comment

by:R_M_Ron
ID: 36990539
netdomin /query fsmo returns the owner of rmc-dc01 for all rows on both servers
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36990554
Can you CTRL+F for error in both the dc1 and dc2 text files.

If it's DNS issues with resoling ldap with root-servers ignore.
Copy paste non Root-Hints related errors here.

For all you know, as Shaba said - Exchange needs a restart.

thanks
0
 

Author Comment

by:R_M_Ron
ID: 36990566
I am going to check back in morning (running out of steam) thanks for the help tonight, I will finish tomorrow and post back.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 36990585
Thanks
0
 

Author Comment

by:R_M_Ron
ID: 36997758
back at it (night job).  I reviewed the errors and the only consistent error I see is:


                        Warning: DNS server: 14ecb2.DOMAINi.local. IP: <Unavailable> Failure:Missing glue A record
                        [Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]


I also restarted and still have same problems (i.e. exchange will not run without dc1 being online even though dc2 is accepting logins and running all services)
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 2000 total points
ID: 36999428
run dcdiag /fix from commandline
0
 

Author Comment

by:R_M_Ron
ID: 37003823
on DC2 the errors mostly clear but not on DC1?



               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain:
               rmc-DC01                     PASS WARN FAIL FAIL PASS FAIL n/a  
               rmc-dc02                     PASS PASS PASS FAIL PASS PASS n/a  
         
         .........................  failed test DNS
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 37003931
There should be a report before the summary.
Can you copy paste that here.
0
 

Author Comment

by:R_M_Ron
ID: 37004005

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine rmc-DC01, is a DC.
   * Connecting to directory service on server rmc-DC01.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 2 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site\RMC-DC01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... RMC-DC01 passed test Connectivity
   
   Testing server: Default-First-Site\RMC-DC02
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... RMC-DC02 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site\RMC-DC01
      Test omitted by user request: Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: Advertising
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: RidManager
      Test omitted by user request: MachineAccount
      Test omitted by user request: Services
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: frssysvol
      Test omitted by user request: frsevent
      Test omitted by user request: kccevent
      Test omitted by user request: systemlog
      Test omitted by user request: VerifyReplicas
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError
   
   Testing server: Default-First-Site\RMC-DC02
      Test omitted by user request: Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: Advertising
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: RidManager
      Test omitted by user request: MachineAccount
      Test omitted by user request: Services
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: frssysvol
      Test omitted by user request: frsevent
      Test omitted by user request: kccevent
      Test omitted by user request: systemlog
      Test omitted by user request: VerifyReplicas
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : TAPI3Directory
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : Schema
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : Configuration
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running partition tests on : rmc-chi
      Test omitted by user request: CrossRefValidation
      Test omitted by user request: CheckSDRefDom
   
   Running enterprise tests on : rmc-chi.local
      Test omitted by user request: Intersite
      Test omitted by user request: FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: rmc-DC01.rmc-chi.local
            Domain: rmc-chi.local

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Enterprise Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] VMware Accelerated AMD PCNet Adapter:
                     MAC address is 00:0C:29:0F:26:3E
                     IP address is static
                     IP address: 10.12.1.13
                     DNS servers:
                        10.12.1.13 (<name unavailable>) [Valid]
                        Warning: 10.12.1.40 (<name unavailable>) [Invalid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     10.12.1.40 (<name unavailable>) [Invalid]
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: b.root-servers.net. IP: 128.9.0.107 [Valid]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: l.root-servers.net. IP: 198.32.64.12 [Valid]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: rmc-chi.local.
                     Delegated domain name: _msdcs.rmc-chi.local.
                        Warning: DNS server: consulti-14ecb2.rmc-chi.local. IP: <Unavailable> Failure:Missing glue A record
                        [Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
                 
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone rmc-chi.local.
                  Test record _dcdiag_test_record added successfully in zone rmc-chi.local.
                  Test record _dcdiag_test_record deleted successfully in zone rmc-chi.local.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000009] VMware Accelerated AMD PCNet Adapter:
                     Matching A record found at DNS server 10.12.1.13:
                     rmc-DC01.rmc-chi.local

                     Matching CNAME record found at DNS server 10.12.1.13:
                     89ad0f04-c761-49a8-a0bf-ed28648b6a92._msdcs.rmc-chi.local

                     Matching DC SRV record found at DNS server 10.12.1.13:
                     _ldap._tcp.dc._msdcs.rmc-chi.local

                     Matching GC SRV record found at DNS server 10.12.1.13:
                     _ldap._tcp.gc._msdcs.rmc-chi.local

                     Matching PDC SRV record found at DNS server 10.12.1.13:
                     _ldap._tcp.pdc._msdcs.rmc-chi.local

                     Error: Missing A record at DNS server 10.12.1.40 :
                     rmc-DC01.rmc-chi.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error: Missing CNAME record at DNS server 10.12.1.40 :
                     89ad0f04-c761-49a8-a0bf-ed28648b6a92._msdcs.rmc-chi.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error: Missing DC SRV record at DNS server 10.12.1.40 :
                     _ldap._tcp.dc._msdcs.rmc-chi.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error: Missing GC SRV record at DNS server 10.12.1.40 :
                     _ldap._tcp.gc._msdcs.rmc-chi.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error: Missing PDC SRV record at DNS server 10.12.1.40 :
                     _ldap._tcp.pdc._msdcs.rmc-chi.local
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
               Error: Record registrations cannot be found for all the network adapters
         
           
            DC: rmc-dc02.rmc-chi.local
            Domain: rmc-chi.local

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Enterprise Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:0C:29:AF:6C:47
                     IP address is static
                     IP address: 10.12.1.14
                     DNS servers:
                        10.12.1.13 (<name unavailable>) [Valid]
                        10.12.1.14 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: b.root-servers.net. IP: 128.9.0.107 [Valid]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: l.root-servers.net. IP: 198.32.64.12 [Valid]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: rmc-chi.local.
                     Delegated domain name: _msdcs.rmc-chi.local.
                        Warning: DNS server: consulti-14ecb2.rmc-chi.local. IP: <Unavailable> Failure:Missing glue A record
                        [Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
                 
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone rmc-chi.local.
                  Test record _dcdiag_test_record added successfully in zone rmc-chi.local.
                  Test record _dcdiag_test_record deleted successfully in zone rmc-chi.local.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.12.1.13:
                     rmc-dc02.rmc-chi.local

                     Matching CNAME record found at DNS server 10.12.1.13:
                     d7ce43ac-a526-4d0c-b838-6a204c150050._msdcs.rmc-chi.local

                     Matching DC SRV record found at DNS server 10.12.1.13:
                     _ldap._tcp.dc._msdcs.rmc-chi.local

                     Matching GC SRV record found at DNS server 10.12.1.13:
                     _ldap._tcp.gc._msdcs.rmc-chi.local

         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 10.12.1.40 (<name unavailable>)
               2 test failures on this DNS server
               This is a valid DNS server
               Name resolution is not functional. _ldap._tcp.rmc-chi.local. failed on the DNS server 10.12.1.40
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               
            DNS server: 202.12.27.33 (m.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 199.7.83.42 (l.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 198.32.64.12 (l.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.228.79.201 (b.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 128.9.0.107 (b.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 128.63.2.53 (h.root-servers.net.)
               All tests passed on this DNS server
               This is a valid DNS server
               
            DNS server: 10.12.1.14 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 10.12.1.13 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: rmc-chi.local
               rmc-DC01                     PASS WARN FAIL FAIL PASS FAIL n/a  
               rmc-dc02                     PASS PASS PASS FAIL PASS PASS n/a  
         
         ......................... rmc-chi.local failed test DNS
0
 

Author Comment

by:R_M_Ron
ID: 37004028
I dropped the invalid address (.40) and looking better but still one fail


                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: rmc-chi.local
               rmc-DC01                     PASS PASS PASS FAIL PASS PASS n/a  
               rmc-dc02                     PASS PASS PASS FAIL PASS PASS n/a  
         
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question