Exchange routing group not working

I had a working environment with exchange 2003on a 2003 server and exchange 2010 on a 2008 R2 server and a bidirectional routing group in between.
I was in the process of migrating mailboxes from 2003 to 2010, when suddenly one of the mailbox migrations failed with an error message implying insufficient rights. I was investigating as people started complaining about missing inbound mail, and outbound mail stuck in the out-box.
I then found that the CA-service on my certificate server had stopped, and would not start again. (Bad key) Following advice from microsoft forums, I reinstalled CA, and restored the latest backup .  Now both exchange 2003 and 2010 starts without errors, but the routing group connector on the 2003 is stuck with 110 messages. The CA is used for the 2003 only.
Any clues?
MrWhyAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Delete the RGC from Exchange 2010 using remove-routinggroupconnect and recreate would be the first thing I would do. RGCs often fail for no reason.

Were you issusing SSL certificates from that CA? If so, and they are on either server you may have reissue them.

Simon.
0
 
MrWhyAuthor Commented:
Ok. One more symptom. When restarting the 2003 i get four errors in application events:
ID 8026: LDAP BINDwas unsuccessful on directory. x.y.y.no for distinguished name ". Directory returned error: (0x51) Server down.

ID 8260: Could not open LDAP Session to directory "x.y.y.no" using server credentials.
Cannot access address list configuration information. Make sure the server 'x.x.x.no' is running.

     (note about that one. x.x.x.no was my old domain controller, whis has been demoted and removed from the domain, then recreated with the same name as my CA, as suggested by microsoft. My new domain controller is v.y.z.no )

Then the same two ID's are repeated, but the information "DC=y,DC=z,DC=no is appended at the end.
0
 
MrWhyAuthor Commented:
Yes I issued SSL certificates for the old 2003 for owa. I bought one for the 2010.

I have trouble figuring out the syntax for remove-routinggroupconnect. I tried:

remove-routinggroupconnect -identity "xxx RGC"

I get the error "The operation couldn't be performed because "xxx RGC" matches multiple entries.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Simon Butler (Sembee)ConsultantCommented:
Those errors mean that Exchange cannot connect to the domain controller.
Check that the Exchange 2003 server hasn't been hard coded to a specific domain controller (Properties of the server in ESM) and the DNS settings are correct.

Simon.
0
 
MrWhyAuthor Commented:
In the server properties Under "Directory access" The new domain controller is listed three times, as type Config, dc and gc, if that was what you meant. Otherwise DNS seems correct.
0
 
MrWhyAuthor Commented:
Domain controller checked, and working. No errors in the logs.
0
 
Manpreet SIngh KhatraConnect With a Mentor Solutions Architect, Project LeadCommented:
Are required service running on Exchange 2010 and on Exchange 2003 we need to have SMTP and Routing engine running

DO you see any error or warning events in Exchange 2003 ?
Is the Mail-flow affected both way ?
Hope the remote registry is also started ?

- Rancy
0
 
MrWhyConnect With a Mentor Author Commented:
Problem solved. This started with time getting out of sync on differen servers due to time drift in internal vmware clock. That caused servers to have momentarily wrong time during startup, causing kerberos to fail, and in turn disrupting various services on different servers. It affected the domain controller, the Certificate server, and both of the exchange servers in various ways, producing all kinds of errors. Mid startup, the servers synced their time to the domain controller, just to make the problem harder to spot.
After correcting that, and syncing time throughout the domain using "net time /set", I restored the CA, and recreated the routing groups like suggested above.
Hey presto. Everything works.

Thanks for the help guys.
0
 
MrWhyAuthor Commented:
My comment describes the cause of the problem, and part of the solution not mentioned by the others. Their help were still invaluable.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.