Solved

Exchange routing group not working

Posted on 2013-01-21
9
543 Views
Last Modified: 2013-01-26
I had a working environment with exchange 2003on a 2003 server and exchange 2010 on a 2008 R2 server and a bidirectional routing group in between.
I was in the process of migrating mailboxes from 2003 to 2010, when suddenly one of the mailbox migrations failed with an error message implying insufficient rights. I was investigating as people started complaining about missing inbound mail, and outbound mail stuck in the out-box.
I then found that the CA-service on my certificate server had stopped, and would not start again. (Bad key) Following advice from microsoft forums, I reinstalled CA, and restored the latest backup .  Now both exchange 2003 and 2010 starts without errors, but the routing group connector on the 2003 is stuck with 110 messages. The CA is used for the 2003 only.
Any clues?
0
Comment
Question by:MrWhy
  • 6
  • 2
9 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 300 total points
ID: 38801876
Delete the RGC from Exchange 2010 using remove-routinggroupconnect and recreate would be the first thing I would do. RGCs often fail for no reason.

Were you issusing SSL certificates from that CA? If so, and they are on either server you may have reissue them.

Simon.
0
 

Author Comment

by:MrWhy
ID: 38801899
Ok. One more symptom. When restarting the 2003 i get four errors in application events:
ID 8026: LDAP BINDwas unsuccessful on directory. x.y.y.no for distinguished name ". Directory returned error: (0x51) Server down.

ID 8260: Could not open LDAP Session to directory "x.y.y.no" using server credentials.
Cannot access address list configuration information. Make sure the server 'x.x.x.no' is running.

     (note about that one. x.x.x.no was my old domain controller, whis has been demoted and removed from the domain, then recreated with the same name as my CA, as suggested by microsoft. My new domain controller is v.y.z.no )

Then the same two ID's are repeated, but the information "DC=y,DC=z,DC=no is appended at the end.
0
 

Author Comment

by:MrWhy
ID: 38802009
Yes I issued SSL certificates for the old 2003 for owa. I bought one for the 2010.

I have trouble figuring out the syntax for remove-routinggroupconnect. I tried:

remove-routinggroupconnect -identity "xxx RGC"

I get the error "The operation couldn't be performed because "xxx RGC" matches multiple entries.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38802012
Those errors mean that Exchange cannot connect to the domain controller.
Check that the Exchange 2003 server hasn't been hard coded to a specific domain controller (Properties of the server in ESM) and the DNS settings are correct.

Simon.
0
 

Author Comment

by:MrWhy
ID: 38802054
In the server properties Under "Directory access" The new domain controller is listed three times, as type Config, dc and gc, if that was what you meant. Otherwise DNS seems correct.
0
 

Author Comment

by:MrWhy
ID: 38802066
Domain controller checked, and working. No errors in the logs.
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 200 total points
ID: 38802401
Are required service running on Exchange 2010 and on Exchange 2003 we need to have SMTP and Routing engine running

DO you see any error or warning events in Exchange 2003 ?
Is the Mail-flow affected both way ?
Hope the remote registry is also started ?

- Rancy
0
 

Assisted Solution

by:MrWhy
MrWhy earned 0 total points
ID: 38802675
Problem solved. This started with time getting out of sync on differen servers due to time drift in internal vmware clock. That caused servers to have momentarily wrong time during startup, causing kerberos to fail, and in turn disrupting various services on different servers. It affected the domain controller, the Certificate server, and both of the exchange servers in various ways, producing all kinds of errors. Mid startup, the servers synced their time to the domain controller, just to make the problem harder to spot.
After correcting that, and syncing time throughout the domain using "net time /set", I restored the CA, and recreated the routing groups like suggested above.
Hey presto. Everything works.

Thanks for the help guys.
0
 

Author Closing Comment

by:MrWhy
ID: 38821825
My comment describes the cause of the problem, and part of the solution not mentioned by the others. Their help were still invaluable.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2007 Standard Database Move 5 26
EXCH2013 IIS 4 14
check which file take most of the disk space 16 41
Exchange2013 MAPI 6 18
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question