Solved

Server 2003 domain controller crashed now Exchange server is unavailable

Posted on 2013-05-16
37
682 Views
Last Modified: 2013-05-18
Hi Everyone,

Our server 2003 domain controller has crashed and now outlook can't connect to our exchange 2007 server. The exchange server boots and I can login to the server and open EMC and everything. We have 2 server 2008 domain controllers, I've manually pointed to another DC in EMC but still users cannot connect. We don't have another 2003 server in our domain. I've read that exchange 2007 requires a 2003 domain controller, can you guys confirm this and what are my options to getting connectivity back to the users?

Best,
Timur.
0
Comment
Question by:Tim_Mohamed
  • 18
  • 11
  • 6
  • +1
37 Comments
 
LVL 14

Expert Comment

by:Ben Hart
Comment Utility
Post any error event logs you have on the exchange server.
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
Are the client machines set to use the failed 2003 server as their DNS server?  Make sure it's nothing related to name resolution.
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
Also see if you can access mailboxes through OWA.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
No clients point to the failed DC for name resolution. I've attached the warning shown in the event logs, it shows not errors just warnings. All exchange related services have started its just connectivity.
Exchange-warning.PNG
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
No luck through owa as well
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
On your Exchange server can you do an nslookup and get the IP of GFCS-007.youdomain.local?
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
On the exchange server I can't get the information for GFCS-007 (The failed DC) but on a client machine I can get the data.
0
 
LVL 14

Expert Comment

by:Ben Hart
Comment Utility
Stupid question but, did you change the DNS settings in Windows on your Exchange server to point to the valid DNS server?
0
 
LVL 10

Assisted Solution

by:bigbigpig
bigbigpig earned 300 total points
Comment Utility
You need to either repair that failed DC or forcibly remove it from Active Directory using ntdsutil.  Use these articles for removing it from AD.

http://support.microsoft.com/kb/216498
http://www.petri.co.il/delete_failed_dcs_from_ad.htm#

Make sure your DNS settings on your Exchange server are pointing to valid servers.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
Yeah I did change the settings. I remember when I was setting up the exchange 2007 server I went through a document that said exchange 2007 looks for a 2003 dc (one has to be present within the domain) is this really the case?  and if so do i need to configure another ?
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
I don't think so... I skipped right over Exchange 2007 but this article provides DC requirements for Exchange 2007:
http://technet.microsoft.com/en-us/library/aa996719(v=exchg.80).aspx
0
 
LVL 14

Expert Comment

by:Ben Hart
Comment Utility
Mmm I don't remember seeing a requirement for a 2k3 dc.  But it seems you are correct: http://technet.microsoft.com/en-us/library/aa996719(v=exchg.80).aspx

But like Bigbig says you need to clean out all references of the failed DC before setting up a new one.
0
 
LVL 14

Expert Comment

by:Ben Hart
Comment Utility
ROFL @ bigbigpig.  you beat me by like 20 seconds :)
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
Ok guys I'm finished with the cleanup, what are my next steps?
0
 
LVL 14

Expert Comment

by:Ben Hart
Comment Utility
I'd believe setting up a new 2k3 R2 DC would be next.. point the Exchange server to it and maybe a reboot for giggles... although I have never had to go thru that myself.
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
Yeah reboot the exchange server.  If you still get the same error then there are still DNS records for the old server in there.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
Guys what do you make of this, it seems that the exchange server is now pointing to this DC which is a 2000 DC. Is there anyway to point it to another server (2008 R2), I've tried in EMC but the results are the same. it says here that the Provider service looks for a server 2003 or later DC, so 2008 R2 should work right?



Log Name:      Application
Source:        MSExchange ADAccess
Date:          5/16/2013 12:48:40 PM
Event ID:      2116
Task Category: Topology
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      exch-2007
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=756). The domain controller gfcs-004. is running Windows 5.0 (2195) (Unknown Service Pack). Exchange Active Directory Provider requires that domain controllers are running Windows Server 2003 Service Pack 1 or later versions of Windows.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange ADAccess" />
    <EventID Qualifiers="32772">2116</EventID>
    <Level>3</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-16T16:48:40.000Z" />
    <EventRecordID>443862</EventRecordID>
    <Channel>Application</Channel>
    <Computer>exch-2007</Computer>
    <Security />
  </System>
  <EventData>
    <Data>MSEXCHANGEADTOPOLOGYSERVICE.EXE</Data>
    <Data>756</Data>
    <Data>gfcs-004.</Data>
    <Data>5.0 (2195)</Data>
    <Data>(Unknown Service Pack)</Data>
  </EventData>
</Event>
0
 
LVL 10

Assisted Solution

by:bigbigpig
bigbigpig earned 300 total points
Comment Utility
Do you still have a 2000 DC or is that decommissioned??  If it's decommissioned you need to do the same steps to remove the metadata from AD.  Make sure all FSMO roles are held by servers that are operational and online.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Tim_Mohamed
Comment Utility
Nah its still online, why does exchange point to that and not the other DCs? all FSMO roles are held by the server 2008 R2 dc
0
 
LVL 10

Accepted Solution

by:
bigbigpig earned 300 total points
Comment Utility
I don't even have a test 2007 Exchange server so I can't verify this... but you can try to set static DC's and GC's:

http://support.microsoft.com/kb/2619379
http://social.technet.microsoft.com/Forums/en-US/exchangesvradmin/thread/e3aa8a2d-db97-4d11-bf15-0378d25846f0
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
I ran the command and it turns out that the server is already pointing to the 2008 DCs. I guess I'll have to install server 2003 and promote it. But will the exchange server automatically recognize it?
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
The output of this command shows it pointing to your 2008's for DC and GC?

Get-ExchangeServer –Identity <server_name> -Status | FL

I'd try to specifically exclude the 2000 DC before spending a lot of time building new DC's.  Check this for excluding specific DC's:

http://support.microsoft.com/kb/298879

Set-ExchangeServer -identity exch-2007.yourdomain.local -StaticExcludedDomainControllers:gfcs-004.yourdomain.local

And either reboot the E2K7 server or restart the exchange services.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
I excluded the 2000 domain controller and now I'm getting the following: gfcs-004 was our exchange 2000 server before the transition to 2007


Log Name:      Application
Source:        MSExchangeTransport
Date:          5/16/2013 4:13:21 PM
Event ID:      5020
Task Category: Routing
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      exch-2007.
Description:
The topology doesn't contain a route to Exchange 2000 Server or Exchange Server 2003 server gfcs-004.domain.local in Routing Group CN=first routing group,CN=Routing Groups,CN=first administrative group,CN=Administrative Groups,CN=FORESTRY,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=forestry,DC=gov,DC=gy in routing tables with the timestamp 5/16/2013 8:13:21 PM.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeTransport" />
    <EventID Qualifiers="32772">5020</EventID>
    <Level>3</Level>
    <Task>4</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-05-16T20:13:21.000Z" />
    <EventRecordID>444213</EventRecordID>
    <Channel>Application</Channel>
    <Computer>exch-2007.</Computer>
    <Security />
  </System>
  <EventData>
    <Data>gfcs-004.y</Data>
    <Data>CN=first routing group,CN=Routing Groups,CN=first administrative group,CN=Administrative Groups,CN=FORESTRY,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=x,DC=y,DC=z</Data>
    <Data>5/16/2013 8:13:21 PM</Data>
  </EventData>
</Event>
0
 
LVL 14

Assisted Solution

by:Ben Hart
Ben Hart earned 150 total points
Comment Utility
If your Exchange 2000 server is truly gone, like your old 2003 DC.. then it needs to be manually removed using ASDIedit like the DC was.

http://support.microsoft.com/default.aspx?kbid=307917
0
 
LVL 11

Assisted Solution

by:hecgomrec
hecgomrec earned 50 total points
Comment Utility
I'm sorry but I think the issue here was that the Exchange machine was not able to get any AD GC Server.

Promoting any active secondary DC to main DC with the GC role will fix the issue.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
All the other domain controllers are Global catalog servers
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
Our network is still running at a functional level of 2000. I can't remember much the exchange installation process and I can't seem to find the documentation for the install. But from reading the /prepareLegacyExchanePermission had to be run, could this be the reason that the exchange server is still looking for a win 2003 dc and not recognizing the 2008 dcs?
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
From the last Event Log message you posted it looks like it's OK with the DC's, the issue now is that it thinks there is an Exchange 2000 server out there.
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
There could only be on GC!!!!
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
well the old exchange 2000 server was running on GFCS-004 and i removed that when the installation of 2007 was completed. I can't find any trace of exchange on this server (GFCS-004).
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
you are correct hecgomrec, I've checked and all other dcs were showing GC in AD sites and services, I've only left one as GC now.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
I'm currently downloading Exchange 2007 update rollup 9 which allows exchange to work with 2008r2 domain controllers.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
Can you guys help me with the installation of exchange 2007 service pack 1
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
it turns out the exchange sp updates worked and the server no longer looks for a 2003 domain controller.
0
 
LVL 10

Expert Comment

by:bigbigpig
Comment Utility
Why SP1 instead of SP3?  You should keep your Exchange server current with service packs and hotfixes.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
Yeah its updated now.
0
 

Author Comment

by:Tim_Mohamed
Comment Utility
Thanks for all your help guys.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now