Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain controller issues - appears synced but not working properly

Posted on 2013-05-29
6
Medium Priority
?
192 Views
Last Modified: 2013-06-09
Hi

I have 2 domain controllers which appears to be synced. Repadmin show there are no sync issues at all.

However, whenever I turn off one domain controller (DC1), I basically can't log into my Exchange mailbox. It keeps asking for a password.

Any advice on how I go about troubleshooting this problem? Thank you.
0
Comment
Question by:dave558
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39206466
This could just be Exchange being Exchange.
When a DC goes away, Exchange doesn't go looking for another DC for anywhere up to 35 minutes. It just sits there and throws errors.
Also, Exchange will only use global catalog domain controllers.
If you have to shutdown the domain controller then restart the Exchange services so that Exchange uses another DC.

Simon.
0
 

Expert Comment

by:ceepaulw
ID: 39206499
I assume it works OK when you bring down DC2.  Does DC2 have the Global Catalog?  Do you have a multi-domain system?  Are the DCs at the same site?

One good start is to run DCDIAG on each DC and make sure the output is what you expect.
0
 

Author Comment

by:dave558
ID: 39206506
Seems some OU are missing on the second DC, possible somethings corrupt on it. Might just reinstall a DC and replicate data over.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:dave558
ID: 39206552
Found these errors here:

Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.


     Starting test: Replications

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=ForestDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            47 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=DomainDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            56 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Schema,CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:34.

            45 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-05-30 10:26:22.

            1 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context: DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 11:40:30.

            The last success occurred at 2013-03-27 10:13:25.

            70 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.
0
 

Accepted Solution

by:
dave558 earned 0 total points
ID: 39220766
Figured problem out, turns out to be a USN Rollback issue as I've restored system from backup.

Here's a few guides that helped me:
Troubleshooting AD Replication error 8456 or 8457: "The source | destination server is currently rejecting replication requests": http://support.microsoft.com/kb/2023007
USN Rollback issues: http://support.microsoft.com/kb/875495

Resolved issue by replicating data over to a new AD domain controller and forcefully removed failed DC from the domain: http://support.microsoft.com/kb/332199

Demotion of a DC requires the meta-data to be removed from AD which can simply be done via the "Users and Computers" snap-in on Server 2008 R2. Previous version will require a more complex procedure to remove traces of the demoted server.
0
 

Author Closing Comment

by:dave558
ID: 39232766
Found cause and fixed problem.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question