?
Solved

Domain controller issues - appears synced but not working properly

Posted on 2013-05-29
6
Medium Priority
?
193 Views
Last Modified: 2013-06-09
Hi

I have 2 domain controllers which appears to be synced. Repadmin show there are no sync issues at all.

However, whenever I turn off one domain controller (DC1), I basically can't log into my Exchange mailbox. It keeps asking for a password.

Any advice on how I go about troubleshooting this problem? Thank you.
0
Comment
Question by:dave558
  • 4
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39206466
This could just be Exchange being Exchange.
When a DC goes away, Exchange doesn't go looking for another DC for anywhere up to 35 minutes. It just sits there and throws errors.
Also, Exchange will only use global catalog domain controllers.
If you have to shutdown the domain controller then restart the Exchange services so that Exchange uses another DC.

Simon.
0
 

Expert Comment

by:ceepaulw
ID: 39206499
I assume it works OK when you bring down DC2.  Does DC2 have the Global Catalog?  Do you have a multi-domain system?  Are the DCs at the same site?

One good start is to run DCDIAG on each DC and make sure the output is what you expect.
0
 

Author Comment

by:dave558
ID: 39206506
Seems some OU are missing on the second DC, possible somethings corrupt on it. Might just reinstall a DC and replicate data over.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 

Author Comment

by:dave558
ID: 39206552
Found these errors here:

Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.


     Starting test: Replications

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=ForestDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            47 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=DomainDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            56 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Schema,CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:34.

            45 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-05-30 10:26:22.

            1 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context: DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 11:40:30.

            The last success occurred at 2013-03-27 10:13:25.

            70 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.
0
 

Accepted Solution

by:
dave558 earned 0 total points
ID: 39220766
Figured problem out, turns out to be a USN Rollback issue as I've restored system from backup.

Here's a few guides that helped me:
Troubleshooting AD Replication error 8456 or 8457: "The source | destination server is currently rejecting replication requests": http://support.microsoft.com/kb/2023007
USN Rollback issues: http://support.microsoft.com/kb/875495

Resolved issue by replicating data over to a new AD domain controller and forcefully removed failed DC from the domain: http://support.microsoft.com/kb/332199

Demotion of a DC requires the meta-data to be removed from AD which can simply be done via the "Users and Computers" snap-in on Server 2008 R2. Previous version will require a more complex procedure to remove traces of the demoted server.
0
 

Author Closing Comment

by:dave558
ID: 39232766
Found cause and fixed problem.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question