Solved

Domain controller issues - appears synced but not working properly

Posted on 2013-05-29
6
186 Views
Last Modified: 2013-06-09
Hi

I have 2 domain controllers which appears to be synced. Repadmin show there are no sync issues at all.

However, whenever I turn off one domain controller (DC1), I basically can't log into my Exchange mailbox. It keeps asking for a password.

Any advice on how I go about troubleshooting this problem? Thank you.
0
Comment
Question by:dave558
  • 4
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
This could just be Exchange being Exchange.
When a DC goes away, Exchange doesn't go looking for another DC for anywhere up to 35 minutes. It just sits there and throws errors.
Also, Exchange will only use global catalog domain controllers.
If you have to shutdown the domain controller then restart the Exchange services so that Exchange uses another DC.

Simon.
0
 

Expert Comment

by:ceepaulw
Comment Utility
I assume it works OK when you bring down DC2.  Does DC2 have the Global Catalog?  Do you have a multi-domain system?  Are the DCs at the same site?

One good start is to run DCDIAG on each DC and make sure the output is what you expect.
0
 

Author Comment

by:dave558
Comment Utility
Seems some OU are missing on the second DC, possible somethings corrupt on it. Might just reinstall a DC and replicate data over.
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:dave558
Comment Utility
Found these errors here:

Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.


     Starting test: Replications

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=ForestDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            47 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=DomainDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            56 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Schema,CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:34.

            45 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-05-30 10:26:22.

            1 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context: DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 11:40:30.

            The last success occurred at 2013-03-27 10:13:25.

            70 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.
0
 

Accepted Solution

by:
dave558 earned 0 total points
Comment Utility
Figured problem out, turns out to be a USN Rollback issue as I've restored system from backup.

Here's a few guides that helped me:
Troubleshooting AD Replication error 8456 or 8457: "The source | destination server is currently rejecting replication requests": http://support.microsoft.com/kb/2023007
USN Rollback issues: http://support.microsoft.com/kb/875495

Resolved issue by replicating data over to a new AD domain controller and forcefully removed failed DC from the domain: http://support.microsoft.com/kb/332199

Demotion of a DC requires the meta-data to be removed from AD which can simply be done via the "Users and Computers" snap-in on Server 2008 R2. Previous version will require a more complex procedure to remove traces of the demoted server.
0
 

Author Closing Comment

by:dave558
Comment Utility
Found cause and fixed problem.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now