?
Solved

Domain controller issues - appears synced but not working properly

Posted on 2013-05-29
6
Medium Priority
?
191 Views
Last Modified: 2013-06-09
Hi

I have 2 domain controllers which appears to be synced. Repadmin show there are no sync issues at all.

However, whenever I turn off one domain controller (DC1), I basically can't log into my Exchange mailbox. It keeps asking for a password.

Any advice on how I go about troubleshooting this problem? Thank you.
0
Comment
Question by:dave558
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39206466
This could just be Exchange being Exchange.
When a DC goes away, Exchange doesn't go looking for another DC for anywhere up to 35 minutes. It just sits there and throws errors.
Also, Exchange will only use global catalog domain controllers.
If you have to shutdown the domain controller then restart the Exchange services so that Exchange uses another DC.

Simon.
0
 

Expert Comment

by:ceepaulw
ID: 39206499
I assume it works OK when you bring down DC2.  Does DC2 have the Global Catalog?  Do you have a multi-domain system?  Are the DCs at the same site?

One good start is to run DCDIAG on each DC and make sure the output is what you expect.
0
 

Author Comment

by:dave558
ID: 39206506
Seems some OU are missing on the second DC, possible somethings corrupt on it. Might just reinstall a DC and replicate data over.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:dave558
ID: 39206552
Found these errors here:

Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.


     Starting test: Replications

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=ForestDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            47 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=DomainDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            56 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Schema,CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:34.

            45 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-05-30 10:26:22.

            1 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context: DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 11:40:30.

            The last success occurred at 2013-03-27 10:13:25.

            70 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.
0
 

Accepted Solution

by:
dave558 earned 0 total points
ID: 39220766
Figured problem out, turns out to be a USN Rollback issue as I've restored system from backup.

Here's a few guides that helped me:
Troubleshooting AD Replication error 8456 or 8457: "The source | destination server is currently rejecting replication requests": http://support.microsoft.com/kb/2023007
USN Rollback issues: http://support.microsoft.com/kb/875495

Resolved issue by replicating data over to a new AD domain controller and forcefully removed failed DC from the domain: http://support.microsoft.com/kb/332199

Demotion of a DC requires the meta-data to be removed from AD which can simply be done via the "Users and Computers" snap-in on Server 2008 R2. Previous version will require a more complex procedure to remove traces of the demoted server.
0
 

Author Closing Comment

by:dave558
ID: 39232766
Found cause and fixed problem.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question