Solved

Domain controller issues - appears synced but not working properly

Posted on 2013-05-29
6
190 Views
Last Modified: 2013-06-09
Hi

I have 2 domain controllers which appears to be synced. Repadmin show there are no sync issues at all.

However, whenever I turn off one domain controller (DC1), I basically can't log into my Exchange mailbox. It keeps asking for a password.

Any advice on how I go about troubleshooting this problem? Thank you.
0
Comment
Question by:dave558
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39206466
This could just be Exchange being Exchange.
When a DC goes away, Exchange doesn't go looking for another DC for anywhere up to 35 minutes. It just sits there and throws errors.
Also, Exchange will only use global catalog domain controllers.
If you have to shutdown the domain controller then restart the Exchange services so that Exchange uses another DC.

Simon.
0
 

Expert Comment

by:ceepaulw
ID: 39206499
I assume it works OK when you bring down DC2.  Does DC2 have the Global Catalog?  Do you have a multi-domain system?  Are the DCs at the same site?

One good start is to run DCDIAG on each DC and make sure the output is what you expect.
0
 

Author Comment

by:dave558
ID: 39206506
Seems some OU are missing on the second DC, possible somethings corrupt on it. Might just reinstall a DC and replicate data over.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:dave558
ID: 39206552
Found these errors here:

Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.


     Starting test: Replications

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=ForestDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            47 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            DC=DomainDnsZones,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:35.

            56 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Schema,CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-03-27 09:56:34.

            45 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context:

            CN=Configuration,DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 10:55:56.

            The last success occurred at 2013-05-30 10:26:22.

            1 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.

         [Replications Check,HITECH-DC-01] A recent replication attempt failed:

            From HITECH-DC-02 to HITECH-DC-01

            Naming Context: DC=hitech,DC=vision-network,DC=info

            The replication generated an error (8456):

            The source server is currently rejecting replication requests.

            The failure occurred at 2013-05-30 11:40:30.

            The last success occurred at 2013-03-27 10:13:25.

            70 failures have occurred since the last success.

            Replication has been explicitly disabled through the server

            options.
0
 

Accepted Solution

by:
dave558 earned 0 total points
ID: 39220766
Figured problem out, turns out to be a USN Rollback issue as I've restored system from backup.

Here's a few guides that helped me:
Troubleshooting AD Replication error 8456 or 8457: "The source | destination server is currently rejecting replication requests": http://support.microsoft.com/kb/2023007
USN Rollback issues: http://support.microsoft.com/kb/875495

Resolved issue by replicating data over to a new AD domain controller and forcefully removed failed DC from the domain: http://support.microsoft.com/kb/332199

Demotion of a DC requires the meta-data to be removed from AD which can simply be done via the "Users and Computers" snap-in on Server 2008 R2. Previous version will require a more complex procedure to remove traces of the demoted server.
0
 

Author Closing Comment

by:dave558
ID: 39232766
Found cause and fixed problem.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question