Solved

DC/Exchange 2007 2103 error USN Roll Backup

Posted on 2013-12-12
12
335 Views
Last Modified: 2014-02-20
I have a exchange 2007 sp1 server that is also a DC.  I just started at this company and had to reboot the exchange server for patching and after the reboot the net logon service paused with an error 2103 in the DS event log.  

I have read that is because of possible snapshot roll back on the server ( and yes it is a VM on VMware ) that has caused the USN values to get miss aligned and that I will have to force demote it from the domain to a member server.  

Ok fair enough but what about exchange?  Has anyone done this with out migrating exchange to an new server with any success?
0
Comment
Question by:adminjam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 15

Expert Comment

by:jrhelgeson
ID: 39715043
Shut down and disable all exchange services, then do the demote/promote.
Once that is complete, then you'll re-enable all the services, restart the server as a DC with Exchange and you'll be good to go.
0
 
LVL 15

Expert Comment

by:achaldave
ID: 39715111
If you don't have additional domain controller, I don't think demoting/promoting will work, demoting DC which is also exchange server is not supported but may work for you if you have additional healthy domain controller. Do you have most recent backup? try restoring active directory from backup.

http://technet.microsoft.com/en-us/library/bb727048.aspx

You mentioned snapshot roll back, check if you can revert back to most recent snapshot.
0
 

Author Comment

by:adminjam
ID: 39715132
Yes I have 3 DC's.  2 other 2003R2 DC's  and the one that I am having the problem with.  Also the domain and forest level is at 2000 native.  And the mail server is not an owner of any FSMO roles.

So it is that easy just turn off exchange and demote ( cleanup meta data ), promote and restart exchange?

 Seems too easy....
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 15

Expert Comment

by:achaldave
ID: 39715194
Since it is production, I wont recommend it without moving exchange to another server.

If you can't move to another server and can afford longer down time, how about this, perform full exchange backup, shutdown the server, remove domain controller by cleaning up meta data, reinstall OS on the server, and reinstall exchange with recoverserver switch and restore mailboxes.

http://msexchangeteam.in/metadata-cleanup-unsuccessful-demotion-of-domain-controller/

http://www.msexchange.org/articles-tutorials/exchange-server-2007/high-availability-recovery/Recovering-Exchange-2007-Server-RecoverServer-switch.html

http://technet.microsoft.com/en-us/library/bb123496(v=exchg.80).aspx
0
 

Author Comment

by:adminjam
ID: 39715258
I think the best option is to migrate to a new exchange server.  I have to do a migration to either 2010 or 2013 exchange anyway so this is the perfect time to get that done.

Would you happen to have any links for the migration to a new exchange server?
0
 
LVL 15

Accepted Solution

by:
jrhelgeson earned 500 total points
ID: 39715314
So it is that easy just turn off exchange and demote ( cleanup meta data ), promote and restart exchange?

Yes, it is that easy. I've done it before.

Joel
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39716264
If you are on Exchange 2007 SP1, then the first thing you will have to do is install Exchange 2007 SP3 plus the latest rollup. For speed it might be best to just install a new Exchange 2007 SP3 member server somewhere and move the users across. Exchange 2013 is quite different and its deployment shouldn't be rushed. Plus you must have all clients on Outlook 2007 and higher - if you have anything older then you cannot do the deployment.

Simon.
0
 

Author Comment

by:adminjam
ID: 39717361
I am going to give Joel's solution a try in my lag to see what the results are.  I will post my results.

Thanks Simon,  moving to a new 2007 server is probably better than rushing the exchange upgrades.
0
 

Author Comment

by:adminjam
ID: 39744059
Well I have tested a few things:

1) forced removed the exchange server, did the metadata cleanup/dns clenaup and repromoted the server to a DC.  It all worked fine except that there was some DC errors in the replication pointing to the old SPN of the exchange server before I readded it.  

2) Force removed the server from the domain and just added it back as a member server to the domain and added the server account to the 'exchange servers' and 'exchange install domain servers ' groups.  This worked with out a hitch and exchange came back on line with no errors.  

So out of the 2 methods #2 is what I want as I do not need that server as a DC.  So my question is?  Is there anything that I am missing on method 2?  

I have seen where people say there are bindings from exchange's perspective if it is installed on a DC but from my testing there seems to be no issues.  

Comments?

Thanks,
Jerry
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39747734
If you have removed everything that is DC related then it should be fine. Although personally I don't like leaving repaired machines in production, so if it was my network I would build a replacement Exchange server (as a member server) and migrate all data across. That ensures the server is good and will not cause problems further on.

Simon.
0
 

Author Comment

by:adminjam
ID: 39875527
Just FYI I have done this in production with no issues.  

Joel's process worked like a charm.

Thanks for everyone's help!

Jerry
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question