Solved

Exchange AD Problems

Posted on 2014-01-22
8
294 Views
Last Modified: 2014-01-26
This was in a log file for which the process failed. Can anyone tell me what it means and more importantly how to fix it?

Incorrect Exchange AD Entry found, role property is not an integer, LDAP://CN=SERVER-EXCH,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=domain,DC=net, [System.Byte[]]

Open in new window

0
Comment
Question by:mohrk
  • 4
  • 3
8 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39802781
Without context it is hard to say.
When did you get that error?
What are the servers listed in the error? Live servers?

Simon.
0
 

Author Comment

by:mohrk
ID: 39803833
I am trying to use Server 2012 Essentials and the integrate On premise exchange 2013 feature. This is part of the log from the failure.

There were issues with the exchange server hardware and OS compatibility but finally the stars aligned and everything went well.

After the install some DNS changes needed to be made. I have had this as a sticking point before but essentially the idea is to have mail.domain.com and owa.domain.com reach the mail server internally and externally. The procedure was to add CNAME records with these aliases to DNS to achieve this. Not understanding DNS well enough I concluded that unless my domain is actually domain.com (it is not it is ad.domain.com) then I cant do this. The best I can do is mail.ad.domain.com and owa.ad.domain.com. I know there is something later on about forward lookup zones but I wanted to get each piece working correctly first.

The process that to lead me to the CNAME conclusion involved using nslookup and not getting the correct ip addresses returned. This caused me to look at the DNS for SERVER-EXCH (yes it is live) and because it had a timestamp rather than "static" I thought (through Google guessing) that the permissions to SELF using the machines AD account where missing and there was also an orphaned SID. The owner should also have been SYSTEM and not this orphaned SID. Since the DC was the same throughout the failed and finally successful Exchange install I concluded that this caused the orphaned SID/permission issue. I removed the SID, added SERVER-EXCH$ with permissions of ALL.

One of the last pieces to this puzzle was to integrate Exchange with the Essentials role on the DC which failed with 3 entries similar lines in the log file as above. The "wizard" only says it cannot find exchange. This is a block to continuing.

Thanks for looking at this.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39803982
You have over complicated the DNS configuration.
To use the same host name internally and externally you need to a single host name split DNS. This is where you only configure DNS for the exact hosts.

http://semb.ee/splitdns

Pretty much mandatory with Exchange deployments now.

I think the problem is that you removed the SID and has broken things. Is Exchange working correctly at the moment?

Simon.
0
 

Author Comment

by:mohrk
ID: 39804088
Exchange is working inbound and outbound and the IIS sites are working internally have not done all of the configuration for the split DNS and reverse proxy yet. Taking the server down reverting to my mail queueing service where NEW mail is available online for a few weeks. Cleaning up DNS and AD and re-installing OS and Exchange is within the realm but not desirable.

The DC would be problematic though.

Thank you
0
 

Author Comment

by:mohrk
ID: 39804204
Thank you for the link. It is most helpful and I believe covers all of the things I have come across.

A question that does not seemed to be addressed; when you say for the zone replacement need assessment I see "You want to replace the MX records with a host using a different name." I have a spam service so my MX records point to them which forward on to me.

Thanks
0
 
LVL 9

Expert Comment

by:Marshal Hubs
ID: 39805546
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39806218
On a split DNS system, the MX records are for INTERNAL use only. Therefore the fact that you are using an external provider doesn't really mean anything.
For example, if you have a service or application inside that can only use DNS records for delivery, you don't really want the email going out to come back in again.

Simon.
0
 

Author Comment

by:mohrk
ID: 39810646
Marshalhubs,

No help at the link. It is from 2011 and says nothing about the essentials connecting to on premise Exchange. Sorry if the question was too vague.

Simon,

I think your split DNS is what I needed but not in time to save my AD. Each revolution I learn another piece of this really complicated setup. Hardware issues have intervened at the moment.

Thanks
0

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Resolve DNS query failed errors for Exchange
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now