Exchange AD Problems

Posted on 2014-01-22
Last Modified: 2014-01-26
This was in a log file for which the process failed. Can anyone tell me what it means and more importantly how to fix it?

Incorrect Exchange AD Entry found, role property is not an integer, LDAP://CN=SERVER-EXCH,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ad,DC=domain,DC=net, [System.Byte[]]

Open in new window

Question by:mohrk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39802781
Without context it is hard to say.
When did you get that error?
What are the servers listed in the error? Live servers?


Author Comment

ID: 39803833
I am trying to use Server 2012 Essentials and the integrate On premise exchange 2013 feature. This is part of the log from the failure.

There were issues with the exchange server hardware and OS compatibility but finally the stars aligned and everything went well.

After the install some DNS changes needed to be made. I have had this as a sticking point before but essentially the idea is to have and reach the mail server internally and externally. The procedure was to add CNAME records with these aliases to DNS to achieve this. Not understanding DNS well enough I concluded that unless my domain is actually (it is not it is then I cant do this. The best I can do is and I know there is something later on about forward lookup zones but I wanted to get each piece working correctly first.

The process that to lead me to the CNAME conclusion involved using nslookup and not getting the correct ip addresses returned. This caused me to look at the DNS for SERVER-EXCH (yes it is live) and because it had a timestamp rather than "static" I thought (through Google guessing) that the permissions to SELF using the machines AD account where missing and there was also an orphaned SID. The owner should also have been SYSTEM and not this orphaned SID. Since the DC was the same throughout the failed and finally successful Exchange install I concluded that this caused the orphaned SID/permission issue. I removed the SID, added SERVER-EXCH$ with permissions of ALL.

One of the last pieces to this puzzle was to integrate Exchange with the Essentials role on the DC which failed with 3 entries similar lines in the log file as above. The "wizard" only says it cannot find exchange. This is a block to continuing.

Thanks for looking at this.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 39803982
You have over complicated the DNS configuration.
To use the same host name internally and externally you need to a single host name split DNS. This is where you only configure DNS for the exact hosts.

Pretty much mandatory with Exchange deployments now.

I think the problem is that you removed the SID and has broken things. Is Exchange working correctly at the moment?

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.


Author Comment

ID: 39804088
Exchange is working inbound and outbound and the IIS sites are working internally have not done all of the configuration for the split DNS and reverse proxy yet. Taking the server down reverting to my mail queueing service where NEW mail is available online for a few weeks. Cleaning up DNS and AD and re-installing OS and Exchange is within the realm but not desirable.

The DC would be problematic though.

Thank you

Author Comment

ID: 39804204
Thank you for the link. It is most helpful and I believe covers all of the things I have come across.

A question that does not seemed to be addressed; when you say for the zone replacement need assessment I see "You want to replace the MX records with a host using a different name." I have a spam service so my MX records point to them which forward on to me.

LVL 10

Expert Comment

by:Marshal Hubs
ID: 39805546
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39806218
On a split DNS system, the MX records are for INTERNAL use only. Therefore the fact that you are using an external provider doesn't really mean anything.
For example, if you have a service or application inside that can only use DNS records for delivery, you don't really want the email going out to come back in again.


Author Comment

ID: 39810646

No help at the link. It is from 2011 and says nothing about the essentials connecting to on premise Exchange. Sorry if the question was too vague.


I think your split DNS is what I needed but not in time to save my AD. Each revolution I learn another piece of this really complicated setup. Hardware issues have intervened at the moment.


Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question