Solved

Exchange 2010 DAG

Posted on 2014-02-25
18
477 Views
Last Modified: 2014-02-27
We have two Exchange (EX1 & EX2) running in DAG Group. EX1 is primary while EX2 is standby.

For any mailbox creation or removal , is it possible to create on EX2, or I always need to configure the setting on  EX1 ?

Tks
0
Comment
Question by:AXISHK
  • 9
  • 7
  • 2
18 Comments
 
LVL 3

Expert Comment

by:Krishna Patil
ID: 39885294
Your setup is like..
After DAG creation, we need to add exchangeDBs to DAG.
And in your case, you have added 'DBs' from EX1 to DAG for repplication.
But no DBs from EX2 are added to DAG for replication ?  correct me .

Answer
As ex2 have exchangeDB created/mounted on it, so you can surely create mailbox on it.
BUT, this mailbox wont be part of DAG.

And mailbox management creation/removal, you can do it from any node (EX1 or EX2)
0
 

Author Comment

by:AXISHK
ID: 39885321
Database has been created on EX2 after the DAG replication.

However, the mailbox created on EX2 can be viewed on EX1. Any idea ?
0
 
LVL 3

Expert Comment

by:Krishna Patil
ID: 39885345
the mailbox created on EX2 can be viewed on EX1. Any idea
--> By viewing, do you mean from exchange management console?
      From Exchange Management Console, we can view and modify properties of any user which is either hosted on exchange 2007 or exchange 2010 server.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39885747
Mailboxes on any exchange server can be viewed by means of EMC on any server or any management workstation where exchange tools are installed.

No matter you connect to which exchange server, you can edit \ create mailboxes, you will automatically connected to server that is having active (mounted) mailbox database copy in which you are creating mailbox.

The simple reason is you cannot modify passive (healthy) copy and active copy data get replicated to passive copy (one way replication)

Mahesh
0
 

Author Comment

by:AXISHK
ID: 39887640
It seems that the linkage between Exchange to AD has problem.

1. If I create a database (and specific a new AD account) on EX1, the mailbox is created. But I can't search it under EX2. In addition, the new created AD account can't search in my AD (Window 2003 & Window 2008).

2. If I create a AD account on AD first and then create a mailbox, the AD account can't be searched on EX1, but it can be shown under EX2. However, once the mailbox is created under EX2, the mailbox can't be viewed under EX01...

I have no idea. Any advice is appreciate.. Great Tks.
Exchange-DAG.png
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39888083
Have you checked that your AD replication is running correctly ?

Go to ad sites and services and manually trigger replication, is it working properly ?

Also please run below command on DCs for last successful replication
repadmin /showrepl

please post output here

Mahesh
0
 

Author Comment

by:AXISHK
ID: 39888162
I have already manually trigger the replication in this morning. Here is the output...

Like look there is a problem on DC. Is there a way to fix it ? Tks


D:\SUPPORT\TOOLS>repadmin /showrepl

repadmin running command /showrepl against server localhost

Default-First-Site-Name\abc01
DC Options: IS_GC
Site Options: (none)
DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
DC invocationID: afb83101-1088-4034-8f77-32cb160f16e7

==== INBOUND NEIGHBORS ======================================

DC=abc,DC=com,DC=hk
    uk\TESTDC001 via RPC
        DC object GUID: b0d311bf-7cc4-48a9-92f5-6e88d580e7a1
        Last attempt @ 2014-02-26 16:26:14 was successful.
    Default-First-Site-Name\DC02 via RPC
        DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82
        Last attempt @ 2014-02-26 16:31:19 failed, result 8456 (0x2108):
            Can't retrieve message string 8456 (0x2108), error 1815.
        799 consecutive failure(s).
        Last success @ 2014-02-21 09:44:16.

CN=Configuration,DC=abc,DC=com,DC=hk
    uk\TESTDC001 via RPC
        DC object GUID: b0d311bf-7cc4-48a9-92f5-6e88d580e7a1
        Last attempt @ 2014-02-26 16:26:14 was successful.
    Default-First-Site-Name\DC02 via RPC
        DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82
        Last attempt @ 2014-02-26 16:41:56 failed, result 8456 (0x2108):
            Can't retrieve message string 8456 (0x2108), error 1815.
        636 consecutive failure(s).
        Last success @ 2014-02-21 09:25:55.

CN=Schema,CN=Configuration,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\DC02 via RPC
        DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82
        Last attempt @ 2014-02-26 15:56:13 failed, result 8456 (0x2108):
            Can't retrieve message string 8456 (0x2108), error 1815.
        127 consecutive failure(s).
        Last success @ 2014-02-21 08:55:25.
    uk\TESTDC001 via RPC
        DC object GUID: b0d311bf-7cc4-48a9-92f5-6e88d580e7a1
        Last attempt @ 2014-02-26 16:26:14 was successful.

DC=DomainDnsZones,DC=abc,DC=com,DC=hk
    uk\TESTDC001 via RPC
        DC object GUID: b0d311bf-7cc4-48a9-92f5-6e88d580e7a1
        Last attempt @ 2014-02-26 16:26:14 was successful.
    Default-First-Site-Name\DC02 via RPC
        DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82
        Last attempt @ 2014-02-26 16:47:07 failed, result 8456 (0x2108):
            Can't retrieve message string 8456 (0x2108), error 1815.
        276 consecutive failure(s).
        Last success @ 2014-02-21 09:40:09.

DC=ForestDnsZones,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\DC02 via RPC
        DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82
        Last attempt @ 2014-02-26 15:56:13 failed, result 8456 (0x2108):
            Can't retrieve message string 8456 (0x2108), error 1815.
        127 consecutive failure(s).
        Last success @ 2014-02-21 08:55:25.
    uk\TESTDC001 via RPC
        DC object GUID: b0d311bf-7cc4-48a9-92f5-6e88d580e7a1
        Last attempt @ 2014-02-26 16:26:14 was successful.

Source: Default-First-Site-Name\DC02
******* 799 CONSECUTIVE FAILURES since 2014-02-21 09:44:16
Last error: 8456 (0x2108):
            Can't retrieve message string 8456 (0x2108), error 1815.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39888192
Have you tried triggering replication manually from Ad sites and services ?

Do you have any entries in AD for stale Dcs?
Run dcdiag /q on domain controllers for possible errors

You need to fix replication issues 1st, then it will resolve Exchange problem automatically

Check if your DNS records (NS and CNAME records) are correct and resolving correctly

Also run net share on DCs with cmd and check if you are able to view netlogon and Sysvol shares

also test below commands
dcdiag /test:replications
let me know the results please

Mahesh
0
 

Author Comment

by:AXISHK
ID: 39888215
abc01 is the DC holding the fsmo. Run the following on DC02 and generate the message.
"The destination server is currently rejecting replication requests."

For destination server, is it talking about ktl01 (holding the fsmo). ??

Tks


C:\SUPPORT\TOOLS>repadmin /showrepl

repadmin running command /showrepl against server localhost

Default-First-Site-Name\DC02
DC Options: IS_GC
Site Options: (none)
DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82
DC invocationID: 1c5bcb00-2bb6-496a-80c4-bdfce2a2f8d3

==== INBOUND NEIGHBORS ======================================

DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-26 17:39:17 was successful.

CN=Configuration,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-26 17:26:44 was successful.

CN=Schema,CN=Configuration,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-26 16:51:49 failed, result 8457 (0x2109):
            The destination server is currently rejecting replication requests.
        136 consecutive failure(s).
        Last success @ 2014-02-20 22:50:08.

DC=DomainDnsZones,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-26 17:38:56 failed, result 8606 (0x219e):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.
        980 consecutive failure(s).
        Last success @ 2014-02-20 23:06:01.

DC=ForestDnsZones,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-26 16:51:49 failed, result 8457 (0x2109):
            The destination server is currently rejecting replication requests.
        137 consecutive failure(s).
        Last success @ 2014-02-20 22:50:08.

Source: Default-First-Site-Name\abc01
******* 977 CONSECUTIVE FAILURES since 2014-02-20 23:06:01
Last error: 8606 (0x219e):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.
0
Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

 

Author Comment

by:AXISHK
ID: 39888221
Result running under DC02...


C:\SUPPORT\TOOLS>dcdiag/test:replications

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC02
      Starting test: Connectivity
         ......................... DC02 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC02
      Starting test: Replications
         [Replications Check,DC02] A recent replication attempt failed:
            From ABC01 to DC02
            Naming Context: DC=ForestDnsZones,DC=ABC,DC=com,DC=hk
            The replication generated an error (8457):
            The destination server is currently rejecting replication requests.
            The failure occurred at 2014-02-26 16:51:49.
            The last success occurred at 2014-02-20 22:50:08.
            137 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         [Replications Check,DC02] A recent replication attempt failed:
            From ABC01 to DC02
            Naming Context: DC=DomainDnsZones,DC=ABC,DC=com,DC=hk
            The replication generated an error (8606):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.
            The failure occurred at 2014-02-26 17:44:52.
            The last success occurred at 2014-02-20 23:06:01.
            981 failures have occurred since the last success.
         [Replications Check,DC02] A recent replication attempt failed:
            From ABC01 to DC02
            Naming Context: CN=Schema,CN=Configuration,DC=ABC,DC=com,DC=hk
            The replication generated an error (8457):
            The destination server is currently rejecting replication requests.
            The failure occurred at 2014-02-26 16:51:49.
            The last success occurred at 2014-02-20 22:50:08.
            136 failures have occurred since the last success.
            Replication has been explicitly disabled through the server options.

         [Replications Check,DC02] DsReplicaGetInfoW(PENDING_OPS) failed with er
ror 8453,
         Replication access was denied..
         ......................... DC02 failed test Replications

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : ABC

   Running enterprise tests on : ABC.com.hk

C:\SUPPORT\TOOLS>
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39888431
How many total Dcs do you have?

Your ADC (Non FSMO server) has lingering objects, hence server holding FSMO roles are rejecting replication request from him
Check event ID 1388, 1988, 2042 on PDC server in directory service event logs

If you create any objects on ADC2, it will not get replicated to server holding PDC server
You can test that.

1st you need to cleanup lingering objects on ADC2 and once you removed that then you need to run another command on PDC to enable replication with ADC2 server

ON PDC server:
Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator.
At a command prompt, type the following command, and then press ENTER:

repadmin /showrepl <PDCName>

In the top portion of the output, note the value in DC object GUID:

Now logon to ADC2 and open cmd with run as administrator
Enter below command:
repadmin /RemoveLingeringobjects localhost <guid of PDC found above> DC=abc,DC=com,DC=hk

The command will take some time. After finishing command check directory events log for event ID 1945

Now again run same command two to three times until it stop creating event ID 1945
probably you need to run command against every partition such as configuration, schema, domaindnszones and ForestDNSZones

Once you done that run same command on PDC server as below
repadmin /RemoveLingeringobjects localhost <guid of ADC2> DC=abc,DC=com,DC=hk

Now again run same command two to three times until it stop creating event ID 1945
probably you need to run command against every partition such as configuration, schema, domaindnszones and ForestDNSZones

Once you done that successfully, go to PDC server, open up cmd with run as administrator and enter below command
repadmin /regkey <localhost> +allowDivergent

Now try to manually replicate data from ADC2 to PDC and vice versa from AD sites and service, it should successful
Once that done successfully check if you are able to work with MS Exchange server correctly

Once replication is running properly you can run below command on PDC
repadmin /regkey <localhost> -allowDivergent

Then again check if replication is working properly.

Check below links for more info on above topics
http://technet.microsoft.com/en-us/library/cc949136(v=ws.10).aspx
https://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx
http://support.microsoft.com/kb/870695

Mahesh
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39888438
The alternate way to resolve problem is to demote ADc2 and repromote it, but if your PDC is also having lingering objects, your problem will resolve temporary and it will bounce back in some later time
0
 

Author Comment

by:AXISHK
ID: 39890866
Run on DC01 today but it doesn't show up the connection to DC02.. Hence, I can't write down the lingering object GUID for DC02..  (dc01 file)

However on my DC02, some message is come up (dc02 file). Should I write down the GUID on dc02 and try to remove the lingering object under dc01, Tks
DC01.txt
DC02.txt
0
 

Author Comment

by:AXISHK
ID: 39890903
After running the command on DC02, it still get the same error :..  Any idea ? Tks


C:\SUPPORT\TOOLS>repadmin /RemoveLingeringobjects localhost afb83101-1088-4034-8
f77-32cb160f16e7 DC=DomainDnsZones,DC=abc,DC=com,DC=hk
RemoveLingeringObjects sucessfull on localhost.


C:\SUPPORT\TOOLS>repadmin /showrepl

repadmin running command /showrepl against server localhost

Default-First-Site-Name\DC02
DC Options: IS_GC
Site Options: (none)
DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82
DC invocationID: 1c5bcb00-2bb6-496a-80c4-bdfce2a2f8d3

==== INBOUND NEIGHBORS ======================================

DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-27 11:42:56 was successful.

CN=Configuration,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-27 11:26:58 was successful.

CN=Schema,CN=Configuration,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-27 10:51:49 was successful.

DC=DomainDnsZones,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-27 11:39:39 failed, result 8606 (0x219e):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.
        1120 consecutive failure(s).
        Last success @ 2014-02-20 23:06:01.

DC=ForestDnsZones,DC=abc,DC=com,DC=hk
    Default-First-Site-Name\abc01 via RPC
        DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7
        Last attempt @ 2014-02-27 10:51:49 was successful.

Source: Default-First-Site-Name\abc01
******* 1120 CONSECUTIVE FAILURES since 2014-02-20 23:06:01
Last error: 8606 (0x219e):
            Insufficient attributes were given to create an object. This object
may not exist because it may have been deleted and already garbage collected.


C:\SUPPORT\TOOLS>
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 500 total points
ID: 39891233
I am able to locate GUID of both DCs

Default-First-Site-Name\abc01
DC Options: IS_GC
Site Options: (none)
DC object GUID: afb83101-1088-4034-8f77-32cb160f16e7

Default-First-Site-Name\DC02
DC Options: IS_GC
Site Options: (none)
DC object GUID: 448ef0bb-88c5-49a7-b6f4-20d920b10c82

Try to trigger replication manually from ad sites and services from dc2 to PDC..is it working, i guess it will not work

1st you need to run command on DC2 multiple times and need to observe event ID 1945 in directory service events
You need to traverse all directory partitions
For Ex: on DC2
repadmin /RemoveLingeringobjects localhost Guid_of_PDC_(abc01) dc=Domaindnszones,dc=domain,dc=com
repadmin /RemoveLingeringobjects localhost Guid_of_PDC_(abc01) dc=ForestDNSZones,dc=domain,dc=com
repadmin /RemoveLingeringobjects localhost Guid_of_PDC_(abc01) dc=configuration,dc=domain,dc=com
repadmin /RemoveLingeringobjects localhost Guid_of_PDC_(abc01) dc=domain,dc=com

Also run each commands above multiple times until it stop receiving event ID 1945 in directory services event logs

Now run same commands on PDC server (Abc01)
repadmin /RemoveLingeringobjects localhost Guid_ofDC2 dc=Domaindnszones,dc=domain,dc=com
repadmin /RemoveLingeringobjects localhost Guid_ofDC2 dc=ForestDNSZones,dc=domain,dc=com
repadmin /RemoveLingeringobjects localhost Guid_ofDC2 dc=configuration,dc=domain,dc=com
repadmin /RemoveLingeringobjects localhost Guid_ofDC2 dc=domain,dc=com

Also run each commands above multiple times until it stop receiving event ID 1945 in directory services event logs

Once you done that successfully, go to PDC server, open up cmd with run as administrator and enter below command
repadmin /regkey <localhost> +allowDivergent

Now try to manually replicate data from ADC2 to PDC and vice versa from AD sites and service, it should successful
Once that done successfully check if you are able to work with MS Exchange server correctly

Once replication is running properly you can run below command on PDC
repadmin /regkey <localhost> -allowDivergent

Then again check if replication is working properly.

Mahesh
0
 

Author Comment

by:AXISHK
ID: 39893978
I've requested that this question be closed as follows:

Accepted answer: 0 points for AXISHK's comment #a39890903

for the following reason:

Great Tks. I have depromo and promo the server and fix the problem.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39893882
I have already suggested demotion \ promotion of affected server in previous comment

But now have to checked that server for possible events of lingering objects ?

You need to check for event IDs 1388 OR 1988 OR 2042 in directory service event logs

Mahesh
0
 

Author Closing Comment

by:AXISHK
ID: 39893979
Sorry, I have put my comment without marking.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now