Link to home
Start Free TrialLog in
Avatar of Albert Widjaja
Albert WidjajaFlag for Australia

asked on

Error 4999 and 1015 logged in HT/CAS server (2010 SP3) ?

Hi,

Why is that I get the following event logged daily when no problem seems happneing on my Exchange Server 2010 SP3 ?

Log Name:      Application
Source:        MSExchange Common
Date:          31/03/2015 8:29:49 AM
Event ID:      4999
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Watson report about to be sent for process id: 2956, with parameters: E12, c-RTL-AMD64, 14.03.0123.004, M.E.RpcClientAccess.Service, M.E.Data.Directory, M.E.D.D.ConnectionPoolManager.GetConnection, M.E.D.Directory.ADTransientException, 52f3, 14.03.0123.003.
ErrorReportingEnabled: False

and this one


Log Name:      Application
Source:        MSExchange ActiveSync
Date:          31/03/2015 8:29:46 AM
Event ID:      1015
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Exchange ActiveSync experienced a transient error when it tried to access Active Directory information for user "". Exchange ActiveSync will try this operation again. If this event occurs infrequently, no user action is required. If this event occurs frequently, check network connectivity using PING or PingPath. You can also use the Test-ActiveSyncConnectivity cmdlet. More information:

Microsoft.Exchange.Data.Directory.ADTransientException: Could not find any available Global Catalog in forest domain.com.
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, ADObjectId domain, String serverName, Int32 port, NetworkCredential credential)
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType)
   at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, String optionalBaseDN, ADObjectId& rootId, ADScope scope)
   at Microsoft.Exchange.Data.Directory.ADGenericReader.GetNextResultCollection(Type controlType, DirectoryControl& responseControl)
   at Microsoft.Exchange.Data.Directory.ADPagedReader`1.GetNextResultCollection()
   at Microsoft.Exchange.Data.Directory.ADGenericPagedReader`1.GetNextPage()
   at Microsoft.Exchange.Data.Directory.ADGenericPagedReader`1.<GetEnumerator>d__4.MoveNext()
   at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.FindMiniRecipientBySid[TResult](SecurityIdentifier sId, IEnumerable`1 properties)
   at Microsoft.Exchange.AirSync.ADUserCache.TryGetADUserFromSid(Byte[] sid, ProtocolLogger logger, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.AirSyncUser.InitializeFromLoggedOnIdentity()
   at Microsoft.Exchange.AirSync.AirSyncUser..ctor(AirSyncContext context)
   at Microsoft.Exchange.AirSyncHandler.Handler.BeginProcessRequest(HttpContext httpContext, AsyncCallback asyncCallback, Object extraData)

Thanks.
SOLUTION
Avatar of Guy Lidbetter
Guy Lidbetter
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Albert Widjaja

ASKER

ok, so how do I find the blank user account ?
Yes, it is occurring regularly,

There are also some of these events below logged consistently, but there is no issue at all in email flow.

Log Name:      Application
Source:        MSExchange ADAccess
Date:          31/03/2015 8:29:33 AM
Event ID:      2103
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1552). All Global Catalog Servers in forest DC=domain,DC=com are not responding:
PRODDC01-VM.domain.com
PRODDC02-VM.domain.com
PRODDC03-VM.domain.com
SITE1DC.domain.com
SITE2DC.domain.com  
HQDC01.domain.com


Log Name:      Application
Source:        MSExchange ADAccess
Date:          31/03/2015 8:29:33 AM
Event ID:      2104
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1552). Topology discovery failed due to LDAP_SERVER_DOWN error. This event can occur if one or more domain controllers in local or all domains become unreachable because of network problems. Use the Ping or PathPing command line tools to test network connectivity to local domain controllers. Run the Dcdiag command line tool to test domain controller health.

Log Name:      Application
Source:        MSExchange ADAccess
Date:          31/03/2015 8:29:33 AM
Event ID:      2122
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1552). Error 0x8007267c occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain domain.com
 The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.com
 For information about correcting this problem, Type in the command line:
hh tcpip.chm::/sag_DNS_tro_dcLocator_messageA.htm
Do you have a GC in your exchange site?
yes all of the Domain Controllers are GC as per the "netdom query dc" command.
But are they in the same site?
no, they're on different sites.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@Guy: Disable Chimney on all Windows 2008 servers (DC & Exchange).

does it requires / cause any outage ?
No it does not.
ok, so I guess, I will need to run these two lines of code:

netsh int tcp set global chimney=disabled
netsh int tcp set global rss=disabled

Open in new window


for all of my Exchange Server 2010 SP3 VMs Mailbox, HT & CAS servers.

is that correct ?
Thats right.

But make sure you run dcdiag as well.
From the exchange server, I never knew that command is possible in exchange server (all roles) ?

Is there any risk running it during the business hours ?
Yes from any client server, you run DCDIAG and specify a target DC like so...

dcdiag /s:<domaincontroller>

Open in new window


There shouldn't be any reason not to run it in business hours... the tests are not system intensive.
ok, so it is relatively safe no outage or disruptions to the mail flow I suppose.

Do I need to run those command for each Domain controllers that is returned by the command "netdom query dc" or just the AD in the same AD Site retruned by "nltest /dsgetsite" command ?
Hi There,

Actually I'd run it against any of the servers that are returned from the nslookup of the ldap servers in the domain as these are the servers that exchange should be contacting.