Error 4999 and 1015 logged in HT/CAS server (2010 SP3) ?

Hi,

Why is that I get the following event logged daily when no problem seems happneing on my Exchange Server 2010 SP3 ?

Log Name:      Application
Source:        MSExchange Common
Date:          31/03/2015 8:29:49 AM
Event ID:      4999
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Watson report about to be sent for process id: 2956, with parameters: E12, c-RTL-AMD64, 14.03.0123.004, M.E.RpcClientAccess.Service, M.E.Data.Directory, M.E.D.D.ConnectionPoolManager.GetConnection, M.E.D.Directory.ADTransientException, 52f3, 14.03.0123.003.
ErrorReportingEnabled: False

and this one


Log Name:      Application
Source:        MSExchange ActiveSync
Date:          31/03/2015 8:29:46 AM
Event ID:      1015
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Exchange ActiveSync experienced a transient error when it tried to access Active Directory information for user "". Exchange ActiveSync will try this operation again. If this event occurs infrequently, no user action is required. If this event occurs frequently, check network connectivity using PING or PingPath. You can also use the Test-ActiveSyncConnectivity cmdlet. More information:

Microsoft.Exchange.Data.Directory.ADTransientException: Could not find any available Global Catalog in forest domain.com.
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, ADObjectId domain, String serverName, Int32 port, NetworkCredential credential)
   at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType)
   at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, String optionalBaseDN, ADObjectId& rootId, ADScope scope)
   at Microsoft.Exchange.Data.Directory.ADGenericReader.GetNextResultCollection(Type controlType, DirectoryControl& responseControl)
   at Microsoft.Exchange.Data.Directory.ADPagedReader`1.GetNextResultCollection()
   at Microsoft.Exchange.Data.Directory.ADGenericPagedReader`1.GetNextPage()
   at Microsoft.Exchange.Data.Directory.ADGenericPagedReader`1.<GetEnumerator>d__4.MoveNext()
   at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.FindMiniRecipientBySid[TResult](SecurityIdentifier sId, IEnumerable`1 properties)
   at Microsoft.Exchange.AirSync.ADUserCache.TryGetADUserFromSid(Byte[] sid, ProtocolLogger logger, Boolean shouldUseBudget)
   at Microsoft.Exchange.AirSync.AirSyncUser.InitializeFromLoggedOnIdentity()
   at Microsoft.Exchange.AirSync.AirSyncUser..ctor(AirSyncContext context)
   at Microsoft.Exchange.AirSyncHandler.Handler.BeginProcessRequest(HttpContext httpContext, AsyncCallback asyncCallback, Object extraData)

Thanks.
LVL 10
Senior IT System EngineerIT ProfessionalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Guy LidbetterCommented:
for the first error..... it looks like a diagnostic monitoring issue... does it occur around the same time every day?

For the second error have you removed the user account details?

tried to access Active Directory information for user "".

Otherwise you have an activesync device on your estate that is trying to sync with no attached user details.
I would check the IIS logs on PRODHTCAS01-VM.domain.com to see if you can pin the culprit.
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, so how do I find the blank user account ?
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
Yes, it is occurring regularly,

There are also some of these events below logged consistently, but there is no issue at all in email flow.

Log Name:      Application
Source:        MSExchange ADAccess
Date:          31/03/2015 8:29:33 AM
Event ID:      2103
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1552). All Global Catalog Servers in forest DC=domain,DC=com are not responding:
PRODDC01-VM.domain.com
PRODDC02-VM.domain.com
PRODDC03-VM.domain.com
SITE1DC.domain.com
SITE2DC.domain.com  
HQDC01.domain.com


Log Name:      Application
Source:        MSExchange ADAccess
Date:          31/03/2015 8:29:33 AM
Event ID:      2104
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1552). Topology discovery failed due to LDAP_SERVER_DOWN error. This event can occur if one or more domain controllers in local or all domains become unreachable because of network problems. Use the Ping or PathPing command line tools to test network connectivity to local domain controllers. Run the Dcdiag command line tool to test domain controller health.

Log Name:      Application
Source:        MSExchange ADAccess
Date:          31/03/2015 8:29:33 AM
Event ID:      2122
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PRODHTCAS01-VM.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1552). Error 0x8007267c occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain domain.com
 The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.com
 For information about correcting this problem, Type in the command line:
hh tcpip.chm::/sag_DNS_tro_dcLocator_messageA.htm
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Guy LidbetterCommented:
Do you have a GC in your exchange site?
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
yes all of the Domain Controllers are GC as per the "netdom query dc" command.
0
Guy LidbetterCommented:
But are they in the same site?
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
no, they're on different sites.
0
Guy LidbetterCommented:
Hi There,

Sorry I haven't replied in  a while...

A couple of things... first and most important is that exchange is having an issue finding GC servers for its LDAP queries.

Run nslookup on the affected exchange server and do following (Where Domain.com is you domain name)
Set Type=SRV
_ldap._tcp.dc._msdcs.domain.com

Open in new window



Ensure all the registered Domain controllers are returned

PRODDC01-VM.domain.com
PRODDC02-VM.domain.com
PRODDC03-VM.domain.com
SITE1DC.domain.com
SITE2DC.domain.com  
HQDC01.domain.com


Please run the DCDIAG on both a DC and an Exchange server. If errors exist, try to resolve the network issue first.

Ensure "Exchange Enterprise Servers","Exchange Servers","Administrators" are assigned Manage auditing and security log right(Default Controller Security Policy->Local Policies->User Rights Assignment ).

Consider the following:
Disable Chimney on all Windows 2008 servers (DC & Exchange).

Information about the TCP Chimney Offload, Receive Side Scaling, and Network Direct Memory Access features in Windows Server 2008

http://support.microsoft.com/kb/951037

Regards

Guy
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerIT ProfessionalAuthor Commented:
@Guy: Disable Chimney on all Windows 2008 servers (DC & Exchange).

does it requires / cause any outage ?
0
Guy LidbetterCommented:
No it does not.
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, so I guess, I will need to run these two lines of code:

netsh int tcp set global chimney=disabled
netsh int tcp set global rss=disabled

Open in new window


for all of my Exchange Server 2010 SP3 VMs Mailbox, HT & CAS servers.

is that correct ?
0
Guy LidbetterCommented:
Thats right.

But make sure you run dcdiag as well.
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
From the exchange server, I never knew that command is possible in exchange server (all roles) ?

Is there any risk running it during the business hours ?
0
Guy LidbetterCommented:
Yes from any client server, you run DCDIAG and specify a target DC like so...

dcdiag /s:<domaincontroller>

Open in new window


There shouldn't be any reason not to run it in business hours... the tests are not system intensive.
0
Senior IT System EngineerIT ProfessionalAuthor Commented:
ok, so it is relatively safe no outage or disruptions to the mail flow I suppose.

Do I need to run those command for each Domain controllers that is returned by the command "netdom query dc" or just the AD in the same AD Site retruned by "nltest /dsgetsite" command ?
0
Guy LidbetterCommented:
Hi There,

Actually I'd run it against any of the servers that are returned from the nslookup of the ldap servers in the domain as these are the servers that exchange should be contacting.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.