Exchange 2013 Dependency on PDC
Hello Experts!
I had some interesting situation with exchange environment last night when my PDC (DC1) went down making Exchange 2013 inoperable.
I went digging for logs, specifically Event ID 2080 described here:
https://support.microsoft.com/en-us/kb/316300
and here
https://exchangemaster.wordpress.com/2012/11/16/quick-method-to-diagnose-exchange-active-directory-access-service-startup-issues/
On my exchange servers I see following when both DC are up:
Process Microsoft.Exchange.Directo
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc1.company.local CDG 1 7 7 1 0 1 1 7 1
DC2.company.local CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
And this when PDC was down:
Process Microsoft.Exchange.Directo
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc1.company.local CDG 1 0 0 0 0 0 0 0 0
DC2.company.local CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
Now this is what I see on exchange servers:
This is mail1, which holds primary database
[PS] C:\Windows\system32>get-ad
RunspaceId : 61ebb6d6-feb1-41bb-8a5f-98
DefaultGlobalCatalog : dc1.company.local
PreferredDomainControllerF
DefaultConfigurationDomain
DefaultPreferredDomainCont
UserPreferredGlobalCatalog
UserPreferredConfiguration
UserPreferredDomainControl
DefaultConfigurationDomain
DefaultGlobalCatalogsForAl
RecipientViewRoot : company.local
ViewEntireForest : False
WriteOriginatingChangeTime
WriteShadowProperties : False
Identity :
IsValid : True
ObjectState : New
This is mail2, which holds replica database
PS] C:\Windows\system32>get-ad
RunspaceId : 31d28d7c-b411-4dfa-89f0-aa
DefaultGlobalCatalog : DC2. company.local
PreferredDomainControllerF
DefaultConfigurationDomain
DefaultPreferredDomainCont
UserPreferredGlobalCatalog
UserPreferredConfiguration
UserPreferredDomainControl
DefaultConfigurationDomain
DefaultGlobalCatalogsForAl
RecipientViewRoot : company.local
ViewEntireForest : False
WriteOriginatingChangeTime
WriteShadowProperties : False
Identity :
IsValid : True
ObjectState : New
Clearly there is a difference. In my opinion some of the parameters should contain both domain controllers. I believe this is the primary reason for exchange to malfunction when PDC went down.
I also ran get-domaincontroller on both exchange servers and all report both domain controllers.
Anyone would comment on possible fix? Or perhaps it’s design flaw?
Any comment will be highly appreciated.
Thank you.
I had some interesting situation with exchange environment last night when my PDC (DC1) went down making Exchange 2013 inoperable.
I went digging for logs, specifically Event ID 2080 described here:
https://support.microsoft.com/en-us/kb/316300
and here
https://exchangemaster.wordpress.com/2012/11/16/quick-method-to-diagnose-exchange-active-directory-access-service-startup-issues/
On my exchange servers I see following when both DC are up:
Process Microsoft.Exchange.Directo
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc1.company.local CDG 1 7 7 1 0 1 1 7 1
DC2.company.local CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
And this when PDC was down:
Process Microsoft.Exchange.Directo
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc1.company.local CDG 1 0 0 0 0 0 0 0 0
DC2.company.local CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
Now this is what I see on exchange servers:
This is mail1, which holds primary database
[PS] C:\Windows\system32>get-ad
RunspaceId : 61ebb6d6-feb1-41bb-8a5f-98
DefaultGlobalCatalog : dc1.company.local
PreferredDomainControllerF
DefaultConfigurationDomain
DefaultPreferredDomainCont
UserPreferredGlobalCatalog
UserPreferredConfiguration
UserPreferredDomainControl
DefaultConfigurationDomain
DefaultGlobalCatalogsForAl
RecipientViewRoot : company.local
ViewEntireForest : False
WriteOriginatingChangeTime
WriteShadowProperties : False
Identity :
IsValid : True
ObjectState : New
This is mail2, which holds replica database
PS] C:\Windows\system32>get-ad
RunspaceId : 31d28d7c-b411-4dfa-89f0-aa
DefaultGlobalCatalog : DC2. company.local
PreferredDomainControllerF
DefaultConfigurationDomain
DefaultPreferredDomainCont
UserPreferredGlobalCatalog
UserPreferredConfiguration
UserPreferredDomainControl
DefaultConfigurationDomain
DefaultGlobalCatalogsForAl
RecipientViewRoot : company.local
ViewEntireForest : False
WriteOriginatingChangeTime
WriteShadowProperties : False
Identity :
IsValid : True
ObjectState : New
Clearly there is a difference. In my opinion some of the parameters should contain both domain controllers. I believe this is the primary reason for exchange to malfunction when PDC went down.
I also ran get-domaincontroller on both exchange servers and all report both domain controllers.
Anyone would comment on possible fix? Or perhaps it’s design flaw?
Any comment will be highly appreciated.
Thank you.
ASKER
The weird thing is that PDC was down close to 7 hours during the night and Exchange was dead all that time.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I actually just looked at the exchange DNS tabs before I read your comment and indeed DC2 was not there. It contained decommissioned DNS server winch was removed few weeks ago.
I will try to simulate the issue to see if GC is picked up correctly.
Thank you
I will try to simulate the issue to see if GC is picked up correctly.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That is exactly what I thought.
This would be the exact reason why Exchange would stop working.
You should have no issues when the dns is set on the secondary.
Will.
This would be the exact reason why Exchange would stop working.
You should have no issues when the dns is set on the secondary.
Will.
Not sure why my answer wasn't just accepted as the answer, as I had stated all of the above.
Will.
Will.
However what it is very poor on doing is moving to another GC when the one it is using goes away.
Basically it sits there for anything up to 30 minutes before it starts to look for another DC. (MS claim it should be 10-15 minutes, but 30 is most common). Therefore if the DC that Exchange is using goes away, restart the Exchange AD topology service which will force Exchange to look for another GC/DC and it should be fine. Do nothing and Exchange is basically dead in the water.
This isn't new - it has been the same since AD came along.
Simon.