Exchange 2010 Errors 9385 8365 & 6006 After DCPROMO Please hep

Exchange 2010 RU9 Enterprise 64 bit
Windows 2008 R2 64 Bit server
Windows 2003 Active Directory Domain

Have two Windows 2003 DC servers ran DCPROMO on my DC1
DC1 had no FSMO roles
DC2 is a global catalog server
After DCPROMO completed I restarted DC1

On my Exchange server Windows 2008 I started getting theses errors over and over.

These are the errors

Log Name:      Application
Source:        MSExchangeAL
Date:          6/18/2015 11:00:58 AM
Event ID:      8365
Task Category: Service Control
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV025.FQDN.com
Description:
Could not read the Security Descriptor from the Exchange Server object with guid=6DE5D6233AB5444EB53DB3C57500C713. As a result the Proxy Address Calculation RPC interface will not be available on the local Exchange Server.  
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeAL" />
    <EventID Qualifiers="49152">8365</EventID>
    <Level>2</Level>
    <Task>4</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-18T15:00:58.000000000Z" />
    <EventRecordID>195636</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV025.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>6DE5D6233AB5444EB53DB3C57500C713</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        MSExchangeSA
Date:          6/18/2015 11:00:58 AM
Event ID:      9385
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERV025.FQDN.com
Description:
Microsoft Exchange System Attendant failed to read the membership of the universal security group '/dc=com/dc=tgcsnet/dc=network/dc=our/ou=Microsoft Exchange Security Groups/cn=Exchange Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.

If this computer is not a member of the group '/dc=com/dc=tgcsnet/dc=network/dc=our/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange services.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchangeSA" />
    <EventID Qualifiers="49152">9385</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-18T15:00:58.000000000Z" />
    <EventRecordID>195637</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV025.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>/dc=com/dc=tgcsnet/dc=network/dc=our/ou=Microsoft Exchange Security Groups/cn=Exchange Servers</Data>
    <Data>8007203a</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        MSExchange SACL Watcher
Date:          6/18/2015 11:10:49 AM
Event ID:      6006
Task Category: General
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV025.FQDN.com
Description:
SACL Watcher servicelet found that the SeSecurityPrivilege privilege is removed from account S-1-5-21-3054588571-1341459584-784128302-1635.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="MSExchange SACL Watcher" />
    <EventID Qualifiers="32768">6006</EventID>
    <Level>3</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-18T15:10:49.000000000Z" />
    <EventRecordID>195638</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERV025.FQDN.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>SeSecurityPrivilege</Data>
    <Data>S-1-5-21-3054588571-1341459584-784128302-1635</Data>
  </EventData>
</Event>


What am I missing?
LVL 23
Thomas GrassiSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Run ExBPA first and check for the errors. Also, you ran DCpromo to decom DC1? Which DC hold FSMO?
Thomas GrassiSystems AdministratorAuthor Commented:
Amit,

First thank you for responding.

Also, you ran DCpromo to decom DC1?    YES

 Which DC hold FSMO?    DC2 holds all FSMO roles

Ran exbpa health check  had two DNS errors  could not find A Record on DNS server
DC1 was a DNS server now is not  
On the network adapters I removed the DC1 DNS server entries

Reran exbpa and now no DNS errors in the report.

The 8365 seems to stop after I did this
Primary group for the Exchange server should be set to "Domain Computers". If it is already, set Primary group to something else (for example "Exchange Servers"), apply, and then change it back to "Domain Computers". Restart Exchange System Attendant service and watch the event log. The error should be gone.

For the 6006 I tried this

Open GPMC.msc
open the default domain controllers policy.
go to computer config, windows settings, security setting user rights assignment
then add Exchange enterprise servers and Exchange servers under
Manage audit and security log
Run gpupdate /force

Still getting the event Id 6006 every so many minutes.


Thoughts
Simon Butler (Sembee)ConsultantCommented:
Have you restarted the Exchange server or at least the Exchange services?
DNS server correct - should be the live domain controllers.

Exchange will hook on to a specific DC and when it goes away it should find another one, but doesn't always do so on its own. Restarting the Exchange services will usually fix that, UNLESS the domain controller has been hard coded inside Exchange.

Simon.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Thomas GrassiSystems AdministratorAuthor Commented:
Simon

Take a look at my last post

I did restart exchange system attendant


Any cmd lets to check this?
Simon Butler (Sembee)ConsultantCommented:
You only restarted SA? Nothing else?
I would usually start the AD topology service as well, but that will restart everything.
After restarting the services you should get an event log entry that states what Exchange has seen with regards to domain controllers. Given the errors you are posting either the Exchange server is having problems querying the domain controller or there are replication issues within the domain.

Simon.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Thomas GrassiSystems AdministratorAuthor Commented:
Simon

Yes only the SA

Yes nothing else

which event log entry I can look for it

Note

Email is working

The only DC DC2 is up and running no problems

I just restarted all the exchange services

Saw no errors will check the logs in a few minutes and post again
AmitIT ArchitectCommented:
looks like DNS was the issue in your nic setting.
Thomas GrassiSystems AdministratorAuthor Commented:
Thanks guys

Looks like restarting all the exchange services did the trick

No error in over an hour when it was appearing every 5 minutes before

Exchange event 2080 also picks up just the one DC

DC1 is being upgraded to Windows 2012 now and will be DC1 again
AmitIT ArchitectCommented:
Changing DNS IP and Restart fixed this issue. Make sure to enable GC on DC 1 again.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.