Exchange 2010 SP3 ADAccess Error

We have setup a new exchange environment at one of our different sites. There is 1 DC out at that site that replicated successfully to the site here. The CASArray is also pointing at the local site and when you run get-clientaccessarray it shows all arrays pointing to their correct sites. The issue we are seeing is when you look at event viewer we have a lot of information errors for the source column "MSExchange ADAccess" The local DC is setup as global catalog. The Event ID follows this pattern every few minutes:
Event ID
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=3524). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
It shows the correct In-Site DC and Correct Out-of-Site DCs

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=3524). No Domain Controller server is up in the local site 'Name of local site'. Exchange Active Directory Provider will use the following out of site Domain Controller servers
(This in incorrect because the message right before this shows that is see the DC for the local site)

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=3524). No Global Catalog server is up in the local site 'Local Site Name'. Exchange Active Directory Provider will use the following out of site global catalog servers:
(It shows the remote DCs only and not the local)

I had the AD admin local this and he checked in sites and services, dns and so and everything looks good with the DC and status. We rebooted the DC and I restarted the Exchange AD topology service with no luck. Any idea what may be causing this?
LVL 26
timgreen7077Exchange EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

it seems that your exchange servers lost connection. Can you please try to reboot the exchange server and see if you are still having issues
Amit KumarCommented:
Please check primary DNS server in IP configuration what it is, it should be local site DC's IP.

Also determine if your local Site DC is GC:

To determine whether a domain controller is a global catalog server

1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services. If the User Account Control dialog box appears, provide credentials, if required, and then click Continue.

2. In the console tree, expand the Sites container, expand the site of the domain controller that you want to check, expand the Servers container, and then expand the Server object.

3. Right-click the NTDS Settings object, and then click Properties.

4. On the General tab, if the Global Catalog box is selected, the domain controller is designated as a global catalog server.
timgreen7077Exchange EngineerAuthor Commented:
I have rebooted the servers and still get the same issue from each server. Yes the local DC is a GC, and yes the NICs shows the DC as the primary DNS. All servers and DC are on the same IP subnet.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Kindly check if all the exchnage services are running or not
Amit KumarCommented:
please run dcdiag /s:<dcname> /f:<filename>

Then check if there is any failure.

do you remember if you have set static DC and GC on exchange servers?

still you can run below command to remove them, let Exchange decide which DCs to connect:

Set-ExchangeServer -Identity <server_name> -StaticDomainControllers $Null
Set-ExchangeServer -Identity <server_name> -StaticGlobalCatalogs $Null
timgreen7077Exchange EngineerAuthor Commented:
Yes the services are running and there are no static DC or GC entries see below:

StaticDomainControllers           : {}
StaticGlobalCatalogs              : {}
StaticConfigDomainController      :
StaticExcludedDomainControllers   : {}
CurrentDomainControllers          : {}
CurrentGlobalCatalogs             : {}

This is what failed which shouldn't be a big deal:
Starting test: DFSREvent
         The event log DFS Replication on server DC.domain.COM
         could not be queried, error 0x6ba "The RPC server is unavailable."
         ......................... DCserver failed test DFSREvent

Starting test: KccEvent
         The event log Directory Service on server DC.domain.COM
         could not be queried, error 0x6ba "The RPC server is unavailable."
         .........................DCserver failed test KccEvent

Starting test: SystemLog
         The event log System on server DC.domain.COM could not
         be queried, error 0x6ba "The RPC server is unavailable."
         ......................... DCserver  failed test SystemLog

Everything else passed.
timgreen7077Exchange EngineerAuthor Commented:
I've requested that this question be deleted for the following reason:

They no longer attempted to assist with no response.
timgreen7077Exchange EngineerAuthor Commented:
They no longer attempted to assist with no response.
Amit KumarCommented:
Try below command to check if it get local site DC:

nltest /dsgetdc: /site:<site name>

As per Dcdiag logs I did not find anything wrong. However I would recommend provide below things.

IP config of Local site DC
IP config of Exchange server
Screenshot of Exchange server properties which shows pointing to correct GC
full screenshot of AD topology error
RU details which you have installed on Exchange server 2010
enable Diagnostic level for MSExchangeADaccess to high and see what are events in Exchange event viewer.
ExPBA report for particular site.
timgreen7077Exchange EngineerAuthor Commented:
We have found the solution. We had to give Exchange write access to AD Audit Logs. This corrected the issue. The reason we couldn't find this is because this was a local policy being sent on the local AD servers instead of it being set as Group Policy.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timgreen7077Exchange EngineerAuthor Commented:
this resolved the issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.