Exchange server 2010 Analyizer question --- Active Directory server cannot be contacted

Something I am concerne with is that my Best Practicve analyzer states :

Active Directory server cannot be contacted.
Active Directlry server xxxxxxx.corp.xxxxxx.com is down or unreachable.  The error could also be the result of a network or permissions problem.  Error: Access is denied.  (exceptionfrom HRESULT: 0X80070005.

My Domain contrlller is a 2012 server and I cannot find anything wrong wqith it?  I am looking for any suggestions inworking trough this problem, becasue my exchange server keep and outlook cluient will randomly get (not respo0nding) I think these are related?
Scott JohnstonIT Manager Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
How many DC's are in your environment? It is possible that your Exchange server is querying againts a DC that is no longer reachable.

Run the following commands on your DC/s to check replication and AD health.

repadmin /replsum
repadmin /showrepl
repadmin /bridgeheads
DCDiag /v

It is possible that your Exchange is timing out due to this issue you are seeing here. very likely.

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Amit KumarCommented:
try running this

$c=get-credential (use the proper permission account)
Test-Systemhealth -adcredentials $c -Verbose |fl

see what result comes to you.
Scott JohnstonIT Manager Author Commented:
We have only 1 DC.

------------------------------------------------------------------------------------------
Here is the information returned from the Test for system health>

[PS] C:\Windows\system32>test-systemhealth -adcredentials $c -verbose |fl
Creating a new session for implicit remoting of "Test-SystemHealth" command...
VERBOSE: [15:44:55.552 GMT] Test-SystemHealth : Initializing Active Directory server settings for the remote Windows
PowerShell session.
VERBOSE: [15:44:55.552 GMT] Test-SystemHealth : Active Directory session settings for 'Test-SystemHealth' are: View
Entire Forest: 'False', Default Scope: 'corp.biotone.com', Configuration Domain Controller: 'Cypress.corp.biotone.com',
 Preferred Global Catalog: 'Cypress.corp.biotone.com', Preferred Domain Controllers: '{ Cypress.corp.biotone.com }'
VERBOSE: [15:44:55.552 GMT] Test-SystemHealth : Runspace context: Executing user: corp.biotone.com/Users/Administrator,
 Executing user organization: , Current organization: , RBAC-enabled: Enabled.
VERBOSE: [15:44:55.552 GMT] Test-SystemHealth : Beginning processing &
VERBOSE: [15:44:55.583 GMT] Test-SystemHealth : Instantiating handler with index 0 for cmdlet extension agent "Admin
Audit Log Agent".
VERBOSE: [15:44:56.051 GMT] Test-SystemHealth : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write
Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s):
 {}, Exclusive Configuration Scope(s): {} }
VERBOSE: Testing System Health.
VERBOSE: [15:45:15.051 GMT] Test-SystemHealth : Resolved current organization: .
WARNING: The Write DACL inherit (group) right for the Exchange Enterprise Servers group should be removed from the root
 of the domain.
WARNING: Storage driver file 'c:\windows\system32\drivers\percsas2.sys' for 'PERC H310 Mini' on server
Bmail.corp.biotone.com is more than two years old. Check with your vendor to find out if a newer version is available.
Installed driver details: 6.801.5.0 - 20130809204206.000000-420
WARNING: SSL is enabled on the IIS root directory of Client Access server Bmail.corp.biotone.com. This will break HTTP
redirection from other Client Access servers unless it is disabled.
WARNING: Network interface driver file 'c:\windows\system32\drivers\b57nd60a.sys' for 'b57nd60a' on server
Bmail.corp.biotone.com is more than two years old. Check with your vendor to find out if a newer version is available.
Installed driver details: 15.6.0.10 - 20130725042552.000000-420
WARNING: The TEMP path on server Bmail.corp.biotone.com is located on the same drive as the system partition. This may
cause performance problems. Current TEMP path: %SystemRoot%\TEMP.
WARNING: The TMP path on server Bmail.corp.biotone.com is located on the same drive as the system partition. This may
cause performance problems. Current TMP path: %SystemRoot%\TEMP.
VERBOSE: [15:48:42.059 GMT] Test-SystemHealth : Admin Audit Log: Entered Handler:OnComplete.
VERBOSE: [15:48:42.075 GMT] Test-SystemHealth : Ending processing &

---------------------------------------------------------------------------

Comments please?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Amit KumarCommented:
This log is good, no issue except one HDD driver.

are you running ExBPA with same user? corp.biotone.com/Users/Administrator
Scott JohnstonIT Manager Author Commented:
yes, the same logon, I thought the same.  I just keep getting latency issues with our client (OUTLOOK 2010) keeps comming up "not responding".
Becasue of the problems with outlook I was tryinmg to reveiw the exchange server for any problems.
Then with the AD error, Ithought I might have a AD issue...Question is then why when I am running the Analyzer do I get a errror regatrding the AD.
Will mentioned something about another DC but I only have one.
The Analyzer however still has a link point to my old 2003 server, maybe there is a relationship to the AD error.  I however would think it would reference the old mail server in the error message.
When I run the Analyzer, the scope for the scan show my Current exchange server in the right group and then it also show my old email server in a group First Admninstrative Group.  Maybe there is a relationship here?
If so how do i remove the old informaotin about the old 2003 server?
Scott JohnstonIT Manager Author Commented:
Will, I ran the DCDIAG /v and I got a error.
Something in relationship to the server is not a Directory Server?
Comments please.

-----------------------------------------------------------------------------------------
[PS] C:\Windows\system32>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine Bmail, is a Directory Server.
   ***Error: Bmail is not a Directory Server.  Must specify /s:<Directory Server> or  /n:<Naming Context> or nothing to
   use the local machine.
   ERROR: Could not find home server.
[PS] C:\Windows\system32>
-----------------------------------------------------------------------
Amit KumarCommented:
if Windows 2003 DC is not available and not running in production then see how it was decommissioned.  

On the other hand outlook issue, can you confirm if users are using online mode for Outlook or cache mode.
Amit KumarCommented:
please run DCDIAG /s:<dc name> /v
Scott JohnstonIT Manager Author Commented:
The connections for outlook are online mode.
Scott JohnstonIT Manager Author Commented:
The DCDIAG run and it seems that looking at the data all test passed.
----------------------------------Results listed below--------------------------------
[PS] C:\Windows\system32>dcdiag /s:cypress /v

Directory Server Diagnosis

Performing initial setup:
   * Connecting to directory service on server cypress.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=corp,DC=biotone,DC=com,LDAP_SCOPE_SUBTREE,(objectCateg
ory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biotone,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=corp,DC=biotone,DC=com,LDAP_SCOPE_SUBTREE,(objectClass
=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=cor
p,DC=biotone,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Biotone\CYPRESS
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... CYPRESS passed test Connectivity

Doing primary tests

   Testing server: Biotone\CYPRESS
      Starting test: Advertising
         The DC CYPRESS is advertising itself as a DC and having a DS.
         The DC CYPRESS is advertising as an LDAP server
         The DC CYPRESS is advertising as having a writeable directory
         The DC CYPRESS is advertising as a Key Distribution Center
         The DC CYPRESS is advertising as a time server
         The DS CYPRESS is advertising as a GC.
         ......................... CYPRESS passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test
         ......................... CYPRESS passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log.
         Skip the test because the server is running FRS.
         ......................... CYPRESS passed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... CYPRESS passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... CYPRESS passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biot
one,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biot
one,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biotone
,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biotone
,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,
DC=corp,DC=biotone,DC=com
         ......................... CYPRESS passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC CYPRESS on DC CYPRESS.
         * SPN found :LDAP/Cypress.corp.biotone.com/corp.biotone.com
         * SPN found :LDAP/Cypress.corp.biotone.com
         * SPN found :LDAP/CYPRESS
         * SPN found :LDAP/Cypress.corp.biotone.com/CORP
         * SPN found :LDAP/86556152-c1ad-459a-97bb-228be12a7c54._msdcs.corp.biotone.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/86556152-c1ad-459a-97bb-228be12a7c54/corp.biotone.com
         * SPN found :HOST/Cypress.corp.biotone.com/corp.biotone.com
         * SPN found :HOST/Cypress.corp.biotone.com
         * SPN found :HOST/CYPRESS
         * SPN found :HOST/Cypress.corp.biotone.com/CORP
         * SPN found :GC/Cypress.corp.biotone.com/corp.biotone.com
         ......................... CYPRESS passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC CYPRESS.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=corp,DC=biotone,DC=com
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=corp,DC=biotone,DC=com
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=corp,DC=biotone,DC=com
            (Domain,Version 3)
         ......................... CYPRESS passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\CYPRESS\netlogon
         Verified share \\CYPRESS\sysvol
         ......................... CYPRESS passed test NetLogons
      Starting test: ObjectsReplicated
         CYPRESS is in domain DC=corp,DC=biotone,DC=com
         Checking for CN=CYPRESS,OU=Domain Controllers,DC=corp,DC=biotone,DC=com in domain DC=corp,DC=biotone,DC=com on
1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biotone,DC=
com in domain CN=Configuration,DC=corp,DC=biotone,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... CYPRESS passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            CN=Schema,CN=Configuration,DC=corp,DC=biotone,DC=com
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's
 no longer replicating this nc.  0 had no latency information (Win2K DC).
            CN=Configuration,DC=corp,DC=biotone,DC=com
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's
 no longer replicating this nc.  0 had no latency information (Win2K DC).
            DC=corp,DC=biotone,DC=com
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's
 no longer replicating this nc.  0 had no latency information (Win2K DC).
         ......................... CYPRESS passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 9606 to 1073741823
         * Cypress.corp.biotone.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 9106 to 9605
         * rIDPreviousAllocationPool is 9106 to 9605
         * rIDNextRID: 9129
         ......................... CYPRESS passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... CYPRESS passed test Services
      Starting test: SystemLog
         * The System Event log test
         ......................... CYPRESS failed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference) CN=CYPRESS,OU=Domain Controllers,DC=corp,DC=biotone,DC=com and
         backlink on CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biotone,DC=com are correct.
         The system object reference (serverReferenceBL)
         CN=CYPRESS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=corp,DC=biotone,DC=c
om
         and backlink on
         CN=NTDS Settings,CN=CYPRESS,CN=Servers,CN=Biotone,CN=Sites,CN=Configuration,DC=corp,DC=biotone,DC=com are
         correct.
         The system object reference (frsComputerReferenceBL)
         CN=CYPRESS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=corp,DC=biotone,DC=c
om
         and backlink on CN=CYPRESS,OU=Domain Controllers,DC=corp,DC=biotone,DC=com are correct.
         ......................... CYPRESS passed test VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : corp
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation

   Running enterprise tests on : corp.biotone.com
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\Cypress.corp.biotone.com
         Locator Flags: 0xe00073fd
         PDC Name: \\Cypress.corp.biotone.com
         Locator Flags: 0xe00073fd
         Time Server Name: \\Cypress.corp.biotone.com
         Locator Flags: 0xe00073fd
         Preferred Time Server Name: \\Cypress.corp.biotone.com
         Locator Flags: 0xe00073fd
         KDC Name: \\Cypress.corp.biotone.com
         Locator Flags: 0xe00073fd
         ......................... corp.biotone.com passed test LocatorCheck
      Starting test: Intersite
         Skipping site Biotone, this site is outside the scope provided by the command line arguments provided.
         ......................... corp.biotone.com passed test Intersite
Amit KumarCommented:
DCDIAG results are good so far no AD and Exchange connectivity issue.

Now as you confirmed you are using Outlook in online mode then there are chances you get Exchange server not responding messages as Online mode is the one which works in real time. That is why MS introduced outlook to run in Cached mode which actually syncs with Exchange immediate and Keep outlook readable if Exchange is disconnected in real. So better to change Outlook mode in cache mode.
Scott JohnstonIT Manager Author Commented:
All your support has validated our copncerns with the mail server.  Thank you ALL very much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.