MS Exchange ADAccess error logged in Exchange Server 2010

People,

I'm running Exchange Server 2010 SP3 and just recently I noticed that there are multiple error logged since 3-4 months back as follows:

Event ID 2120, 2104, 2604 and 2501 repeatedly.

According to this KB article: https://support.microsoft.com/en-us/kb/2025528 the work around is hard coding the AD Site ?

Why is that needed when the result from the command clearly shows AD Site Data Center which is correct.
LVL 12
Senior IT System EngineerSenior Systems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Senior IT System EngineerSenior Systems EngineerAuthor Commented:
So after I reboot the HT/CAS server role I am restarting  the “Microsoft Exchange Active Directory Topology” service.

Is there any permanent fix on this issue ?
BembiCEOCommented:
The article is from 2011, nevertheless what I can confirm is, that Exchange 2010 on 2008R2 has issues under some circumstances....
I have a "DynamicSiteName " in my registry, so it looks like that MS implemented a workaround by at least caching the site name.

Indeed, Exchange still needs a working Global Catalog DC and also Exchange on a DC itself is not a good idea.

I observed issues mostly around the patch days, as several servers are booting in a smaller timeframe. So if Exchange starts while the underlying disc system or network is under pressure, then I have seen several issues, your issue is one of them (just happened yesterday), I recognize that services doesn't come up. You can start the services by hand or just reboot the machine again.

A similar behavior I have seen more often when my server ran under lower RAM. At that time I raised up the RAM memory and the issues went away...

In the meanwhile I just follow the procedure, not to boot Exchange while other machines are booting too. Also if DCs are booted, I leave a larger timeframe between them and the Exchange machine to make sure the DCs are completely available. This usually works.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Ah no wonder,

In the past two weeks I have been updating and rebooting my Domain Controllers in the same AD Site as the Exchange Server.

Hence I was wondering ifthis problem is fixed in any SP3 Roll Up if there is any ?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

BembiCEOCommented:
I don't think so, at least my servers are up to date and as I said, I just had it yesterday again because I was a bit impatience with rebooting.

Exchange relies on the global catalog servers an on some available resources.
The Microsoft Exchange Active Directory Topology” service starts anyway but it doesn't mean, that the AD connection is established. And all other services rely more or less on this service (dependencies). So they start all as well, even the Topology service doesn't connect due to a lack of disc performance or network load.

If you leave enough space between DC and Exchange server and make sure, the server isn't rebooted while 10 other servers are booting, you should not have too much trouble.

If the Exchange takes the RAM very fast, then I would also think about some more RAM. If the RAM is already used during the startup, the server starts swapping and this slows down everything. So a bit RAM should be left over after the initial boot. Also for virtual machines, the initial RAM (if dynamic) should be large enough to proceed the full boot. So lets say, if the server uses 3.5 GB shortly after the reboot, 4096 MB RAM should be the minimum size.
Ganesamoorthy STech LeadCommented:
Check the Domain Controller if any bottleneck,  check and increase MaxConcurrentApi value might help

http://www.windowstricks.in/2013/12/ad-slow-authentication-and-prompting.html
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
@Brain, does this means that I need to upgrade / increase the vRAM and vCPU on the domain controllers VM in the same AD site as the Exchange server ?
Ganesamoorthy STech LeadCommented:
First check the current load of Domain Controller authenticating Exchange server
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Hi brain123422,

I've checked that there is no performance contention on the Exchange Server as well as the Domain Controllers in the same AD sites as the Exchange Servers.

So I'm wondering if this is a legitimate issue or not ?
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Thanks for the help !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.