MS Exchange ADAccess error logged in Exchange Server 2010

Senior IT System Engineer
Senior IT System Engineer used Ask the Experts™
on
People,

I'm running Exchange Server 2010 SP3 and just recently I noticed that there are multiple error logged since 3-4 months back as follows:

Event ID 2120, 2104, 2604 and 2501 repeatedly.

According to this KB article: https://support.microsoft.com/en-us/kb/2025528 the work around is hard coding the AD Site ?

Why is that needed when the result from the command clearly shows AD Site Data Center which is correct.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
So after I reboot the HT/CAS server role I am restarting  the “Microsoft Exchange Active Directory Topology” service.

Is there any permanent fix on this issue ?
The article is from 2011, nevertheless what I can confirm is, that Exchange 2010 on 2008R2 has issues under some circumstances....
I have a "DynamicSiteName " in my registry, so it looks like that MS implemented a workaround by at least caching the site name.

Indeed, Exchange still needs a working Global Catalog DC and also Exchange on a DC itself is not a good idea.

I observed issues mostly around the patch days, as several servers are booting in a smaller timeframe. So if Exchange starts while the underlying disc system or network is under pressure, then I have seen several issues, your issue is one of them (just happened yesterday), I recognize that services doesn't come up. You can start the services by hand or just reboot the machine again.

A similar behavior I have seen more often when my server ran under lower RAM. At that time I raised up the RAM memory and the issues went away...

In the meanwhile I just follow the procedure, not to boot Exchange while other machines are booting too. Also if DCs are booted, I leave a larger timeframe between them and the Exchange machine to make sure the DCs are completely available. This usually works.

Author

Commented:
Ah no wonder,

In the past two weeks I have been updating and rebooting my Domain Controllers in the same AD Site as the Exchange Server.

Hence I was wondering ifthis problem is fixed in any SP3 Roll Up if there is any ?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

I don't think so, at least my servers are up to date and as I said, I just had it yesterday again because I was a bit impatience with rebooting.

Exchange relies on the global catalog servers an on some available resources.
The Microsoft Exchange Active Directory Topology” service starts anyway but it doesn't mean, that the AD connection is established. And all other services rely more or less on this service (dependencies). So they start all as well, even the Topology service doesn't connect due to a lack of disc performance or network load.

If you leave enough space between DC and Exchange server and make sure, the server isn't rebooted while 10 other servers are booting, you should not have too much trouble.

If the Exchange takes the RAM very fast, then I would also think about some more RAM. If the RAM is already used during the startup, the server starts swapping and this slows down everything. So a bit RAM should be left over after the initial boot. Also for virtual machines, the initial RAM (if dynamic) should be large enough to proceed the full boot. So lets say, if the server uses 3.5 GB shortly after the reboot, 4096 MB RAM should be the minimum size.
Check the Domain Controller if any bottleneck,  check and increase MaxConcurrentApi value might help

http://www.windowstricks.in/2013/12/ad-slow-authentication-and-prompting.html

Author

Commented:
@Brain, does this means that I need to upgrade / increase the vRAM and vCPU on the domain controllers VM in the same AD site as the Exchange server ?
First check the current load of Domain Controller authenticating Exchange server

Author

Commented:
Hi brain123422,

I've checked that there is no performance contention on the Exchange Server as well as the Domain Controllers in the same AD sites as the Exchange Servers.

So I'm wondering if this is a legitimate issue or not ?

Author

Commented:
Thanks for the help !

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial