Solved

Exchange 2010 referencing incorrect domain controller

Posted on 2016-07-29
13
31 Views
Last Modified: 2016-10-08
I know similar questions were asked about this topic, but I couldn't seem to parse out the definitive answer as to how to correct this problem.

I have a 2010 Exchange server.  AD is running on 2 domain controllers: one is a 2003 SBS DC (which is getting ready to be removed) and a 2012 DC.  Replication between the 2 DC's is current and from what I can see, AD as well as DNS appears to be functioning properly.  Both DC's are Global Catalogs.

In preparation for removing the 2003 SBS as a domain controller (right now only the PDC role is on it; all other FSMO's are on the 2012 DC), during a reboot cycle of the 2003 DC, I wanted to make sure that Exchange 2010 was working properly.  While being rebooted, I couldn't log into OWA internally on that server (mailbox and account can't be found/unavailable) and also couldn't launch EMC (throws a Kerberos error).

Upon the 2003 DC coming back online, without doing anything on the Exchange server, OWA and EMC will work again.

I had already changed the Configuration Domain Controller in EMC from "Default" to specifically the 2012 DC.  In checking some other settings from the different articles I had found on this problem, the Exchange server is pointing to the 2003 DC (Get-ExchangeServer|fl shows OriginatingServer as 2003DC and Get-DomainController shows both DC's but each entry shows OriginatingServer as 2003 DC as well).

Get-ExchangeServer |fl also has no entries for StaticDomainControllers, StaticGlobalCatalogs, StaticConfigDomainController as well as CurrentDomainControllers, CurrentGlobalCatalogs and CurrentConfigDomainController.

During the reboot of the 2003 DC, there are a number of errors in the Event Log, all pointing to not being able to contact a domain controller.  One of the errors lists both domain controllers, but still says it can't contact a suitable domain controller.  I can certainly include some of the Event ID's if necessary.

How do I go about forcing the Exchange server to use the 2012 DC for it's services and connection to AD?
0
Comment
Question by:tnisupport
  • 6
  • 3
  • 3
13 Comments
 
LVL 24

Expert Comment

by:-MAS
ID: 41735106
Change the DNS server address in NIC properties of Exchange server and please try to point your Exchange to use new DC using this command and try
Set-ADServerSettings -PreferredServer dc2.exchangeserverpro.local

Open in new window


Thanks
0
 

Author Comment

by:tnisupport
ID: 41735117
From what I've read, that command is only for choosing a domain controller to use during an Exchange Management Shell session.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 41735143
Do you have subnets assigned in your AD Sites and Services configuration? That gets overlooked very regularly and can cause problems with Exchange when it tries to find DCs and determine its own topology.
0
 

Author Comment

by:tnisupport
ID: 41735153
There was not a subnet configured in ADSS.  It has now been configured to match the local IP subnet 10.0.0.0/24 and assigned to "Default-First-Site-Name" where both DC's exist (single location, single IP network structure).

Now that it's there, should it be tested during the 2003 DC reboot again?  Or do you believe there may be more to it than that?
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 41735196
Restart the Exchange topology service and it should assign itself to the site. From there it should be able to discover DCs a little easier, but the Exchange server should be able to pull domain controllers from DNS even without a site, so do make sure the 2003 DC is not set as the primary DNS server for the Exchange Server itself.
0
 

Author Comment

by:tnisupport
ID: 41735200
I have confirmed that the Exchange server is pointing to the 2012 DC for primary DNS and the 2003 DC for secondary DNS.

I did also see that the 2012 DC was pointing to the 2003 DC for primary DNS and 127.0.0.1 for secondary DNS.  I will be changing that to point to itself (using the actual IP address) for Primary DNS and 2003 DC for secondary DNS.

I won't be able to make that change until after hours, along with the restart of the Topology service.  I'm in Central time zone.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 41735208
That should be good. The DNS settings are actually fine that way, and it's a recommended practice to have DCs point to a different DC for their primary DNS, as it helps prevent DNS and AD Services race conditions at startup. If you only have or are moving toward a single DC, it's okay to keep itself for DNS.

That said, you'll also want to verify that both DCs have the same copy of the DNS zone for the domain. I recommend comparing differences and verifying that both servers are set to use the same type of Active Directory Integrated DNS zone (if one is set to use Distribute to DCs in this Domain, the other should be set the same, otherwise they can end up getting messed up and store and load different copies of the DNS database).
0
 

Author Comment

by:tnisupport
ID: 41741618
I changed the 2012 DC to point to itself for Primary DNS and the 2003 DC as Secondary.

Restarted the AD Topology service on Exchange 2010.  Tested OWA and email delivery in/out; OK.

Rebooted the 2003 DC and tried OWA again.  Same problems as before, no OWA and errors trying to run EMC and EMS.  Once 2003 DC was back up for a little while, no problems and all works fine without restarting or doing anything on the Exchange 2010 server.

Thoughts?
0
 
LVL 24

Accepted Solution

by:
-MAS earned 500 total points (awarded by participants)
ID: 41741821
This is your DC issue/ replication issue.
You will have to fix your old DC and make it healthy then fix the new DC and make sure replication is happening and both DCs are healthy.

Exchange will try to connect to the next available DC if connected one goes down after 10-15 min. Time depends on your server performance.

Thanks
0
 

Author Comment

by:tnisupport
ID: 41742574
Please double-check my original question for specific details on the setup and operation as I know it to be.

As far as I'm aware and through the checking that I've done, I don't have a DC replication issue.  Both DC's replicate without errors.  I'm getting ready to remove the 2003 DC, which right now has the PDC role (since it is a 2003 SBS DC).  All other FSMO roles are already on the 2012 DC.

I may not have been as clear as I needed to on my last post.  When I try to test Exchange 2010 operation by rebooting the 2003 DC, during that reboot phase (which the server takes at least 10 minutes to boot) I can't get to Exchange 2010 via OWA internally as well as EMC/EMS.  Exchange 2010 is Primary DNS to 2012 DC and secondary to 2003 DC.
0
 

Author Comment

by:tnisupport
ID: 41826217
There was indeed a DC replication issue, where the new 2012 DC, although replication was showing as good, was not sharing the SYSVOL and NETLOGON.  Worked with MS to correct problem and after that was resolved, Exchange worked properly when the 2003 SBS DC was inaccessible.

Credit for the solution should go to -MAS- with his response ID of 41741821.
0
 
LVL 24

Expert Comment

by:-MAS
ID: 41834800
As per the comment from the asker. Comment ID: 41826217
0

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now