Chris Jefferies
asked on
Exchange 2007 communication issues with DC
Hi,
Recently built a new domain controller 2012R2 server and migrated the FSMO rolls from a 2003R2 server to this new one, and decommission the 2003 R2 server. Everything seemed to be working fine. OWA was working, emails in Outlook, emails on iPhone's, but then emails on a BlackBerry device is unable to communicate with email server and not create the mail account. We did use to have a BES server that the user was using, but this is also decommissioned as the exchange will be upgraded to Exchange 2013, and the users blackberry has the ability to connect without a BES server.
When looking at the logs on the exchange server I see the attached errors.
The new domain controllers are on new subnets which were newly created, as previously everything in the company was on a single subnet.
voriana4.png
voriana1.png
voriana2.png
voriana3.png
voriana4.png
voriana5.PNG
Recently built a new domain controller 2012R2 server and migrated the FSMO rolls from a 2003R2 server to this new one, and decommission the 2003 R2 server. Everything seemed to be working fine. OWA was working, emails in Outlook, emails on iPhone's, but then emails on a BlackBerry device is unable to communicate with email server and not create the mail account. We did use to have a BES server that the user was using, but this is also decommissioned as the exchange will be upgraded to Exchange 2013, and the users blackberry has the ability to connect without a BES server.
When looking at the logs on the exchange server I see the attached errors.
The new domain controllers are on new subnets which were newly created, as previously everything in the company was on a single subnet.
voriana4.png
voriana1.png
voriana2.png
voriana3.png
voriana4.png
voriana5.PNG
ASKER
Hi Amit,
Thanks for the response,
Can you confirm how i can check that the exchange server has the correct DNS server which is serving ADDS services please?
The 2012 R2 server is a new GC server and is reachable by the exchange server.
I am organising a restart of the exchange server tonight after business hours to see if that helps with the problem, I can't remember when the new DC was promoted to a GC, i know the exchange server was restarted last week, but not sure if it was after or before this DC work was done.
DCDIAG:
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = VORLONADC01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: VORLON\VORLONADC01
Starting test: Connectivity
......................... VORLONADC01 passed test Connectivity
Doing primary tests
Testing server: VORLON\VORLONADC01
Starting test: Advertising
......................... VORLONADC01 passed test Advertising
Starting test: FrsEvent
......................... VORLONADC01 passed test FrsEvent
Starting test: DFSREvent
......................... VORLONADC01 passed test DFSREvent
Starting test: SysVolCheck
......................... VORLONADC01 passed test SysVolCheck
Starting test: KccEvent
......................... VORLONADC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... VORLONADC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... VORLONADC01 passed test MachineAccount
Starting test: NCSecDesc
......................... VORLONADC01 passed test NCSecDesc
Starting test: NetLogons
......................... VORLONADC01 passed test NetLogons
Starting test: ObjectsReplicated
......................... VORLONADC01 passed test ObjectsReplicated
Starting test: Replications
......................... VORLONADC01 passed test Replications
Starting test: RidManager
......................... VORLONADC01 passed test RidManager
Starting test: Services
......................... VORLONADC01 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 07/26/2017 08:07:08
Event String:
The application-specific permission settings do not grant Local Acti
vation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 07/26/2017 08:07:08
Event String:
The application-specific permission settings do not grant Local Acti
vation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 07/26/2017 08:07:08
Event String:
The application-specific permission settings do not grant Local Acti
vation permission for the COM Server application with CLSID
......................... VORLONADC01 failed test SystemLog
Starting test: VerifyReferences
......................... VORLONADC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : VorianaCapital
Starting test: CheckSDRefDom
......................... VorianaCapital passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... VorianaCapital passed test
CrossRefValidation
Running enterprise tests on : VorianaCapital.local
Starting test: LocatorCheck
......................... VorianaCapital.local passed test
LocatorCheck
Starting test: Intersite
......................... VorianaCapital.local passed test Intersite
Thanks for the response,
Can you confirm how i can check that the exchange server has the correct DNS server which is serving ADDS services please?
The 2012 R2 server is a new GC server and is reachable by the exchange server.
I am organising a restart of the exchange server tonight after business hours to see if that helps with the problem, I can't remember when the new DC was promoted to a GC, i know the exchange server was restarted last week, but not sure if it was after or before this DC work was done.
DCDIAG:
C:\Windows\system32>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = VORLONADC01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: VORLON\VORLONADC01
Starting test: Connectivity
......................... VORLONADC01 passed test Connectivity
Doing primary tests
Testing server: VORLON\VORLONADC01
Starting test: Advertising
......................... VORLONADC01 passed test Advertising
Starting test: FrsEvent
......................... VORLONADC01 passed test FrsEvent
Starting test: DFSREvent
......................... VORLONADC01 passed test DFSREvent
Starting test: SysVolCheck
......................... VORLONADC01 passed test SysVolCheck
Starting test: KccEvent
......................... VORLONADC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... VORLONADC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... VORLONADC01 passed test MachineAccount
Starting test: NCSecDesc
......................... VORLONADC01 passed test NCSecDesc
Starting test: NetLogons
......................... VORLONADC01 passed test NetLogons
Starting test: ObjectsReplicated
......................... VORLONADC01 passed test ObjectsReplicated
Starting test: Replications
......................... VORLONADC01 passed test Replications
Starting test: RidManager
......................... VORLONADC01 passed test RidManager
Starting test: Services
......................... VORLONADC01 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 07/26/2017 08:07:08
Event String:
The application-specific permission settings do not grant Local Acti
vation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 07/26/2017 08:07:08
Event String:
The application-specific permission settings do not grant Local Acti
vation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 07/26/2017 08:07:08
Event String:
The application-specific permission settings do not grant Local Acti
vation permission for the COM Server application with CLSID
......................... VORLONADC01 failed test SystemLog
Starting test: VerifyReferences
......................... VORLONADC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : VorianaCapital
Starting test: CheckSDRefDom
......................... VorianaCapital passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... VorianaCapital passed test
CrossRefValidation
Running enterprise tests on : VorianaCapital.local
Starting test: LocatorCheck
......................... VorianaCapital.local passed test
LocatorCheck
Starting test: Intersite
......................... VorianaCapital.local passed test Intersite
1. Go to LAN card properties on Exchange Server and open properties of IPv4 then verify what is primary DNS Server mentioned. I believe you have Windows 2003 on Exchange 2007 server if not then check if IPv6 is enabled.
2. To check Global Catalog server login in New DC, open Active Directory Sites and Services console. Expand available site and go to Servers then open properties of Windows 2012 Server and verify DC type properties in General page. it should be Global Catalog.
2. To check Global Catalog server login in New DC, open Active Directory Sites and Services console. Expand available site and go to Servers then open properties of Windows 2012 Server and verify DC type properties in General page. it should be Global Catalog.
ASKER
I have checked the DNS and the new PDC is the primary DNS entry for ipv4. I disabled ipv6 a few days ago in preparation to upgrade exchange to 2013.
The GC feature is enabled on both new domain controllers
The GC feature is enabled on both new domain controllers
Hopefully you have installed Exchange 2007 SP3 RU13 to support Windows 2012 R2 domain controller. Check it.
https://blogs.technet.microsoft.com/rmilne/2013/09/17/exchange-support-for-windows-server-2012-r2/
https://blogs.technet.microsoft.com/rmilne/2013/09/17/exchange-support-for-windows-server-2012-r2/
You will note that Windows Server 2012 R2 is currently only listed as a supported OS platform for Exchange 2013 SP1 onwards and Exchange 2016. In addition to this please also note that Windows Server 2012 R2 is listed as a supported Domain Controller for Exchange 2016, Exchange 2013 SP1, Exchange 2010 SP3 RU5 and Exchange 2007 SP3 RU13 or later builds of each.
ASKER
Yes, we have SP3 RU23 installed
So take a restart of both DC and Exchange servers and then check. One more thing what about windows firewall on either servers?
ASKER
OK, i will get that arranged for this evening out of hours. Firewall services are disabled on the servers
ASKER
So just ran a DCDIAG on the exchange server and have the followiing results:
C:\Users\master>dcdiag /s:VORLONADC01
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: VORLON\VORLONADC01
Starting test: Connectivity
......................... VORLONADC01 passed test Connectivity
Doing primary tests
Testing server: VORLON\VORLONADC01
Starting test: Advertising
Fatal Error:DsGetDcName (VORLONADC01) call failed, error 1722
The Locator could not find the server.
......................... VORLONADC01 failed test Advertising
Starting test: FrsEvent
......................... VORLONADC01 passed test FrsEvent
Starting test: DFSREvent
......................... VORLONADC01 passed test DFSREvent
Starting test: SysVolCheck
[VORLONADC01] An net use or LsaPolicy operation failed with error 53, Win32 Error 53.
......................... VORLONADC01 failed test SysVolCheck
Starting test: KccEvent
......................... VORLONADC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... VORLONADC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Could not open pipe with [VORLONADC01]:failed with 53: Win32 Error 53
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
......................... VORLONADC01 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Voria naCapital, DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Voria naCapital, DC=local
......................... VORLONADC01 failed test NCSecDesc
Starting test: NetLogons
[VORLONADC01] An net use or LsaPolicy operation failed with error 53, Win32 Error 53.
......................... VORLONADC01 failed test NetLogons
Starting test: ObjectsReplicated
......................... VORLONADC01 passed test ObjectsReplicated
Starting test: Replications
......................... VORLONADC01 passed test Replications
Starting test: RidManager
......................... VORLONADC01 passed test RidManager
Starting test: Services
Could not open Remote ipc to [VORLONADC01.VorianaCapita l.local]: error 0x35
"Win32 Error 53"
......................... VORLONADC01 failed test Services
Starting test: SystemLog
......................... VORLONADC01 passed test SystemLog
Starting test: VerifyReferences
......................... VORLONADC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : VorianaCapital
Starting test: CheckSDRefDom
......................... VorianaCapital passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... VorianaCapital passed test CrossRefValidation
Running enterprise tests on : VorianaCapital.local
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQU IRED) call failed, error 1722
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV ER_PREFERR ED) call failed, error 1722
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
A KDC could not be located - All the KDCs are down.
......................... VorianaCapital.local failed test LocatorCheck
Starting test: Intersite
......................... VorianaCapital.local passed test Intersite
C:\Users\master>dcdiag /s:VORLONADC01
Directory Server Diagnosis
Performing initial setup:
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: VORLON\VORLONADC01
Starting test: Connectivity
......................... VORLONADC01 passed test Connectivity
Doing primary tests
Testing server: VORLON\VORLONADC01
Starting test: Advertising
Fatal Error:DsGetDcName (VORLONADC01) call failed, error 1722
The Locator could not find the server.
......................... VORLONADC01 failed test Advertising
Starting test: FrsEvent
......................... VORLONADC01 passed test FrsEvent
Starting test: DFSREvent
......................... VORLONADC01 passed test DFSREvent
Starting test: SysVolCheck
[VORLONADC01] An net use or LsaPolicy operation failed with error 53, Win32 Error 53.
......................... VORLONADC01 failed test SysVolCheck
Starting test: KccEvent
......................... VORLONADC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... VORLONADC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Could not open pipe with [VORLONADC01]:failed with 53: Win32 Error 53
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
......................... VORLONADC01 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Voria
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Voria
......................... VORLONADC01 failed test NCSecDesc
Starting test: NetLogons
[VORLONADC01] An net use or LsaPolicy operation failed with error 53, Win32 Error 53.
......................... VORLONADC01 failed test NetLogons
Starting test: ObjectsReplicated
......................... VORLONADC01 passed test ObjectsReplicated
Starting test: Replications
......................... VORLONADC01 passed test Replications
Starting test: RidManager
......................... VORLONADC01 passed test RidManager
Starting test: Services
Could not open Remote ipc to [VORLONADC01.VorianaCapita
"Win32 Error 53"
......................... VORLONADC01 failed test Services
Starting test: SystemLog
......................... VORLONADC01 passed test SystemLog
Starting test: VerifyReferences
......................... VORLONADC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : VorianaCapital
Starting test: CheckSDRefDom
......................... VorianaCapital passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... VorianaCapital passed test CrossRefValidation
Running enterprise tests on : VorianaCapital.local
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERV
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
A KDC could not be located - All the KDCs are down.
......................... VorianaCapital.local failed test LocatorCheck
Starting test: Intersite
......................... VorianaCapital.local passed test Intersite
Seems there is issue with replication between New and Old domain controllers.
Run below command to get replication summary:
1. repadmin /replsummary *
if you see some failures then verify LAN properties with primary DNS IP, Ideally it should be self IP address or another Dc which is running well.
Try nslookup and resolve working DC's name and domain name.
Run below command to get replication summary:
1. repadmin /replsummary *
if you see some failures then verify LAN properties with primary DNS IP, Ideally it should be self IP address or another Dc which is running well.
Try nslookup and resolve working DC's name and domain name.
To force replication you can run below command:
repadmin /syncall /AePqD
repadmin /syncall /AePqD
ASKER
C:\Windows\system32>repadm in /replsummary *
Replication Summary Start Time: 2017-07-26 10:13:52
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error
VORLONADC01 13m:32s 0 / 5 0
VORLONADC02 08m:48s 0 / 5 0
Destination DSA largest delta fails/total %% error
VORLONADC01 08m:48s 0 / 5 0
VORLONADC02 13m:32s 0 / 5 0
Seems to be replicating ok... the old domain controllers are no longer in the domain, only the 2 new ones are left.
Replication Summary Start Time: 2017-07-26 10:13:52
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error
VORLONADC01 13m:32s 0 / 5 0
VORLONADC02 08m:48s 0 / 5 0
Destination DSA largest delta fails/total %% error
VORLONADC01 08m:48s 0 / 5 0
VORLONADC02 13m:32s 0 / 5 0
Seems to be replicating ok... the old domain controllers are no longer in the domain, only the 2 new ones are left.
ASKER
C:\Windows\system32>repadm in /syncall /AePqD
Syncing all NC's held on VORLONADC01.
Syncing partition: DC=ForestDnsZones,DC=Voria naCapital, DC=local
SyncAll terminated with no errors.
Syncing partition: DC=DomainDnsZones,DC=Voria naCapital, DC=local
SyncAll terminated with no errors.
Syncing partition: CN=Schema,CN=Configuration ,DC=Vorian aCapital,D C=local
SyncAll terminated with no errors.
Syncing partition: CN=Configuration,DC=Vorian aCapital,D C=local
SyncAll terminated with no errors.
Syncing partition: DC=VorianaCapital,DC=local
SyncAll terminated with no errors.
C:\Windows\system32>repadm in /showrepl
Repadmin: running command /showrepl against full DC localhost
VORLON\VORLONADC01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: edf3b045-6607-44ca-bb6b-5f cd48e2f7d1
DSA invocationID: e1b5361f-60f3-4e16-9c4e-0f e81cae2b4d
==== INBOUND NEIGHBORS ========================== ========== ==
DC=VorianaCapital,DC=local
VorianaCapital\VORLONADC02 via RPC
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9 9b6c1def0c
Last attempt @ 2017-07-26 10:05:04 was successful.
CN=Configuration,DC=Vorian aCapital,D C=local
VorianaCapital\VORLONADC02 via RPC
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9 9b6c1def0c
Last attempt @ 2017-07-26 10:05:04 was successful.
CN=Schema,CN=Configuration ,DC=Vorian aCapital,D C=local
VorianaCapital\VORLONADC02 via RPC
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9 9b6c1def0c
Last attempt @ 2017-07-26 10:05:04 was successful.
DC=DomainDnsZones,DC=Voria naCapital, DC=local
VorianaCapital\VORLONADC02 via RPC
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9 9b6c1def0c
Last attempt @ 2017-07-26 10:05:04 was successful.
DC=ForestDnsZones,DC=Voria naCapital, DC=local
VorianaCapital\VORLONADC02 via RPC
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9 9b6c1def0c
Last attempt @ 2017-07-26 10:05:04 was successful.
Syncing all NC's held on VORLONADC01.
Syncing partition: DC=ForestDnsZones,DC=Voria
SyncAll terminated with no errors.
Syncing partition: DC=DomainDnsZones,DC=Voria
SyncAll terminated with no errors.
Syncing partition: CN=Schema,CN=Configuration
SyncAll terminated with no errors.
Syncing partition: CN=Configuration,DC=Vorian
SyncAll terminated with no errors.
Syncing partition: DC=VorianaCapital,DC=local
SyncAll terminated with no errors.
C:\Windows\system32>repadm
Repadmin: running command /showrepl against full DC localhost
VORLON\VORLONADC01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: edf3b045-6607-44ca-bb6b-5f
DSA invocationID: e1b5361f-60f3-4e16-9c4e-0f
==== INBOUND NEIGHBORS ==========================
DC=VorianaCapital,DC=local
VorianaCapital\VORLONADC02
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9
Last attempt @ 2017-07-26 10:05:04 was successful.
CN=Configuration,DC=Vorian
VorianaCapital\VORLONADC02
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9
Last attempt @ 2017-07-26 10:05:04 was successful.
CN=Schema,CN=Configuration
VorianaCapital\VORLONADC02
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9
Last attempt @ 2017-07-26 10:05:04 was successful.
DC=DomainDnsZones,DC=Voria
VorianaCapital\VORLONADC02
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9
Last attempt @ 2017-07-26 10:05:04 was successful.
DC=ForestDnsZones,DC=Voria
VorianaCapital\VORLONADC02
DSA object GUID: 8f6e0b5e-834f-4fbe-ba5a-a9
Last attempt @ 2017-07-26 10:05:04 was successful.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A BES 5.0.4 or previous user has attributes in AD account that will not allow the user to connect the blackberry without the BES server. As this user was configured to use BES earlier, his AD account has those settings. You have to delete the user account and recreate it. Take care of the Exchange part though while deleting AD user.
ASKER
How can I delete the account then without causing issues with the exchange account? I'll have to also review all mailbox and folder permissions in order to do that.
Although, the BES server was removed weeks ago and the account was configured on the BB fine before last weekend when the old domain controllers were removed
Although, the BES server was removed weeks ago and the account was configured on the BB fine before last weekend when the old domain controllers were removed
To isolate the issue, I would suggest that you create a new user (like username2) and test if his blackberry works with this new account. Once the cause is established, we can work towards the fix.
ASKER
Will need to organise that with the team as it is the CEO so makes it difficult getting their device for testing. Plus, they have just gone on holiday for a few weeks!
ASKER
Have restarted the exchange server and near on all the errors have cleared. Just the 2 errors currently:
Exchange couldnt not find a certificate that contains the domain name 'Servers FQDN' in the personal store on the local computer. Therefore it is unavle to support the starttls smtp verb for the connector with a fqdn parameter of 'server fqdn'. if the connectors fqdn is not specified the computers fqdn is used. verify the connector configuration and the installed certificates to make sure tat there is a certificate with a domain name for that fqdn. if this certificate exists, run enable-exchangecertificate -ervices SMTP to make sure that the microsoft exchange transport service has access to the certificate key
The other error is when running dcdiag /s:vorlonadc01
Starting test: ncsecdesc
error nt authority\enterprise domain controllers doest have replication directory changes in filtered set access rights for the naming context: dc=forestdnsxones,dc=domai n name,dc=local
failed test NCSecDesc
Exchange couldnt not find a certificate that contains the domain name 'Servers FQDN' in the personal store on the local computer. Therefore it is unavle to support the starttls smtp verb for the connector with a fqdn parameter of 'server fqdn'. if the connectors fqdn is not specified the computers fqdn is used. verify the connector configuration and the installed certificates to make sure tat there is a certificate with a domain name for that fqdn. if this certificate exists, run enable-exchangecertificate
The other error is when running dcdiag /s:vorlonadc01
Starting test: ncsecdesc
error nt authority\enterprise domain controllers doest have replication directory changes in filtered set access rights for the naming context: dc=forestdnsxones,dc=domai
failed test NCSecDesc
ASKER
Everything working fine after a restart thanks
ASKER
All working after a restart
1. Exchange server has correct DNS server which is serving ADDS services.
2. Windows 2012 server must be a Global Catalog server and reachable to Exchange servers for all ports. (Check firewall on Windows 2012 server)
3. run DCDIAG to check Domain controller health status.
4. If recently you have enabled Global Catalog for new DC, then take a restart DC and Exchange servers to support MAPI clients.