Link to home
Start Free TrialLog in
Avatar of CNSE CV
CNSE CV

asked on

SBS2011 Exchange 2010 (services) don't start after crash, no access to EMC/Outlook/DNS

Hello, I hope someone can help me out of this fire..

Our exchange 2010 server (SBS2011) crashed last tuesday maybe caused by a defective harddrive which was used for backups. Unfortunately we cannot fall back on a backup because of that.
After our server restarted Exchange services won't start anymore. Everything else is looking fine (I can open AD, clients can logon and get their user profiles) but they cannot use outlook because allmost all exchange services aren't started mostly with reason: access denied and service stucked. If I open EMC I get an Kerberos error: access denied.

I tried some things like: check ipv6 is checked (correct), sfc /scannow (no problems found), DNS was the server itself but I've change that now to 127.0.0.1 but that didn't help.

dcdiag gave some errors so i tried some online solutions like:
- a register change to disable FSMO sync (http://virot.eu/getting-a-fsmo-dc-to-start-without-replication/)
- creating a new domain GPO
- mailbox had dirty shutdown status so I've run the eseutil repair
- run dcgpofix /ignoreschema uitgevoerd (but I'm scared that this command removed all default SBS GPO configuration? but I created a windows backup of systemstate and also exported the GPO)

What I noticed today, and MAYBE that is the reason of our problem, is that if I try to open DNS, I get an Access denied error (Cannot contact server <servername>. The Error is: access denied. Do you still want to add this server? j/n.). Which shows an empty DNS.
The DNS-server log shows the following errors since the Tuesday 14th:
Sometimes Information ID 708: De DNS-server heeft tijdens de initialisatie geen zones van het primaire of secundaire type gedetecteerd. Deze server fungeert niet als autoriteit voor zones en wordt gebruikt als cacheserver totdat er handmatig of via Active Directory-replicatie een zone wordt geladen. Raadpleeg de online-Help voor meer informatie.

Alot of errors ID 4000:
De DNS-server kan Active Directory niet openen. Deze DNS-server is zo geconfigureerd dat gegevens worden opgevraagd en gebruikt die afkomstig zijn van de directoryservice voor deze zone. De zone kan zonder deze gegevens niet worden geladen. Controleer of Active Directory naar behoren werkt en laad de zone opnieuw. De fout wordt beschreven in de gebeurtenisgegevens.
(Sorry for the Dutch..)

The second server (data) has had a sync with the DC until that Tuesday, and I noticed that I can open DNS on that server. Can this save me? Is there a way to send a good sync to the SBS server?

Who can save me out of this ? :(
Avatar of J0rtIT
J0rtIT
Flag of Venezuela, Bolivarian Republic of image

1st thing to check:
in the IIS manager,
Make sure the front end and the backend have both the same Certificate.
Do they?

2nd thing It looks like a DNS issue.

So nslookup <internalIP> on a cmd prompt

try to resolve the internals and externals emails
if it doesnt'
check that DNS server and client services are up and running
1.IP v6 in network should be checked since its a DC.
2. Run dcdiag /q and post error.
3. All Exchange service not starting or only few.
4.Check event 2080 in application log to see if exchange is able to communicate with dc.
5.Set the bootpause registry key for delayed start of exchange service.
6. Restart the Exchange ad topology service and check if it fails and check if we r getting and ad events.
I'm thinking you're not gonna get anything working until you fix those Active Directory issues. AD is heavily dependent on DNS and kerberos. If that's not working properly you're spinning your wheels trying to fix Exchange. You may have to bite the bullet and call Microsoft. Could be expensive (maybe around $500?) but their support is very good. They will be patient and work with you no matter how long it takes to resolve the issue.
Avatar of CNSE CV
CNSE CV

ASKER

Thank you all for your reply.

I tried to call Microsoft but they directed me to request a contact-ID at aka.ms/mysupport but there's no option for this request. I called them today again and they said me that it is only possible request it by calling te partner service center (open mon till fri). She also said that Exchange 2010 standard isn't supported anymore and we have to upgrade to 2013/2016. That doesn't help me much now.

IIS opens normally and I can restart te services.

I just changed DNS to the other server but that didn't solve it.

These Exchange services won't start: Exchange Address Book, Microsoft Exchange EdgeSync, Microsoft Exchange Form-Based Auth.., Microsoft Exchange IMAP4, Microsoft Exchange Information Store, Microsoft ExchangeRPC Client Access, Microsoft ExchangeSystem Attendant, Microsoft Exchange Throttling, Microsoft Exchange Transport and POP3 connector.

Please find dcdiag /q.txt in the attachment.

There are no 2080 errors in the application log.
dcdiag-q.txt
So just to be clear - you did NOT attempt to restore any backups, is this correct? Unfortunately SBS is an all-in-one solution which means it's also your Active Directory Domain Controller, and domain controllers should not be restored from backups.

Is the time correct on your SBS? It needs to be within just 2 or 3 minutes of the actual time. If it wanders too far off (5 minutes or more) you'll get Kerberos and replication errors.

If you have a spare computer, it may be worth installing an instance of Server 2008 R2 and add Active Directory Domain Services and see if you can get AD to replicate. (I believe the SBS will want to insist on being the 'primary' domain controller but still, if you can get it to replicate to another AD server this may be beneficial. I could be wrong but I feel like your Active Directory issues are the root cause of your Exchange issues.

Also check here:
https://support.microsoft.com/en-us/help/2002013/troubleshooting-ad-replication-error-5-access-is-denied
ASKER CERTIFIED SOLUTION
Avatar of CNSE CV
CNSE CV

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial