Link to home
Create AccountLog in
Avatar of Panayiotis Kanaris
Panayiotis KanarisFlag for Cyprus

asked on

Exchange services issue after AD migration.

Dear Experts, 


We are facing the below issue. We migrated AD from 2012 to 2016. After the migration we shut down the 2012 AD but is not demoted yet. Everything was working properly until the Exchange 2013 stopped running. When we tried to start the services manually, some services started and some did not. The services that did not start they had error 1053 "not starting ins a timely fashion". We turned on the old AD and immediately the services started. Apparently there is something not moved to the new AD 2016 but we do not know what it is.


Thank you

Avatar of Pradeep Kini
Pradeep Kini
Flag of India image

is your new Domain controller also marked as a GC or a global catalog. Any errors from the exchnage server that could indicate ? or could you paste some of the events that you see on the xchange srever
also did the old server contain any FSMO role, were they moved before you shut them
Avatar of Panayiotis Kanaris

ASKER

Hello Pradeep,

The new domain is GC. The netdom query fsmo shows all roles to the new domain controller.
you might want to dig a bit deeper, run domain controller diagnostics dcdiag /v and paste any errors. also look at exchange server event logs before you started the old DC ?
Most errors are about DFS replication

 The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner SRV-MAIN.domain.local. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers.

And some are about permissions

  Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\AD2016\netlogon
         Verified share \\AD2016\sysvol
         [AD2016] User credentials does not have permission to perform this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
I tried to restart the topology service. error below

Process Microsoft.Exchange.Directory.TopologyService.exe (PID=3780) Forest domain.local. Topology discovery failed, error details
No Minimal Required Number of Suitable Directory Servers Found in Forest domain.local Site Default-First-Site-Name and connected Sites..
looks like your dc has sysvol replication issues, it will fail a GC bind from Exchange server , are you using a domain admin privileged account for running dcdiag ?
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/newly-promoted-domain-controller-fail-advertise ,

was the new DC allowed some time to sync before the old was shutdown ?
You might need to update your Exchange server NIC DNS properties and add new DC IP address as default DNS server and then restart the server again.
Yes, both servers were on for at least a week before shutting down the old AD.

the DNS on exchange is only the new domain controller.
After some configurations and with both AD's running we get the below
AD2016 is the new one and srv-main is the old one.

The group policies that were created only on the new AD -while the old one was off - are migrated to the old AD.

C:\Windows\system32>Repadmin /replsummary
Replication Summary Start Time: 2023-04-11 12:39:26

Beginning data collection for replication summary, this may take awhile:
  .....


Source DSA          largest delta    fails/total %%   error
 AD2016                    38m:57s    0 /   5    0
 SRV-MAIN              02h:42m:01s    1 /   5   20  (1722) The RPC server is unavailable.


Destination DSA     largest delta    fails/total %%   error
 AD2016                02h:42m:01s    1 /   5   20  (1722) The RPC server is unavailable.
 SRV-MAIN                  38m:57s    0 /   5    0

At this point, it seems that:

- The AD Database has problem to replicate correctly (do you have SYSVOL and NETLOGON created on the new domain controller?)

- SYSVOL cannot replicate (Have you migrated file replication from NTFRS  to DFS ?)


When you use the AD Users&computers console (on the new DC), which server (domain controller) is managing(connected) this console?


Perhaps, the move of roles has been a little premature.


These 2 points must be resolved before looking to Exchange.

Check host file on your Exchange server. Make sure old dc IP is not hard coded.
apart from what amit mentioned above, how are your NIC configured for DNS. are the DC's [pointing to themselves for primary and other for secondary DNS or how are they setup. also are the dns zones loading fine
After some more troubleshooting now we have the below

C:\Windows\system32>Repadmin /replsummary
Replication Summary Start Time: 2023-04-11 14:03:57

Beginning data collection for replication summary, this may take awhile:
  .....


Source DSA          largest delta    fails/total %%   error
 AD2016                    04m:02s    0 /   5    0
 SRV-MAIN                  06m:32s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 AD2016                    06m:32s    0 /   5    0
 SRV-MAIN                  04m:02s    0 /   5    0

The issue is that some of the group policies were not migrated to the old ad. When we manually copied the policy folder from new AD SYSVOL to the old server, the policy appeared properly in the old server's group policy.

There is no record of DNS in he host file. Both DC's have the loopback as primary DNS and the other as secondary.
Each DC should point to the other DC for primary DNS, itself as secondary DNS, and loopback as tertiary DNS. Fix DNS on each DC. I would probably restart each DC. Give it some time to settle down between reboots. Then check replication status.
ASKER CERTIFIED SOLUTION
Avatar of DEMAN-BARCELO (MVP) Thierry
DEMAN-BARCELO (MVP) Thierry
Flag of France image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
[PS] C:\Users\administrator.domain\Desktop>Get-ADServerSettings |fl


RunspaceId                                         : d7dad3f5-6ff2-414a-917f-eaebf43e803a
DefaultGlobalCatalog                               : ad2016.domain.local
PreferredDomainControllerForDomain                 : {}
DefaultConfigurationDomainController               : SRV-MAIN.domain.local
DefaultPreferredDomainControllers                  : {ad2016.domain.local}
UserPreferredGlobalCatalog                         :
UserPreferredConfigurationDomainController         :
UserPreferredDomainControllers                     : {}
DefaultConfigurationDomainControllersForAllForests : {<domain.local, SRV-MAIN.domain.local>}
DefaultGlobalCatalogsForAllForests                 : {<domain.local, ad2016.domain.local>}
RecipientViewRoot                                  : domain.local
ViewEntireForest                                   : False
WriteOriginatingChangeTimestamp                    : False
WriteShadowProperties                              : False
Identity                                           :
IsValid                                            : True
ObjectState                                        : New

Hello all , 


i am trying to run the command but i get an error


[PS] C:\Users\administrator.domain\Desktop>Set-ExchangeServer -Identity srv-exch -DefaultConfigurationDomainController

ad2016.domain.local

A parameter cannot be found that matches parameter name 'DefaultConfigurationDomainController'.

    + CategoryInfo          : InvalidArgument: (:) [Set-ExchangeServer], ParameterBindingException

    + FullyQualifiedErrorId : NamedParameterNotFound,Set-ExchangeServer

    + PSComputerName        : srv-exch.domain.local

I managed to change the AD server settings on exchange and now it looks ok.


Think you for your assistance.