I support Exchange 2003 in a medium sized environment with 8 domains. The Exchange servers are located at a central data center with the majority of domains controllers and are members of a resource domain. There is also an empty root domain for the forest and 6 other user domains. There are around 10 sites. Recently, our AD team replaced a many of our 2003 DCs with 2008 R2 DCs. They left one 2003 DC in each site, but not one 2003 DC in each domain in each site. Is this a problem? Are there enhancements to AD 2008 that could cause problems with Exchange 2003 SP2 and the requires configuration on the DCs? According to the updated support matrix, Exchange 2003 supports AD 2008 R2. I'm asking these questions because I have recently started getting error events related to LDAP connectivity, WMI permission failures, passwords expiring on disabled resource mailboxes, and a number of DSAccess/RUS errors. Does this sound familiar to anyone? Are we missing something?

Are the new Dcs GCs as well do you see all DCs in event id 2080 for topology? Please set the diagnostics logging level for all categories of the MSExchangeDSAccess service to Maximum and see if there are any errors.

There are many errors when diagnostic logging is turned up. Also, several of the new 2008 DCs are GCs. The all appear in the Exchange directory access tab and in the topology event. However, here are a couple examples: Event Type: Warning Event Source BPA Event ID: 1184 Description: Round-trip times from Exchange server Front_EndEXCH01 to Active Directory server dcxxx.abc.com are taking 38 ms. This may cause Exchange performance problems. Event Type: Warning Event Source: MSExchangeDSAccess Event Category: LDAP Event ID: 2115 Description: Process MAD.EXE (PID=2956). DSAccess needs to close a connection to the Domain Controller dcvvv.xyz.com due to error 0x80040920. Error: 0x80040920 = LDAP_NO_SUCH_OBJECT (Object does not exist) We are also having problems with WMI and our transaction logs. Here are some of the WMI related errors and my notes: 1.C:\WINDOWS\system32\wbem\Logs\stdprov.log - Profile@0xd3f460 ionixadm loading failed 0x522 2.“GetUserDefaultLCID failed, restorting to system verion” in the C:\WINDOWS\system32\wbem\Logs\wbemcore.log file. 3.C:\WINDOWS\system32\wbem\Logs\wbemprox.log shows the following errors: NTLMLogin resulted in hr = 0x8004100e ConnectViaDCOM, CoCreateInstanceEx resulted in hr = 0x80070005 Error codes: 0x8004100e = WBEM_E_INVALID_NAMESPACE - http://support.microsoft.com/kb/295821/en-us 0x80070005 = This problem can occur if any COM applications or COM+ applications cannot access the COM+ catalog files. The application cannot access the COM+ catalog files because the default permissions on the COM+ catalog directory and files have been changed from the default settings. http://support.microsoft.com/kb/909444 4.I found this on AADARSVRMSE04P in the C:\WINDOWS\system32\wbem\Logs\wbemess.log – Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041003. Dropping event. 0x80041003 = WBEM_E_ACCESS_DENIED It seems to all point to either name resolution or DC configuration, or am I missing the real issue? Thanks

Start ESM. Navigate to the Exchange 2003 server object, and open its Properties. On the Directory Access tab, check if all the DCs/GCs are listed properly. Make sure the option "Automatically discover servers" is checked. Please run dcdiag on the new dcs to make sure that the Dc are fully functional.