I have already found a fix for my problem, I am now just looking for the approved fix as it were. The background is that I have Exchange 2007 running on a Server 2003 R2 machine. I had 3 Server 2003 DC's (in 3 different sites). I upgraded the AD schema and installed 2 Server 2008 R2 DC's in the site with the Exchange Server and demoted the Server 2003 DC in that site. I also tranferred all the FSMO's to these new servers (the 3 domain roles are on one of them the 2 forest roles are on the other). All DC's are GC's. But for whatever reason the Exchange server would not use the local Server 2008 DC's and always accessed one of the Server 2003 DC's in another site, which also happened to be the DC which used to hold all of the FSMO roles. In the process of trying to get the Exchange server to recognize and use the local DC's I made the mistake of rebooting and when it finally came up there were A LOT of Exchange errors. After researching, it all seemed to boil down to permission issues somewhere (possibly in DNS and more probably in AD). I googled onto this site http://blogs.msdn.com/keithmg/archive/2009/01/06/exchange-topology-discovery-failed-error-0x80040a02-dsc-e-no-suitable-cdc.aspx and followed the suggestion there which is to add the Exchange Server computer account to the domain admins group. It worked to get Exchange back up and working happily once more and sure enough it recognizes and is now using the two local DC's which is what I wanted. I am not sure when it actually broke, I am guessing that the issue may have arisen way back when I did the schema updates, or if not then maybe when I introduced the new Server 2008 DC's. As you would expect I don't reboot the Exchange server often. I have also in the past few months manually removed some of the old DNS entries that pointed to the DC that I demoted in the same site as the Exchange server. So theoretically it is possible that something I did in the DNS cleanup is the real cause. But I am wondering if I was supposed to do something on the Exchange server itself when I did the schema upgrade and introduced my new DC's and if so can I do it now? I see in the comments section of the link I posted above where some people are talking about running "setup /preparead" or "setup /preparedomain" or "setup /adprep" (depending on which comment you look at). I am assuming they are talking about running the Exchange 2007 setup but which switch would I use and can I do that on a functioning Exchange server without hosing it up?

Per my research, there’s no article that indicates the requirement of extra steps on the exchange server for this situationJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)If you have any feedback on our support, please contact tngfb@microsoft.com

OK maybe we should come at it from this angle. Although there were a boat load of errors that were all fixed by putting the Exchange computer account into the domain admins group, I think the root of the issue were the AD Topology errors. First this informational event log entry appears which looks ok except that there are also 2 out of site DC's which it isn't finding (which is still true now even though the exchange server is working again):Event Type: InformationEvent Source: MSExchange ADAccessEvent Category: Topology Event ID: 2080Date: 4/13/2010Time: 1:03:05 PMUser: N/AComputer: Exchange ServerDescription:Process MAD.EXE (PID=2684). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)In-site:dc1.domain.local CDG 1 7 7 1 0 0 1 7 1dc2.domain.local CDG 1 7 7 1 0 0 1 7 1 Out-of-site: For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Then this event log error appearsEvent Type: ErrorEvent Source: MSExchange ADAccessEvent Category: Topology Event ID: 2114Date: 4/13/2010Time: 1:04:05 PMUser: N/AComputer: Exchange ServerDescription:Process MAD.EXE (PID=2684). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. This error log entry also appeared although not necessarily in sequence with those two: Event Type: ErrorEvent Source: MSExchange ADAccessEvent Category: General Event ID: 2604Date: 4/13/2010Time: 1:00:59 PMUser: N/AComputer: Exchange ServerDescription:Process MSEXCHANGEADTOPOLOGY (PID=1812). When updating security for a remote procedure call (RPC) access for the Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object Exchange Server - Error code=80040a01. The Exchange Active Directory Topology service will continue with limited permissions.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.As did this one: Event Type: ErrorEvent Source: MSExchange ADAccessEvent Category: General Event ID: 2152Date: 4/13/2010Time: 1:00:42 PMUser: N/AComputer: Exchange ServerDescription:Process w3wp.exe (OWA) (PID=3600). An remote procedure call (RPC) request to the Microsoft Exchange Active Directory Topology service failed with error 1753 (Error 6d9 from HrGetServersForRole). Make sure that the Remote Procedure Call (RPC) service is running. In addition, make sure that the network ports that are used by RPC are not blocked by a firewall.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. And this one: Event Type: ErrorEvent Source: MSExchange ADAccessEvent Category: General Event ID: 2501Date: 4/13/2010Time: 12:59:59 PMUser: N/AComputer: Exchange ServerDescription:Process MSEXCHANGEADTOPOLOGY (PID=1812). The site monitor API was unable to verify the site name for this Exchange computer - Call=HrSearch Error code=80040a01. Make sure that Exchange server is correctly registered on the DNS server.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Please see if the suggestions inthis thread helpsJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)If you have any feedback on our support, please contact tngfb@microsoft.com

Please see if the suggestions inthis thread helpsJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx)If you have any feedback on our support, please contact tngfb@microsoft.comThat was very helpful. I followed the instructions here http://support.microsoft.com/kb/925825 and it seems to have fixed 99% of the errors. (I ran setup /preparead as well as gave the Exchange Server group rights to the "manage auditing and security log" policy in the default domain controllers GPO) I removed the Exchange Server computer account from the domain admins group and restarted exchange services and everything comes up but there are still 4 errors logged. Event Type: ErrorEvent Source: MSExchangeSAEvent Category: General Event ID: 9317Date: 4/16/2010Time: 4:18:11 PMUser: N/AComputer: MyExchangeServerDescription:Failed to register Service Principal Name for exchangeRFR; error code was c0072098.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type: ErrorEvent Source: MSExchangeSAEvent Category: General Event ID: 9317Date: 4/16/2010Time: 4:18:11 PMUser: N/AComputer: MyExchangeServerDescription:Failed to register Service Principal Name for exchangeMDB; error code was c0072098.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type: ErrorEvent Source: MSExchangeTransportEvent Category: TransportService Event ID: 12011Date: 4/16/2010Time: 4:18:20 PMUser: N/AComputer: MyExchangeServerDescription:Microsoft Exchange couldn't register the service principal name SmtpSvc: Access is deniedFor more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Event Type: ErrorEvent Source: MSExchangeTransportEvent Category: TransportService Event ID: 12011Date: 4/16/2010Time: 4:18:20 PMUser: N/AComputer: MyExchangeServerDescription:Microsoft Exchange couldn't register the service principal name SMTP: Access is deniedFor more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Just in case this is relevant I am using scripts to stop and then start exchange services.Stop script:net stop msexchangeadtopology /ynet stop msftesql-exchange /ynet stop msexchangeis /ynet stop msexchangesa /ynet stop iisadmin /yStart Script:net start "World Wide Web Publishing Service"net start "Microsoft Exchange Information Store"net start "Microsoft Exchange System Attendant"net start "Microsoft Search (Exchange)"net start "Microsoft Exchange Transport Log Search"net start "Microsoft Exchange Transport"net start "Microsoft Exchange Service Host"net start "Microsoft Exchange Search Indexer"net start "Microsoft Exchange Replication Service"net start "Microsoft Exchange Mail Submission"net start "Microsoft Exchange Mailbox Assistants"net start "Microsoft Exchange File Distribution"net start "Microsoft Exchange EdgeSync"net start "Microsoft Exchange Anti-spam Update"I can't reboot the server right at the moment so this is the closest I could get to a reboot in case this has anything to do with the errors I am recieving.For testing purposes I added the Exchange Server computer account back to the domain admins group and restarted services. The first two Exchange SA errors above logged again so I think those probably have something to do with the startup script but the second two exchange transport error did not get logged so it appears that those errors need to be resolved if I remove the Exchange Server computer account from the domain admins group.

Update: I have resolved the second two errors with info from this thread:http://social.technet.microsoft.com/Forums/en/exchangesvrtransport/thread/9380dd2b-397a-4408-928e-b89e18562d5fBut still getting some errors when restarting the service, different this time than the ones listed above but I need to head home for the day.Is the script I am using suitable or is there a better way to restart the services?I haven't had a chance to try a reboot (takes this server a LONG time...) but that may not generate errors at this point since all of my services are comming up and I am not seeing any errors logged durring operations (although I haven't had long to monitor it while running since implementing these fixes).

Please monitor the case after you back, and then re-evaluate the current status of the issue, see if there are any further problems on the exchange serverJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

Looks like we got James. Thank you. The Exchange Server computer object has been out of the domain admins group since Friday afternoon and I was able to do a reboot of the server on Sunday and no errors have been generated all weekend. Can you comment on the shutdown and startup scripts I am using for the Exchange Services and tell me if you think there is a better way to accomplish a restart of all Exchange services?