Hope some of you can help with this problem as I have read everything I have been able to find on this and still have not been able to fix the problem. These 3 events show up in my application log every 15 min. and are preventing the system from updating the OAB I can manualy update the OAB and it functions fine for 15 min or less. I have run DCDiag and it comes up 100% Passed and the ExBPA tells me everything is running perfectly. I am at a loss and these 3 messages seem to be the only hint I can find. Anyone got any Ideas? Log Name: Application Source: MSExchange ADAccess Date: 4/28/2011 11:18:45 AM Event ID: 2601 Task Category: General Level: Warning Keywords: Classic User: N/A Computer: Mail1.geologic.com Description: Process MSEXCHANGEADTOPOLOGY (PID=1616). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=1A9E39D35ABE5747B979FFC0C6E5EA26,CN=Microsoft Exchange,CN=Services,CN=Configuration,...> - Error code=8007077f. The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange ADAccess" /> <EventID Qualifiers="32772">2601</EventID> <Level>3</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-04-28T17:18:45.000000000Z" /> <EventRecordID>72760</EventRecordID> <Channel>Application</Channel> <Computer>Mail1.geologic.com</Computer> <Security /> </System> <EventData> <Data>MSEXCHANGEADTOPOLOGY</Data> <Data>1616</Data> <Data>&lt;WKGUID=1A9E39D35ABE5747B979FFC0C6E5EA26,CN=Microsoft Exchange,CN=Services,CN=Configuration,...&gt;</Data> <Data>8007077f</Data> </EventData> </Event> Log Name: Application Source: MSExchange ADAccess Date: 4/28/2011 11:18:45 AM Event ID: 2604 Task Category: General Level: Error Keywords: Classic User: N/A Computer: Mail1.geologic.com Description: Process MSEXCHANGEADTOPOLOGY (PID=1616). When updating security for a remote procedure call (RPC) access for the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object MAIL1 - Error code=8007077f. The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange ADAccess" /> <EventID Qualifiers="49156">2604</EventID> <Level>2</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-04-28T17:18:45.000000000Z" /> <EventRecordID>72761</EventRecordID> <Channel>Application</Channel> <Computer>Mail1.geologic.com</Computer> <Security /> </System> <EventData> <Data>MSEXCHANGEADTOPOLOGY</Data> <Data>1616</Data> <Data>MAIL1</Data> <Data>8007077f</Data> </EventData> </Event> Log Name: Application Source: MSExchange ADAccess Date: 4/28/2011 11:18:45 AM Event ID: 2501 Task Category: General Level: Error Keywords: Classic User: N/A Computer: Mail1.geologic.com Description: Process MSEXCHANGEADTOPOLOGY (PID=1616). The site monitor API was unable to verify the site name for this Exchange computer - Call=DsctxGetContext Error code=8007077f. Make sure that Exchange server is correctly registered on the DNS server. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchange ADAccess" /> <EventID Qualifiers="49156">2501</EventID> <Level>2</Level> <Task>1</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-04-28T17:18:45.000000000Z" /> <EventRecordID>72762</EventRecordID> <Channel>Application</Channel> <Computer>Mail1.geologic.com</Computer> <Security /> </System> <EventData> <Data>MSEXCHANGEADTOPOLOGY</Data> <Data>1616</Data> <Data>DsctxGetContext</Data> <Data>8007077f</Data> </EventData> </Event>

Hi, Check out the following KB http://support.microsoft.com/kb/2025528 Adam Bokiniec

Thanks for the Reply Adam It does not appear to be a timing issue as I can restart the services and manually, well after startup is complete, and create the OAB and all is fine for about 15 min. then the system tries to do a synchronize and I am back to the 3 error messages and the topology service running with limited permissions.

Hi, Which version of Exchange is installed, Exchange 2007 or Exchange 2010? I suggest you install the latest Service Pack and rollups on the server, and then restart the MSExchange ADTopology Service again. If the server is Exchange 2007, please also install the update KB948496 and disable RSS for a test. For more information, please refer to the link below: http://support.microsoft.com/kb/948496 Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for the reply Novak Sorry I can't believe I forgot to put the version infomation in Exchange 2010 SP1 running on W2K8 R2 and the AD has a functonality level of Windows 2008 R2. All the currently avalible updated have been run and the topology service has been restarted and for the first 15 min I am good but then I am back to the 3 error messages and no syncronization for the OAB. The error message keeps reffering to a bad permission on access to the AD is it possable this is a bad permission on one of the objects being accessed in the AD? Thanks again Novak Mike Nyman

Hi Again Novak Did a check for updates on this thing in our Maint. window this weekend and the only update it could find was the Rollup-1 for MS Forefront for Exchange Server 2010. I ran that one and now I am getting different error messages but it still will not genrate the OAB. the new Errors follow. The DNS that it is reffering to is a DNS/DC in our child domain. The child domain is on a different subnet with its own DCs and DNS servers and all traffic between the 2 is through a Cisco ASA. Both DCs in the DMZ domain have Any - Any access to the mail server. Log Name: Application Source: MSExchangeSA Date: 5/2/2011 3:16:28 PM Event ID: 9330 Task Category: (13) Level: Error Keywords: Classic User: N/A Computer: Mail1.geologic.com Description: OABGen encountered error 80040115 (internal ID 50004b0) accessing Active Directory DMZDC2 for ''. - \geoOAB Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchangeSA" /> <EventID Qualifiers="49152">9330</EventID> <Level>2</Level> <Task>13</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-05-02T21:16:28.000000000Z" /> <EventRecordID>75937</EventRecordID> <Channel>Application</Channel> <Computer>Mail1.geologic.com</Computer> <Security /> </System> <EventData> <Data>80040115</Data> <Data>50004b0</Data> <Data>DMZDC2</Data> <Data> </Data> <Data>\geoOAB</Data> </EventData> </Event> Log Name: Application Source: MSExchangeSA Date: 5/2/2011 3:16:28 PM Event ID: 9334 Task Category: (13) Level: Error Keywords: Classic User: N/A Computer: Mail1.geologic.com Description: OABGen encountered error 80040115 while initializing the offline address book generation process. No offline address books have been generated. Check the event log for more information. - \geoOAB Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="MSExchangeSA" /> <EventID Qualifiers="49152">9334</EventID> <Level>2</Level> <Task>13</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-05-02T21:16:28.000000000Z" /> <EventRecordID>75938</EventRecordID> <Channel>Application</Channel> <Computer>Mail1.geologic.com</Computer> <Security /> </System> <EventData> <Data>80040115</Data> <Data>\geoOAB</Data> </EventData> </Event>

I am having the exact same issue, with the same errors. I have tried re-running the setup /PrepareAD command as I too found that there may be a permissions issue. Also found that client PCs running Outlook 2007 cannot set their Out-of-Office, but can through OWA. Any relation to these issues?

Hi, How many DCs are there in the organization? Regarding to the new error message, it can occur if there is network connection problem between DC and Exchange server. Please help to check if the DC can be accessed from the Exchange server. In addition, please run the following command on the Exchange server and send the c:\dsgetsite.txt to me for my further research. Nltest /dsgetsite >c:\dsgetsite.txt Also, you can try rebooting the server at your convenience and check if the issue persists. Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Novak There are 4 DCs. 2 in the Parent domain and 2 in the child. The child domain is our public datacenter and has no users. It is simply a resource domain housing various datasets, SQL databases and web servers. There may be a monitoring service that will send an internal email but no other reason for the mail server to even contact a DC in the DMZ. The mail server can see anything on the DMZ domain but the DCs on the DMZ domain can only see the DCs on the parent domain and the SMTP and POP ports on the mail server. If the DCs on the child domain need to talk to the Mail server I will need the ports that are required. Here is the contents of the dsgetsite.txt file that the command you mentioned created. Default-First-Site-Name The command completed successfully As for a server reboot, it has been rebooted nightly for the last week now as I try different things to get it working. Sorry to report that nothing I have tried has worked so far. Thanks again for your help so far Novak Mike

Based on the application error, we can find that OABGen try to contact the Active Directory DMZDC2 but it encountered a problem. It’s normal that the mail server try to contact a DC in DMZ to generate OAB. So, it’s recommended to you change another server to generate OAB instead of the server in DMZ. For more information, please refer to the link below: http://technet.microsoft.com/en-us/library/bb125184.aspx Thanks. Novak Wu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

The Exchange server was never in the child Domain and the child doamin can't see the parent domain so if the mail server is trying to use a DC in the DMZ it is going to fail as the DC in the child domain can't see the mail server. The command that solved the problem for me was: Set-ExchangeServer -Identity <ServerIdParameter> [-StaticConfigDomainController <String>] [-StaticDomainControllers <MultiValuedProperty>] [-StaticExcludedDomainControllers <MultiValuedProperty>] [-StaticGlobalCatalogs <MultiValuedProperty>] I simply set the -staticdomaincontrollers to the 2 DCs in my Parent domain. and the OAB generated on its own on its proper shedule. Thanks for the help Novak