Exchange 2007 SP2 - Problem discovering Global Catalog servers
This morning, we ran into a problem where our Exchange 2007 SP2 roll-up 4 server couldn't find a Global Catalog server in our multi-site forest. Basically, our Windows 2003 DC (PDC role) had multiple issues at our HQ site. The Exchange 2007 server is located at HQ. The Exchange 2007 server started displaying ADAccess errors while attempting to communicate with AD. The Exchange Topology service couldn't find the IP address of any of our DC's (locally at HQ and remotely), event error 2107. To clear up the AD issues on the Windows DC (PDC), I restarted the server. Then, the Exchange 2007 became happy. Any idea why the Exchange Topology service couldn't find any GC's? Any suggestions to fix? Thanks Ron
July 13th, 2010 10:15pm

How long did you wait? Exchange won't go out of site to look for another DC for a little while, like 15 minutes from my experience. What does the periodic topology event log messages say about the DCs that your server sees? -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "TrojansBaby" wrote in message news:366d6e98-0585-41ed-aa51-6852635b8efd... This morning, we ran into a problem where our Exchange 2007 SP2 roll-up 4 server couldn't find a Global Catalog server in our multi-site forest. Basically, our Windows 2003 DC (PDC role) had multiple issues at our HQ site. The Exchange 2007 server is located at HQ. The Exchange 2007 server started displaying ADAccess errors while attempting to communicate with AD. The Exchange Topology service couldn't find the IP address of any of our DC's (locally at HQ and remotely), event error 2107. To clear up the AD issues on the Windows DC (PDC), I restarted the server. Then, the Exchange 2007 became happy. Any idea why the Exchange Topology service couldn't find any GC's? Any suggestions to fix? Thanks Ron Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2010 6:29am

Hi, Topology discovery in Exchange is the process of finding domain controllers and global catalog servers that are fully functional and “close” relative to the location of the Exchange server.It will perform a complete new topolog redetection every 15 minutes. DSAccess maintains a list of external site DCs and GCs.If all DC/GC in local site is unavailable, then it will use the external servers. But it will try to redetect topology every 5 minutes. Regards, Xiu
July 14th, 2010 12:08pm

The DC with the FSMO roles started having problems around 1AM. The Exchange 2007 server started getting ADAccess errors aproximately 9AM. Over time if AD is not taken care of, the other DC's and Exchange 2007 will start having problems like the issues that I experienced. I guess. I say this since I restarted the DC, and Exchange 2007 did not produce one error during the restart. It was within the "15 minutes." The DC that was having problems was also listed at the top of the DNS server list. Since the top-level DNS server was not resolving, is it possible that the server had problems resolving using the second and third DNS servers? Thanks Ron
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 9:20am

Hi, For DNS, base on my experience, I think client computer will try to use the second DNS server to do name resolution if it cannot contact or cannot use the primary DNS server. Regards, Xiu
July 15th, 2010 11:24am

Possibly. What do the event logs say? -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "TrojansBaby" wrote in message news:8996f755-3ed2-43bb-8c31-1f1782ec7fbd... The DC with the FSMO roles started having problems around 1AM. The Exchange 2007 server started getting ADAccess errors aproximately 9AM. Over time if AD is not taken care of, the other DC's and Exchange 2007 will start having problems like the issues that I experienced. I guess. I say this since I restarted the DC, and Exchange 2007 did not produce one error during the restart. It was within the "15 minutes." The DC that was having problems was also listed at the top of the DNS server list. Since the top-level DNS server was not resolving, is it possible that the server had problems resolving using the second and third DNS servers? Thanks Ron Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 6:20pm

Sorry for the late response. Here you go. system log 925am Netlogon event id 5719 loss secure session 925 am Kerberos event id 7 PAC verification failure application log 923am MSexchangeadaccess event id 2107 failed to obtain an ip address for dc. thus excluding DC from being used as DS 923am msexchangeadaccess event id 2119 SRV error 923am msexchangeadaccess event id 2106 failed to obtain DNS records for forest 923am msexchangeadaccess event id 2106 failed to obtain DNS records for domain 941am msexchangeadaccess event id 2114 LDAP lookup error 943am msexchangeadaccess event id 2604 could not retrieve security descriptor 943am msexchange autodiscovery event id 1 could not find any GC's in forest Once the issue with the DC was cleared up, msexchangeadaccess at 956am got a good discovery. Ron
July 19th, 2010 6:14pm

Looks like you have a network problem, a flaky NIC, a DNS issue, or something like that. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "TrojansBaby" wrote in message news:c105ccd3-1a9e-4b4d-a235-dfefe235f999... Sorry for the late response. Here you go. system log 925am Netlogon event id 5719 loss secure session 925 am Kerberos event id 7 PAC verification failure application log 923am MSexchangeadaccess event id 2107 failed to obtain an ip address for dc. thus excluding DC from being used as DS 923am msexchangeadaccess event id 2119 SRV error 923am msexchangeadaccess event id 2106 failed to obtain DNS records for forest 923am msexchangeadaccess event id 2106 failed to obtain DNS records for domain 941am msexchangeadaccess event id 2114 LDAP lookup error 943am msexchangeadaccess event id 2604 could not retrieve security descriptor 943am msexchange autodiscovery event id 1 could not find any GC's in forest Once the issue with the DC was cleared up, msexchangeadaccess at 956am got a good discovery. Ron Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2010 5:35pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics