Exchange 2007 SP2 - Problem discovering Global Catalog servers
This morning, we ran into a problem where our Exchange 2007 SP2 roll-up 4 server couldn't find a Global Catalog server in our multi-site forest.
Basically, our Windows 2003 DC (PDC role) had multiple issues at our HQ site. The Exchange 2007 server is located at HQ. The Exchange 2007 server started displaying ADAccess errors while attempting to communicate with AD. The Exchange Topology
service couldn't find the IP address of any of our DC's (locally at HQ and remotely), event error 2107.
To clear up the AD issues on the Windows DC (PDC), I restarted the server. Then, the Exchange 2007 became happy.
Any idea why the Exchange Topology service couldn't find any GC's? Any suggestions to fix?
Thanks
Ron
July 13th, 2010 10:15pm
How long did you wait? Exchange won't go out of site to look for another DC for a little while, like 15 minutes from my experience. What does the periodic topology event log messages say about the DCs that your server sees?
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"TrojansBaby" wrote in message
news:366d6e98-0585-41ed-aa51-6852635b8efd...
This morning, we ran into a problem where our Exchange 2007 SP2 roll-up 4 server couldn't find a Global Catalog server in our multi-site forest.
Basically, our Windows 2003 DC (PDC role) had multiple issues at our HQ site. The Exchange 2007 server is located at HQ. The Exchange 2007 server started displaying ADAccess errors while attempting to communicate with AD. The Exchange Topology
service couldn't find the IP address of any of our DC's (locally at HQ and remotely), event error 2107.
To clear up the AD issues on the Windows DC (PDC), I restarted the server. Then, the Exchange 2007 became happy.
Any idea why the Exchange Topology service couldn't find any GC's? Any suggestions to fix?
Thanks
Ron
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2010 6:29am
Hi,
Topology discovery in Exchange is the process of finding domain controllers and global catalog servers that are fully functional and “close” relative
to the location of the Exchange server.It will perform a complete new topolog redetection every 15 minutes.
DSAccess maintains a list of external site DCs and GCs.If all DC/GC in local site is unavailable, then it will use the external servers. But it will try to redetect
topology every 5 minutes.
Regards,
Xiu
July 14th, 2010 12:08pm
The DC with the FSMO roles started having problems around 1AM. The Exchange 2007 server started getting ADAccess errors aproximately 9AM.
Over time if AD is not taken care of, the other DC's and Exchange 2007 will start having problems like the issues that I experienced. I guess. I say this since I restarted the DC, and Exchange 2007 did not produce one error during the restart.
It was within the "15 minutes."
The DC that was having problems was also listed at the top of the DNS server list. Since the top-level DNS server was not resolving, is it possible that the server had problems resolving using the second and third DNS servers?
Thanks
Ron
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 9:20am
Hi,
For DNS, base on my experience, I think client computer will try to use the second DNS server to do name resolution if it cannot contact or cannot use the primary DNS server.
Regards,
Xiu
July 15th, 2010 11:24am
Possibly. What do the event logs say?
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"TrojansBaby" wrote in message
news:8996f755-3ed2-43bb-8c31-1f1782ec7fbd...
The DC with the FSMO roles started having problems around 1AM. The Exchange 2007 server started getting ADAccess errors aproximately 9AM.
Over time if AD is not taken care of, the other DC's and Exchange 2007 will start having problems like the issues that I experienced. I guess. I say this since I restarted the DC, and Exchange 2007 did not produce one error during the restart.
It was within the "15 minutes."
The DC that was having problems was also listed at the top of the DNS server list. Since the top-level DNS server was not resolving, is it possible that the server had problems resolving using the second and third DNS servers?
Thanks
Ron
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 6:20pm
Sorry for the late response.
Here you go.
system log
925am Netlogon event id 5719 loss secure session
925 am Kerberos event id 7 PAC verification failure
application log
923am MSexchangeadaccess event id 2107 failed to obtain an ip address for dc. thus excluding DC from being used as DS
923am msexchangeadaccess event id 2119 SRV error
923am msexchangeadaccess event id 2106 failed to obtain DNS records for forest
923am msexchangeadaccess event id 2106 failed to obtain DNS records for domain
941am msexchangeadaccess event id 2114 LDAP lookup error
943am msexchangeadaccess event id 2604 could not retrieve security descriptor
943am msexchange autodiscovery event id 1 could not find any GC's in forest
Once the issue with the DC was cleared up, msexchangeadaccess at 956am got a good discovery.
Ron
July 19th, 2010 6:14pm
Looks like you have a network problem, a flaky NIC, a DNS issue, or something like that.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
.
"TrojansBaby" wrote in message
news:c105ccd3-1a9e-4b4d-a235-dfefe235f999...
Sorry for the late response.
Here you go.
system log
925am Netlogon event id 5719 loss secure session
925 am Kerberos event id 7 PAC verification failure
application log
923am MSexchangeadaccess event id 2107 failed to obtain an ip address for dc. thus excluding DC from being used as DS
923am msexchangeadaccess event id 2119 SRV error
923am msexchangeadaccess event id 2106 failed to obtain DNS records for forest
923am msexchangeadaccess event id 2106 failed to obtain DNS records for domain
941am msexchangeadaccess event id 2114 LDAP lookup error
943am msexchangeadaccess event id 2604 could not retrieve security descriptor
943am msexchange autodiscovery event id 1 could not find any GC's in forest
Once the issue with the DC was cleared up, msexchangeadaccess at 956am got a good discovery.
Ron
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 20th, 2010 5:35pm