We're migrating from a 2003 server / Exchange all in one box to a 208R2 Exchange 2010 setup, where we have one server dedicated as Exchange server, and a second dedicated as a file server and DC. The DC has had everything migrated to it, all the FSMO roles, Global catalog, DNS, DHCP etc. Everything appears to work fine, but once I go into AD Sites and Services, and Ucheck the Global Catalog setting on the NTDS Settings properties for the old 2003 server, Exchange stops working. If I restart the System attendent, it doesn't restart with the error ID: "1005 Unexpected error The specified domain either does not exist or could not be contacted. Facility: Win32 ID no: c007054b Microsoft Exchange System Attendant occurred." This is once it replicates the setting obviously. Once I re -set the old server as a DC the exchange server works fine. BTW, if i restart the exchange server while it's in the state where the service won't start it gets to the "applying computer settings" for an hour or so before finally letting one logon to the server (and then wait for ti to apply user settings fro another 10 minutes or so). If I set the old server as a DC as the exchange server is waiting at the 'applying computer settings" screen, within a few minutes it will jump to the 'press ctrl +alt+ delete' screen. Couple of notes, once the exchange server is unhung as described immediately above (by re- enabling the GC while it's 'applying computer settings') the exchange services still are not started on that system. Also these symptoms occur whether the old DNS server on the old 2003 server is on or off. or if the exchange server's dns settings include the old dns server or not.. I'm really lost here, and the migration is imminent. Any suggestions are GREATLY appreciated.

How many ad sites? DNS working properly? What does the ADtoplogy event say? Think it's 2080? Run Test-Systemhealth, see if any DC/GC is hardcoded When you untick on the 2003 server, run the ExchBPA and see what is says? Also check the event logs at this time. Also see this - http://social.technet.microsoft.com/Forums/en-IE/exchange2010/thread/924f0b55-5819-4d44-8606-554e05769ac5 Sukh

Thanks for the response. Only the one AD site. Dns looks good, if I ping either of the servers it resolves properly, if I ping domain.net it resolves to the new server / GC. 2080 (MSExchange ADAcess) 'discovered the following': oldDCGC.domain.net CDG 1 7 7 1 0 1 1 7 1 newDCGC.domain.net CDG 1 7 7 1 0 0 1 0 1. I haven't used Test-Systemhealth before, so I don't know if I'm missing something, but all it tells me is that the harddrive controler driver is old, and that I'm running in a VM. No other info. I did check in the Exchange Console and it was set for to "Use a default domain controller". I downloaded the BPA but it said it needed .net 1.1 installed to work, but I thought .net 1.1 caused problems with exchange 2010? One thing I did notice was Event ID 9385, "Microsoft Exchange System Attendant failed to read the membership of the universal security group '/dc=net/dc=mydomain /ou=Microsoft Exchange Security Groups/cn=Exchange Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group. If this computer is not a member of the group '/dc=net/dc=mydomain/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange services." The server in question is a memeber of ExchangeServers. Thanks again, any further suggestions are much appreciated!

Here lies the problem. Please check the netlogon service on the new domain controller. Also run the command setup /preparedomain again as we are missing the SACL Rights (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) oldDCGC.domain.net CDG 1 7 7 1 0 1 1 7 1 newDCGC.domain.net CDG 1 7 7 1 0 0 1 0 1 Jasjit Singh Dhindsa | ITIL v3 | IASA Foundation Certified | MCITP:Exchange 2010 | Exchange 2007 | MCTS:OCS 2007 | Exchange 2010 | Exchange 2007 | MCSA:Messaging | Security | MCSE:Messaging | Security

Issue is the SACL right, normally this membership is missing or GPO is missing a right where the Exch servers need to have the permission on. Could alos be group membership as the other DC is fine. But that's your issue. See this - http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/d57c4227-ab6b-4833-93b5-99616b52a2af/ You can also run the PolicyTest - http://support.microsoft.com/kb/281537 For the ExchBPA, you shouldnt have to download, should be in the EMC toolboxSukh

Hmmm, I ran the setup /preparedomain and gave it time to replicate as it seemed to still be behaving the same. At this point it hangs at the 'preparing computer settings" whether the old DC is set as a GC or not. Any other suggestions or thoughts on what might have gone wrong here?

Hi, Please check permission that Sukh suggested. Please try to run DCdiag from your Exchange Server and then post here. Besides, please try to check event log to see if any related event would log there. Xiu

Thanks all, here's where I'm at now: DCDiag All passed except: Starting test: Advertising Warning: DsGetDcName returned information for \\oldDC.ourdomain.net, when we were trying to reach NEWDC. SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE. ......................... NEWDC failed test Advertising Starting test: NetLogons Unable to connect to the NETLOGON share! (\\NEWDC\netlogon) [NEWDC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. ......................... NEWDC failed test NetLogons =============================================== Local domain is "ourdomain.net" (ourdomain) Account is "ourdomain\Exchange Enterprise Servers" ======================== DC = "OldDC" In site = "Default-First-Site-Name" !!! Right NOT found !!! ======================== DC = "NewDC" In site = "Default-First-Site-Name" !!! Right NOT found !!! When i try to pen the default Domain Controllers Policy in Group Policy management on the new DC I get an error:"Failed to open the group policy object. You may not have appropriate rights. Details: The Network Name Can Not be found. I checked the sysvol and cannot connect to it using \\newdc\sysvol, and found the folder structure exists (c:\windows\sysvol\ but it is not shared. I dont't know at what poitn that went bad, but here we are. Thoughts?

Your new DC doesnt seem like its been setup properly, Run the ADBPA and see what it comes back with. I'd also think about posting in the directory forum to resolve your AD/DC issue then come back here for the Exch issues as we can see you issue is around AD/GC.Sukh