Exchange AD topology service cannot find DC's
We're running Exchange 2007 SP2. One of our alerts is saying that Exchmbx1.kam.com - "Exchange AD Topology service cannot find DC's". I believe this is the service that works with DSAccess to provide AD info that is crucial to Exchange?
I'm not sure if this is a false alert or genuine! I've gone into Exchange Management Console > Exchmbx1 > Properties > System Settings
I can see that there are a bunch of DC's listed in "Domain Controllers being used by Exchange" and also in "Global Catalog servers being used by Exchange".
I had some questions on this I was hoping someone could help me out on
1. Why are there two seperate boxes for DC's and GC's? I thought Exchange used GC's only?
2. I thought Exchange DSAccess only used one GC at a time?
3. Is there a Powershell command to find out which DC's/GC's Exchange is using?
4. How can I find out if there really is an error with one of those DC's/ GC's? I can ping them fine, but what should I be looking out for in Exchange to find out if there is some problem with it's AD connectivity?
January 20th, 2011 4:08pm
On Thu, 20 Jan 2011 21:01:28 +0000, Sheen1990 wrote:
>We're running Exchange 2007 SP2. One of our alerts is saying that Exchmbx1.kam.com - "Exchange AD Topology service cannot find DC's". I believe this is the service that works with DSAccess to provide AD info that is crucial to Exchange?
>
>I'm not sure if this is a false alert or genuine! I've gone into Exchange Management Console > Exchmbx1 > Properties > System Settings
Alerts from where (or what)?
>I can see that there are a bunch of DC's listed in "Domain Controllers being used by Exchange" and also in "Global Catalog servers being used by Exchange".
Do you see event ids 2080 in your application log?
Event Type: Information
Event Source: MSExchange ADAccess
Event Category: Topology
Event ID: 2080
Date: 1/20/2011
Time: 8:18:33 PM
User: N/A
Computer: SRVR005
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1340). Exchange Active
Directory Provider has discovered the following servers with the
following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC
capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
dc1.XXXX.com CDG 1 7 7 1 0 1 1 7 1
DC2.XXXX.com CDG 1 7 7 1 0 1 1 7 1
Out-of-site:
If you don't see any, use set-eventlogginglevel to set the "MSExchange
ADAccess\Topology" category to "Low".
>I had some questions on this I was hoping someone could help me out on
>
>1. Why are there two seperate boxes for DC's and GC's? I thought Exchange used GC's only?
A GC, unless it's in its own domain, only has a subset of properties
to work with. Exchange needs a DC to get the others.
>2. I thought Exchange DSAccess only used one GC at a time?
You're looking at the set of GCs that Exchange has discovered and can
use. Exchange uses 1 GC until the number of outstanding LDAP queries
surpasses a threshold and then it starts using another GC.
>3. Is there a Powershell command to find out which DC's/GC's Exchange is using?
Any of them can be used. The only "one" that's used is the
configuration DC.
>4. How can I find out if there really is an error with one of those DC's/ GC's? I can ping them fine, but what should I be looking out for in Exchange to find out if there is some problem with it's AD connectivity?
"Ping" isn't LDAP. Ping just tests connectivity. If, for example, the
netlogon service is having a problem, ping will work just fine but no
authentication would be performed.
Use dcdiag and netdiag to see if there are problems with the DC. You
can use LDP.exe to connect to the DC on port389 and the GC using 3268.
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2011 10:53pm