Hi,

Here is my issue: In our organization, Exchange server 2013 is installed on windows server 2012,

From few months we are having issue with cluster fail-over.

We have a DAG with 8 nodes and in that 4 servers are having this issue

Here is the below event logs we are receiving  and exchange DBs will get fail-over to the passive node

Let me know if you need any more detail

Could you please let me know the cause and resolution for this issue. 

Here is the flow of event logs..

 "IMPORTANT thing is this is happening every 3rd or 4th day the month, depends on the number of days in the month (30/31 days ) "

1 : NETLOGON 

 

This computer was not able to set up a secure session with a domain controller in domain VCN due to the following: 

The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. 

This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

 

ADDITIONAL INFO 

If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

 

event : 5719

 

 

2 : Security Kerberos:

 

The digitally signed Privilege Attribute Certificate (PAC) that contains the authorization information for client Server-name$ in realm(FQDN) could not be validated.

 

 This error is usually caused by domain trust failures; Contact your system administrator

 

event iD 7

 

 

3 : DNS Client event 

 

The system failed to register host (A or AAAA) resource records (RRs) for network adapter

with settings:

 

           Adapter Name : {******-3175-888-9999-******}

           Host Name : Server-name

           Primary Domain Suffix : FQDN 

           DNS server list :

              131.**.***.*, 131.**.***.*

           Sent update to server : <?>

           IP Address(es) :

             131.**.***.***

 

The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time.

 

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

 

Even ID : 8015

 

4 : Fail-over cluster:

 

File share witness resource 'File Share Witness \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)' failed to arbitrate for the file share \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)'. Please ensure that file share \\segotn5102.xyz.ab.abc.net\SEGOTNC5110.xyz.ab.abc.net)' exists and is accessible by the cluster.

 

Segotn5102 - witness server

segotn5110 - DAG name (Virtual name)

event : 1564

 Thank you,

Pradeep K

• Edited by Pradeep KS Friday, February 06, 2015 6:38 AM

Check for a sleepy NIC: http://blogs.technet.com/b/exchange/archive/2013/10/22/do-you-have-a-sleepy-nic.aspx

Ensure AD is replicating properly: http://www.microsoft.com/en-us/download/details.aspx?id=30005

Ensure there are not duplicate SPN's with a server name in AD: http://blogs.msdn.com/b/psssql/archive/2009/02/13/searching-for-duplicate-spn-s-got-a-little-easier.aspx

Mike