How to add additional domain controller in exchange 2007
Hi, I have two AD servers running DC, DHCP & DNS (Win 2008). Every time server DC - 1 goes down, my exchange server which 2007 running in clustered mode is not able to process mail request (OWA, outlook etc...). I have checked both DC's with repadmin and both servers are properly replicating to each other. I do understand that I need to add one more entry in my exchange 2007 to add additional DC so that in case DC 1 goes down, DC 2 is able to support all the quires from users. I tried nslookup on my exchange and both the dc's are resolved properly. Can someone help me what to do and how to ensue that if DC 1 is down, DC 2 should process the requests for my exchange 2007 Thanks and Regards, Apoorv Mehrotra
March 29th, 2012 5:04am

Hi Are both domain controllers global catalogues? Could you post back with the details of event 2080 from your Exchange server?
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2012 6:14am

Hi Steve, Thanks for quick reply Yes both the DC are GC Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1492). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: dc01.domain.ae CDG 1 0 0 1 0 0 0 0 0 dc02.domain.ae CDG 1 7 7 1 0 0 1 7 1 Out-of-site: a1.domain.ae CDG 1 0 0 1 0 0 0 0 0 A2.domain.ae CDG 1 0 0 1 0 0 0 0 0 Thanks and Regards, Apoorv MehrotraApoorv Mehrotra
March 29th, 2012 6:27am

Hi Steve, A few more event:- Event ID - 1 Unhandled Exception "Could not find any available Global Catalog in forest domain.ae." Stack Trace: at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType, ADObjectId domain, String serverName, Int32 port, NetworkCredential credential) at Microsoft.Exchange.Data.Directory.ConnectionPoolManager.GetConnection(ConnectionType connectionType) at Microsoft.Exchange.Data.Directory.ADSession.GetConnection(String preferredServer, Boolean isWriteOperation, Boolean isNotifyOperation, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.GetReadConnection(String preferredServer, ADObjectId& rootId) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, String optionalBaseDN, ADObjectId readId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCreator, CreateObjectsDelegate arrayCreator) at Microsoft.Exchange.Data.Directory.ADSession.Find(ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties, CreateObjectDelegate objectCtor, CreateObjectsDelegate arrayCtor) at Microsoft.Exchange.Data.Directory.ADSession.Find[TResult](ADObjectId rootId, QueryScope scope, QueryFilter filter, SortBy sortBy, Int32 maxResults, IEnumerable`1 properties) at Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.FindBySid(SecurityIdentifier sId) at Microsoft.Exchange.Autodiscover.Providers.Outlook.OutlookAutoDiscoverProvider..ctor(RequestData requestData) Event ID 2114 Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1492). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers. These events were generated when i rebooted the DC01 and DC02 was up and running at that time. Please suggest me. Thanks and Regards, Apoorv Mehrotra Apoorv Mehrotra
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2012 6:32am

Hi Apoorv Are you sure you have these the DCs the right way round? From the event 2080 you posted above Exchange cannot contact DC01 ... or it doesn't believe that DC01 is a GC. Steve
March 29th, 2012 6:39am

Hi Steve, Well both the DC's are fine. Please do refer my second reply with further events, as these events i am forwarding you were at the time i took down DC 01 and DC02 was perfectly up and running Thanks, ApoorvApoorv Mehrotra
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2012 6:43am

OK, what does event 2080 look like when DC01 is running then? Do you get any errors when you run a DC diag?
March 29th, 2012 6:49am

hi, further to add to this when i run dcdiag on dc01 this is the errors i get:- Performing initial setup: Trying to find home server... Home Server = dc01 * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: xxxxxxxxxxxxxxx\DC01 Starting test: Connectivity ......................... DC01 passed test Connectivity Doing primary tests Testing server: xxxxxxxxxxxxxxxxx\DC01 Starting test: Advertising ......................... DC01 passed test Advertising Starting test: FrsEvent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... DC01 failed test FrsEvent Starting test: DFSREvent ......................... DC01 passed test DFSREvent Starting test: SysVolCheck ......................... DC01 passed test SysVolCheck Starting test: KccEvent An Warning Event occurred. EventID: 0x80000785 Time Generated: 03/29/2012 14:45:33 Event String: The attempt to establish a replication link for the following writab le directory partition failed. An Warning Event occurred. EventID: 0x80000785 Time Generated: 03/29/2012 14:45:39 Event String: The attempt to establish a replication link for the following writab le directory partition failed. ......................... DC01 passed test KccEvent Starting test: KnowsOfRoleHolders ......................... DC01 passed test KnowsOfRoleHolders Starting test: MachineAccount ......................... DC01 passed test MachineAccount Starting test: NCSecDescApoorv Mehrotra
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2012 7:07am

Hello Steve, any suggestions? Thanks...Apoorv Mehrotra
March 29th, 2012 7:51am

Hi Apoorv Apologies for the late response, I am all over the place at the moment. Do you have any errors on the domain controllers like 1925: http://technet.microsoft.com/en-us/library/cc778061%28v=ws.10%29.aspx There are some troubleshooting steps here that might help you out: http://technet.microsoft.com/en-us/library/cc785014%28v=ws.10%29.aspx Also I think something went wrong with the post you sent yesterday as the event 2080 from when DC01 is running has disappeared. Cheers, Steve
Free Windows Admin Tool Kit Click here and download it now
March 30th, 2012 8:43am

Hi Hasnain, I do not know where to start, yesterday night the DC01 went down again and my users were not able to check there emails. This could be a problem with DNS configuration or exchange configuration. Can you assist me, i tried a lot of help form google trying to troubleshoot DCDIAG errors but all in vain. I do not know where to start now. I checked in AD domain and trusts and tried to replicate the connections to each other, both of them successfully completed the operations. I still do not understand why then when DC01 goes down, DC02 is not able to take up the requests. Can you please tell me which specific event in DC02 you are looking for in case DC01 is down at that time Please assist meApoorv Mehrotra
April 1st, 2012 3:44am

Hi Hasnain/steve, I want the exchange to dynamically pick either of the domain controllers when one of them is down as you already advised. I checked through Get-ExchangeServer -status | fl *controller*,*global* and the result is [PS] C:\Windows\system32>Get-ExchangeServer -status |fl *controler*,*global* WARNING: An error occurred while accessing the registry of the specified server: "ext.xxxx.xxx.xx". The error message: "The network path was not found. ". StaticGlobalCatalogs : {} CurrentGlobalCatalogs : {} StaticGlobalCatalogs : {} CurrentGlobalCatalogs : {dc01.xxxx.xxx.xx} WARNING: An error occurred while accessing the registry of the specified server: "exhc02.xxxx.xxx.xx". The error message: "Requested registry access is not allowed.". WARNING: An error occurred while accessing the MSExchangeADTopology service on the specified server "exhc02.xxxx.xxx.xx". The error message: "Exchange Active Directory Topology Service on server exhc02.xxxx.xxx.xx cannot be contacted via RPC interface. Error 0x5.". StaticGlobalCatalogs : {} CurrentGlobalCatalogs : {} StaticGlobalCatalogs : {} CurrentGlobalCatalogs : {dc01.xxxx.xxx.xx} This is the output. What i want is when DC01 goes down, my dc02 automatically picks up the request for users. I have the exchange in clustered environment. HUB+CAS on cluster on 2 nodes and then Mailbox on another cluster with 2 nodes Can you please suggest how to get both of them in exchange? I do not want to statically to be defined, i want dynamically to be picked by DSaccess service if dc01 is out, dc02 is in and vice versa. EventID2080 looks like this when both dc01 & dc02 are running Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1492). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: dC01.XXXX.XXX.XX CDG 1 7 7 1 0 1 1 7 1 dc02.XXXX.XXX.XX CDG 1 7 7 1 0 0 1 7 1 Out-of-site: a1.XXXX.XXX.XX CDG 1 0 0 1 0 0 0 0 0 A02.XXXX.XXX.XX CDG 1 0 0 1 0 0 0 0 0 ***************************************************************************************************** and this is what EventID 2080 looks like while DC01 is down and DC02 is up Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1492). Exchange Active Directory Provider has discovered the following servers with the following characteristics: (Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version) In-site: dc01.xxxx.xxx.xx CDG 1 0 0 1 0 0 0 0 0 dc02.xxxx.xxx.xx CDG 1 7 7 1 0 0 1 7 1 Out-of-site: a1.xxxx.xxx.xx CDG 1 0 0 1 0 0 0 0 0 A02.xxxx.xxx.xx CDG 1 0 0 1 0 0 0 0 0 Please assist.... Thanks again...Apoorv Mehrotra
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2012 6:01am

Hi Hasnai, Already modified the Auditing and Security log. I also added static entries in nodes (exchange 01&02) for DC & GC and then looked at the topology in eventlog...still the same... rsop.msc dosnet gives any output, i mean to say local group policy editor i added the exchange servers group using gpedit.msc, but rsop.msc has no entries applied anywhere as well i cannot add anything in there as it is disabled even though when i am a member of enterprise admins Through gpedit.msc Through rsop.smc. this is what i see... Please help, i think i am on the verge of getting this thing solved through your help... Apoorv Mehrotra
April 1st, 2012 7:47am

Hi Hasnai, Already modified the Auditing and Security log. I also added static entries in nodes (exchange 01&02) for DC & GC and then looked at the topology in eventlog...still the same... rsop.msc dosnet gives any output, i mean to say local group policy editor i added the exchange servers group using gpedit.msc, but rsop.msc has no entries applied anywhere as well i cannot add anything in there as it is disabled even though when i am a member of enterprise admins Please help, i think i am on the verge of getting this thing solved through your help... I tried to paste the screenshots but it is not allowing me... Thanks a ton again...Apoorv Mehrotra
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2012 7:48am

You cannot edit RSOP because its read only. You mean to say you don't see the Exchange servers group under Manage auditing and security log when you run RSOP.MSC. This is how it looks in my lab environment. A 2081 event in the Application event log is generated. DSAccess then polls the Active Directory every 15 minutes to identify changes to site structure, domain controller placement, or other structural changes to Active Directory. Make sure we check the event id 2080 after 15 minutes when we modify, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com
April 1st, 2012 8:01am

I believe you should be able to see the same in the latest 2080 event id.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2012 8:14am

Yep.. i can see the event in 2080...i will take down my DC in next 1/2 hour..let's see what surprises it has got for me now in the box... But thanks a ton for your help buddy!!!!!... i am behind this issue from past 2 weeks, it was just last week i registered with the support forum and i reached at solution now.. Hopefully this should solve my problem for the time being for dc01 unavailability so that i can concentrate now on DC01 unavailability troubleshooting and let the mails..logons...etc flow right way.... You the man!!!! thanks a ton once again...Apoorv Mehrotra
April 1st, 2012 8:18am

Its my pleasure and you are always welcome. Just make sure when DC01 is down, Event id 2080 shows the same for DC02 as its doing now. dc02.xxxx.xxx.xx CDG 1 7 7 1 0 1 1 7 1Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2012 8:21am

Just a qick one, when i take down dc01, how much time it will take dc02 to take over the request. DC01 is having all FSMO Roles. Do i need to manually transfer these roles to DC02 or what is the way out?Apoorv Mehrotra
April 1st, 2012 8:33am

It will just take few seconds...There should not be any user impact. For how much time you are going to keep your DC01 down. If you think its going to take much time then move the FSMO roles to DC02. You can simply move Domain wide fsmo roles to DC02 and keep the forest wide fsmo roles on DC01. that should work for you.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Hasnain Shaikh| My blogs: http://messagingserversupport.com
Free Windows Admin Tool Kit Click here and download it now
April 1st, 2012 9:00am

Hi, the testing went successfully. I didn't had to transfer any roles as the testing was only that we reboot the DC01 three times and then stopped the NETLOGON service as well one by one and DC02 was able to support the requests. Thanks a ton man again! Just wanted to ask that i added the DC & GC manually in the exchange through the power shell.And i am aware if we add 3'rd DC in the environment, it wont show as we can only add 2 DC & GC (static) however it to be dynamic we have to keep the entry blank and let exchange topology service learn on its own whichever DC & GC is available no matter i have 3 or 30 (DC & GC) Can you assist me to how can we do that? Thanks again... Apoorv Mehrotra
April 2nd, 2012 12:55am

Hey Buddy, Great thanks for the help. Yes i will put execute this command once we decide to go for 3'rd or additional DC's.. But for the time being let it bounce in DC01 & DC02 only... Cheers :) Thanks again...Apoorv Mehrotra
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2012 2:11am

Hi All, My current setup is: Exchange 2007 CCR (Shared Storage). Approx 2000 Mailbox and the DB size is 1.63 TB (SG - I) and 645 GB (SG - II) HUB + CAS -> (NLB x 2 Physical Servers) Clustered (1 Virtual Host) (Sun Blade x6250, 2* Intel x5270 dual core, 16 GB RAM, 300 GB HDD) Mailbox x2 physical servers -> Failover Cluster (1 Virtual Host) using Sun shared storage (2* Six core AMD 8345, 16 GB RAM, 300 GB Internal HDD, mapped shared storage) We are planning to migrate to Exchange 2010 with complete new set of H/W & storage. I wanted to have suggestions of what design can we propose to client. The client needs high availability (most critical) in all the scenarios and is ready to buy 4 to 8 servers. (No DR Site requirement for now) Thanks in advanceApoorv Mehrotra
June 4th, 2012 5:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics