Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Exchange cannot use domain controller after 2003 upgrade
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Exchange cannot use domain controller after 2003 upgrade - 21.Jan.2008 4:12:54 AM
|
|
|
Jonathan
Posts: 3
Joined: 21.Jan.2008
Status: offline
|
Hi all,
We have a Windows 2000 domain with two domain controllers and one Exchange 2000 server. This configuration has been working fine for years. All servers are SP4 and using the latest updates and patches. Exchange is at SP3. In preparation for an upgrade to Exchange 2007, I upgraded one domain controller to Windows Server 2003 SP2. Proper preparation payed off as the upgrade went very smoothly.
Unfortunately, Exchange decided it couldn't use this domain controller anymore after the upgrade. I have already made modifications to the domain controller security policy to allow backwards compatibility, rebooted both the domain controller and the Exchange Server, checked DNS configuration, the manage security and audit logging rights, run dcdiag and netdiag and all that.
Additional logging on the Exchange server reveals this:
--------
Event Type: Information
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2080
Date: 21-1-2008
Time: 9:39:09
User: N/A
Computer: Exchange
Process STORE.EXE (PID=3504). DSAccess has discovered the following servers with the following characteristics:
(Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon)
In-site:
DC1.internal.mydomain CDG 7 7 1 0 1 1 0
DC2.internal.mydomain CDG 7 7 1 0 1 1 7
----------
Fortunately, the second domain controller is still at Windows 2000 Server and, judging from the above log entry, working fine from an Exchange perspective. The Directory Access tab in the Exchange Sytem manager is set up to automatically discover DC's, but only adds DC2 to the list. I can add DC1 manually, but the 'Site' column says it's in an unknown site.
Something tells me that if I were to add DC1 manually and shut down DC2, Exchange would stop responding to clients. Not something you would do while 450 clients are logged on.
So far, I haven't been able to track down why the log entry shows a value of '0' instead of '7'. No other server or client (2000 Server, Server 2003, XP SP1/SP2, Linux, AIX, BSD) has reported any errors using this domain controller. I'm really starting to run out of options.
Any ideas?
|
|
|
|
|
RE: Exchange cannot use domain controller after 2003 up... - 21.Jan.2008 6:18:09 AM
|
|
|
Jonathan
Posts: 3
Joined: 21.Jan.2008
Status: offline
|
I wouldn't be too worried about the upgrade. I tried to replicate this issue using a couple of virtual machines on MS Virtual Server 2005 (2 DC's Win2K, one Exchange 2000 Server, one XP client, ), but this worked just fine.
As long as you make all three of your DC's Global Catalog servers and verify they work properly, you will always have two working GC's in case the upgrade goes pear-shaped.
|
|
|
|
|
RE: Exchange cannot use domain controller after 2003 up... - 4.Feb.2008 6:24:18 AM
|
|
|
Jonathan
Posts: 3
Joined: 21.Jan.2008
Status: offline
|
Problem solved!
Logging all traffic between this domain controller and Exchange using Wireshark, I was able to pinpoint the issue to an SMB packet sent to the domain controller requesting bind to \\dc1\ipc$. To which the domain controller replied: "error_status_denied".
This dialog could be replicated by issuing a 'net use \\dc1\ipc$ /u:administrator *' from any Windows 2000 Server box. Also, a 'net view \\dc1' returned the same error. What this command actually does, is read the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\shares
As it turns out, Windows Server 2003 uses a different parameter for the enumeration of these shares, stating it needs a security signature. So, after changing
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\requiresecuritysignature
to a value of 0, everything turned back to normal and Exchange added the domain controller to the list of Global Catalog servers.
Thanks Microsoft, for not mentioning any of this in your fancy KB articles ;-)
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
