0

I have two 2008 R2 servers which should replicate AD. One si production server, second backup. On primary server is also Exchange 2010. There were plans about a year ago to install exchange to backup server to to replicate and serve as backup in case primary server is unavailable. My former colleague completed first two steps (or may be just one) in Exchange install as presented by exchange installer (I think it has to do something with AD integration and redistributables installation). Today I accidentally broke backup server (probably bad drivers) and from the moment backup server went down, Exchange on primary server is not working. Exchange Active directory topology complains that it cannot find any suitable DCs, Active directory complains that it doesn't feel like servicing clients and application because it may be in wrong state, because of nonfuctional replication. Primary server is FSMO for all roles. By looking into historic logs I found that Eschange doesn't see domain controller it resides on since I fiddled with DNS servers and routing on our network. I remeber I changed network masks and some firewall setings, as a result primary DNS on primary server was backup server and secondary was itself. Any ideas how to fix it, so Exchange see its own machine as PDC?

Some logs:

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1884). Exchange Active Directory Provider has discovered the following servers with the following characteristics:

(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
primary CDG 1 0 0 1 0 0 0 0 0
backup CDG 1 0 0 1 0 0 0 0 0

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1884). All Domain Controller Servers in use are not responding: primary secondary

The Microsoft Exchange Replication service attempted to start the Active Manager RPC server but failed because an error occurred when attempting to read the Exchange Servers universal security group SID from Active Directory. Error: The Microsoft Exchange Active Directory Topology service on server localhost did not return any suitable domain controllers.

Process STORE.EXE (PID=1960). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

When I look into logs older than backup server shut-down I see this:

Process MAD.EXE (PID=9556). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
primary CDG 1 0 0 1 0 0 0 0 0
secondary CDG 1 7 7 1 0 1 1 7 1
Out-of-site:

UPDATE:
Ok, After starting backup(secondary) server I got: primary CDG 1 0 0 1 0 0 1 0 0 secondary CDG 1 7 0 1 0 1 0 0. After fixing netlogon service not starting on backup server (and thus nonfunctional replication) because of some remnants of rename a long time ago I am back at operational: primary CDG 1 0 0 1 0 0 0 0 0 secondary CDG 1 7 7 1 0 1 1 7 1 What puzzles me, is, why it still can't see its own machine. Any suggesstions?

Ondatra
  • 19
  • 1
  • 1
  • 5
  • Ok, After starting backup(secondary) server I got: primary CDG 1 0 0 1 0 0 1 0 0 secondary CDG 1 7 0 1 0 1 0 0. After fixing netlogon service not starting on backup server because of some remnants of rename a long time ago I am back at operational: primary CDG 1 0 0 1 0 0 0 0 0 secondary CDG 1 7 7 1 0 1 1 7 1 What puzzles me, is, why it still can't see its own machine. Any suggesstions? – Ondatra Jun 05 '12 at 14:49

2 Answers2

2

There is no such thing as a Primary Domain Controller or a Backup Domain Controller unless you are using Windows NT4. That's your first problem.

Your replication problem can be caused by your "secondary" DC using itself as the primary DNS resolver. Don't do that. A DC should never have itself listed first in the DNS resolver list. It can cause a replication island like the one you're seeing.

Fix replication and stop treating your second DC like it's a backup. They're both live, both respond to authentication requests, and are peers. Once you do this, your problems will likely resolve themselves.

Community
  • 1
MDMarra
  • 100,183
  • 32
  • 195
  • 326
  • I had DNS servers set up like this all the time (primary - replication partner, secondary - itself). As for primary and backup DCs, that is just naming convention and reflects intended use (backup DC is off-site). At the time of your answer, replication was functional, as it was functional before secondary DC shutdown, however exchange had problems finding AD on its own machine. None the less it's solved now. – Ondatra Jul 09 '12 at 13:02
1

Everthing fixed now. Problem was disabled IPv6 on primary server. Automatic IPv6 address is enough to make it work. Exchange and AD on same machine probably communicate with each other only by using IPv6 and cannot use IPv4. Servers see themselves because if they are on other machines, they can use IPv4 to communicate. I tried demultihoming primary server but without any change. I tried changing NIC properties on backup server and after disabling IPv6, AD on secondary server had problems seeing primary server as online (but replicated non the less). Thus I enabled IPv6 on both and everything is working now.

Ondatra
  • 19
  • 1
  • 1
  • 5