none
Error: Failed to reconnect to Active Directory server when exporting to exch2007

    General discussion

  • Hi

    I am doing galsync between multiple sites.  There are all kinds of exchange environments including 2003,2007 and 2010.

    One of the sites has Exchange 2007.  when I run the agent and try to do export; I get an error message in event log stating that

    Failed to reconnect to Active Directory server dc.domain.local. Make sure the server is available, and that you have used the correct credentials.

    I checked the forums and also did some googling.  The name of their domain is site3.local.  I tried all the following to no avail :-9

    1. Tried the credential as galsync@site3.local

    2. Tried the credential by filling out all the boxes (including domain name & forest name)

    3. Changed the provisioning from Exchange 2007 to none

    4. Checked DNS (I have a stub zone).  I get SRV records returned when I do nslookup

    5. I can ping the DCs and access them on ports 389 and 135

    6. I double and triple checked with site admin.  He swears that domain and forest names are correct.

     

    Any help is appreciated.  Thank you

     


    Friday, May 13, 2011 3:31 PM

All replies

  • Have you tried configuring a preffered domain controller on your ADMA yet?

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Friday, May 13, 2011 4:16 PM
  • I tried the preferred domain controller too.  First by IP and then by FQDN.  Neither one works. :-(
    Friday, May 13, 2011 4:44 PM
  • Have you looked at this yet?

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Friday, May 13, 2011 5:31 PM
  • Hi

     

    Actually I was there before I posted this question.  I went through all the steps and still nothing (ones listed on my main question)

     

    Should I post nslookup results?

    Friday, May 13, 2011 5:53 PM
  • I doubt that your issue is related to name resolution.

    Unless, there is something funky going on, this type of error is usually related to a service issue.
    I suspect something on the firewall level - that would be at least my first guess.

    Have you find anything that could be related in the event log?
    A NetMon trace might help to shed more light on this...

    Cheers,
    Markus


    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Friday, May 13, 2011 6:18 PM
  • On Windows 2008 R2 network tracing got so much eassier. You can simply collect a trace on your server, and afterwards analyze it using network monitor. No need to install anything on your servers: http://setspn.blogspot.com/2011/01/network-tracing-awesomeness.html
    http://setspn.blogspot.com
    Friday, May 13, 2011 8:05 PM
  • Did it work before or it hasn't worked at all for this specific exchange environment?
    Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!
    Monday, May 16, 2011 12:06 PM
  • Hi

     

    Not it didn't work before.  I keep getting this message about "failed to reconnect to active directory server when exporting to exch2007.

    Here is what I have tried so far

     

    1. Tried the credential as galsync@site3.local

    2. Tried the credential by filling out all the boxes (including domain name & forest name)

    3. Changed the provisioning from Exchange 2007 to none

    4. Checked DNS (I have a stub zone).  I get SRV records returned when I do nslookup

    5. I can ping the DCs and access them on ports 389 and 135

    6. I double and triple checked with site admin.  He swears that domain and forest names are correct.

    7. Used preferred domain controller under properties.

    Monday, May 16, 2011 1:58 PM
  • Are there any additional messages within the eventlog.

    Is there a firewall in between? Do you have kerberos errors? (you can enable kerberos logging through the registry)

    Did you tried full dns names and netbios names in the domain and forests boxes?


    Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!
    Monday, May 16, 2011 2:20 PM
  • 1. I tried full dns names for forest and domain but not netbios name.  Does netbios names for forest and Domain work?  Afterall these are remote forests/domains and I am using DNS to resolve them

    2. Unfortunately there is a firewall in between (grrrrrrrrrr).  They are west coast and this site is in east coast.  Here are the ports open in between.  Am I missing something?  Not even sure if 3rd one is even necessary to be honest.

     

    • Connectivity between local DNS server and remote DNS servers (Port 53)
    • Connectivity between local FIM server and remote DC servers (Port 389 and Port 135)
    • Connectivity between local FIM server and remote exchange servers (Port 135)
    Monday, May 16, 2011 2:41 PM
  • I see the following message in network monitor when doing the export in FIM.  I am able to reach their DCs on port 389

     

    Time & date: 12:38:37 PM 5/16/2011

    Source: Site2.domainname.local 

    Destination: GAL  

    SrcPort=LDAP(389),

    DstPort=64746, PayloadLen=113,

     

    Monday, May 16, 2011 4:45 PM
  • Is it possible to narrow down which connections to which ip numbers & ports are tried when running the export, to see if there are still ports being blocked somehow.

    Need realtime FIM synchronization and advanced reporting? check out the new http://www.imsequencer.com that supports FIM 2010, Omada Identity Manager, SQL, File, AD or Powershell real time synchronization!

    Friday, June 01, 2012 6:33 AM