FSE - Active Directory Replication Warning?
-
Saturday, December 12, 2009 11:31 PMI have a single W2K8 R2 domain controller running Microsoft ForeFront Protection2010 for Exchange and whenever I try to configure Antispam components I receive the following error "Active Directory Replication Warning" Exchange management integration has not been enabled. After Active Directory replication of the required credentials has completed, alll functionality, such as antispam managment, on-demand scans, and public folder access, is not available.
The server is completely up to date, there are no other event log warnings and the strangest thing is id I install FSE again it will work just fine but within a 24 hr period i start getting this error. It is a single domain controller so it is not replicating at all. I followed the article "Troubleshooting integration with Exchange Server 2010 Active Directory components." and evrything checks outs? Any ideas?
All Replies
-
Wednesday, December 16, 2009 2:56 AMModerator
Hi,
Thank you for the post.
Before going any further, I’d like to know more information. Would you please help to run FSCDiag.exe out of the FPE install directory and send me the .zip file that it creates?
The FSC diagnostic tool
http://technet.microsoft.com/en-us/library/bb795085.aspx
For your convenience, I have created a workspace for you. You can upload the information files to the following link. (Please choose "Send Files to Microsoft")
Workspace URL: (https://sftasia.one.microsoft.com/choosetransfer.aspx?key=53f26af2-3b10-4193-83ab-b8b2109f0307)
Password: xsU7HWTf935%8
Note: Due to differences in text formatting with various email clients, the workspace link above may appear to be broken. Please be sure to include all text between '(' and ')' when typing or copying the workspace link into your browser.
Regards,
Nick Gu - MSFT -
Thursday, December 17, 2009 5:48 AMFile has been uploaded. Thanks for looking at this!
-
Friday, December 18, 2009 1:42 PMHello,
have you resolved this problem? I'm facing exactly the same warning and some FSE features are not available (antispam and those mentioned in the warning).
Thanks,
-rv-
R.* -
Friday, December 18, 2009 8:54 PMNo sir, nothing yet, let me know if you find something. Thanks
-
Saturday, December 19, 2009 3:33 AMWhen I run the Powershell commands to troubleshoot the error as recommended in KB http://technet.microsoft.com/en-us/library/ee358879.aspx I get the following errors. I have verified the the server’s machine account is in the Exchange’s Hygiene Management role group. The thing that kills me most is this is a single domain controller with no replication partners?
Get-FseSpamConnectionFilter : Microsoft Forefront Protection 2010 for Exchange Server does not yet
have the access needed to execute this command. Full Active Directory replication of required cred
entials may not have completed; when replication has completed the command will be available.
At line:1 char:28
+ Get-FseSpamConnectionFilter <<<<
+ CategoryInfo : PermissionDenied: (:) [Get-FseSpamConnectionFilter], ApplicationExce
ption
+ FullyQualifiedErrorId : ExchangeManagementNotAvailable,ForefrontConsole.Powershell.cmdlets.G
et_FSESpamConnectionFilter -
Saturday, December 19, 2009 5:50 AM What I have found to restore functionality is to stop the "Microsoft Forefront Server Protection Controller" service which stops the "Microsoft Exchange Information Store" and "Microsoft Exchange Transport" service, then restart them. The sad thing about this is that it does not work on a clean reboot you have to do the above steps manually. I am assuming it has something to do with the services not starting in the right order or timing of starting?
- Marked As Answer by D-a-n_L Saturday, December 19, 2009 5:53 AM
-
Sunday, December 20, 2009 4:49 PMThe other thing that I have noticed is ever since restarting those services manaully the problem has not returned even after multiple reboots, go figure...
-
Friday, April 16, 2010 6:23 PMThank you for the incantations. It was certainly easier than removing and re-installing Forefront, which is what I did last time this showed up.
-
Friday, August 13, 2010 7:27 PMI also having exact same issue and as soon as I go to work I will give it a try.
-
Friday, August 13, 2010 8:56 PM
I just came to work and followed D-a-n_L 's way and it worked . Since 3-4 months I was looking for solution so what can I say thank very much:) Obviously this problem by MS and they have to take care of it.
Regards
-
Wednesday, August 18, 2010 11:28 AMthanks D-a-n_L this perfectly worked and the forefront is now working
-
Wednesday, December 08, 2010 5:02 PMYou the man! Worked for me too.
-
Tuesday, December 14, 2010 1:23 PM
Same here. Installed FPE on 8 machines, but one sucks. Then I manualle restart FSCController and everything regarding this issue is fine.
BUT: I have to do this manually everytime i restart the machine. There must be a solution.
Furthermore I have a problem with MSExchangeRPC (Microsoft Exchange RPC Client Access on a Unicast NLB Cluster), where the service also needs to be started manually.
Are there any ideas?
Best regards
Stefan
-
Thursday, February 10, 2011 8:54 PM
Thanks D-a-n_L, your suggestion to restart the services also resolved the issue for me (something a regular reboot did not fix).
This seems to affect so many people, why haven't Microsoft bothered to fix it yet? Come on MS, get it together please. Service start order is something you really should have nailed down by now.
-
Tuesday, March 15, 2011 7:44 PM
Thank you for your post
Try changing the startup mode from Manual to Automatic, for some reasons I don't know why Microsoft chose to set this mode to manual,
it is working just fine for me
-
Sunday, August 14, 2011 7:31 AM
Open Forefront Management Shell and type the following Windows PowerShell command:
Get-FseExchangeManagementStatus
This returns a value for ExchangeManagementAvailable. If this value is false, Exchange integration has not yet been achieved.
The Domain Administrator can verify if the server’s machine account has been added to Exchange’s Hygiene Management role group.
Do a force AD replication if necessary.
Run the PowerShell commnd Againit resolve my issue please try.
http://technet.microsoft.com/en-us/library/ee358879.aspx
- Proposed As Answer by Leju Joy Sunday, August 14, 2011 7:34 AM
-
Saturday, December 31, 2011 4:15 AM
Hello,
I have the same issue with FPE 2010, Exchange Server 2010 SP2, and Windows Server 2008 R2 SP1.
I really dont undestand how is possible MS dont take care of this problem, I found several issues with all that applications is like dont care at all, may be because there are so few people that have bought the product, i dont know.
This Thread was open 2 years ago, and we are experiencing the issue till now.
Unbeleaveble
Cristian L Ruiz -
Tuesday, May 01, 2012 5:58 AM
This resolved my issue, Thank you much
For some reason my exchange server is no longer in the "Hygiene group". Once I added it there, the value of "Get-FseExchangeManagementStatus" becomes true almost instantaneously.
thank you for the post!
Ed
- Proposed As Answer by ed 4t wowrack.com Tuesday, May 01, 2012 5:58 AM
.png)
