Exchange 2010 SP 2 Can't create second GAL
-
יום שישי 16 דצמבר 2011 05:40
I had /hosting installed in a test inviroment and decided to uninstall the server and try SP2. The uninstall went fine and I now have a new 2010 sp2 server setup. I am trying to create a second GAL and I get the following error. Any Ideas?
[PS] C:\Windows\system32>New-GlobalAddressList -Name "GAL_ORG1" -RecipientFilter {(CustomAttribute15 -eq "ORG1")}
WARNING: One or more global address lists were missing from the Active Directory attribute. This is likely caused by
using legacy Exchange management tools to create global address lists.
Active Directory operation failed on test-DC1.changed.domain.com. This error is not retriable. Additional information: The
name reference is invalid.
This may be caused by replication latency between Active Directory domain controllers.
Active directory response: 000020B5: AtrErr: DSID-0315286E, #1:
0: 000020B5: DSID-0315286E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2)
+ CategoryInfo : NotSpecified: (0:Int32) [New-GlobalAddressList], ADConstraintViolationException
+ FullyQualifiedErrorId : 2EF38462,Microsoft.Exchange.Management.SystemConfigurationTasks.NewGlobalAddressList[PS] C:\Windows\system32>
כל התגובות
-
יום שישי 16 דצמבר 2011 06:50
It's not a supported scenario (which as this is test I'm sure you don't care much about and that's ok), but my guess would be that simply unistalling /hosting, and then installing non /hosting (frankly, I'm amazed that worked) is the issue. You really need a new AD, as the two modes of Exchange have entirely different AD structures (one multi-tenant and one single-tenant) and likely that is causing the issue.
If you didn't go in to AD and whack stuff after uninstalling /hosting, I expect that configuration is still in place. It might be possible (again unsupported) to go in and whack the Exchange container from AD after removing the last Exchange box, but frankly, if it's a test lab, starting from scratch would be my recommendation, don't waste time troubleshooting. New AD, start again. Else you'll never know if future problems are happening because of this.
- הוצע כתשובה על-ידי Greg Taylor [msft]Microsoft Employee יום שישי 16 דצמבר 2011 06:50
-
יום שישי 16 דצמבר 2011 22:43
i had exactly the same issue after doing an upgrade from Exchange 2010 SP1.
in my organization, i have 1 exchange 2010 SP2 and 1 exchange 2010 SP1. When i try to create a new global address list from Exchange 2010 SP2 server, i have the same error message. If i run the same command line from an exchange 2010 SP1, it works...Previoulsy i use the gal segmentation. So, i have already several GAL created from Exchange 2007 & Exchange 2010 powershell command.
Can it be possible SP2 is checking a specific attributes on other GAL not populted by previous version ?
thanks
-
יום שישי 16 דצמבר 2011 23:19
Malabar21, did you have a /hosting mode deployment? It doesn't sound like it, so while the error is the same, I doubt the cause is. Start a new thread I suggest. And describe what you do have. If you used undocumented processes to hack AD and make it look multi-tenant, and are now having trouble, it might be tricky to solve in a forum like this.
-
יום שישי 16 דצמבר 2011 23:29And here's a question to you both - What OS are your DC's running, and what forest/domain functional level?
-
יום ראשון 18 דצמבר 2011 09:20
I will create a new thread.
AD is a a mixed 2008 R1 & R2.
AD is 2008 R1 fonctionnal level.
thanks
-
יום רביעי 28 דצמבר 2011 13:28
Hi Guys... had exactly the same situation and error as you do. To resolve the issue i did the next steps:
- Uninstall Exchange (hosting or normal)
- Remove Program Files\Exchange folder
- Open ADSIedit.msc and:
- remove OU=Microsoft Exchange Security Groups,DC=cg,DC=local
- remove CN=Microsoft Exchange System Objects,DC=cg,DC=local
- remove CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cg,DC=local
- remove CN=Microsoft Exchange Autodiscover,CN=Services,CN=Configuration,DC=cg,DC=local
- went to Exchange 2010 SP2 installation folder:
- start setup /PrepareSchema
- start setup /PrepareAD
- start normal setup and install Exchange
After installation i was able to create additional GAL. Obviously hosting mode has different permissions or attributes on schema itself.
Other thing, be careful with instructions above as i had empty database, only one exchange in testing environment and no production data. Hope this helps for you.
-
יום שלישי 10 ינואר 2012 08:30
Hi,
This my workaround :
- remove all global address list except "Default Global address list" with EMS
- go to adsiedit.msc and remove all adress list except "Default Global address list" in the attributes "globalAddressList2" defined on :
CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=DOMAIN
-
יום שלישי 10 ינואר 2012 19:04Please don't anyone do that suggestion. A) if you messs it up it will break a lot of stuff and B) the moment you run new-GAL again it will sync the gal and ga2 attributes back up again.
-
יום רביעי 11 ינואר 2012 09:22
First my deployment is not /hosting.
The problem appear after installing SP2 of Exhchange 2010.
My suggestion is to delete all global address list created before SP2.
When you delete SP1 global address list with EMC, the global address list was delete from "globalAddressList" on
CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=DOMAIN but not on the new SP2 attribute "globalAddressList2"
The manual deletion of global address list on attribute "globalAddressList2" solved my problem and error "One or more global address lists were missing from the Active Directory attribute" disappear.
Nobody have any solution except a new install of Exchange ...
My exchange installation is in production and we can't do uninstall, i'm ok you can break a lot of stuff but if you delete only global address list in this new attribute, i'm not sure you will break anything.
If you have any suggestion
regards
-
יום רביעי 11 ינואר 2012 17:04
Your problem is different to the original poster. Mixing the two threads here won't help.
The original poster was trying to do something unsupported. Your problem was most likely a single corrupt GAL entry which caused a crash when the new SP2 code in new-gal tried to get globaladdresslist and globaladdresslist2 in sync. The warning error you refer to will appear if the two lists are not in sync and the cmdlet fixed it. So, if you deleted any object from globaladdresslist2 and created a new GAL, the cmdlet would fix the list, show the warning again, and add the new GAL you were creating. You could have also tried to find the one bad entry (likely just a GAL that was created but globaladdresslist wasn't cleaned up for some reason) and that would also have prevented any errors.
If your install is working great, good. The reason I don't want people following your suggestion as it was not hte same root cause.
-
יום שני 06 פברואר 2012 15:13
Hi,
This my workaround :
- remove all global address list except "Default Global address list" with EMS
- go to adsiedit.msc and remove all adress list except "Default Global address list" in the attributes "globalAddressList2" defined on :
CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=DOMAIN
Hi,
In my case, i had to remove a garbage entry from "globalAddressList" attribute to fix this issue. There were only 2 entries in this "globalAddressList" muli-value attribute, one was for Default GAL and other one was some corrupt GAL DN, which i removed.
Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com- הוצע כתשובה על-ידי HA-Host יום שני 06 פברואר 2012 15:18
-
יום שלישי 15 מאי 2012 14:11
Hi,
For a customer, I was unable to create GAL for above mentioned reason, so had to find corrupted GAL entries in GlobalAddressList and GlobalAddressList2 properties of the object 'CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local', where there were around 1200+ entries.
So I wrote this PowerShell script to find all corrupted entries, and then removed them manually.
$ad = [ADSI]"LDAP://rootDSE"; $domain = $ad.rootDomainNamingContext; $obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain"); $count = 0; $Gals1= $obj.GlobalAddressList; foreach($g in $Gals1) { $g= $g.ToString().ToLower(); if($g.Contains("cn=deleted objects")) { Write-Host $g; $count= $count +1; } } Write-Host "$Count corrupted GAL entries found in property GlobalAddressList"; $count = 0; $Gals2= $obj.GlobalAddressList2; foreach($g in $Gals2) { $g= $g.ToString().ToLower(); if($g.Contains("cn=deleted objects")) { Write-Host $g; $count= $count +1; } } Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";
This script might help others to find out corrupted GAL entries in AD.
Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
-
יום רביעי 16 מאי 2012 02:54Nice job.
-
יום רביעי 27 יוני 2012 03:59
Hi,
Very Nice jobs.
Thanks,
Vidyanand Sah
-
יום חמישי 09 אוגוסט 2012 07:02
Thanks for the remark that it is a multi-valued attribute! I checked visually in adsiedit before and that showed only the first entry which looked good so did't think of double-clicking the entry to find that crucial fact out myself :(
In my test-setup I installed Exchange 2010 SP1 first and then installed SP2 the next day. Nothing fancy, just a single exchange server and a separate DC in a single forest/domain setup. SO the SP2 upgrade didn't do a good cleanup and left the deleted item for some reason? I didn't play around with addresslists in this env so wouldn't know what else could cause it. I'll check the installer logs if I find any reference to these objects/properties.
Thanks for the nice PS_script to detect and solve. In my favorites now :)
Best regards and many thanks in advance, Eric Vegter
-
יום שני 20 אוגוסט 2012 13:50
simplified for those that run in to this issue
ADSI edit Configuration - under CN=Services, CN=Microsoft Exchange properties, there are 2 entries
globalAddressList
globalAddressList2
Make certain that these match exactly in their contents and remove any deleted entries
give it a few minutes after applying the change and you will be able to add GALs again.
This can be done without concern in a production environment as we updated a live server to SP2 without knowledge that it would break this part and had to do it on the fly when adding a new tenant.
- הוצע כתשובה על-ידי Tom Provost יום רביעי 14 נובמבר 2012 21:35
- הצעה כתשובה בוטלה על-ידי Tom Provost יום רביעי 14 נובמבר 2012 21:35
- הוצע כתשובה על-ידי Support ACA IT Solutions יום חמישי 06 דצמבר 2012 14:48
-
שבת 29 דצמבר 2012 18:00
I am having similar issues. When I ran your script, I found three corrupt entries such as
cn=Myglobaladdresslist\0adel:0fb0e89d-c1ca-4edb-99ae-ecbdd722f5ff,cn=deleted objects,cn=configuration,dc=domain,dc=local
cn=myglobaladdresslist2\0adel:6931193c-3362-489b-a766-4d1820704080,cn=deleted objects,cn=configuration,dc=domain,dc=local
If I look in adsiedit - these dont exist. How can I get rid of these? Thanks!
Steve Peterson steve@mcmillaninc.com
-
יום ראשון 30 דצמבר 2012 20:08
I am having similar issues. When I ran your script, I found three corrupt entries such as
cn=Myglobaladdresslist\0adel:0fb0e89d-c1ca-4edb-99ae-ecbdd722f5ff,cn=deleted objects,cn=configuration,dc=domain,dc=local
cn=myglobaladdresslist2\0adel:6931193c-3362-489b-a766-4d1820704080,cn=deleted objects,cn=configuration,dc=domain,dc=local
If I look in adsiedit - these dont exist. How can I get rid of these? Thanks!
Steve Peterson steve@mcmillaninc.com
Hi,
the script is getting values from your domain path
where "Dc=Domain,Dc=tld" is your AD Domain's path.
Please go there, and look at "GlobalAddressList" and "GlobalAddressList2" properties, you would hopefully find it.
In ADSIEdit, your path would look like
Configuration->Services->Microsoft Exchange
Just right click on this "CN=Microsoft Exchange" and select "Properties", and then look for "GlobalAddressList" and "GlobalAddressList2" properties, you would find hopefully in ""GlobalAddressList".
If you still don't get it, then I can change above script, to also provide you deletion offer for corrupt GAL entries, where script would ask you whether you want to delete or not, and would delete if you would want.
Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
- נערך על-ידי Laeeq Qazi יום ראשון 30 דצמבר 2012 20:10
- הוצע כתשובה על-ידי steve-peterson יום שלישי 01 ינואר 2013 14:17
-
יום שלישי 01 ינואר 2013 14:17
Hello,
Thanks for the reply. This worked like a charm! I appreciate your reply.
Steve
Steve Peterson steve@mcmillaninc.com
-
יום שלישי 01 ינואר 2013 14:22
Hello,
Thanks for the reply. This worked like a charm! I appreciate your reply.
Steve
Steve Peterson steve@mcmillaninc.com
You are welcome, and I am pleased to hear about this.
Kind Regards,
Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
.png)
