locked
Exchange 2007 SP2 - Problem discovering Global Catalog servers RRS feed

  • Question

  • This morning, we ran into a problem where our Exchange 2007 SP2 roll-up 4 server couldn't find a Global Catalog server in our multi-site forest.

    Basically, our Windows 2003 DC (PDC role) had multiple issues at our HQ site.  The Exchange 2007 server is located at HQ.  The Exchange 2007 server started displaying ADAccess errors while attempting to communicate with AD.  The Exchange Topology service couldn't find the IP address of any of our DC's (locally at HQ and remotely), event error 2107. 

    To clear up the AD issues on the Windows DC (PDC), I restarted the server.  Then, the Exchange 2007 became happy.

    Any idea why the Exchange Topology service couldn't find any GC's?  Any suggestions to fix?

    Thanks

    Ron

    Tuesday, July 13, 2010 7:15 PM

Answers

  • Looks like you have a network problem, a flaky NIC, a DNS issue, or something like that.
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "TrojansBaby" wrote in message news:c105ccd3-1a9e-4b4d-a235-dfefe235f999...

    Sorry for the late response.

    Here you go.


    system log
    925am Netlogon event id 5719 loss secure session
    925 am Kerberos event id 7 PAC verification failure

    application log
    923am MSexchangeadaccess event id 2107 failed to obtain an ip address for dc.  thus excluding DC from being used as DS
    923am msexchangeadaccess event id 2119 SRV error
    923am msexchangeadaccess event id 2106 failed to obtain DNS records for forest
    923am msexchangeadaccess event id 2106 failed to obtain DNS records for domain
    941am msexchangeadaccess event id 2114 LDAP lookup error
    943am msexchangeadaccess event id 2604 could not retrieve security descriptor
    943am msexchange autodiscovery event id 1 could not find any GC's in forest

    Once the issue with the DC was cleared up, msexchangeadaccess at 956am got a good discovery.

    Ron


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    • Proposed as answer by Xiu Zhang Wednesday, July 21, 2010 2:32 AM
    • Marked as answer by Xiu Zhang Monday, July 26, 2010 3:19 AM
    Tuesday, July 20, 2010 2:35 PM

All replies

  • How long did you wait?  Exchange won't go out of site to look for another DC for a little while, like 15 minutes from my experience.  What does the periodic topology event log messages say about the DCs that your server sees?
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "TrojansBaby" wrote in message news:366d6e98-0585-41ed-aa51-6852635b8efd...

    This morning, we ran into a problem where our Exchange 2007 SP2 roll-up 4 server couldn't find a Global Catalog server in our multi-site forest.

    Basically, our Windows 2003 DC (PDC role) had multiple issues at our HQ site.  The Exchange 2007 server is located at HQ.  The Exchange 2007 server started displaying ADAccess errors while attempting to communicate with AD.  The Exchange Topology service couldn't find the IP address of any of our DC's (locally at HQ and remotely), event error 2107. 

    To clear up the AD issues on the Windows DC (PDC), I restarted the server.  Then, the Exchange 2007 became happy.

    Any idea why the Exchange Topology service couldn't find any GC's?  Any suggestions to fix?

    Thanks

    Ron


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Wednesday, July 14, 2010 3:29 AM
  • Hi,

    Topology discovery in Exchange is the process of finding domain controllers and global catalog servers that are fully functional and “close” relative to the location of the Exchange server.It will perform a complete new topolog redetection every 15 minutes.

     

    DSAccess maintains a list of external site DCs and GCs.If all DC/GC in local site is unavailable, then it will use the external servers. But it will try to redetect topology every 5 minutes. 

     

    Regards,

    Xiu

    Wednesday, July 14, 2010 9:08 AM
  • The DC with the FSMO roles started having problems around 1AM.  The Exchange 2007 server started getting ADAccess errors aproximately 9AM. 

    Over time if AD is not taken care of, the other DC's and Exchange 2007 will start having problems like the issues that I experienced.  I guess.  I say this since I restarted the DC, and Exchange 2007 did not produce one error during the restart.  It was within the "15 minutes."

    The DC that was having problems was also listed at the top of the DNS server list.  Since the top-level DNS server was not resolving, is it possible that the server had problems resolving using the second and third DNS servers?

    Thanks

    Ron

    Thursday, July 15, 2010 6:20 AM
  • Hi,

    For DNS, base on my experience, I think client computer will try to use the second DNS server to do name resolution if it cannot contact or cannot use the primary DNS server.

    Regards,

    Xiu

    Thursday, July 15, 2010 8:24 AM
  • Possibly.  What do the event logs say?
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "TrojansBaby" wrote in message news:8996f755-3ed2-43bb-8c31-1f1782ec7fbd...

    The DC with the FSMO roles started having problems around 1AM.  The Exchange 2007 server started getting ADAccess errors aproximately 9AM. 

    Over time if AD is not taken care of, the other DC's and Exchange 2007 will start having problems like the issues that I experienced.  I guess.  I say this since I restarted the DC, and Exchange 2007 did not produce one error during the restart.  It was within the "15 minutes."

    The DC that was having problems was also listed at the top of the DNS server list.  Since the top-level DNS server was not resolving, is it possible that the server had problems resolving using the second and third DNS servers?

    Thanks

    Ron


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Thursday, July 15, 2010 3:20 PM
  • Sorry for the late response.

    Here you go.


    system log
    925am Netlogon event id 5719 loss secure session
    925 am Kerberos event id 7 PAC verification failure

    application log
    923am MSexchangeadaccess event id 2107 failed to obtain an ip address for dc.  thus excluding DC from being used as DS
    923am msexchangeadaccess event id 2119 SRV error
    923am msexchangeadaccess event id 2106 failed to obtain DNS records for forest
    923am msexchangeadaccess event id 2106 failed to obtain DNS records for domain
    941am msexchangeadaccess event id 2114 LDAP lookup error
    943am msexchangeadaccess event id 2604 could not retrieve security descriptor
    943am msexchange autodiscovery event id 1 could not find any GC's in forest

    Once the issue with the DC was cleared up, msexchangeadaccess at 956am got a good discovery.

    Ron

    Monday, July 19, 2010 3:14 PM
  • Looks like you have a network problem, a flaky NIC, a DNS issue, or something like that.
    --
    Ed Crowley MVP
    "There are seldom good technological solutions to behavioral problems."
    .
    "TrojansBaby" wrote in message news:c105ccd3-1a9e-4b4d-a235-dfefe235f999...

    Sorry for the late response.

    Here you go.


    system log
    925am Netlogon event id 5719 loss secure session
    925 am Kerberos event id 7 PAC verification failure

    application log
    923am MSexchangeadaccess event id 2107 failed to obtain an ip address for dc.  thus excluding DC from being used as DS
    923am msexchangeadaccess event id 2119 SRV error
    923am msexchangeadaccess event id 2106 failed to obtain DNS records for forest
    923am msexchangeadaccess event id 2106 failed to obtain DNS records for domain
    941am msexchangeadaccess event id 2114 LDAP lookup error
    943am msexchangeadaccess event id 2604 could not retrieve security descriptor
    943am msexchange autodiscovery event id 1 could not find any GC's in forest

    Once the issue with the DC was cleared up, msexchangeadaccess at 956am got a good discovery.

    Ron


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    • Proposed as answer by Xiu Zhang Wednesday, July 21, 2010 2:32 AM
    • Marked as answer by Xiu Zhang Monday, July 26, 2010 3:19 AM
    Tuesday, July 20, 2010 2:35 PM