none
Exchange errors when specific DC is rebooted RRS feed

  • Question

  • Originally this exchange server existed in a smaller environment.  Over time more DC’s have been added to the environment but I suspect something about the exchange installation is not recognizing this fact. There is another DC in this same site and 6 more DC’s in other AD Sites.  When I reboot a specific DC, I get errors in the exchange server application and system logs as follows:

     

    System log:

    Event Type:            Error

    Event Source:         NETLOGON

    Event Category:      None

    Event ID: 5783

    Date:                       11/21/2011

    Time:                       10:08:17 AM

    User:                       N/A

    Computer:               EXCHANGE

    Description:

    The session setup to the Windows NT or Windows 2000 Domain Controller \\DC1.MyDomain.local for the domain MYDOMAIN is not responsive.  The current RPC call from Netlogon on \\EXCHANGE to \\DC1.MyDomain.local has been cancelled.

     

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    Application Log:

    Event Type:        Error

    Event Source:    MSExchangeAL

    Event Category:                Service Control

    Event ID:              8365

    Date:                     11/21/2011

    Time:                     10:11:28 AM

    User:                     N/A

    Computer:          EXCHANGE

    Description:

    Could not read the Security Descriptor from the Exchange Server object with guid=C1480C845E983C49A392553A0BA0529B. As a result the Proxy Address Calculation RPC interface will not be available on the local Exchange Server.  

     

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    Event Type:        Error

    Event Source:    MSExchangeSA

    Event Category:                General

    Event ID:              9385

    Date:                     11/21/2011

    Time:                     10:11:30 AM

    User:                     N/A

    Computer:          EXCHANGE

    Description:

    Microsoft Exchange System Attendant failed to read the membership of the universal security group '/dc=local/dc=MYDOMAIN/ou=Microsoft Exchange Security Groups/cn=Exchange Servers'; the error code was '8007203a'. The problem might be that the Microsoft Exchange System Attendant does not have permission to read the membership of the group.

     

    If this computer is not a member of the group '/dc=local/dc=MYDOMAIN/ou=Microsoft Exchange Security Groups/cn=Exchange Servers', you should manually stop all Microsoft Exchange services, run the task 'add-ExchangeServerGroupMember,' and then restart all Microsoft Exchange services.

     

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

     

    As soon as the DC comes back up the Exchange server is happy again but I would like it to simply look elsewhere when that DC is rebooting.  Where can I inform the Exchange server to look for a different DC when that one is rebooting?

     

    The DC in question is the domain naming master and schema master but does not hold any of the other three master roles.


    Exchange 2007 SP 2 Rollup 5 running on Server 2003 R2
    • Edited by MnM Show Monday, November 21, 2011 5:37 PM
    Monday, November 21, 2011 5:32 PM

All replies

  • Hi there,

    May us know where is your Global Catalog resides in that site, because exchange will only contact the DC which has the GC.

    If GC is resides on your first DC(rebooting one) try to move it to other one and see how it goes.


    Thanks & Regards, Kottees R
    • Edited by imkottees Monday, November 21, 2011 8:09 PM to modify
    Monday, November 21, 2011 8:08 PM
  • All DC's are GC's.

    Monday, November 21, 2011 8:36 PM
  • Hello,

    please check your DNS settings on the Exchange server. Please also check if the replication between your DCs is working correctly.

    Greetings,

    Toni

    Monday, November 21, 2011 9:32 PM
  • Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
     VBD Client)
       Physical Address. . . . . . . . . : 00-21-5E-DB-91-18
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.2.19
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.2.1
       DNS Servers . . . . . . . . . . . : 192.168.2.5                                                           <--This is DC1, the one that causes errors when I reboot it
                                           192.168.2.6                                                                    <--This is DC2, the other one in the same site
                                           192.168.1.10                                                                  <--This is DC5, located at another site

    C:\Documents and Settings\Administrator.MYDOMAIN>nslookup mydomain.local dc2
    Server:  dc2.mydomain.local
    Address:  192.168.2.6

    Name:    mydomain.local
    Addresses:  192.168.2.6, 192.168.2.5, 192.168.112.11, 192.168.7.5                                          <-- These are all of the various DCs 
              192.168.7.6, 192.168.1.9, 192.168.1.10, 192.168.112.10


    C:\Documents and Settings\Administrator.MYDOMAIN>nslookup mydomain.local dc1
    Server:  dc1.mydomain.local
    Address:  192.168.2.5

    Name:    mydomain.local
    Addresses:  192.168.2.6, 192.168.2.5, 192.168.7.6, 192.168.112.10
              192.168.7.5, 192.168.112.11, 192.168.1.9, 192.168.1.10

     

    I can't see anything wrong with this part.  When I ping mydomain.local it resolves to the DC1 IP address but since that is also the primary DNS server for the Exchange server that doesn't seem amiss.  No replication problems.  All DCs are DNS servers and DNS is AD integrated.

    Monday, November 21, 2011 9:59 PM
  • Hi there, 

     

    Based on my research, the network connection between Exchange server and the three DC/GC is unstable and this cause Exchange server have difficulty to access DC/GC.

     

    We recommend to update all the physical network cards’ drivers to the latest version on your Exchange server, GC/GC and then reboot servers. Only when there is not any network connection problem between the Exchange server and DC/GC, the event 8365 could disappear.

     

    Regarding error ID 9385, please verify the group “Exchange Servers” in “Exchange servers security group”, make sure your Exchange server is one of the members.

     

    Additionally, restart Microsoft Exchange System Attendant service if the issue error ID reoccurs when you reboot the GC server.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    • Proposed as answer by Fiona_LiaoModerator Tuesday, November 22, 2011 3:31 AM
    • Unproposed as answer by MnM Show Tuesday, November 29, 2011 5:51 PM
    Tuesday, November 22, 2011 3:15 AM
    Moderator
  • Any update?
    Best Regards Fiona Liao E: v-fiolia@microsoft.com
    Tuesday, November 29, 2011 2:28 AM
    Moderator
  • Hi there, 

     

    Based on my research, the network connection between Exchange server and the three DC/GC is unstable and this cause Exchange server have difficulty to access DC/GC.

     

    We recommend to update all the physical network cards’ drivers to the latest version on your Exchange server, GC/GC and then reboot servers. Only when there is not any network connection problem between the Exchange server and DC/GC, the event 8365 could disappear.

     

    Regarding error ID 9385, please verify the group “Exchange Servers” in “Exchange servers security group”, make sure your Exchange server is one of the members.

     

    Additionally, restart Microsoft Exchange System Attendant service if the issue error ID reoccurs when you reboot the GC server.


    Best Regards Fiona Liao E: v-fiolia@microsoft.com


    As far as updating the NIC drivers, broadcom says this:

    "Due to the advanced software architecture of the NetXtreme II 1 Gigabit adapter, the installation/uninstallation of drivers is only supported through a driver installer. Manually installing/uninstalling the drivers through the Device Manager is not recommended.

    To ensure a more seamless upgrade, please attempt to update the drivers for the NetXtreme II 1 Gigabit adapter through the drivers provided by the manufacturer of the system containing this device."

    Doing this is going to require a server reboot which means I have to come in after hours to do so.  I am skeptical this will fix this issue but I will try it.  As for the NIC's on the DC's they are all Hyper-V VM's so I would assume any better driver packages would have shown up in microsoft update for either the guest or the host and all updates are current on both.

    The exchange server is a member of the Exchange Servers group in AD. 

    Tuesday, November 29, 2011 6:15 PM