locked
EMC and Microsoft Exchange Service Host issues RRS feed

  • Question

  • As best as I can tell we have an issue in our enviornment that us related to the NetBios namespace we have and it not being contained in the FQDN.

    Before I go any further I have already read probably every EMC related issue 5 times in the pas 20 days and our issue is not due to either DUP SIS or a . in the namespace.

    I've also spent over 60 hours on the phone with MS support and while we are still working that case they have nor had any new idea in over a week.

    To narrow down the exact exact symptoms

    -EMC doesn't open from any system with any user. The Shell on the other hand works fine and its not in any way related to WINRM

    I believe I've seen 2 variations on the error it generates, One stating it could not find the user on the DC when running get-logonuser and it is looking up the user by domain\user. The one that we are currently getting is that it was unable to find the user SID. If I log onto the Exchange shell, it givvems me the same error if I run get-user and use on of those formats. With the EMS I can user upn, fqdn\user or just user and it finds the user. The other thing I find even more confusing is that if I open the AD Shell on the same server and try and run get-user with domain\user or -identity and use the SID, it works just fine.

    The seccnd piece and the 2 issues started at the same time is the bigger issue as without Service Host you can;t mange Exchange certs. This piece has been causing a partial user outage for almost a month now.

    -Service Host, its will run through some amount of its start up sequence and then crashes logging only this in rhw logs

    - System 

      [ Name]  MSExchange Common 

     

     

     

      - EventID 4999 

     

     

     

       [ Qualifiers]  16388 

     

     

     

     

       Level 2 

     

       Task 1 

     

       Keywords 0x80000000000000 

     

      - TimeCreated 

     

      [ SystemTime]  2011-05-01T06:49:50.000000000Z 

     

     

       EventRecordID 73949 

     

     

       Channel Application 

     

     

       Computer MAIL(FQDN)

     

     

     

       Security 

     

     

     

    - EventData 

     

     

       1412 

     

       E12 

       c-RTL-AMD64 

       14.01.0287.000 

       M.Exchange.ServiceHost 

       M.Exchange.SACLWatcherServicelet 

       M.E.S.S.Servicelet.VerifyAndRecoverSaclRight 

       System.NullReferenceException 

       deab 

       14.01.0285.000 

       False 

     

    We've pulled both crash dumps and debug logs and I still have no idea whats causing it.

     

     

    There were also no major changes made to our system in any close proximity to these issues. 

     

    I was able to get past one of this issue or at least identify a possible fix and confirmation of what I thought the cause was since I saw the issue with looking up domain\user.

    Also the issue will also present it self when additional servers are bought into the enviornment. Meaning we deploy the server and immediately the console doesn;t function. It was also persistent through a recovery install.

    I did try something that worked in a limited test bed. I made a clone of our PDC\GC that hold all the FSMO roles as well and isolated onto another network. I then brought up a new Exchange server and as soon as it came up it had the same issues. I then performed a domain rename so that our NetBios was the first part of FQDN and once the changes were applied and both server were rebooted for good measure, Console fired right up and lookups from the shell worked too. While this is a possible fix the AD domain has been configured in this was for 8 years now, why is it all of a sudden a problem?  More more importantly would the be a less drastic way to address this. Last I checked the rename did not help the service host crash either. 

     

    Pat

     

    Sunday, May 1, 2011 7:13 AM

Answers

All replies

  • I am sorry to say but you have posted such a big post ;) its hard find error message

    Post the Error Message.


    Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah
    Sunday, May 1, 2011 5:01 PM
  • Its a complex issue hence the reason for the post One error is clearly in the and while the the data in what the event logs isn;t very helpful that's alos the reason for the post.

      [ Name]  MSExchange Common

      - EventID 4999

       [ Qualifiers]  16388

    E12

       c-RTL-AMD64

       14.01.0287.000

       M.Exchange.ServiceHost

       M.Exchange.SACLWatcherServicelet

       M.E.S.S.Servicelet.VerifyAndRecoverSaclRight

       System.NullReferenceException

       deab

       14.01.0285.000

       False

    The second issue is shown in the management logs as

    Cmdlet failed. Cmdlet Get-User, parameters {Identity=S-1-5-21-42551687-897454085-1861945104-XXXX}.

     

    If you need more info than what is above let me know also agaoin, i don;t want this post to just be another link to the same info already posted on simliar cases

     

    As best as I can tell we have an issue in our enviornment that us related to the NetBios namespace we have and it not being contained in the FQDN.

    Before I go any further I have already read probably every EMC related issue 5 times in the pas 20 days and our issue is not due to either DUP SIS or a . in the namespace.

    I've also spent over 60 hours on the phone with MS support and while we are still working that case they have nor had any new idea in over a week.

    Monday, May 2, 2011 3:58 PM
  • Hello Pat-

     

    I found your case and it looks like we gave you some good information to help. Please let us know if you need anything further. Here is some detail:

    LsaLookupNames() can’t take a SID as input.  It can only take account names. 

    http://msdn.microsoft.com/en-us/library/ms721798(VS.85).aspx

     

    Thanks


    Dan


    • Marked as answer by Dan Ro - MSFT Tuesday, July 12, 2011 10:18 PM
    Wednesday, June 22, 2011 8:27 PM
  • The case is still unresolved. the sid error is given when the get-user cmdlet is run by the emc initialization process. translating the user name. We're entering domain\user and at some point it gets hung up on the account lookup. 
    Wednesday, August 17, 2011 5:04 AM
  • Hi,

    I was searching for issues / service crashes due to this SACL verification and found this. Are you still experiencing this issue? I can help get some more details on this while I'm already working this.

    Thank you.


    Ketan

    Wednesday, July 25, 2012 4:43 PM