locked
Exchange 2003 LDAP errors (2061, 2389, 6015)

    Question

  • Hi,

    Every now and again we have incoming messages being sent to bad mail on our exchange front end mail servers (Exchange 2003 SP2 running on Windows 2003 SP2) that are destined for mailboxes within the company.  I have checked the domain controllers (Windows 2003 SP2) and these appear to be ok and are not rebooted when the issues ocurr.

    I have increased the exchange logging on the exchange front end servers and see errors similar to those below:


    Event Type: Warning
    Event Source: MSExchangeDSAccess
    Event Category: LDAP
    Event ID: 2389
    Date:  13/04/2012
    Time:  22:40:22
    User:  N/A
    Computer: MailServer
    Description:
    Process INETINFO.EXE (PID=1452). A search request to Directory Server dc.dudley.gov.uk did not return a result within 30 seconds and is being abandoned.  The search will be retried if possible.  The search that failed has the following characteristics:  Base DN=CN=DB1,CN=SG,CN=InformationStore,CN=MailServer,CN=Servers,CN=Dudley,CN=Administrative Groups,CN=Dudley MBC,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dudley,DC=gov,DC=uk, Filter=(objectclass=*), Scope=bdf07c.

    Event Type: Error
    Event Source: MSExchangeDSAccess
    Event Category: LDAP
    Event ID: 2061
    Date:  13/04/2012
    Time:  22:40:52
    User:  N/A
    Computer: MailServer
    Description:
    Process INETINFO.EXE (PID=1452). An LDAP search call failed - Server=DC.dudley.gov.uk Error code=80040955. Base DN=CN=DB1,CN=SG,CN=InformationStore,CN=MailServer,CN=Servers,CN=Dudley,CN=Administrative Groups,CN=Dudley MBC,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dudley,DC=gov,DC=uk, Filter=(objectclass=*), Scope=0.

    Event Type: Information
    Event Source: MSExchangeTransport
    Event Category: Categorizer
    Event ID: 6015
    Date:  13/04/2012
    Time:  22:40:52
    User:  N/A
    Computer: MailServer
    Description:
    Categorizer is NDRing a recipient with address SMTP:Mailbox@dudley.gov.uk with reason code 0xc0040557 ().

    Event Type: Error
    Event Source: MSExchangeTransport
    Event Category: NDR
    Event ID: 3009
    Date:  13/04/2012
    Time:  22:41:21
    User:  N/A
    Computer: MailServer
    Description:
    A non-delivery report with a status code of 5.1.0 was generated for recipient rfc822;mailbox@dudley.gov.uk (Message-ID <MAILSERVERe6Tvijhtq9Bn00001ff7@mailserver.dudley.gov.uk>).   
    Cause: This is categorizer failure caused by a bad address.

    Any help would be appreciated

    Regards

    Matthew Ridley


    • Edited by Matt Ridley Wednesday, April 25, 2012 8:53 AM
    Tuesday, April 24, 2012 3:59 PM

Answers

All replies

  • If this matches up with the failed delivery attempts, it seem like Exchange is having issues talking to the GC/DC.

    Can you check the state of your AD?

    Check this too http://support.microsoft.com/kb/284204


    Sukh

    Tuesday, April 24, 2012 6:30 PM
  • Hi Matthew,

    We need to check the following:

    1 Check if firewall is present between Exchange server and GC.

    2 Check the duplex setting on the network cards on both the server and change it to be same.

    3 Check what's the Windows server version of GC including SP?

    Thanks.


    Rowen

    TechNet Community Support

    Wednesday, April 25, 2012 5:26 AM
  • I have run dcdiag and netdiag and no erorrs are found.  Do you suggest I try anything else to troubleshoot?

    As I say it doesn't happen all the time, maybe 3 or 4 times a month.

    Regards

    Matthew Ridley

    Wednesday, April 25, 2012 9:32 AM
  • Check the health of the dc by running  nltest and netdiag and dcdiag

    Telnet from your exchange-server to domain controller GC's ports 389 and 3268 

    Also investigate if there are networking issues between the Exchange server and the named Directory Service.

    Download Microsoft Exchange Best Practices Analyzer v2.8 and run the same to determine the overall health of their Exchange servers and topology 

    Refer the below link to download Microsoft Exchange Best Practices Analyzer v2.8

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=22485

    Girishp

    Wednesday, April 25, 2012 9:50 AM
  • Hi Rowen-Xu,

    1) We have no firewall between the Exchange servers and Domain controllers although they are on different Virtual Lans

    2) The duplex setting is 1000Mbs and Full on all servers

    3) We are running Windows 2003 SP2 on the domain controllers and the Exchange servers

    The front end mail gateway servers are load balanced using nlb.  One of the servers is a physical IBM HS20 blade and the other is a VM.  The problem is apparent on both servers.

    Your help is appreciated

    Regards

    Matthew Ridley

    Wednesday, April 25, 2012 9:57 AM
  • Hi,

    EXBPA all looks ok

    Does anyone have anything else that I might be able to try?

    Regards

    Matthew Ridley

    Friday, May 11, 2012 10:31 AM
  • As the issue is intermittent & not easily reproducible, it may be worth logging a call with MSFT.

    Did you also check the KB I posted above?

    You may also want to turn the logging up for CAT.


    Sukh

    Friday, May 11, 2012 10:45 AM
  • On Fri, 11 May 2012 10:31:59 +0000, Matt Ridley wrote:
     
    >EXBPA all looks ok
    >
    >Does anyone have anything else that I might be able to try?
     
    Given the event log entries and the LDAP queries in them you either
    have a very slow network (unlikely) or an overloaded GC.
     
    Do you have more than one DC in the Forest? How about in the Domain?
    Is the Exchange server running on a machine that's also a DC/GC?
     
    You might want to start with using PerfWiz
    (http://blogs.technet.com/b/mikelag/archive/2009/02/02/updated-exchange-2003-perfwiz.aspx)
    to identify any problem areas. ExBPA is a good place to start, but it
    just tells you about nonconformance to "best practices"; it doesn't
    tell youif there's a problem with the environment.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Friday, May 11, 2012 9:36 PM
  • Rich,

    Thanks for the reply.

    I have installed the perfiz counters, so I will give this a go.  The only problem is that it happens randomly so I may not be able to get the data when the problem happens.

    Our network is GB and the servers are in the same site.  The exchange servers and domain controllers are in different VLAN's.

    We have 4 DC's in total, 2 are GC's. we have over 7000 accounts.

    The DC that seems to always be mentioned in the Logs is not a GC but is the PDC for our domain.  This server does not hold any other roles.  I have noticed today that the DC (Well in fact all the DC's) hard drives are very fragmented so I might have a go at defragging at least the drive on the PDC.

    Could the actual AD database need to be defragged?  Is there any way of me knowing if I need to do it?

    Regards

    Matthew Ridley

    Monday, May 14, 2012 2:00 PM
  • If it's only the PDC, you may want to exclude this - http://technet.microsoft.com/en-us/library/aa998226(EXCHG.80).aspx


    Sukh

    • Marked as answer by Matt Ridley Tuesday, June 19, 2012 8:20 AM
    Monday, May 14, 2012 3:26 PM
  • On Mon, 14 May 2012 14:00:34 +0000, Matt Ridley wrote:
     
    >I have installed the perfiz counters, so I will give this a go. The only problem is that it happens randomly so I may not be able to get the data when the problem happens.
     
    There are also PerfWiz couter sets for non-Exchange servers. It
    wouldn't hurt to start log perfmon counter log files for all your DCs,
    too. Exchange is probably just reacting to the way the DCs perform.
     
    >Our network is GB and the servers are in the same site. The exchange servers and domain controllers are in different VLAN's.
    >
    >We have 4 DC's in total, 2 are GC's. we have over 7000 accounts.
     
    That's not a lot of accounts. :-)
     
    >The DC that seems to always be mentioned in the Logs is not a GC but is the PDC for our domain.
     
    Ouchie! Didn't the ExBPA recommend that you configure your Exchange
    server(s) to avoid using the aserver with the PDC FSMO role?
     
    See http://support.microsoft.com/?kbid=298879
     
    In your case, set MinUserDC to 3.
     
    I'd start a PerfWiz on the PDC FSMO role holder, too. Chances are
    pretty good that it's got something not-so-good going on.
     
    >This server does not hold any other roles. I have noticed today that the DC (Well in fact all the DC's) hard drives are very fragmented so I might have a go at defragging at least the drive on the PDC.
    >
    >Could the actual AD database need to be defragged? Is there any way of me knowing if I need to do it?
     
    Unless there's some I/O bottleneck I don't think that's particularly
    significant.
     
    If the DC/GC machines as large enough you're probably holding the
    whole DIT in memory.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Monday, May 14, 2012 9:59 PM
  • Rich/sukh828,

    Thanks for the info.  I applied the reghack to prevent exchange using the PDC emulator and since doing this on the 15/05/2012 I have had no more 3009 NDR errors.  Its looking good and  I'm crossing my fingers that this is the fix.

    I have checked my Exchange Best Practise reports I did and there is no mention of this issue.

    I had only applied the reghack originally to the front end mail gateway servers, but I have today added it to the backend exchange servers as well.

    I will keep you updated, but I won't be able to check if I have had no further errors until after 6th June.

    Thanks again for every who has helped me so far.

    Matthew Ridley

    Friday, May 18, 2012 8:54 AM
  • Sorry for not updating this thread for a while but preventing exchange using the PDC emulator fixed the issue.

    Thanks for all the help in this thread

    Matt

    Tuesday, June 19, 2012 8:21 AM