locked
Exchange 2010 SP 2 Can't create second GAL RRS feed

  • Question

  • I had /hosting installed in a test inviroment and decided to uninstall the server and try SP2.  The uninstall went fine and I now have a new 2010 sp2 server setup.  I am trying to create a second GAL and I get the following error.  Any Ideas?

    [PS] C:\Windows\system32>New-GlobalAddressList -Name "GAL_ORG1" -RecipientFilter {(CustomAttribute15 -eq "ORG1")}
    WARNING: One or more global address lists were missing from the Active Directory attribute.  This is likely caused by
    using legacy Exchange management tools to create global address lists.
    Active Directory operation failed on test-DC1.changed.domain.com. This error is not retriable. Additional information: The
     name reference is invalid.
    This may be caused by replication latency between Active Directory domain controllers.
    Active directory response: 000020B5: AtrErr: DSID-0315286E, #1:
        0: 000020B5: DSID-0315286E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 907ff (globalAddressList2)
        + CategoryInfo          : NotSpecified: (0:Int32) [New-GlobalAddressList], ADConstraintViolationException
        + FullyQualifiedErrorId : 2EF38462,Microsoft.Exchange.Management.SystemConfigurationTasks.NewGlobalAddressList

    [PS] C:\Windows\system32>

    Friday, December 16, 2011 5:40 AM

All replies

  • It's not a supported scenario (which as this is test I'm sure you don't care much about and that's ok), but my guess would be that simply unistalling /hosting, and then installing non /hosting (frankly, I'm amazed that worked) is the issue. You really need a new AD, as the two modes of Exchange have entirely different AD structures (one multi-tenant and one single-tenant) and likely that is causing the issue.

    If you didn't go in to AD and whack stuff after uninstalling /hosting, I expect that configuration is still in place. It might be possible (again unsupported) to go in and whack the Exchange container from AD after removing the last Exchange box, but frankly, if it's a test lab, starting from scratch would be my recommendation, don't waste time troubleshooting. New AD, start again. Else you'll never know if future problems are happening because of this.

    Friday, December 16, 2011 6:50 AM
  • i had exactly the same issue after doing an upgrade from Exchange 2010 SP1.

    in my organization, i have 1 exchange 2010 SP2 and 1 exchange 2010 SP1. When i try to create a new global address list from Exchange 2010 SP2 server, i have the same error message. If i run the same command line from an exchange 2010 SP1, it works...Previoulsy i use the gal segmentation. So, i have already several GAL created from Exchange 2007 & Exchange 2010 powershell command.

    Can it be possible SP2 is checking a specific attributes on other GAL not populted by previous version ?

    thanks

     

    Friday, December 16, 2011 10:43 PM
  • Malabar21, did you have a /hosting mode deployment? It doesn't sound like it, so while the error is the same, I doubt the cause is. Start a new thread I suggest. And describe what you do have. If you used undocumented processes to hack AD and make it look multi-tenant, and are now having trouble, it might be tricky to solve in a forum like this.

    Friday, December 16, 2011 11:19 PM
  • And here's a question to you both - What OS are your DC's running, and what forest/domain functional level?
    Friday, December 16, 2011 11:29 PM
  • I will create a new thread.

    AD is a a mixed 2008 R1 & R2.

    AD is 2008 R1 fonctionnal level.

    thanks

    Sunday, December 18, 2011 9:20 AM
  • Hi Guys... had exactly the same situation and error as you do. To resolve the issue i did the next steps:

    • Uninstall Exchange (hosting or normal)
    • Remove Program Files\Exchange folder
    • Open ADSIedit.msc and:
    • remove OU=Microsoft Exchange Security Groups,DC=cg,DC=local
    • remove CN=Microsoft Exchange System Objects,DC=cg,DC=local
    • remove CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=cg,DC=local
    • remove CN=Microsoft Exchange Autodiscover,CN=Services,CN=Configuration,DC=cg,DC=local
    • went to Exchange 2010 SP2 installation folder:
    • start setup /PrepareSchema
    • start setup /PrepareAD
    • start normal setup and install Exchange

    After installation i was able to create additional GAL. Obviously hosting mode has different permissions or attributes on schema itself.

    Other thing, be careful with instructions above as i had empty database, only one exchange in testing environment and no production data. Hope this helps for you.

    Wednesday, December 28, 2011 1:28 PM
  • Hi,

    This my workaround :

    - remove all global address list except "Default Global address list" with EMS

    - go to adsiedit.msc and remove all adress list except "Default Global address list" in the attributes "globalAddressList2" defined on :

    CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=DOMAIN

     

    Tuesday, January 10, 2012 8:30 AM
  • Please don't anyone do that suggestion. A) if you messs it up it will break a lot of stuff and B) the moment you run new-GAL again it will sync the gal and ga2 attributes back up again.
    Tuesday, January 10, 2012 7:04 PM
  • First my deployment is not /hosting.

    The problem appear after installing SP2 of Exhchange 2010.

    My suggestion is to delete all global address list created before SP2.

    When you delete SP1 global address list with EMC, the global address list was delete from "globalAddressList" on

    CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=DOMAIN but not on the new SP2 attribute "globalAddressList2"

    The manual deletion of global address list on attribute "globalAddressList2" solved my problem and error "One or more global address lists were missing from the Active Directory attribute" disappear.

    Nobody have any solution except a new install of Exchange ...

    My exchange installation is in production and we can't do uninstall, i'm ok you can break a lot of stuff but if you delete only global address list in this new attribute, i'm not sure you will break anything.

    If you have any suggestion

    regards

    Wednesday, January 11, 2012 9:22 AM
  • Your problem is different to the original poster. Mixing the two threads here won't help.

    The original poster was trying to do something unsupported. Your problem was most likely a single corrupt GAL entry which caused a crash when the new SP2 code in new-gal tried to get globaladdresslist and globaladdresslist2 in sync. The warning error you refer to will appear if the two lists are not in sync and the cmdlet fixed it. So, if you deleted any object from globaladdresslist2 and created a new GAL, the cmdlet would fix the list, show the warning again, and add the new GAL you were creating. You could have also tried to find the one bad entry (likely just a GAL that was created but globaladdresslist wasn't cleaned up for some reason) and that would also have prevented any errors.

    If your install is working great, good. The reason I don't want people following your suggestion as it was not hte same root cause.

    Wednesday, January 11, 2012 5:04 PM
  • Hi,

    This my workaround :

    - remove all global address list except "Default Global address list" with EMS

    - go to adsiedit.msc and remove all adress list except "Default Global address list" in the attributes "globalAddressList2" defined on :

    CN=Microsoft Exchange,CN=Services, CN=Configuration,DC=DOMAIN

     

    Hi,

    In my case, i had to remove a garbage entry from "globalAddressList" attribute to fix this issue. There were only 2 entries in this "globalAddressList" muli-value attribute, one was for Default GAL and other one was some corrupt GAL DN, which i removed.

    Regards,


    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
    • Proposed as answer by HA-Host Monday, February 6, 2012 3:18 PM
    Monday, February 6, 2012 3:13 PM
  • Hi,

    For a customer, I was unable to create GAL for above mentioned reason, so had to find corrupted GAL entries in GlobalAddressList and GlobalAddressList2 properties of the object 'CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local', where there were around 1200+ entries.

    So I wrote this PowerShell script to find all corrupted entries, and then removed them manually.

    $ad = [ADSI]"LDAP://rootDSE";
    $domain = $ad.rootDomainNamingContext;
    $obj = New-Object System.DirectoryServices.DirectoryEntry("LDAP://CN=Microsoft Exchange,CN=Services,CN=Configuration,$domain"); 
    
    $count = 0;
    $Gals1= $obj.GlobalAddressList;
    foreach($g in $Gals1)
    {
       $g= $g.ToString().ToLower(); 
       if($g.Contains("cn=deleted objects"))
       {
          Write-Host $g;
          $count= $count +1;  
       }
    }
    
    Write-Host "$Count corrupted GAL entries found in property GlobalAddressList";
    
    $count = 0;
    $Gals2= $obj.GlobalAddressList2;
    foreach($g in $Gals2)
    {  
       $g= $g.ToString().ToLower();
       if($g.Contains("cn=deleted objects"))  
       {
          Write-Host $g;	
          $count= $count +1;  
       }
    }
    Write-Host "$Count corrupted GAL entries found in property GlobalAddressList2";
    

    This script might help others to find out corrupted GAL entries in AD.

    Regards,


    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

    Tuesday, May 15, 2012 2:11 PM
  • Nice job.
    Wednesday, May 16, 2012 2:54 AM
  • Hi,

    Very Nice jobs.

    Thanks,

    Vidyanand Sah

    Wednesday, June 27, 2012 3:59 AM
  • Thanks for the remark that it is a multi-valued attribute! I checked visually in adsiedit before and that showed only the first entry which looked good so did't think of double-clicking the entry to find that crucial fact out myself :(

    In my test-setup I installed Exchange 2010 SP1 first and then installed SP2 the next day. Nothing fancy, just a single exchange server and a separate DC in a single forest/domain setup. SO the SP2 upgrade didn't do a good cleanup and left the deleted item for some reason? I didn't play around with addresslists in this env so wouldn't know what else could cause it. I'll check the installer logs if I find any reference to these objects/properties.

    Thanks for the nice PS_script to detect and solve. In my favorites now :)


    Best regards and many thanks in advance, Eric Vegter

    Thursday, August 9, 2012 7:02 AM
  • simplified for those that run in to this issue

    ADSI edit Configuration - under CN=Services, CN=Microsoft Exchange properties, there are 2 entries

    globalAddressList

    globalAddressList2

    Make certain that these match exactly in their contents and remove any deleted entries

    give it a few minutes after applying the change and you will be able to add GALs again.

    This can be done without concern in a production environment as we updated a live server to SP2 without knowledge that it would break this part and had to do it on the fly when adding a new tenant.

    Monday, August 20, 2012 1:50 PM
  • I am having similar issues. When I ran your script, I found three corrupt entries such as

    cn=Myglobaladdresslist\0adel:0fb0e89d-c1ca-4edb-99ae-ecbdd722f5ff,cn=deleted objects,cn=configuration,dc=domain,dc=local

    cn=myglobaladdresslist2\0adel:6931193c-3362-489b-a766-4d1820704080,cn=deleted objects,cn=configuration,dc=domain,dc=local

    If I look in adsiedit - these dont exist.  How can I get rid of these?  Thanks!


    Steve Peterson steve@mcmillaninc.com

    Saturday, December 29, 2012 6:00 PM
  • I am having similar issues. When I ran your script, I found three corrupt entries such as

    cn=Myglobaladdresslist\0adel:0fb0e89d-c1ca-4edb-99ae-ecbdd722f5ff,cn=deleted objects,cn=configuration,dc=domain,dc=local

    cn=myglobaladdresslist2\0adel:6931193c-3362-489b-a766-4d1820704080,cn=deleted objects,cn=configuration,dc=domain,dc=local

    If I look in adsiedit - these dont exist.  How can I get rid of these?  Thanks!


    Steve Peterson steve@mcmillaninc.com

    Hi,

    the script is getting values from your domain path 

    CN=Microsoft Exchange,CN=Services,CN=Configuration,Dc=Domain,Dc=tld

    where "Dc=Domain,Dc=tld" is your AD Domain's path.

    Please go there, and look at "GlobalAddressList" and "GlobalAddressList2" properties, you would hopefully find it.

    In ADSIEdit, your path would look like

    Configuration->Services->Microsoft Exchange

    Just right click on this "CN=Microsoft Exchange" and select "Properties", and then look for "GlobalAddressList" and "GlobalAddressList2" properties, you would find hopefully in ""GlobalAddressList".

    If you still don't get it, then I can change above script, to also provide you deletion offer for corrupt GAL entries, where script would ask you whether you want to delete or not, and would delete if you would want.

    Regards,


    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com


    • Edited by Laeeq Qazi Sunday, December 30, 2012 8:10 PM
    • Proposed as answer by steve-peterson Tuesday, January 1, 2013 2:17 PM
    Sunday, December 30, 2012 8:08 PM
  • Hello,

    Thanks for the reply. This worked like a charm!  I appreciate your reply.

    Steve


    Steve Peterson steve@mcmillaninc.com

    Tuesday, January 1, 2013 2:17 PM
  • Hello,

    Thanks for the reply. This worked like a charm!  I appreciate your reply.

    Steve


    Steve Peterson steve@mcmillaninc.com

    You are welcome, and I am pleased to hear about this.

    Kind Regards,


    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

    Tuesday, January 1, 2013 2:22 PM