locked
Problem on linked mailboxes after adding a 2nd domain controllert in the first site RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi, Exchange 2016

    Worked for a year withou problems. 100 mailboxes. a single DC AD in the site. 2 two way trusts with 2 branch offices domain (different forests) that use 7 linked mailboxes. Never had a single problem.

    I've added a secondo DC\GC in the main site because the actual DC is a 2008R2 so I've to upgrade and dismiss. the 2nd DC is a 2016. Actually only inserted. No roles moved. 

    Exchange server still has the firts DC ad DNS. It can be a coincidence..but after the insertion of the 2nd DC already 2 times the linked mailboxes stopped working. Trust resources like folders remain accessibile by remote users. If i come to see in the ECP console i can see a SID instead of username in the linked master account. A restart of the exchange server in the first case solved the problem. Now didn't worked. Is there something i can check? Do you think is related to 2nd DC? The problem is only on linked mailboxes. Is an Echange 2016 CU 10.

    Any help will be great.

    Thank you.

    Tuesday, June 23, 2020 3:29 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    If the SID is showing instead of the user name then it means that its not able to resolve the user name. Please check the trust relationship between the exchange and the 2 DC's. 

    Check for event id 2080 in the exchange application logs and check if both the DC's are present and with the SACL rights. Also, below commands to check the current domain controllers settings,

    Get-ADServerSettings | fl

    Below command to check if there are any static domain controllers added to the exchange,

    Get-ExchangeServer -Identity “ServerName” -status | fl

    From AD standpoint, please check if the DC replication is fine and there are no errors. Since linked mailboxes are affected, you can also verify the forest trust and try re-creating it.

    Thanks,
    Ashok M My blog
    ________________________________________________________________
    Please mark the reply as an answer if you find it is helpful :-)
    ________________________________________________________________

    Tuesday, June 23, 2020 6:56 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi, thank you!

    Some questions 

    " Please check the trust relationship between the exchange and the 2 DC's"

    is not clear what you mean. Exchange is domain joined and local users are not affected. It has the new DC as primary DNS and the old as secondary. I don't know other methods for the exchange trust domain controllers..

    also this point

    if both the DC's are present and with the SACL rights

    is not clear. Where I've to check this? 

    Anyway. IN the Get-ADServerSettings | fl

    I've only the first Domain controller (the old one). Have I to add in a some way the 2nd?

    In the  Get-ExchangeServer -Identity “ServerName” -status | fl

    I've in currentdomaincontrollers the New DC ad first and the old as second, also the same in Currentglobalcatalogs but in the 

    Originatingserver there's only the old one and also in "currentconfigdomaincontroller"

    My question is, when you insert a 2nd DC in a trusted situation do you've to add it to trust in some way? is not transitive and must be tanken automatically? Because my fear is that is missing something in 2 way trust config..like the new ip for example.

    I've never touched exchange in places with more than 1 dc ad worked without problems every time.

    thank you.

    Wednesday, June 24, 2020 5:54 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    HI Wade,

    May I know the issue symptoms when you say “the linked mailboxes stopped working”?
    Have you checked if there are any relevant event logs in the Event Viewer?

    As far as I know, showing as SID instead of username is usually related to the communication between the Exchange organization and account forest. Please check if you can ping a domain controller in the account forest from the Exchange server. It’s also suggested to try creating a new linked mailbox and see if the issue persists.

    Besides, in case the issue is related to the AD sync, you may try forcing an AD replication and check if there would be any difference.

    Regarding your concern about the 2nd DC, I found the link below about a scenario that involves two domain controllers in a forest. You can go through the process to see if anything was missed in your environment:
    Microsoft Windows – Setup Two-way Domain/Forest Trust
    (Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.)

    Regards,

    Yuki Sun

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Wednesday, June 24, 2020 9:35 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Wade,

    Just checked in to see how everything is going on with this issue. If you have any questions or need further help on this issue, please feel free to post back. 

    Regards, 

    Yuki Sun

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, July 3, 2020 5:31 AM