| Author | Messages | |
hboogz
Posts:24
 | | 09/24/2008 2:14 PM |
| Got a call last night about Exchange ( e2k3) mis-behaving and was told this
morning that the problem was related to my 2 DCs ( windows 2003 r2, sp1 )
I've been looking through DC event logs and don't see anything that is
alarming ( outside of a MxSRB event that says one client is attempting to be
a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc /bydest
/sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging
enabled and i can't seem to find anything that is helping. Apparently, when
the two DC's were restarted, exchange, when restarted, came back up without
a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
| | | |
| michael1
Posts:181
| | 09/24/2008 2:14 PM |
| First, why were you told that the DCs were the problem? Are they both GCs?
Have you run ExBPA against your Exchange organization? Is netdiag clean on your Exchange Servers?
Is DCDIAG clean on your DCs?
Regards,
Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and was told this morning that the problem was related to my 2 DCs ( windows 2003 r2, sp1 )
I've been looking through DC event logs and don't see anything that is alarming ( outside of a MxSRB event that says one client is attempting to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc /bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging enabled and i can't seem to find anything that is helping. Apparently, when the two DC's were restarted, exchange, when restarted, came back up without a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
| | | |
| neilruston
Posts:149
| | 09/24/2008 2:14 PM |
| I'd ask the Messaging guys for evidence demonstrating that the DC infra
was at fault.
What did they find in event logs or similar which led them to the
conclusions below?
neil
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: 15 September 2008 15:27
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and was told
this morning that the problem was related to my 2 DCs ( windows 2003 r2,
sp1 )
I've been looking through DC event logs and don't see anything that is
alarming ( outside of a MxSRB event that says one client is attempting
to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc
/bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging
enabled and i can't seem to find anything that is helping. Apparently,
when the two DC's were restarted, exchange, when restarted, came back up
without a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group.
The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk.
This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments.
Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised and regulated by the Financial Services Authority.
| | | |
| rkaramchand
Posts:13
| | 09/24/2008 2:14 PM |
| Is it RUS issue ?
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and was told this morning that the problem was related to my 2 DCs ( windows 2003 r2, sp1 )
I've been looking through DC event logs and don't see anything that is alarming ( outside of a MxSRB event that says one client is attempting to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc /bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging enabled and i can't seem to find anything that is helping. Apparently, when the two DC's were restarted, exchange, when restarted, came back up without a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
| | | |
| hgulati
Posts:1
| | 09/24/2008 2:14 PM |
| Harry,
Did you try purging cached Kerberos Tickets on PHMAIL1, i think so that could have been the problem.
As Roelf said it could also be the Skew time difference between mail server and the DC
~Hitesh
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Roelf Zomerman
Sent: Mon 9/15/2008 11:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Replication to Exchange .
[FATAL] Kerberos does not have a ticket for PHMAIL1$.
Could it be that the time is not in sync between the DC's and the Mail server ??
_Roelf
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 4:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
how do i check if it's a RUS issue ?
I've requested evidence detailing what lead them to believe it was an AD issue. By them indicating that exchange came back up cleanly after the DC's were restarted is how i got involved - strange.
Both DC's are GCs. ExBPA hasn't been ran in my org.
attached are dcdiags for both DC's, that look relatively clean to me. I've attached the netdiag for the exchange box that does show some kerberos weirdness that i haven't seen before.
On Mon, Sep 15, 2008 at 10:39 AM, Chauhan, Rajeev <Rajeev.Chauhan@hud.gov> wrote:
Is it RUS issue ?
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and was told this morning that the problem was related to my 2 DCs ( windows 2003 r2, sp1 )
I've been looking through DC event logs and don't see anything that is alarming ( outside of a MxSRB event that says one client is attempting to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc /bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging enabled and i can't seem to find anything that is helping. Apparently, when the two DC's were restarted, exchange, when restarted, came back up without a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
This e-mail is the property of NaviSite, Inc. It is intended only
for the person or entity to which it is addressed and may contain
information that is privileged, confidential, or otherwise protected
from disclosure. Distribution or copying of this e-mail, or the
information contained herein, to anyone other than the intended
recipient is prohibited.
| | | |
| MThommes
Posts:73
| | 09/24/2008 2:16 PM |
| NET TIME \\dc_name <file:///\\dc_name> /SET should work.
Mike Thommes
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:37 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
w32tm /resync doesn't work on this 2000 box.
On Mon, Sep 15, 2008 at 11:33 AM, Harry Singh <hboogz@gmail.com> wrote:
increasingly looking like Kerberos.. As Roelf pointed out, i get this:
[FATAL] Kerberos does not have a ticket for PHMAIL1$.
is this error directly related to Time or Kerb Ticket Cache ? Never did
receive this one before.
On Mon, Sep 15, 2008 at 11:30 AM, Chauhan, Rajeev
<Rajeev.Chauhan@hud.gov> wrote:
On 2003
w32tm /config /syncfromflags:domhier /update
200
w32tm /resync
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 11:21 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
That's funny -- I never received Roelf's reply but i did recieve your
reply Hitesh.
Time diff ? it must be off by a few seconds. Exchange is sitting on
win2k and i don't remember the correct command to sync a windows 2k
member server to a win2k3 DC ? I run a NET TIME and it's pointing to the
correct DC, curious to know how or why there is a time diff ?
I've haven't purged caced tickets -- could i do this from the kerbtray
utility ?
On Mon, Sep 15, 2008 at 11:12 AM, Gulati, Hitesh <hgulati@navisite.com>
wrote:
Harry,
Did you try purging cached Kerberos Tickets on PHMAIL1, i think so that
could have been the problem.
As Roelf said it could also be the Skew time difference between mail
server and the DC
~Hitesh
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Roelf Zomerman
Sent: Mon 9/15/2008 11:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Replication to Exchange .
[FATAL] Kerberos does not have a ticket for PHMAIL1$.
Could it be that the time is not in sync between the DC's and the Mail
server ??
_Roelf
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 4:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
how do i check if it's a RUS issue ?
I've requested evidence detailing what lead them to believe it was an AD
issue. By them indicating that exchange came back up cleanly after the
DC's were restarted is how i got involved - strange.
Both DC's are GCs. ExBPA hasn't been ran in my org.
attached are dcdiags for both DC's, that look relatively clean to me.
I've attached the netdiag for the exchange box that does show some
kerberos weirdness that i haven't seen before.
On Mon, Sep 15, 2008 at 10:39 AM, Chauhan, Rajeev
<Rajeev.Chauhan@hud.gov> wrote:
Is it RUS issue ?
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and was told
this morning that the problem was related to my 2 DCs ( windows 2003 r2,
sp1 )
I've been looking through DC event logs and don't see anything that is
alarming ( outside of a MxSRB event that says one client is attempting
to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc
/bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging
enabled and i can't seem to find anything that is helping. Apparently,
when the two DC's were restarted, exchange, when restarted, came back up
without a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
This e-mail is the property of NaviSite, Inc. It is intended only for
the person or entity to which it is addressed and may contain
information that is privileged, confidential, or otherwise protected
from disclosure. Distribution or copying of this e-mail, or the
information contained herein, to anyone other than the intended
recipient is prohibited.
| | | |
| kbatkbslpcom
Posts:24
| | 09/24/2008 2:18 PM |
| I haven't delved too deeply into the problem (basically, haven't read
much of the threads) ... but is this cross domain or same domain - and
what are the connections between the systems involved (VPN, multiple
routers, etc)?
We had a problem a couple of years ago that took down thousands of users
(for cross-domain access, in our case) - after hours on the phone with
PSS, their suggestion was to make kerberos use TCP not UDP packets - see
article this article (hence the question about cross-domain
authentication - although it doesn't have to be cross-domain if the
connection inbetween could be dropping the kerberos packets)
http://support.microsoft.com/kb/244474
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Gulati, Hitesh
Sent: Monday, September 15, 2008 11:12 AM
To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Replication to Exchange .
Harry,
Did you try purging cached Kerberos Tickets on PHMAIL1, i think
so that could have been the problem.
As Roelf said it could also be the Skew time difference between
mail server and the DC
~Hitesh
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Roelf
Zomerman
Sent: Mon 9/15/2008 11:04 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] AD Replication to Exchange .
[FATAL] Kerberos does not have a ticket for PHMAIL1$.
Could it be that the time is not in sync between the DC's and
the Mail server ??
_Roelf
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 4:50 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
how do i check if it's a RUS issue ?
I've requested evidence detailing what lead them to believe it
was an AD issue. By them indicating that exchange came back up cleanly
after the DC's were restarted is how i got involved - strange.
Both DC's are GCs. ExBPA hasn't been ran in my org.
attached are dcdiags for both DC's, that look relatively clean
to me. I've attached the netdiag for the exchange box that does show
some kerberos weirdness that i haven't seen before.
On Mon, Sep 15, 2008 at 10:39 AM, Chauhan, Rajeev
<Rajeev.Chauhan@hud.gov> wrote:
Is it RUS issue ?
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and
was told this morning that the problem was related to my 2 DCs ( windows
2003 r2, sp1 )
I've been looking through DC event logs and don't see anything
that is alarming ( outside of a MxSRB event that says one client is
attempting to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum
/bysrc /bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess
logging enabled and i can't seem to find anything that is helping.
Apparently, when the two DC's were restarted, exchange, when restarted,
came back up without a hitch.
any ideas what i can run or look into to see if AD was t he
culprit ?
Gotta love monday mornings,
This e-mail is the property of NaviSite, Inc. It is intended
only for the person or entity to which it is addressed and may contain
information that is privileged, confidential, or otherwise protected
from disclosure. Distribution or copying of this e-mail, or the
information contained herein, to anyone other than the intended
recipient is prohibited.
| | | |
| Parzival
Posts:38
| | 09/24/2008 2:20 PM |
| I think the user creation work because they are initialized by the logged on user.. only the RUS will later stamp the new Email addresses.
Since the Exchange is having trouble finding the GC’s and DC’s perhaps the DNS went down or is configured incorrectly.. You Exchange should point to your AD DNS first, and that one needs to look further for the client.. if the DNS was unresponsive, the Exchange server was not able to query service specific records for GC, LDAP and Kerberos.. which would explain the behaviour..
Let the Exchange admins check the DNS setting and you verify the DNS log on both domain controllers..
(Assuming the DNS for Active Directory runs on your two DC’s… if not.. check the registration of the DC’s in DNS and eventlogs of DNS)..
_R
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 5:51 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
Defintely have been creating users without a problem.
DC's are not manually specified.
I have another domain in the forest which has one DC ( i am going to adding a second to that site within the month)
I have another DC at my DR site.
Since my guys here told me they reset both DCs at my HQ and exchange rebooted, logged in without a problem -- i ran dcdiag specific for those two controllers.
what affect does this kerberos error : [FATAL] Kerberos does not have a ticket for PHMAIL1$. have on exchange and AD connectivity ?
On Mon, Sep 15, 2008 at 11:37 AM, Michael B. Smith <michael@theessentialexchange.com<mailto:michael@theessentialexchange.com>> wrote:
If you create a new user and the user get's the proper email addresses stamped on it, it isn't a RUS issue. If there is an egregious error, you'll see errors in your event log.
Do you have DCs manually specified on your Directory Service tab of the Exchange server's property sheet?
The DCDIAG indicates that there is metadata for four DCs but only three were examined. Is the fourth offline or has the metadata been properly removed?
I'd recommend running ExBPA and see what it has to say. You don't have to run it on an Exchange server, you can run it on your domain-joined workstation.
Regards,
Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Link with me at: http://www.linkedin.com/in/theessentialexchange
From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:50 AM
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>
Subject: Re: [ActiveDir] AD Replication to Exchange .
how do i check if it's a RUS issue ?
I've requested evidence detailing what lead them to believe it was an AD issue. By them indicating that exchange came back up cleanly after the DC's were restarted is how i got involved - strange.
Both DC's are GCs. ExBPA hasn't been ran in my org.
attached are dcdiags for both DC's, that look relatively clean to me. I've attached the netdiag for the exchange box that does show some kerberos weirdness that i haven't seen before.
On Mon, Sep 15, 2008 at 10:39 AM, Chauhan, Rajeev <Rajeev.Chauhan@hud.gov<mailto:Rajeev.Chauhan@hud.gov>> wrote:
Is it RUS issue ?
From: ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org> [mailto:ActiveDir-owner@mail.activedir.org<mailto:ActiveDir-owner@mail.activedir.org>] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:27 AM
To: ActiveDir@mail.activedir.org<mailto:ActiveDir@mail.activedir.org>
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and was told this morning that the problem was related to my 2 DCs ( windows 2003 r2, sp1 )
I've been looking through DC event logs and don't see anything that is alarming ( outside of a MxSRB event that says one client is attempting to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc /bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging enabled and i can't seem to find anything that is helping. Apparently, when the two DC's were restarted, exchange, when restarted, came back up without a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
| | | |
| hboogz
Posts:24
| | 09/24/2008 2:20 PM |
| | I'm using AD DNS.
Exchange is pointing to AD's DNS.. DC1 then DC2
DC1 is pointing to itself first on DNS settings then to DC2. DC2 points to
itself first on DNS then DC1 second.
After the admins reboots, i noticed the following DNS events in the event
log. I don't see anything in the DNS event log for any of the times the
issue presented itself; actually, there wasn't a DNS event logged for about
a month prior to these.
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 9/14/2008
Time: 9:51:04 PM
User: N/A
Computer: PHDC1
Description:
The zone 168.192.in-addr.arpa was previously loaded from the directory
partition MicrosoftDNS but another copy of the zone has been found in
directory partition DomainDnsZones.phippsny.org. The DNS Server will ignore
this new copy of the zone. Please resolve this conflict as soon as possible.
If an administrator has moved this zone from one directory partition to
another this may be a harmless transient condition. In this case, no action
is necessary. The deletion of the original copy of the zone should soon
replicate to this server.
If there are two copies of this zone in two different directory partitions
but this is not a transient caused by a zone move operation then one of
these copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition
containing DNS zones and for more details on storing DNS zones in the
application directory partitions, please see Help and Support.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 89 25 00 00 ?%..
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 9/14/2008
Time: 9:51:04 PM
User: N/A
Computer: PHDC1
Description:
The zone phippsny.org was previously loaded from the directory partition
MicrosoftDNS but another copy of the zone has been found in directory
partition DomainDnsZones.phippsny.org. The DNS Server will ignore this new
copy of the zone. Please resolve this conflict as soon as possible.
If an administrator has moved this zone from one directory partition to
another this may be a harmless transient condition. In this case, no action
is necessary. The deletion of the original copy of the zone should soon
replicate to this server.
If there are two copies of this zone in two different directory partitions
but this is not a transient caused by a zone move operation then one of
these copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition
containing DNS zones and for more details on storing DNS zones in the
application directory partitions, please see Help and Support.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 89 25 00 00 ?%..
On Mon, Sep 15, 2008 at 1:31 PM, Roelf Zomerman
<roelf.zomerman@avanade.com>wrote:
> I think the user creation work because they are initialized by the logged
> on user.. only the RUS will later stamp the new Email addresses.
>
>
>
> Since the Exchange is having trouble finding the GC's and DC's perhaps the
> DNS went down or is configured incorrectly.. You Exchange should point to
> your AD DNS first, and that one needs to look further for the client.. if
> the DNS was unresponsive, the Exchange server was not able to query service
> specific records for GC, LDAP and Kerberos.. which would explain the
> behaviour..
>
>
>
> Let the Exchange admins check the DNS setting and you verify the DNS log on
> both domain controllers..
>
>
>
> (Assuming the DNS for Active Directory runs on your two DC's… if not..
> check the registration of the DC's in DNS and eventlogs of DNS)..
>
>
>
> _R
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Harry Singh
> *Sent:* Monday, September 15, 2008 5:51 PM
>
> *To:* ActiveDir@mail.activedir.org
> *Subject:* Re: [ActiveDir] AD Replication to Exchange .
>
>
>
> Defintely have been creating users without a problem.
>
> DC's are not manually specified.
>
> I have another domain in the forest which has one DC ( i am going to adding
> a second to that site within the month)
>
> I have another DC at my DR site.
>
> Since my guys here told me they reset both DCs at my HQ and exchange
> rebooted, logged in without a problem -- i ran dcdiag specific for those two
> controllers.
>
> what affect does this kerberos error : [FATAL] Kerberos does not have a
> ticket for PHMAIL1$. have on exchange and AD connectivity ?
>
>
> On Mon, Sep 15, 2008 at 11:37 AM, Michael B. Smith <
> michael@theessentialexchange.com> wrote:
>
> If you create a new user and the user get's the proper email addresses
> stamped on it, it isn't a RUS issue. If there is an egregious error, you'll
> see errors in your event log.
>
>
>
> Do you have DCs manually specified on your Directory Service tab of the
> Exchange server's property sheet?
>
>
>
> The DCDIAG indicates that there is metadata for four DCs but only three
> were examined. Is the fourth offline or has the metadata been properly
> removed?
>
>
>
> I'd recommend running ExBPA and see what it has to say. You don't have to
> run it on an Exchange server, you can run it on your domain-joined
> workstation.
>
>
>
> Regards,
>
>
>
> Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
>
> My blog: http://TheEssentialExchange.com/blogs/michael
>
> Link with me at: http://www.linkedin.com/in/theessentialexchange
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Harry Singh
> *Sent:* Monday, September 15, 2008 10:50 AM
>
>
> *To:* ActiveDir@mail.activedir.org
>
> *Subject:* Re: [ActiveDir] AD Replication to Exchange .
>
>
>
> how do i check if it's a RUS issue ?
>
> I've requested evidence detailing what lead them to believe it was an AD
> issue. By them indicating that exchange came back up cleanly after the DC's
> were restarted is how i got involved - strange.
>
> Both DC's are GCs. ExBPA hasn't been ran in my org.
>
> attached are dcdiags for both DC's, that look relatively clean to me. I've
> attached the netdiag for the exchange box that does show some kerberos
> weirdness that i haven't seen before.
>
> On Mon, Sep 15, 2008 at 10:39 AM, Chauhan, Rajeev <Rajeev.Chauhan@hud.gov>
> wrote:
>
> Is it RUS issue ?
>
>
>
>
>
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Harry Singh
>
>
> *Sent:* Monday, September 15, 2008 10:27 AM
>
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] AD Replication to Exchange .
>
>
>
> Got a call last night about Exchange ( e2k3) mis-behaving and was told this
> morning that the problem was related to my 2 DCs ( windows 2003 r2, sp1 )
>
>
>
> I've been looking through DC event logs and don't see anything that is
> alarming ( outside of a MxSRB event that says one client is attempting to be
> a master browser.=\ ?
>
> I've checked replication using replmon and repadmin /replsum /bysrc /bydest
> /sort:delta and that looks clean.
>
> I checked the event log for exchange, of which i have dsacess logging
> enabled and i can't seem to find anything that is helping. Apparently, when
> the two DC's were restarted, exchange, when restarted, came back up without
> a hitch.
>
> any ideas what i can run or look into to see if AD was t he culprit ?
>
> Gotta love monday mornings,
>
>
>
>
>
| | | |
| neilruston
Posts:149
| | 09/24/2008 2:24 PM |
| Like many others, the underlying message I was trying to send was -
"look for the root cause". The various errors you have found may be mere
symptoms of an underlying issue.
neil
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: 15 September 2008 19:51
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
neil -
looks like exchange was the one needed a restart. it's just hard to see
event logs detailing a connection issue to my DC's at 4pm on a sunday
afternoon and justifying those by just restarting exchange -- weird.
On Mon, Sep 15, 2008 at 11:00 AM, <neil.ruston@barclayswealth.com>
wrote:
"I've requested evidence detailing what lead them to believe it was an
AD issue. By them indicating that exchange came back up cleanly after
the DC's were restarted is how i got involved - strange."
Exchange was re-stared as well as the DCs. Perhaps the re-start of
Exchange was all that was needed.
neil
________________________________
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: 15 September 2008 15:50
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] AD Replication to Exchange .
how do i check if it's a RUS issue ?
I've requested evidence detailing what lead them to believe it was an AD
issue. By them indicating that exchange came back up cleanly after the
DC's were restarted is how i got involved - strange.
Both DC's are GCs. ExBPA hasn't been ran in my org.
attached are dcdiags for both DC's, that look relatively clean to me.
I've attached the netdiag for the exchange box that does show some
kerberos weirdness that i haven't seen before.
On Mon, Sep 15, 2008 at 10:39 AM, Chauhan, Rajeev
<Rajeev.Chauhan@hud.gov> wrote:
Is it RUS issue ?
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Harry Singh
Sent: Monday, September 15, 2008 10:27 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] AD Replication to Exchange .
Got a call last night about Exchange ( e2k3) mis-behaving and was told
this morning that the problem was related to my 2 DCs ( windows 2003 r2,
sp1 )
I've been looking through DC event logs and don't see anything that is
alarming ( outside of a MxSRB event that says one client is attempting
to be a master browser.=\ ?
I've checked replication using replmon and repadmin /replsum /bysrc
/bydest /sort:delta and that looks clean.
I checked the event log for exchange, of which i have dsacess logging
enabled and i can't seem to find anything that is helping. Apparently,
when the two DC's were restarted, exchange, when restarted, came back up
without a hitch.
any ideas what i can run or look into to see if AD was t he culprit ?
Gotta love monday mornings,
________________________________
Barclays Wealth is the wealth management division of Barclays Bank PLC.
This email may relate to or be sent from other members of the Barclays
Group.
The availability of products and services may be limited by the
applicable laws and regulations in certain jurisdictions. The Barclays
Group does not normally accept or offer business instructions via
internet email. Any action that you might take upon this message might
be at your own risk.
This email and any attachments are confidential and intended solely for
the addressee and may also be privileged or exempt from disclosure under
applicable law. If you are not the addressee, or have received this
email in error, please notify the sender immediately, delete it from
your system and do not copy, disclose or otherwise act upon any part of
this email or its attachments.
Internet communications are not guaranteed to be secure or without
viruses. The Barclays Group does not accept responsibility for any loss
arising from unauthorised access to, or interference with, any Internet
communications by any third party, or from the transmission of any
viruses. Replies to this email may be monitored by the Barclays Group
for operational or business reasons.
Any opinion or other information in this email or its attachments that
does not relate to the business of the Barclays Group is personal to the
sender and is not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no.
1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised and regulated by the Financial Services
Authority.
Barclays Wealth is the wealth management division of Barclays Bank PLC. This email may relate to or be sent from other members of the Barclays Group.
The availability of products and services may be limited by the applicable laws and regulations in certain jurisdictions. The Barclays Group does not normally accept or offer business instructions via internet email. Any action that you might take upon this message might be at your own risk.
This email and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from disclosure under applicable law. If you are not the addressee, or have received this email in error, please notify the sender immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this email or its attachments.
Internet communications are not guaranteed to be secure or without viruses. The Barclays Group does not accept responsibility for any loss arising from unauthorised access to, or interference with, any Internet communications by any third party, or from the transmission of any viruses. Replies to this email may be monitored by the Barclays Group for operational or business reasons.
Any opinion or other information in this email or its attachments that does not relate to the business of the Barclays Group is personal to the sender and is not given or endorsed by the Barclays Group.
Barclays Bank PLC. Registered in England and Wales (registered no. 1026167).
Registered Office: 1 Churchill Place, London, E14 5HP, United Kingdom.
Barclays Bank PLC is authorised and regulated by the Financial Services Authority.
| | | |
|
|