Exchange 2003 SP1 periodicaly losses connection to active directory for about 30 minutes
From: dimitrisv (dimitrisv_at_iee.org.uk)
Date: 06/28/04
- Next message: Steven Halsey [MSFT]: "Re: Netbios to Active Directory Name Resolution Question"
- Previous message: ryan_at_prismkites.com: "RE: 5.5 and firewall settings"
- Messages sorted by: [ date ] [ thread ]
Date: 28 Jun 2004 10:51:50 -0700
Hi, we have set up an Exchange 2003 that has the following problems
(please see the respective articles KB).
We have active directory in two servers but the mail server fails to
connect to the server that we promoted to active directory server most
recently.
I wonder if the issue has to do with the fact that while performing
the promotion of the server to active directory the exchange was up.
Connectivity to that server is fine, no errors in the interface,
extremely fast file sharing etc (1Gbps Switch (Cisco 3750 Series))
We are thinking of demoting that server but we are wondering why we
have that issue.
Thank you for your consideration
-----------------
------------------
START OF ISSUES, RELATED KB ARTICLES
------------------
-----------------
1.
Details
Product:
Exchange
ID:
9176
Source:
MSExchangeSA
Version:
6.5.0000.0
Message:
NSPI Proxy can contact Global Catalog %1 but it does not support the
NSPI
service. After a Domain Controller is promoted to a Global Catalog,
the
Global Catalog must be rebooted to support MAPI Clients. Reboot %2 as
soon as possible.
Explanation
This Event indicates that the Exchange Server was able to contact a
server that is designated to be a Global Catalog (GC) Server but did
not get a response from the NSPI interface on that GC.
This can happen because the Name Service Provider Interface (NSPI)
interface is not advertised by the Global Catalog server, possibly
because the server was made a Global Catalog and was not restarted.
User Action
After a Domain Controller (DC) is made a GC, the GC must be rebooted
to support MAPI clients. To ensure that a GC responds to NSPI queries,
restart the GC.
Version:
6.5.6940.0
Component:
Microsoft Exchange System Attendant
Message:
NSPI Proxy can contact Global Catalog <server name> but it does not
support the NSPIservice. After a Domain Controller is promoted to a
Global Catalog, theGlobal Catalog must be rebooted to support MAPI
Clients. Reboot <server name> assoon as possible.
Explanation
This event indicates that the Exchange server was able to contact a
server that is designated to be a global catalog server but did not
get a response from the Name Service Provider Interface (NSPI) on that
global catalog. This can occur because the NSPI is not advertised by
the global catalog server, possibly because the server was made a
global catalog and was not restarted.
User Action
After a domain controller is made a global catalog, the global catalog
must be rebooted to support MAPI clients. To ensure that a global
catalog responds to NSPI queries, restart the global catalog.
2.
Details
Product:
Exchange
ID:
9143
Source:
MSExchangeSA
Version:
6.5.6940.0
Component:
Microsoft Exchange System Attendant
Message:
Referral Interface cannot contact any Global Catalog that supports
the NSPI Service.Clients making RFR requests will fail to connect
until a Global Catalog becomes available again.After a Domain
Controller is promoted to a Global Catalog, it must be rebooted to
support MAPI Clients.
Explanation
This event indicates that the Referral Interface on the Exchange
server was unable to contact a global catalog server.
User Action
Make sure that at least one global catalog server is available for the
Exchange server to communicate with. If a domain controller has
recently been promoted to be a global catalog, you will need to reboot
that machine in order for Exchange server to use it.
3.
Details
Product:
Exchange
ID:
9074
Source:
MSExchangeSA
Version:
6.5.0000.0
Message:
The Directory Service Referral interface failed to service a client
request.
RFRI is returning the error code:[0x%1].
Explanation
This Event basically states that the DSPROXY component of the System
Attendant Service on the Exchange server failed to service a client
request. This failure could be because of issues ranging from failed
network connectivity to permissions problems.
The following are the most probable causes of this event. Also, search
the Microsoft Knowledge Base for further information:
1. The primary network adapter in a multihomed domain controller
may not have File and Printer Sharing for Microsoft Networks bound to
it.
2. The Manage Auditing and Security Log right
(SeSecurityPrivilege) may have been removed for the Exchange
Enterprise Servers domain local group on some or all of the domain
controllers.
3. The File Replication Service (FRS) may not successfully
replicate an updated security policy to one or more domain
controllers.
User Action
1. Change the binding order of the network adapters so that the
adapter that is listed at the top of the Connections list has file and
printer sharing bound to it.
2. Use the Policytest.exe utility to check the status of the
SeSecurityPrivilege right on all of the domain controllers in a single
domain. The Policytest.exe utility is included on the Exchange
installation CD-ROM. If the SeSecurityPrivilege has been removed from
the Exchange Enterprise Servers group, you can grant the right
directly to the Exchange Enterprise Servers group, or you can run
Exchange Setup again with the /domainprep switch to grant the
SeSecurityPrivilege right automatically.
3. Ensure that replication between DCs is occurring properly.
Version:
6.5.6940.0
Component:
Microsoft Exchange System Attendant
Message:
The Directory Service Referral interface failed to service a client
request.RFRI is returning the error code:[0x<error code>].
Explanation
This event basically states that the DSPROXY component of the System
Attendant Service on the Exchange server failed to service a client
request. This failure could be because of issues ranging from failed
network connectivity to permissions problems.
The following are the most probable causes of this event:
The primary network adapter in a multihomed domain controller may not
have File and Printer Sharing for Microsoft Networks bound to it.
The Manage Auditing and Security Log right (SeSecurityPrivilege) may
have been removed for the Exchange Enterprise Servers domain local
group on some or all of the domain controllers.
The File Replication Service (FRS) may not have successfully
replicated an updated security policy to one or more domain
controllers.
Also, search the Microsoft Knowledge Base for further information.
User Action
Change the binding order of the network adapters so that the adapter
listed at the top of the Connections list has file and printer sharing
bound to it.
Use the Policytest.exe utility to check the status of the
SeSecurityPrivilege right on all of the domain controllers in a single
domain. The Policytest.exe utility is included on the Exchange
installation CD-ROM. If the SeSecurityPrivilege has been removed from
the Exchange Enterprise Servers group, you can grant the right
directly to the Exchange Enterprise Servers group, or you can run
Exchange Setup again with the /domainprep switch to grant the
SeSecurityPrivilege right automatically.
Ensure that replication between domain controllers is occurring
properly.
--------------------------------------------------------------------------------
Related Knowledge Base articles
You can find additional information on this topic in the following
Microsoft Knowledge Base articles:
• XADM: Event ID 9074 and 2070 Messages Occur When You Run the System
Attendant
When you try to run the system attendant, it does not start, and
Microsoft Outlook clients cannot log on to the Exchange 2000 server.
The following event ID messages are logged in the Application event
log: Event Type: Error Event Source: MSExchangeSA...
• XADM: Exchange 2000 Server Reports MSExchangeSA 9074
Microsoft Outlook clients that try to send messages or view the
Global Address List (GAL) may receive one of the following error
messages: Network problems are preventing connection to the Microsoft
Exchange Server computer. Contact your system...
• XADM: Policytest Utility Returns 'Right NOT Found' Result
You may experience one or more of the following symptoms: You may
receive the following results after you run the Policytest utility
(Policytest.exe): ================================================
Local domain is "<example>.com" (EXAMPLE) Account...
• XADM: Exchange 2000 Error Messages Are Generated Because of
SeSecurityPrivilege Right and Policytest Issues
You may not be able to mount Exchange 2000 information store
databases. One or more of the following error messages may also be
logged in the Application event log: Event Type: Error Event Source:
MSExchangeDSAccess Event Category: (3) Event ID: 2102...
4.
Details
Product:
Exchange
ID:
8026
Source:
MSExchangeAL
Version:
6.0
Component:
Active Directory Connector
Symbolic Name:
MSG_LDAP_BIND_ERROR
Message:
LDAP Bind was unsuccessful on directory {directory name} for
distinguished name '{value}'. Directory returned error:[0x{error
code}] {error message}. {connection agreement name}
Explanation
Lightweight Directory Access Protocol (LDAP) allows you to query and
manage directory information using a TCP/IP connection.
User Action
Check network connectivity. Verify the user name, password, and port
address are correct, and try again. If the problem persists, verify
that the remote Exchange server is configured to support LDAP.
Version:
6.5.6940.0
Component:
Microsoft Exchange Recipient Update Service
Message:
LDAP Bind was unsuccessful on directory <directory name> for
distinguished name '<value>'. Directory returned error:[0x<error
code>] <error message>. <connection agreement name>
Explanation
Lightweight Directory Access Protocol (LDAP) allows you to query and
manage directory information using TCP/IP. This event indicates that
an LDAP connection failed. The error code/error message will indicate
the underlying cause.
User Action
Check network connectivity. Verify that the user name, password, and
port address are correct, and try again. If the problem persists,
verify that the remote Exchange server is configured to support LDAP.
--------------------------------------------------------------------------------
Related Knowledge Base articles
You can find additional information on this topic in the following
Microsoft Knowledge Base articles:
• XADM: Event 8026 and Event 8260: Can't Access Address List
Configuration
After you run dcpromo to demote a domain controller (DC) in your
domain, the Exchange 2000 MSExchangeAL service starts to log an Eevent
8026 and an Event 8260 every 10 minutes. The events are as follow:
Event ID: 8026 Event Type: Error Event Source:...
• Event ID 8026 Is Logged in Event Viewer After You Install Small
Business Server
After you install Microsoft Windows Small Business Server 2003, the
following event is logged in the event log of Event Viewer:
EventCode=8026 Source=MSExchangeAL Type=Error LogFile=Application
LastBuild=2436 #Times=1 Scenario=Clean Installation...
5.
Details
Product:
Exchange
ID:
2103
Source:
MSExchangeDSAccess
Version:
6.5.0000.0
Message:
Process %1 (PID=%2). All Global Catalog Servers in use are not
responding:
%3
Explanation
This event indicates that DSAccess was not able to find any Global
Catalogs suitable for LDAP queries. This can result in the halting of
mail flow and interruption of Address Book services, so it should be
investigated immediately.
Causes can include all intra- and extra-site Global Catalogs being
down or network problems hindering communication with them.
User Action
One possibility is that DSAccess could not find any suitable Global
Catalogs when it did its initial topology discovery (whenever DSAccess
starts, such as at Exchange server boot-up).
In this case, check the event log for DSAccess event ID 2080 (may need
to increase the DSAccess logging level to record this event). The
detail in that event will allow one to determine if GCs have been
contacted that are unsuitable for some reason. They can then be
corrected.
Another possibility is that GCs already in use have become unsuitable
(for example, by having lost contact due to network problems, LDAP
port problems, etc.). Look for DSAccess event ID 2070 in the event
logs. These events will detail why each GC has become unsuitable.
Correct as necessary.
Version:
6.5.6940.0
Component:
Microsoft Exchange Directory Access Service
Message:
Process <process name> (PID=<process id>). All Global Catalog Servers
in use are not responding:
<fully qualified domain name>
Explanation
This event indicates that DSAccess was not able to find any global
catalogs suitable for Lightweight Directory Access (LDAP) queries.
This can result in the halting of mail flow and interruption of
Address Book services, so it should be investigated immediately.
Causes can include all intra- and extra-site global catalogs being
down or network problems hindering communication with them.
User Action
One possibility is that DSAccess could not find any suitable global
catalogs when it did its initial topology discovery (whenever DSAccess
starts, such as at Exchange server boot-up).
In this case, check the event log for DSAccess Event ID 2080 (may need
to increase the DSAccess logging level to record this event). The
detail in that event will allow one to determine if global catalogs
have been contacted that are unsuitable for some reason. They can then
be corrected.
Another possibility is that global catalogs already in use have become
unsuitable (for example, by having lost contact due to network
problems, LDAP port problems, and so on). Look for DSAccess Event ID
2070 in the event logs. These events will detail why each global
catalog has become unsuitable. Correct as necessary.
--------------------------------------------------------------------------------
Related Knowledge Base articles
You can find additional information on this topic in the following
Microsoft Knowledge Base articles:
• Exchange System Attendant Does Not Start and You Receive a "Global
Catalog Servers Not Responding" Error Message
After you install Exchange 2000 or Exchange 2003 successfully, the
Microsoft Exchange System Attendant service may not start, and you may
receive the following error message: Event Type: Error Event Source:
MSExchangeDSAccess Event ID: 2103 Computer:...
• Event ID 2080 from MSExchangeDSAccess
In Exchange 2000 Service Pack 2 (SP2) and Exchange 2003, DSAccess (a
Directory Service Access component) generates a topology detection
event in the Exchange 2000 or the Exchange 2003 server application
log. This article describes how you can use the...
• XADM: Policytest Utility Returns 'Right NOT Found' Result
You may experience one or more of the following symptoms: You may
receive the following results after you run the Policytest utility
(Policytest.exe): ================================================
Local domain is ".com" (EXAMPLE) Account...
-----------------
------------------
END OF ISSUES, RELATED KB ARTICLES
------------------
-----------------
- Next message: Steven Halsey [MSFT]: "Re: Netbios to Active Directory Name Resolution Question"
- Previous message: ryan_at_prismkites.com: "RE: 5.5 and firewall settings"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
