Re: Not able to create user/ group accounts in Exchange server

From: Boris Lokhvitsky (msexpert_at_comcast.net)
Date: 04/14/04

• Next message: Gary Cooper: "Re: Joinng another DC"
• Previous message: Boris Lokhvitsky: "Re: can remove ad from exchange server?"
• In reply to: Kamesh: "Re: Not able to create user/ group accounts in Exchange server"
• Next in thread: kamesh_a: "Re: Not able to create user/ group accounts in Exchange server"
• Reply: kamesh_a: "Re: Not able to create user/ group accounts in Exchange server"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 13 Apr 2004 17:55:57 -0700

Hello Kamesh,

Looks like you have some stalled trust relationships in your AD (between ABC
and Vempower?), and hence problems when replicating Global Catalog, or maybe
there is no Global Catalog server at all. Your Exchange server perhaps was
having problem when trying to connect to Global Catalog server, not just to
a DC.

Since you said you deleted the initially configured domain controller
(SERVER), you might have deleted also some FSMO roles and/or Global Catalog.

Have you deleted the initial DC gracefully? (first demote it from domain
controllers and remove from domain, only then kill the OS).

Check if you have some non-responding trusts and troubleshoot them if any.

If my guess is right - there are quite a few detailed MS KB articles on how
to seize the FSMO and GC roles in case the original role owner is dead.

Good luck,
Boris

"Kamesh" <kamesh_a@hotmail.com> wrote in message
news:1b51701c42093$a9cd1e50$a501280a@phx.gbl...
> Hi Leif,
>
> I executed dcdiag ( domain controller) and netdiag (
> exchange server) and please take time and see the output.
>
> ABC is my domain name.
> Server1 is the current domain controller.
> SERVER is a initially configured domain controller and now
> that server is nomore in the domain.
> EXCH is my exchange server.
> server3 & 4 were use to act as a additional domain
> controllers earlier.Now those are not in the domain.
>
>
> The output on executing dcdiag on domain controller
> server1 is as follows:
>
> Domain Controller Diagnosis
> Performing initial setup:
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\server1
> Starting test: Connectivity
> ............... server1 passed test Connectivity
> Doing primary tests
> Testing server: Default-First-Site-Name\server1
> Starting test: Replications
> ........ server1 passed test Replications
> Starting test: NCSecDesc
> ......................... server1 passed test
> NCSecDesc
> Starting test: NetLogons
> ........... server1 passed test NetLogons
> Starting test: Advertising
> ............. server1 passed test Advertising
> Starting test: KnowsOfRoleHolders
> ...... server1 passed test KnowsOfRoleHolders
> Starting test: RidManager
> ........... server1 passed test RidManager
> Starting test: MachineAccount
> ........ server1 passed test MachineAccount
> Starting test: Services
> .......... server1 passed test Services
> Starting test: ObjectsReplicated
> ............. server1 passed test ObjectsReplicated
> Starting test: frssysvol
> There are errors after the SYSVOL has been shared.
> The SYSVOL can prevent the AD from starting.
> .......... server1 passed test frssysvol
> Starting test: kccevent
> An Warning Event occured. EventID: 0x800004F1
> Time Generated: 04/12/2004 18:18:10
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Time Generated: 04/12/2004 18:18:13
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Time Generated: 04/12/2004 18:18:16
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Time Generated: 04/12/2004 18:18:16
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Time Generated: 04/12/2004 18:18:16
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Event String: The attempt to establish a replication link
> with An Warning Event occured. EventID: 0x800004F1
> Time Generated: 04/12/2004 18:18:16
> Event String: The attempt to establish a replication link
> with ..... server1 failed test kccevent
> Starting test: systemlog
> ........ server1 passed test systemlog
>
> Running enterprise tests on : abc
> Starting test: Intersite
> ..... abc passed test Intersite
> Starting test: FsmoCheck
> .......... abc passed test FsmoCheck
>
>
>
> The output of netdiag.exe on executing on exchage server (
> EXCH) display the following
>
>
> All the test are success, but few of the tests are failed
> and those are
>
> Trust relationship test. . . . . . : Failed
> Secure channel for domain 'VEMPOWER' is
> to '\\server1.ABC'.
> [FATAL] Cannot test secure channel for domain 'ABC' to
> DC 'server'. [ERROR_NO_LOGON_SERVERS]
>
> Kerberos test. . . . . . . . . . . : Failed
> [FATAL] Kerberos does not have a ticket for EXCH$.
>
> LDAP test. . . . . . . . . . . . . : Passed
> [WARNING] The default SPN registration for 'HOST/EXCH' is
> missing on DC
> 'server1.abc'.
> [WARNING] The default SPN registration for 'HOST/EXCH' is
> missing on DC 'server.abc'.
> [WARNING] Failed to query SPN registration on
> DC 'server3.abc'.
> [WARNING] Failed to query SPN registration on
> DC 'server4.abc'.
> [WARNING] Failed to query SPN registration on
> DC 'server5.abc'.
>
> Thanks for the extended support and guidence.
>
> Kamesh
>
>
>

---

• Next message: Gary Cooper: "Re: Joinng another DC"
• Previous message: Boris Lokhvitsky: "Re: can remove ad from exchange server?"
• In reply to: Kamesh: "Re: Not able to create user/ group accounts in Exchange server"
• Next in thread: kamesh_a: "Re: Not able to create user/ group accounts in Exchange server"
• Reply: kamesh_a: "Re: Not able to create user/ group accounts in Exchange server"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Repost: Missing ForestDNSZones and DomainDNSZones partitions under child AD 2003 domain ... Event String: The attempt to establish a replication link ... EventID: 0xC000066D ... Starting test: CrossRefValidation ... (microsoft.public.windows.server.dns) Re: DNS issue with windows 2003 AD upgrade ... 2003 server and did upgrade the AD to 2003 and dcpromo. ... a replication link for the following writable directory partition ... Group Policy processing aborted. ... (microsoft.public.windows.server.migration) Error 1265 and missing server? ... "The attempt to establish a replication link with parameters ... Source DSA DN: CN="NTDS Settings ... I don't know if the original server Exchange was successfully demoted or not and no one seems to be too sure... ... (microsoft.public.win2000.active_directory) RE: SBS2003 with aditional 2003 server ... Running DCPROMO on the 2003 server tells me there ... >>The attempt to establish a replication link for the following writable ... >>This domain controller will be unable to replicate with the source domain ... (microsoft.public.windows.server.sbs) Re: Remove deleted DC replication links - replmon.gif (0/1) ... Have you tried the metadata cleanup in this article. ... > ntdsutil and GUI tools did not show me this old server ... > how to remove these replication link? ... (microsoft.public.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)