mspro2006MemberJun 07, 2007 at 6:35 am #125956
Our system includes 2 DC 2000, 2 FE Exch 2003, 4 BE Exch 2000, and all run normally. We need more so we buildup a new Win 2003 sp2, Exchange 2003 sp1. Installation and operation is normal, except that: sometimes when we restart the new Exchange 2003, then this new server faces problem contacting DCs at startup, that lead to many services stop at and after startup (Exchange, NAV client, Symantec Mail security, remote desktop (Ping OK), … ).
This happens often. In event viewer, at each time, we see event ID 2104 as follow:
Message: Process %1 (PID=%2). All the DS Servers in domain are not responding.
This error indicates that the Exchange Server was unable to contact a DC in the local domain. DSAccess needs an in-domain DC to perform topology discovery. If no DCs respond at startup, this is a fatal error, as the System Attendant (MAD) will not start. If this occurs after startup, this is not fatal, unless for some reason ALL DCs and GCs go down (in which case topology discovery would become necessary).
This can happen if the DC or DCs in question become unreachable because of a network problem.
Check all the DCs in the same domain as the Exchange Server and make sure that at least one of them is up and running and reachable from the Exchange Server.
and after event ID above is event ID 9157:
Component: Microsoft Exchange System Attendant
Message: Microsoft Exchange System Attendant does not have sufficient rights to read Exchange configuration objectsin Active Directory. Wait for replication to complete and then check to make sure the computer account is a memberof the “Exchange Domain Servers” security group.
See the message text for the event.
No user action may be required because Exchange will make additional attempts to read Exchange configuration objects during the replication process.
If this event occurs after all domain controller replication has occurred, ensure that the required permissions have been assigned to the Exchange Domain Servers group for this domain. To ensure that the required permissions are configured, run Exchange setup again and select Reinstall. Running setup again will set permissions on the necessary Active Directory objects on a nearby domain controller, and those permissions will then be replicated to other domain controllers.
You can also manually ensure that the required permissions have been configured. To do this, ensure that the Exchange server is a member of the Exchange Domain Servers group of its domain using the Active Directory Users and Computers snap-in. You must also use the Active Directory Service Interfaces (ADSI) Edit snap-in to ensure that the Exchange Domain Servers group of this domain is assigned Full Control permissions on the Configuration/Services/Microsoft Exchange object.
So in short, Exch cant contact DCs timely, so replication failed, leading to permission problems, that stop many services. We often fix this issue just by restarting the server, 1 times or more, sometimes we have to wait for about 30 minutes with about 4 restart to make the server run normally. That’s all, restart only, that fix problem, but that’s too bad for us since this Mail server will contain at least 1000 users.
We think in terms of system aspect, there must be some registry value that control the timeout time, that can be adapted. Or we must start, for example, SRS in Exchange server, though we have only 1 site. Or we must delete the dc03, that no longer exist but its object still remain (see via Site and service mmc, or ntdstuil / metadata cleanup). And …
And in terms of network, we think of moving the server to beside the 2 DCs, so traffic dont have to traverse long before reaching the DCs/GCs (not very long, since all in one building). And finally, portfast of Cisco switch (we use 2950 and 3750 only) that may help reduce time when switching packet. …..
But we still can’t specify the real reason and how to fix it. Pls recommend us something to help us overcome this problem, since as u know Email system is very urgen and important, and Exchange restart is important to since it help offline-defrag and release memory (we see that Symantec mail security occupy too much Ram until we restart the server, store.exe not very much).
Thank u so much in advance.
You must be logged in to reply to this topic.