- Remove From My Forums
-
Question
-
Process ForefrontActiveDirectoryConnector.exe (PID=1928). WCF request (Get Servers for chickbuns.com) to the Microsoft Exchange Active Directory Topology service on server (TopologyClientTcpEndpoint (localhost)) failed. Make sure that the service is running.
In addition, make sure that the network ports that are used by Microsoft Exchange Active Directory Topology service are not blocked by a firewall. The WCF call was retried 3 time(s).Error Details
System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0280035. TCP error code 10061: No connection could be made
because the target machine actively refused it 127.0.0.1:890. —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
— End of inner exception stack trace —Log Name: Application
Source: MSExchange ADAccess
Date: 1/13/2014 8:57:01 PM
Event ID: 4027
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: DC4.chickbuns.com
Description:
Error Details
System.ServiceModel.EndpointNotFoundException: Could not connect to net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of 00:00:02.0280035. TCP error code 10061: No connection could
be made because the target machine actively refused it 127.0.0.1:890. —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:890
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
— End of inner exception stack trace —
Answers
-
Hi,
According to the detail of the error, we can try the following resolutions:
1. Check if there is some Windows firewall rule blocking certain port.
2. Check if you’re having trouble allowing other computers to communicate with your computer through Windows Firewall, and you can try using the Incoming Connections troubleshooter to automatically find and fix some common problems.
In Windows7, Open the Incoming Connections troubleshooter by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type troubleshooter, and then click Troubleshooting. Click View all, and then click Incoming
Connections.
3. Check if there is some service which doesn’t work.If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support
-
Marked as answer by
Sunday, January 26, 2014 4:04 PM
-
Marked as answer by
С чего начать …
Прежде всего я хотел бы признать, что я не опытный специалист по Exchange.
Во-вторых, это среда:
(2) контроллеры домена 2008 R2 и (1) сервер MS Exchange 2013 2012 R2 — другие серверы Exchange были удалены [я видел остатки этих старых серверов, но единая система обмена сообщениями работала нормально до вчерашнего дня]
Наш сервер Exchange 2013 остановлен прием вызовов на назначенный ему номер голосового доступа для единой системы обмена сообщениями. При попытке перезапуска не запускается следующее сообщение Windows не может запустить службу единой системы обмена сообщениями Microsoft Exchange на локальном компьютере. Ошибка 1053: служба не ответила на запрос запуска или управления своевременно.
Служба зависнет при запуске, но никогда не запустится.
Я перехожу к средству просмотра событий и вижу ВСЕ виды Сообщения, связанные с обменом, но все они относятся к AD. Например:
Ошибка 1007: репликация почтовых ящиков MSExchange
Службе репликации почтовых ящиков не удалось определить набор активных баз данных почтовых ящиков на сервере почтовых ящиков.
Сервер почтовых ящиков:
Ошибка: MapiExceptionNetworkError: невозможно установить соединение интерфейса администратора с сервером. (hr = 0x80040115, ec = -2147221227)
Диагностический контекст:
Крышка: 65256
Крышка: 49064 dw Параметр: 0x1
Крышка: 12514 Win32Error: 0x6D9
Крышка: 62184
Крышка: 16280 dwParam: 0x0 Msg: EEInfo: ComputerName: n / a
Крышка: 8600 dwParam: 0x0 Msg: EEInfo: ProcessID: 5456
Крышка: 12696 dwParam: 0x0 Msg: EEInfo: Время генерации: 0419-01-18T16: 54: 09.2670000Z
Lid: 10648 dwParam: 0x0 Msg: EEInfo: Генерирующий компонент: 2
Крышка: 14744 dwParam: 0x0 Msg: EEInfo: Статус: 1753
Крышка: 9624 dwParam: 0x0 Msg: EEInfo: Место обнаружения: 883
Крышка: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0
Крышка: 11672 dwParam: 0x0 Msg: EEInfo: NumberOfParameters: 0
Крышка: 62184
Крышка: 16280 dwParam: 0x0 Msg: EEInfo: ComputerName: n / a
Крышка: 8600 dwParam: 0x0 Msg: EEInfo: ProcessID: 5456
Крышка: 12696 dwParam: 0x0 Msg: EEInfo: Время генерации: 0419-01-18T16: 54: 09.2670000Z
Lid: 10648 dwParam: 0x0 Msg: EEInfo: Генерирующий компонент: 2
Крышка: 14744 dwParam: 0x0 Msg: EEInfo: Статус: 1753
Крышка: 9624 dwParam: 0x0 Msg: EEInfo: Место обнаружения: 900
Крышка: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0
Крышка: 11672 dwParam: 0x0 Msg: EEInfo: NumberOfParameters: 0
Крышка: 62184
Крышка: 16280 dwParam: 0x0 Msg: EEInfo: ComputerName: n / a
Крышка: 8600 dwParam: 0x0 Msg: EEInfo: ProcessID: 5456
Крышка: 12696 dwParam: 0x0 Msg: EEInfo: Время генерации: 0419-01-18T16: 54: 09.2670000Z
Lid: 10648 dwParam: 0x0 Msg: EEInfo: Генерирующий компонент: 2
Крышка: 14744 dwParam: 0x0 Msg: EEInfo: Статус: 1753
Крышка: 9624 dwParam: 0x0 Msg: EEInfo: Место обнаружения: 501
Крышка: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0
Крышка: 11672 dwParam: 0x0 Msg: EEInfo: NumberOfParameters: 4
Крышка: 8856 dwParam: 0x0 Msg: EEInfo: prm [0]: Строка Unicode: ncalrpc
Крышка: 8856 dwParam: 0x0 Msg: EEInfo: prm 1 : Строка Unicode:
Крышка: 12952 dwParam: 0x0 Msg: EEInfo: prm [2]: Long val: 2306091726
Крышка: 12952 dwParam: 0x0 Msg: EEInfo: prm [3]: Long val: 382312662
Крышка: 24060 StoreEc: 0x80040115
Крышка: 23746
Крышка: 31938 StoreEc: 0x80040115
Крышка: 19650
Крышка: 27842 StoreEc: 0x80040115
Крышка: 20866
Lid: 29058 StoreEc: 0x80040115
Ошибка 10006: Хранилище среднего уровня MSExchange
Клиент Active Manager обнаружил тайм-аут AD при попытке поиска объекта в 00:01:00.
Ошибка 1002:MSExchangeThrottling
Служба регулирования Microsoft Exchange обнаружила ошибку Active Directory при построении дескриптора безопасности RPC. Этот сбой может указывать на то, что в настоящее время нет доступных контроллеров домена. Служба будет остановлена. Сведения об ошибке: System.TimeoutException: истекло время ожидания операции AD после 00:00:30
. Ошибка 4027: MSExchange ADAccess
Процесс msexchangerepl.exe (PID = 5808). Запрос WCF (получение серверов для сервера LDAP возвратил неизвестную ошибку.
в System.DirectoryServices.Protocols.LdapConnection.Connect ()
в System.DirectoryServices.Protocols.LdapConnection.BindHelper (NetworkCredential newCredential, логическое значение needSetCredential)
в Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithLogging ()
в Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry (Int32 maxRetries)
в Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry (Int32 maxRetries)
в Microsoft.Exchange.Data.Directory.LdapConnectionPool.CreateOneTimeConnection (NetworkCredential networkCredential, ADServerInfo serverInfo, LocatorFlags connectionFlags)
в Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetDirectoryServer (String partitionFqdn, роль ADRole)
в Microsoft.Exchange.Data.Directory.LdapTopologyProvider.InternalGetServersForRole (String partitionFqdn, IList 1 currentUsedServers, роль ADServerRole, Int32 serversRequested, логическое значение forestWideAffinityRequested)
в Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetConfigDCInfo (String partitionFqdn, Boolean throwOnFailure)
в Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts (String partitionFqdn)
в Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext (String partitionFqdn)
в Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext (ADNamingContext adNamingContext)
в Microsoft.Exchange.Directory.TopologyService.Data.TopologyDiscoverySession.FindDirectoryServers (строковый сайт, List 1 dsFqdns) 1.Execute (токен CancellationToken присоединился к токену)
в Microsoft.Exchange.Directory.TopologyService.LocalForestTopologyDiscovery.FindPrimaryDS ()
в Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.Discover ()
в Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.DoWork (CancellationToken cancellationToken)
в Microsoft.Exchange.Directory.TopologyService.Common.WorkItem
в System.Threading.Tasks.Task.Execute ()
в Microsoft.Exchange.Directory.TopologyService.TopologyDiscoveryManager.EndGetTopology (IAsyncResult ar)
в Microsoft.Exchange.Directory.TopologyService.TopologyService.InternalEndGetServersForRole (результат IAsyncResult)
в Microsoft.Exchange.Directory.TopologyService.TopologyService. <> c__DisplayClassa.b__9 ()
в Microsoft.Exchange.Directory.TopologyService.TopologyService.ExecuteServiceCall (действие)
Ошибка 2142: MSExchangeADTopolgy
Обработка Microsoft.Exchange.Directory.TopologyService.exe (PID = 2664) Лес. Не удалось обнаружить топологию, сведения об ошибке
Сервер Active Directory недоступен. Сообщение об ошибке: Ответ активного каталога: сервер LDAP возвратил неизвестную ошибку ..
Итак, на этом этапе я запускаю DCDIAG на PDC (давайте назовем DC1, где будет вызываться единственный другой DC DC2):
Диагностика сервера каталогов
Выполнение начальной настройки:
Попытка найти домашний сервер …
Домашний сервер = dc1
- Идентифицированный лес AD.
Сбор начальной информации завершен.
Выполнение начальных обязательных тестов
Тестовый сервер: dc1
Starting test: Connectivity
......................... dc1 passed test Connectivity
Выполнение основных тестов
Тестовый сервер: dc1
Starting test: Advertising
Fatal Error:DsGetDcName (dc1) call failed, error 1355
The Locator could not find the server.
......................... dc1 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... dc1 passed test FrsEvent
Starting test: DFSREvent
......................... dc1 passed test DFSREvent
Starting test: SysVolCheck
......................... dc1 passed test SysVolCheck
Starting test: KccEvent
......................... dc1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... dc1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... dc1 passed test MachineAccount
Starting test: NCSecDesc
......................... dc1 passed test NCSecDesc
Starting test: NetLogons
......................... dc1 passed test NetLogons
Starting test: ObjectsReplicated
......................... dc1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,Replications Check] Inbound replication is
disabled.
To correct, run "repadmin /options dc1 -DISABLE_INBOUND_REPL"
[Replications Check,dc1] Outbound replication is disabled.
To correct, run "repadmin /options dc1 -DISABLE_OUTBOUND_REPL"
......................... dc1 failed test Replications
Starting test: RidManager
......................... dc1 passed test RidManager
Starting test: Services
w32time Service is stopped on [dc1]
NETLOGON Service is paused on [dc1]
......................... dc1 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:28:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:33:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC00038D6
Time Generated: 01/18/2019 08:34:23
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:38:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:42:48
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:43:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:48:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:53:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:58:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:03:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:08:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:13:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:18:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:23:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
......................... dc1 failed test SystemLog
Starting test: VerifyReferences
......................... dc1 passed test VerifyReferences
Запуск тестов разделов на: ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Запуск тестов разделов на : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Выполнение тестов разделов: Схема
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Запуск тестов разделов: Конфигурация
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Запуск тестов разделов:
Starting test: CheckSDRefDom
......................... <domain> passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... <domain> passed test CrossRefValidation
Выполнение корпоративных тестов: .com
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... <domain>.com failed test LocatorCheck
Starting test: Intersite
......................... <domain>.com passed test Intersite
В довершение всего, DC2 действовал вверх, поэтому я перезапустил его. Он больше не загружается в Windows, вместо этого я получаю этот BSOD:
STOP: c00002cb Инициализация диспетчера учетных записей диспетчера безопасности завершилась неудачно из-за следующей ошибки: система не может найти указанный файл .
Что за кластер, верно ?
Забыл добавить важный запрос, netdom query fsmo :
«Указанный домен либо не существует, либо с ним невозможно связаться.
Не удалось выполнить команду. «
Включая список ролей домена через NTDSUtil:
ntdsutil : роли
fsmo обслуживание : соединения
соединения с сервером : подключиться к сервер dc3
Привязка к dc3…
Подключено к dc3 с использованием учетных данных локально вошедшего в систему пользователя.
серверные соединения : q
обслуживание fsmo : выбор цели операции
выбор цели операции : список ролей для подключенного сервера
Сервер «dc3» знает около 5 ролей
Схема — CN = Настройки NTDS, CN = DC3, CN = Серверы, CN = mgaming, CN = Сайты, CN = Конфигурация
, DC = игра,DC = com
Мастер именования — CN = настройки NTDS, CN = DC3, CN = серверы, CN = mgaming, CN = сайты, CN = Config
uration, DC = mgaming, DC = com
PDC — CN = настройки NTDS, CN = DC3, CN = серверы, CN = mgaming, CN = сайты, CN = конфигурация, DC
= mgaming, DC = com
RID — CN = настройки NTDS, CN = DC3, CN = серверы, CN = mgaming, CN = сайты, CN = конфигурация, DC
= mgaming, DC = com
Инфраструктура — CN = настройки NTDS, CN = DC3, CN = серверы, CN = mgaming, CN = сайты, CN = Confi
guration, DC = mgaming, DC = com
select operation target : q
fsmo maintenance : q
ntdsutil : q
—— НОВЫЕ результаты после некоторой работы ——
netdom query fsmo:
Schema master DC1.domain.com
Domain naming master DC1.domain.com
PDC DC1.domain.com
RID pool manager DC1.domain.com
Infrastructure master DC1.domain.com
The command completed successfully.
dcdiag :
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: <domain>DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: <domain>DC1
Starting test: Advertising
Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,Replications Check] Inbound replication is
disabled.
To correct, run "repadmin /options DC1 -DISABLE_INBOUND_REPL"
[Replications Check,DC1] Outbound replication is disabled.
To correct, run "repadmin /options DC1 -DISABLE_OUTBOUND_REPL"
......................... DC1 failed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
w32time Service is stopped on [DC1]
......................... DC1 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0002719
Time Generated: 01/18/2019 15:10:16
Event String:
DCOM was unable to communicate with the computer MRInterCA01.<domain>
.com using any of the configured protocols.
An error event occurred. EventID: 0xC0000428
Time Generated: 01/18/2019 15:10:16
Event String:
The terminal server cannot install a new template-based certificate
to be used for Transport Layer Security (TLS) 1.0Secure Sockets Layer (SSL) aut
hentication and encryption. The following error occured: The RPC server is unava
ilable.
An error event occurred. EventID: 0xC0002719
Time Generated: 01/18/2019 15:15:17
Event String:
DCOM was unable to communicate with the computer MRInterCA01.<domain>
.com using any of the configured protocols.
An error event occurred. EventID: 0xC0000428
Time Generated: 01/18/2019 15:15:17
Event String:
The terminal server cannot install a new template-based certificate
to be used for Transport Layer Security (TLS) 1.0Secure Sockets Layer (SSL) aut
hentication and encryption. The following error occured: The RPC server is unava
ilable.
An error event occurred. EventID: 0xC0002719
Time Generated: 01/18/2019 15:20:21
Event String:
DCOM was unable to communicate with the computer MRInterCA01.<domain>
.com using any of the configured protocols.
An error event occurred. EventID: 0xC0000428
Time Generated: 01/18/2019 15:20:21
Event String:
The terminal server cannot install a new template-based certificate
to be used for Transport Layer Security (TLS) 1.0Secure Sockets Layer (SSL) aut
hentication and encryption. The following error occured: The RPC server is unava
ilable.
......................... DC1 failed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : <domain>
Starting test: CheckSDRefDom
......................... <domain> passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... <domain> passed test CrossRefValidation
Running enterprise tests on : <domain>.com
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... <domain>.com failed test LocatorCheck
Starting test: Intersite
......................... <domain>.com passed test Intersite
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
Процесс powershell.exe (PID=8880). Компонент: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Ошибка при запуске операции AD. —> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Непредвиденная ошибка при вызове службы топологии Active Directory Microsoft Exchange на сервере «TopologyClientTcpEndpoint (localhost)». Сведения об ошибке: Отказано в доступе.. —> System.ServiceModel.Security.SecurityAccessDeniedException: Отказано в доступе. Server stack trace: в System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter) в System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) в System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) в System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) в System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) Exception rethrown at [0]: в System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) в System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) в Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested) в Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass10.<InternalServiceProviderGetServersForRole>b__f(IPooledServiceProxy`1 proxy) в Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception) — Конец трассировки внутреннего стека исключений — в Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure) в Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn) в Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn) в Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.GetRootOrgContainer(String partitionFqdn, String domainController, NetworkCredential credential) в Microsoft.Exchange.Data.Directory.SystemConfiguration.ConfigurationSettings.ADConfigDriver.<>c__DisplayClass2.<LoadSettings>b__0() в Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount) в Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount) — Конец трассировки внутреннего стека исключений —. Не удается загрузить параметры приложения. Исключение: «%4» |
Sharing my troubleshooting notes
Single User Outlook 2013 new setup fails on “Logging on to the mail server”
Issue:
Issue with one user not able to login to outlook 2013. User attempts to connect & it fails with the following error:
“The Connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action”. The user is unable to access outlook but can access OWA to check mails.
Resolution:
=> Recycle AppPools for both Autodiscover and RPCProxy.
=> Run Get-CasMailbox <user> | fl . Check if MAPIBlockOutlookRpcHttp is set to true.
=> If it is set to true , run Set-CASMailbox <user> -MAPIBlockOutlookRPCHttp $false.
========================================================
Event ID 4027 MSExchange ADAccess Exchange 2013
Issue: Getting event ID 4027 on Exchange 2013 server.
Log Name: Application
Source: MSExchange ADAccess
Event ID: 4027
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Description:
Error Details
System.ServiceModel.EndpointNotFoundException: Could not connect to
net.tcp://localhost:890/Microsoft.Exchange.Directory.TopologyService. The connection attempt lasted for a time span of
00:00:02.0280035. TCP error code 10061: No connection could be made because the target machine actively refused it
127.0.0.1:890. —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively
refused it 127.0.0.1:890
at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
at System.ServiceModel.Channels.SocketConnectionInitiator.Connect(Uri uri, TimeSpan timeout)
Resolution:
=> Enable IPv6.
========================================================
Exchange 2013 CU2 “old mail.Queue” growing & occupying more space.
Issue:
On Mailbox servers in Queue folder there are multiple folders generated with name “messaging old” with date and inside there is old “mail.queue file” on the mailbox server causing disk space issue. (checked pipeline tracing and transport dumpster setting and its in default setting) You will see Messaging.old-201503231091 folder taking up lot of space in C drive.
Resolution:
=> Rename the folder & check if there is any impact.
=> It’s safe to delete the Messaging.old folder. It won’t cause any issues.
========================================================
451 4.4.0 Primary target IP address responded with: “421 4.4.5 Service not available, connection deferred
Issue:
Issue with sending mails to one specific domain in Exchange 2013 server. Mail flow for a specific domain fails with the following error:
Remote Server at mail.server.com
(xxx.xxx.xxx.xxx) returned ‘451 4.4.0 Primary target IP address responded with:
“421 4.4.5 Service not available, connection deferred.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was xxx.xxx.xxx.xxx:25′
Resolution:
=> Try sending email from a public email a/c like gmail.com to the problematic domain & see if the mail goes thru.
=> Try running Set-SendConnector -Identity “<SendConnectorName>” -IgnoreSTARTTLS $true & check.
=> Check the Firewall & network device to make sure if they are blocking it.
========================================================
Unable to move mailbox to new database in Exchange 2010 server.
Issue:
When migrating mailboxes to new database in Exchange 2010 SP3 RU6, some of them fails with the following error:
{MapiExceptionNoAccess: Unable to query table rows. (hr=0x80070005, ec=-2147024891)
——–
Operation: IDestinationMailbox.CreateFolder
OperationSide: Target
Primary (e8d46f09-1e95-4714-b9be-054c9793e96c)
Folder: ‘Drafts’, entryId [len=46, data=000000004CAE01205CB53F48985FAD69EC75CAD90100E29AB6F8D3BA694C8DD7E55
D2CE8175100000004A55B0000], parentId [len=46, data=000000004CAE01205CB53F48985FAD69EC75CAD90100E29AB6F8D3BA69
4C8DD7E55D2CE817510000000562D80000]
FailIfExists: False
——–
Folder: ‘/Top of Information Store/Drafts’, entryId [len=46, data=000000004CAE01205CB53F48985FAD69EC75CAD90
100E29AB6F8D3BA694C8DD7E55D2CE8175100000004A55B0000], parentId [len=46, data=000000004CAE01205CB53F48985FAD69
EC75CAD90100E29AB6F8D3BA694C8DD7E55D2CE817510000000562D80000]
Resolution:
=> Exported mailbox to PST.
=> Delete mailbox, create a new mailbox & import the PST.
=> Add X500 address – to get rid of NDR messages cause of new mailbox legacyExchangeDN.
========================================================
Find oldest email date on a particular mailbox through exchange management shell command ?
Issue:
How to find oldest email date on a particular mailbox through exchange management shell command ?
Resolution:
Get-MailboxFolderStatistics -IncludeOldestAndNewestItems -Identity <mailbox> |
Where OldestItemReceivedDate -ne $null |
Sort OldestItemReceivedDate |
Select -First 1 OldestItemReceivedDate
========================================================
WebServices connectivity (Internal) transaction failure – The credentials can’t be used to test Web Services
Issue: Unable to test web services or outlook connectivity, keep getting an error stating “credentials cannot be used”.
When running test outlook connectivity we get the following error in CAS server :
Verbose: Target User = ‘extest_1eb30811639a4@domain.com‘
Verbose: Resolved server. Server Name = ‘CASSERVER’, Server FQDN= ‘CASSERVER.domain.com‘
Verbose: Selected RPC Proxy authentication method = ‘NTLM’
Verbose: Based on RpcTestType, the cmdlet needs to dynamically look up the endpoint that uses this server as reference point.
Verbose: Target Client Access server = ‘CASSERVER.domain.com‘
Verbose: Based on RpcProxyTestType, the cmdlet needs to dynamically look up the endpoint that uses this server as
reference point.
Verbose: Target Client Access server = ‘CASSERVER.domain.com‘
Verbose: Using connection parameters : ‘domain.comextest_1eb30811639a4: RpcProxy/RPC-over-HTTP,
[CASSERVER.domain.com/NTLM]’
Verbose: Pinging RpcProxy at the following URL: https://CASSERVER.domain.com/rpc/RpcProxy.dll.
Verbose: An unexpected exception occurred while pinging RpcProxy. The most common reason for this occurring is that the
IIS DefaultAppPool isn’t running. Exception: The remote server returned an error: (401) Unauthorized.
Verbose: Mailbox = ‘domain.comextest_1eb30811639a4′, Owner = ‘/o=company/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=extest_1eb30811639a4′
Diagnostic command: “Test-OutlookConnectivity -RpcProxyTestType:Internal -RpcTestType:Server -TrustAnySSLCert:$true –
MonitoringContext:$true”
TimeWindowStart: 2015-03-18T07:10:07.0437501+02:00
TimeWindowEnd: 2015-03-18T07:23:27.0437500+02:00
TimeFirst: 2015-03-18T07:10:07.0437501+02:00
TimeLast: 2015-03-18T07:15:08.0145501+02:00
Count: 2
EventSourceName: MSExchange Monitoring OutlookConnectivity Internal
Resolution:
=> Deleted the ac extest_1eb30811639a4 & recreated it.
========================================================
Exchange 2013: Public Folder Mailbox cannot be deleted:”Cannot open Mailbox”.
Issue:
Unable to delete the public folder Mailbox we get the following error. Also the same happens when trying to delete using the Shell & web interface.
“Cannot open mailbox /o=Test Lab/ou=Exchange Administrative Group … /cn=Servers/cn=EXServer/cn=Microsoft System Attendant”
Resolution:
=> Run Remove-Mailbox with -force parameter.
========================================================
Remove-MailboxDatabase fails
Issue:
Migrating from Exchange 2013 to a new Exchange 2013. When trying to run Remove-MailboxDatabase it fails with the following error:
VERBOSE: [16:02:40.757 GMT] Remove-MailboxDatabase : Mailbox with DistinguishedName <<omitted>> is still present in this database.
Resolution:
=> Found users had wrong attribute set.
=> Ran the below command to fix it:
PS AD:DC=mydomain,DC=local> $usersToChange = dir -rec | ? {$_.objectClass -eq “user”} | ? {(get-itemproperty -name
msExchArchiveDatabaseLink -path $_.pspath) -like “*Mailbox Database 1096099116*”}
PS AD:DC=mydomain,DC=local> $usersToChange | foreach {Clear-ItemProperty -Name msExchArchiveDatabaseLink -Path $_.PSPath -verbose}
========================================================
After migration from exch 2007 to 2013 “show this folder as an e-mail address book not available” client 2007
Issue: After we migrated our exchange from 2007 to 2013 and we are facing some issues with our public folders
we have an address book at our public folders (migrated from 2007) when i look for “”show this folder as an e-mail address book” tab on outlook 2007 clients its missing , when i look for it on outlook 2013 clients its there, why?
Resolution:
=> It is by design that there is no Outlook Address Book tab with the Show this folder as an e-mail Address Book check box for Public Contact in Outlook 2007. Need to update the Outlook 2007 to Outlook 2010 or higher version as a workaround.
========================================================
Cannot create a new Offline adressbook
Issue : When creating new OAB & arbitration mailbox using the following command it fails:
Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “*oab*”} | ft name,servername
After running the above command & while running Update-OfflineAddressBook -Identity “OAB-FAB” it fails with the following error:
+ CategoryInfo : InvalidResult: (OAB-FAB:OfflineAddressBookIdParameter) [Update-OfflineAddressBook],
LocalizedException
+ FullyQualifiedErrorId : [Server=EXCH-SRV,RequestId=84bb0fb1-d6dd-4718-a704-4e9a20e178b6,TimeStamp=19.02.2015
12:07:00] [FailureCategory=Cmdle
t-LocalizedException] 12FE7FE1,Microsoft.Exchange.Management.SystemConfigurationTasks.UpdateOfflineAddressBook
+ PSComputerName : EXCH=SRV.xxx.local
Cannot create a new Offline Address Book “OAB” This may be caused to two reasons: the service “Mailbox Assistant service.” is not started on “EXCH-SRV.xxx.local” server or you do not have permission to perform this operation.
Resolution:
Run the following command instead:
1. New-OfflineAddressBook -Identity “OAB-FAB” –GeneratingMailbox “CN= BK Arbitration OAB,CN=Users,DC=contoso,DC=com” –AddressLists “Default Global Address List”
2. Update-OfflineAddressBook -Identity “OAB-FAB”
========================================================
Move Mailbox error
Issue: Tried moving mailboxes from 2010sp3 to 2013sp1. All mailboxes moved except two & we get the following error
One mailbox error message is “Error: MigrationPermanentException: Mailbox ‘AAA’ has a completed move request associated with it. Before you create a new move request for the mailbox, run the Remove-MoveRequest cmdlet to clear the completed move request.
Another mailbox error message is “Error: MigrationPermanentException: The Mailbox database “BBB”is not the same version as the cmdlet.
Resolution:
Run the following command:
New-MoveRequest “username” -TargetDatabase “database” -BadItemLimit 50 -Verbose
========================================================
Cannot update to CU7 – remote registry error
Issue: When trying to install CU7 from CU6 we get the following error:
“There was a problem accessing the registry on this computer. This may happen if the Remote Registry service is not running. It may also indicate a network problem or that the TCP/IP NetBIOS Helper service is not running”.
Resolution:
=>Start the following services to check this issue.
=>”Remote Registry” Service
=>”TCP/IP NETBIOS Helper” service
=>Computer Browser” service and setting it to “Automatic”
========================================================
Exchange 2013 CU7 Installation crash on Mailbox role: Transport Service.
Issue:
Started installing CU7 & it fails with the following error:
The following error was generated when “$error.Clear();
# Apply XML Transforms to FIPS configuration file if schema changed Write-ExchangeSetupLog -Info “Applying XML Transforms to FIPS configuration”;
$FipsBinPath = [System.IO.Path]::Combine($RoleInstallPath, “FIP-FSbin”);
[Reflection.Assembly]::LoadFile([System.IO.Path]::Combine($FipsBinPath, “FSCConfigurationServerInterfaces.dll”));
[Reflection.Assembly]::LoadFile([System.IO.Path]::Combine($FipsBinPath, “FSCConfigSupport.dll”));
$configServer = New-Object Microsoft.FSC.Configuration.ConfigManagerClass;
if(! $configServer)
{
Write-ExchangeSetupLog -Error “Configuration Server object could not be created.”;
}
else
{
try
{
$configServer.Upgrade();
Write-ExchangeSetupLog -Info “Configuration.xml was upgraded successfully”;
}
catch
{
Write-ExchangeSetupLog -Error “Upgrade of Configuration.xml was unsuccessfull, $_”;
# Stop the process if it is still running
# We silently continue because if process has already exited, Stop-Process will throw error
# Error is non-terminating and so can be suppressed
Stop-Process -processname FSCConfigurationServer -Force -ErrorAction SilentlyContinue;
}
” was run: “System.Exception: Upgrade of Configuration.xml was unsuccessfull, Exception calling “Upgrade” with
“0” argument(s): “Root element is missing.”
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target,
Boolean reThrow, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean
terminatePipelineIfFailed)”.
Resolution:
1.Go to “C:Program FilesMicrosoftExchange ServerV15FIP-FSData”
2.Deleted the file “configurationServer.xml” and renamed “configurationServer.xml.back” to configurationServer.xml.
3.Then try to re-install Exchange Mailbox Server.
========================================================
After setup of Exchange2013 Exchange Management Shell fails
Issue:
Upgrading from Exchange 2007 to Exchange 2013. After upgrading to Exchange 2013 , we get the following error in the Exchange Management Shell:
VERBOSE: Connecting to server2013.domain.com.
New-PSSession : [server2013.domain.com] Processing data from remote server
server2013.domain.com failed with the
following error message:
[ClientAccessServer=SERVER2013,BackEndServer=SERVER2013.domain.com,RequestId=2d2dcfef-3753-4c3e-b
207-3845ca5d6833,TimeStamp=2/23/2015 08:02:10 AM]
[AuthZRequestId=45093630-4a0f-4c08-a5ff-4d6bf230c5b5][FailureCategory=AuthZ-
SetupVersionInformationCorruptException]
Unable to determine the installed file version from the registry key
‘HKEY_LOCAL_MACHINESOFTWAREMicrosoftPowerShell1PowerShellEngine’. For more
information, see the
about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ New-PSSession -ConnectionURI “$connectionUri” -ConfigurationName Microsoft.Excha
…
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError:
(System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : IncorrectProtocolVersion,PSSessionOpenFailed
WARNING: No Exchange servers are available in the Active Directory site A.
Connecting to an Exchange server in another
Active Directory site.
Failed to connect to an Exchange server in the current site.
Enter the server FQDN where you want to connect.
Resolution:
Moving these keys from other servers or creating all the 6 strings manually should solve this issue.
1.Created the Key “PowerShellEngine” under HKEY_LOCAL_MACHINESOFTWAREMicrosoftPowerShell1.
2.Created all 6 Strings under “PowerShellEngine”
•ApplicationBase (C:WindowsSystem32WindowsPowerShellv1.0)
•ConsoleHostAssemblyName (Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0,
Culture=neutral,PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil)
•ConsoleHostModuleName (C:WindowsSystem32WindowsPowerShellv1.Microsoft.PowerShell.ConsoleHost.dll)
•PowerShellVersion (2.0)
•PSCompatibleVersion (1.0, 2.0)
•RuntimeVersion (v2.0.50727)
Ratish Nair
Microsoft MVP | Exchange Server
Team @MSExchangeGuru.com
Posted April 15th, 2015 under Exchange 2010, Exchange 2013, Tips.
RSS 2.0 feed.
Leave a response, or trackback.
Where to begin…
I’d like to first admit that I am not an seasoned Exchange tech.
Second here is the environment:
(2) 2008 R2 DCs and (1) 2012 R2 MS Exchange 2013 server — other Exchange servers were removed [I’ve seen remnants of these old servers, but UM has been working fine until yesterday]
Our Exchange 2013 server stopped picking up calls on the voice access number assigned to it, for Unified Messaging. When trying to restart the, it fails to start with the following message Windows could not start the Microsoft Exchange Unified Messaging service on Local Computer. Error 1053: The service did not respond to the start or control request in a timely fashion.
The service will hang on «Starting», but never actually start.
I proceed to the Event Viewer and see ALL sorts of Exchange related messages, however all pertaining to AD. For example:
Error 1007: MSExchange Mailbox Replication
The Mailbox Replication service was unable to determine the set of active mailbox databases on a mailbox server.
Mailbox server:
Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227)
Diagnostic context:
Lid: 65256
Lid: 49064 dwParam: 0x1
Lid: 12514 Win32Error: 0x6D9
Lid: 62184
Lid: 16280 dwParam: 0x0 Msg: EEInfo: ComputerName: n/a
Lid: 8600 dwParam: 0x0 Msg: EEInfo: ProcessID: 5456
Lid: 12696 dwParam: 0x0 Msg: EEInfo: Generation Time: 0419-01-18T16:54:09.2670000Z
Lid: 10648 dwParam: 0x0 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x0 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x0 Msg: EEInfo: Detection location: 883
Lid: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x0 Msg: EEInfo: NumberOfParameters: 0
Lid: 62184
Lid: 16280 dwParam: 0x0 Msg: EEInfo: ComputerName: n/a
Lid: 8600 dwParam: 0x0 Msg: EEInfo: ProcessID: 5456
Lid: 12696 dwParam: 0x0 Msg: EEInfo: Generation Time: 0419-01-18T16:54:09.2670000Z
Lid: 10648 dwParam: 0x0 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x0 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x0 Msg: EEInfo: Detection location: 900
Lid: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x0 Msg: EEInfo: NumberOfParameters: 0
Lid: 62184
Lid: 16280 dwParam: 0x0 Msg: EEInfo: ComputerName: n/a
Lid: 8600 dwParam: 0x0 Msg: EEInfo: ProcessID: 5456
Lid: 12696 dwParam: 0x0 Msg: EEInfo: Generation Time: 0419-01-18T16:54:09.2670000Z
Lid: 10648 dwParam: 0x0 Msg: EEInfo: Generating component: 2
Lid: 14744 dwParam: 0x0 Msg: EEInfo: Status: 1753
Lid: 9624 dwParam: 0x0 Msg: EEInfo: Detection location: 501
Lid: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0
Lid: 11672 dwParam: 0x0 Msg: EEInfo: NumberOfParameters: 4
Lid: 8856 dwParam: 0x0 Msg: EEInfo: prm[0]: Unicode string: ncalrpc
Lid: 8856 dwParam: 0x0 Msg: EEInfo: prm1: Unicode string:
Lid: 12952 dwParam: 0x0 Msg: EEInfo: prm[2]: Long val: 2306091726
Lid: 12952 dwParam: 0x0 Msg: EEInfo: prm[3]: Long val: 382312662
Lid: 24060 StoreEc: 0x80040115
Lid: 23746
Lid: 31938 StoreEc: 0x80040115
Lid: 19650
Lid: 27842 StoreEc: 0x80040115
Lid: 20866
Lid: 29058 StoreEc: 0x80040115
Error 10006: MSExchange Mid-Tier Storage
Active Manager Client experienced an AD timeout trying to lookup object » in 00:01:00.
Error 1002: MSExchangeThrottling
The Microsoft Exchange Throttling Service encountered an Active Directory error while building an RPC security descriptor. This failure may indicate that no Domain Controllers are available at this time. The service will be stopped. Failure details: System.TimeoutException: Timed out AD operation after 00:00:30
Error 4027: MSExchange ADAccess
Process msexchangerepl.exe (PID=5808). WCF request (Get Servers for The LDAP server returned an unknown error.
at System.DirectoryServices.Protocols.LdapConnection.Connect()
at System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithLogging()
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.BindWithRetry(Int32 maxRetries)
at Microsoft.Exchange.Data.Directory.LdapConnectionPool.CreateOneTimeConnection(NetworkCredential networkCredential, ADServerInfo serverInfo, LocatorFlags connectionFlags)
at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetDirectoryServer(String partitionFqdn, ADRole role)
at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.InternalGetServersForRole(String partitionFqdn, IList 1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested)
at Microsoft.Exchange.Data.Directory.LdapTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.ADDataSession.GetNamingContext(ADNamingContext adNamingContext)
at Microsoft.Exchange.Directory.TopologyService.Data.TopologyDiscoverySession.FindDirectoryServers(String site, List1 dsFqdns)1.Execute(CancellationToken joinedToken)
at Microsoft.Exchange.Directory.TopologyService.LocalForestTopologyDiscovery.FindPrimaryDS()
at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.Discover()
at Microsoft.Exchange.Directory.TopologyService.ADTopologyDiscovery.DoWork(CancellationToken cancellationToken)
at Microsoft.Exchange.Directory.TopologyService.Common.WorkItem
at System.Threading.Tasks.Task.Execute()
at Microsoft.Exchange.Directory.TopologyService.TopologyDiscoveryManager.EndGetTopology(IAsyncResult ar)
at Microsoft.Exchange.Directory.TopologyService.TopologyService.InternalEndGetServersForRole(IAsyncResult result)
at Microsoft.Exchange.Directory.TopologyService.TopologyService.<>c__DisplayClassa.b__9()
at Microsoft.Exchange.Directory.TopologyService.TopologyService.ExecuteServiceCall(Action action)
Error 2142: MSExchangeADTopolgy
Process Microsoft.Exchange.Directory.TopologyService.exe (PID=2664) Forest . Topology discovery failed, error details
Active Directory server is not available. Error message: Active directory response: The LDAP server returned an unknown error..
So at this point I run a DCDIAG on the PDC (let’s call is DC1, where the only other DC will be called DC2):
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
Home Server = dc1
- Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: dc1
Starting test: Connectivity
......................... dc1 passed test Connectivity
Doing primary tests
Testing server: dc1
Starting test: Advertising
Fatal Error:DsGetDcName (dc1) call failed, error 1355
The Locator could not find the server.
......................... dc1 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... dc1 passed test FrsEvent
Starting test: DFSREvent
......................... dc1 passed test DFSREvent
Starting test: SysVolCheck
......................... dc1 passed test SysVolCheck
Starting test: KccEvent
......................... dc1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... dc1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... dc1 passed test MachineAccount
Starting test: NCSecDesc
......................... dc1 passed test NCSecDesc
Starting test: NetLogons
......................... dc1 passed test NetLogons
Starting test: ObjectsReplicated
......................... dc1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,Replications Check] Inbound replication is
disabled.
To correct, run "repadmin /options dc1 -DISABLE_INBOUND_REPL"
[Replications Check,dc1] Outbound replication is disabled.
To correct, run "repadmin /options dc1 -DISABLE_OUTBOUND_REPL"
......................... dc1 failed test Replications
Starting test: RidManager
......................... dc1 passed test RidManager
Starting test: Services
w32time Service is stopped on [dc1]
NETLOGON Service is paused on [dc1]
......................... dc1 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:28:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:33:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0xC00038D6
Time Generated: 01/18/2019 08:34:23
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:38:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:42:48
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:43:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:48:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:53:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 08:58:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:03:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:08:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:13:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:18:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 01/18/2019 09:23:59
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
......................... dc1 failed test SystemLog
Starting test: VerifyReferences
......................... dc1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on :
Starting test: CheckSDRefDom
......................... <domain> passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... <domain> passed test CrossRefValidation
Running enterprise tests on : .com
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... <domain>.com failed test LocatorCheck
Starting test: Intersite
......................... <domain>.com passed test Intersite
To top this all off, DC2 was acting up so I restarted it. It no longer boots into Windows, instead I get this BSOD:
STOP: c00002cb Security Manager Accounts Manager initialization failed because of the following error: The system cannot find the file specified.
What a cluster, right?
Forgot to add an important query, netdom query fsmo:
«The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.»
Inlcuding the list of domain roles via NTDSUtil:
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server dc3
Binding to dc3 …
Connected to dc3 using credentials of locally logged on user.
server connections: q
fsmo maintenance: select operation target
select operation target: list roles for connected server
Server «dc3» knows about 5 roles
Schema — CN=NTDS Settings,CN=DC3,CN=Servers,CN=mgaming,CN=Sites,CN=Configuration
,DC=mgaming,DC=com
Naming Master — CN=NTDS Settings,CN=DC3,CN=Servers,CN=mgaming,CN=Sites,CN=Config
uration,DC=mgaming,DC=com
PDC — CN=NTDS Settings,CN=DC3,CN=Servers,CN=mgaming,CN=Sites,CN=Configuration,DC
=mgaming,DC=com
RID — CN=NTDS Settings,CN=DC3,CN=Servers,CN=mgaming,CN=Sites,CN=Configuration,DC
=mgaming,DC=com
Infrastructure — CN=NTDS Settings,CN=DC3,CN=Servers,CN=mgaming,CN=Sites,CN=Confi
guration,DC=mgaming,DC=com
select operation target: q
fsmo maintenance: q
ntdsutil: q
——NEW results after some work——
netdom query fsmo:
Schema master DC1.domain.com
Domain naming master DC1.domain.com
PDC DC1.domain.com
RID pool manager DC1.domain.com
Infrastructure master DC1.domain.com
The command completed successfully.
dcdiag:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: <domain>DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: <domain>DC1
Starting test: Advertising
Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
A warning event occurred. EventID: 0x80000829
Time Generated: 01/18/2019 15:58:54
Event String:
This directory partition has not been backed up since at least the f
ollowing number of days.
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,Replications Check] Inbound replication is
disabled.
To correct, run "repadmin /options DC1 -DISABLE_INBOUND_REPL"
[Replications Check,DC1] Outbound replication is disabled.
To correct, run "repadmin /options DC1 -DISABLE_OUTBOUND_REPL"
......................... DC1 failed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
w32time Service is stopped on [DC1]
......................... DC1 failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0002719
Time Generated: 01/18/2019 15:10:16
Event String:
DCOM was unable to communicate with the computer MRInterCA01.<domain>
.com using any of the configured protocols.
An error event occurred. EventID: 0xC0000428
Time Generated: 01/18/2019 15:10:16
Event String:
The terminal server cannot install a new template-based certificate
to be used for Transport Layer Security (TLS) 1.0Secure Sockets Layer (SSL) aut
hentication and encryption. The following error occured: The RPC server is unava
ilable.
An error event occurred. EventID: 0xC0002719
Time Generated: 01/18/2019 15:15:17
Event String:
DCOM was unable to communicate with the computer MRInterCA01.<domain>
.com using any of the configured protocols.
An error event occurred. EventID: 0xC0000428
Time Generated: 01/18/2019 15:15:17
Event String:
The terminal server cannot install a new template-based certificate
to be used for Transport Layer Security (TLS) 1.0Secure Sockets Layer (SSL) aut
hentication and encryption. The following error occured: The RPC server is unava
ilable.
An error event occurred. EventID: 0xC0002719
Time Generated: 01/18/2019 15:20:21
Event String:
DCOM was unable to communicate with the computer MRInterCA01.<domain>
.com using any of the configured protocols.
An error event occurred. EventID: 0xC0000428
Time Generated: 01/18/2019 15:20:21
Event String:
The terminal server cannot install a new template-based certificate
to be used for Transport Layer Security (TLS) 1.0Secure Sockets Layer (SSL) aut
hentication and encryption. The following error occured: The RPC server is unava
ilable.
......................... DC1 failed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : <domain>
Starting test: CheckSDRefDom
......................... <domain> passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... <domain> passed test CrossRefValidation
Running enterprise tests on : <domain>.com
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... <domain>.com failed test LocatorCheck
Starting test: Intersite
......................... <domain>.com passed test Intersite
Добрый день.
На одном из 2-х серверов Exchange появляется эта ошибка.
Почитал вот это: https://social.technet.microsoft.com/Forums/en-US/cacf7b98-50a9-4c3f-ba01-f061b7d9442c/exchange-2016-event-error-4127-msexchange-adaccess?forum=Exch2016GD
и вот это: https://social.technet.microsoft.com/wiki/contents/articles/51374.exchange-2016-troubleshooting-event-id-4127.aspx
С репликацие в домене всё ок (по крайненй мере DCDiag ошибок не показывает) пересоздание директории Powershell не помогает.
Собственно текст ошибки:
Log Name: Application
Source: MSExchange ADAccess
Date: 17-Sep-19 17:38:52
Event ID: 4127
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER01.domain.local
Description:
Process powershell.exe (PID=31640). Component: Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. —> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling
the Microsoft Exchange Active Directory Topology service on server ‘TopologyClientTcpEndpoint (localhost)’. Error details: Access is denied.. —> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass33_0.<InternalServiceProviderGetServersForRole>b__0(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
— End of inner exception stack trace —
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.GetRootOrgContainer(String partitionFqdn, String domainController, NetworkCredential credential)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ConfigurationSettings.ADConfigDriver.<>c__DisplayClass16_0.<LoadSettings>b__0()
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
— End of inner exception stack trace —. Unable to load application settings. Exception: ‘%4’
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»MSExchange ADAccess» />
<EventID Qualifiers=»49152″>4127</EventID>
<Level>2</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=»2019-09-17T14:38:52.321071200Z» />
<EventRecordID>2958977</EventRecordID>
<Channel>Application</Channel>
<Computer>EXTRA01.device.local</Computer>
<Security />
</System>
<EventData>
<Data>powershell.exe</Data>
<Data>31640</Data>
<Data>Microsoft.Exchange.Data.Directory.ConfigurationSettingsADNotificationException: Error running AD operation. —> Microsoft.Exchange.Data.Directory.ADTopologyUnexpectedException: Unexpected error when calling the Microsoft Exchange
Active Directory Topology service on server ‘TopologyClientTcpEndpoint (localhost)’. Error details: Access is denied.. —> System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Exchange.Data.Directory.TopologyDiscovery.ITopologyClient.GetServersForRole(String partitionFqdn, List`1 currentlyUsedServers, ADServerRole role, Int32 serversRequested, Boolean forestWideAffinityRequested)
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.<>c__DisplayClass33_0.<InternalServiceProviderGetServersForRole>b__0(IPooledServiceProxy`1 proxy)
at Microsoft.Exchange.Net.ServiceProxyPool`1.TryCallServiceWithRetry(Action`1 action, String debugMessage, WCFConnectionStateTuple proxyToUse, Int32 numberOfRetries, Boolean doNotReturnProxyOnSuccess, Exception& exception)
— End of inner exception stack trace —
at Microsoft.Exchange.Data.Directory.ServiceTopologyProvider.GetConfigDCInfo(String partitionFqdn, Boolean throwOnFailure)
at Microsoft.Exchange.Data.Directory.TopologyProvider.PopulateConfigNamingContexts(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.TopologyProvider.GetConfigurationNamingContext(String partitionFqdn)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ADSystemConfigurationSession.GetRootOrgContainer(String partitionFqdn, String domainController, NetworkCredential credential)
at Microsoft.Exchange.Data.Directory.SystemConfiguration.ConfigurationSettings.ADConfigDriver.<>c__DisplayClass16_0.<LoadSettings>b__0()
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.RunADOperation(ADOperation adOperation, Int32 retryCount)
at Microsoft.Exchange.Data.Directory.ADNotificationAdapter.TryRunADOperation(ADOperation adOperation, Int32 retryCount)
— End of inner exception stack trace —</Data>
</EventData>
</Event>
У Exchange 2007 Достаточно регулярно на новом оборудовании стали появляться ошибки Event ID 2501 и Event ID 2604.
Периодичность появления примерно 15 минут.
Что характерно: сайт доступен и контроллеры домена рабочие.
Первая ошибка:
|
Тип события: Ошибка Источник события: MSExchange ADAccess Категория события: Общие Код события: 2501 Дата: 05.04.2011 Время: 9:44:26 Пользователь: Н/Д Компьютер: EXCHANGE—SERVER Описание: Процесс MSEXCHANGEADTOPOLOGY (идентификатор процесса=1384). Монитору сайта не удается проверить текущее имя сайта: вызов=DsctxGetContext, код ошибки=8007077f. |
И вторая ошибка:
|
Тип события: Ошибка Источник события: MSExchange ADAccess Категория события: Общие Код события: 2604 Дата: 05.04.2011 Время: 10:14:26 Пользователь: Н/Д Компьютер: EXCHANGE—SERVER Описание: Процесс MSEXCHANGEADTOPOLOGY (идентификатор процесса=1384). При обновлении параметров безопасности доступа (RPC) для службы топологии Exchange Active Directory серверу Exchange не удалось получить дескриптор безопасности для объекта сервера Exchange EXCHANGE—SERVER. Код ошибки =8007077f. Служба топологии Exchange Active Directory продолжит работу с ограниченными разрешениями. |
Причина как оказалась – в том что сетевой интерфейс стартует поздно.
Варианты лечения:
1. Поставить запуск служб Exchange с “автоматический” на “ручной”. Стартовать скриптом через “net start”шедуллером.
2. Просто перезапустить службу “Служба топологии Microsoft Exchange Active Directory”. Перезапуск занимает некоторое время так как выполняется много зависимых перезапусков служб. После перезапуска (2-5 минут) проблема исчезает.
Все не так и страшно, как казалось в понедельник утром, после обновления контроллера домена с Windows 2003 до 2008 R2. Загвоздка в одином параметре локальной политики.
Тогда же утром я наблюдал следующее:
— «Не удалось подключиться к серверу каталога» сообщал пользователям интерфейс OWA в браузере а мне пользователи по телефону.
— ошибки в журнале событий сервера Exchange от MSExchange ADAccess с ID 2130 «Процесс w3wp.exe (OWA) (идентификатор процесса=3336). Поставщик Active Directory Exchange не смог обнаружить доступный контроллер домена«
— ошибки в журнале событий сервера Exchange от MSExchange ADAccess с ID 2114 «Процесс MSEXCHANGEADTOPOLOGYSERVICE.EXE (идентификатор процесса=1392). Произошла ошибка при обнаружении топологии, ошибка 0x80040a02 (DSC_E_NO_SUITABLE_CDC).«
При этом DCDIAG отсутсвием ошибок говорил о правильном переносе контроллера домена на новую ОС.
С помощью интернетов удалось локализовать и обнаружить причину ошибок. На новом контроллере домена серверу Exchange был закрыт доступ на управление журналами аудита и безопасности.
Решение: Оснастка «Локальная политика безопасности» на контроллере домена — «Локальные политики» — «Назначение прав пользователя» — «Управление аудитом и журналом безопасности» — добавить Серверы Exchange и Серверы предприятия Microsoft Exchange — обновить политику gpupdate /force
И как результат, благодарность от Exchange в журнале событий с ID 2113 «Процесс MSEXCHANGEADTOPOLOGYSERVICE.EXE (идентификатор процесса=1392). Сервер Exchange Server в данный момент имеет право на аудит безопасности на контроллере домена»