Question

  • Creator
    Topic
  • #2146130

    Recipient update service: Authentication failed — DC1 does not take over

    Locked

    by gunther.imbrechts ·

    Hello,

    I have an issue with the LDAP bind to one of our two domain controllers.
    Recently I did a test shutting down first our primary domain controller, DC1,
    which is both GC server and holds all the FSMO roles. Our Exchange server
    EXCH1, authenticated without any issue to our second DC, DC2. Now following
    the error messages EXCH1 reported when DC2 was shut down (DC1 was already
    booted and was connected to the network):

    LDAP Bind was unsuccessful on directory DC2.contoso.domain.com for
    distinguished name ”. Directory returned error:[0x51] Server Down.

    The Win32 API call ‘DsGetDCNameW’ returned error code [0x54b] The specified
    domain either does not exist or could not be contacted. The service could
    not be initialized. Make sure that the operating system was installed
    properly.

    Could not open LDAP session to directory ‘DC2.contoso.domain.com’ using
    local service credentials. Cannot access Address List configuration
    information. Make sure the server ‘DC2.contoso.domain.com’ is running.

    Couldn’t find an accessible writable domain controller for domain
    ‘DC=contoso,DC=domain,DC=com’.

    Could not open LDAP session to directory ‘DC2.contoso.domain.com’ using
    local service credentials. Cannot access Address List configuration
    information. Make sure the server ‘DC2.contoso.domain.com’ is running.
    DC=contoso,DC=domain,DC=com

    DSACCESS returned an error ‘0x80004005’ on DS notification. Microsoft
    Exchange System Attendant will re-set DS notification later.

    Process MAD.EXE (PID=2096). All Domain Controller Servers in use are not
    responding:
    DC2.contoso.domain.com
    DC1.contoso.domain.com

    Does anybody have an idea why this happened? DC1 was running perfectly at
    the moment. Only this error was generated, but a two minutes before the
    shutdown of DC2:

    Active Directory was unable to establish a connection with the global catalog.

    Additional Data
    Error value:
    1355 The specified domain either does not exist or could not be contacted.
    Internal ID:
    3200cf3

    User Action:
    Make sure a global catalog is available in the forest, and is reachable from
    this domain controller. You may use the nltest utility to diagnose this
    problem.

    Does that have anything to do with it? When I do a nltest /dsgetdc:domain
    /GC then he does not show my DC1, only the second. But DC1 is, like DC2, a
    Global catalog. Could it be that the problem is somewhere there? With replmon
    he showed me that both DC1 and DC2 are Global catalogs and domain
    controllers. Dcdiag /test:dns gives this result:

    Auth Basc Forw Del Dyn RReg Ext

    PASS WARN PASS PASS PASS WARN n/a

    Domain: contoso.domain.com

    ……………………. contoso.domain.com passed test DNS

    Repl Monitor gives no error messages. All FSMO roles reside on DC1. Domain
    functional level is Windows 2000 native. One last thing: is it normal that I
    get this result on DC1 when I type “sc query ntds”:

    [SC] EnumQueryServicesStatus:OpenService FAILED 1060:

    The specified service does not exist as an installed service.

    Thanks for some advice!

    G?nther

All Answers

Viewing 0 reply threads