Question

Locked

Recipient update service: Authentication failed -- DC1 does not take over

By gunther.imbrechts ·
Hello,

I have an issue with the LDAP bind to one of our two domain controllers.
Recently I did a test shutting down first our primary domain controller, DC1,
which is both GC server and holds all the FSMO roles. Our Exchange server
EXCH1, authenticated without any issue to our second DC, DC2. Now following
the error messages EXCH1 reported when DC2 was shut down (DC1 was already
booted and was connected to the network):

LDAP Bind was unsuccessful on directory DC2.contoso.domain.com for
distinguished name ''. Directory returned error:[0x51] Server Down.

The Win32 API call 'DsGetDCNameW' returned error code [0x54b] The specified
domain either does not exist or could not be contacted. The service could
not be initialized. Make sure that the operating system was installed
properly.

Could not open LDAP session to directory 'DC2.contoso.domain.com' using
local service credentials. Cannot access Address List configuration
information. Make sure the server 'DC2.contoso.domain.com' is running.

Couldn't find an accessible writable domain controller for domain
'DC=contoso,DC=domain,DC=com'.

Could not open LDAP session to directory 'DC2.contoso.domain.com' using
local service credentials. Cannot access Address List configuration
information. Make sure the server 'DC2.contoso.domain.com' is running.
DC=contoso,DC=domain,DC=com

DSACCESS returned an error '0x80004005' on DS notification. Microsoft
Exchange System Attendant will re-set DS notification later.

Process MAD.EXE (PID=2096). All Domain Controller Servers in use are not
responding:
DC2.contoso.domain.com
DC1.contoso.domain.com

Does anybody have an idea why this happened? DC1 was running perfectly at
the moment. Only this error was generated, but a two minutes before the
shutdown of DC2:

Active Directory was unable to establish a connection with the global catalog.

Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal I
3200cf3

User Action:
Make sure a global catalog is available in the forest, and is reachable from
this domain controller. You may use the nltest utility to diagnose this
problem.

Does that have anything to do with it? When I do a nltest /dsgetdc:domain
/GC then he does not show my DC1, only the second. But DC1 is, like DC2, a
Global catalog. Could it be that the problem is somewhere there? With replmon
he showed me that both DC1 and DC2 are Global catalogs and domain
controllers. Dcdiag /test:dns gives this result:

Auth Basc Forw Del Dyn RReg Ext


PASS WARN PASS PASS PASS WARN n/a

Domain: contoso.domain.com

......................... contoso.domain.com passed test DNS

Repl Monitor gives no error messages. All FSMO roles reside on DC1. Domain
functional level is Windows 2000 native. One last thing: is it normal that I
get this result on DC1 when I type "sc query ntds":

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

The specified service does not exist as an installed service.


Thanks for some advice!

G?nther

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums