GC transfer and ex transfer recording for Exchange disaster recovery

Source: Internet
Author: User
Tags microsoft outlook adsi edit

At first, a server with an ip address 192.168.0.1 (a) was used as a separate dc. In a single dc Domain environment, nat was performed on the firewall netscreen. The dc was used as an external mailex2k server, later, two ibm servers were added, and two other dc servers were created. The ip addresses were 192.168.0.6 as the proxy server ISA and B), and 192.168.0.10 as the mail server ex2k, called c ), global Directory gc is a 192.168.0.1), pdc, rid, and basic structure are all a. Later I want to downgrade and disable a, and perform global directory, pdc, rid, all infrastructure servers are set to B. After the server is restarted, a is removed from the network and the client logon domain is very slow. Later, some client gateways point to a and change it ), in addition, the system fails to log on to the ex2k and prompts that the exchange Server cannot be found. A total of three typical error logs are displayed on the server: event id: 9176, 5778, and 36872. The content of the last two types is as follows:
Event Type: Warning
Event Source: Schannel
Event category Directory: None
Event Identification Code: 36872
Date: 2003/8/14
Time: 07:19:58 pm
User: Not applicable
COMPUTER: B
Description:
This system does not have a suitable Default Server Authentication. This prevents server applications that are pre-authenticated by the system from accepting SSL connections. The Directory Server is such an example. Manage your own authenticated applications, such as the internet Information Server.
Event Type: Information
Event Source: NETLOGON
Event category Directory: None
Event Identification Code: 5778
Date: 2003/8/14
Time: 07:14:28 pm
User: Not applicable
COMPUTER: B
Description:
Ɖ RD01 'tries to identify its platform in the DS Configuration \ Sites \ Subnets container by looking for an IP address (192.168.0.131. The sub-network that matches the IP address cannot be found. Consider adding a sub-network object for this IP address.
I found a 9176 solution, Microsoft said:
XADM: error message: Network Problems Are Preventing Connection to the Microsoft Exchange Server Computer
The information in this article applies:
· Microsoft Exchange 2000 Server
Symptom
After the Global Catalog Server is rebuilt, The MAPI client, such as Microsoft Outlook, cannot connect to the Exchange 2000 Server computer. The Outlook client may receive one of the following error messages:
The name cocould not be resolved. Network problems are preventing connection
The Microsoft Exchange Server Computer. Contact your system administrator if
This condition persists.
Unable to expand the folder. The set of folders cocould not be opened.
Information store cocould not be opened.
You may be able to access your mailbox using Internet Message Access Protocol version 4rev1 (IMAP4) and Post Office Protocol Version 3 (POP3.
In the application log of the Exchange 2000 Server, the following events may be recorded:
Event Type: Error
Event Source: MSExchangeSA
Event Category: (11)
Event ID: 9176
Date: 9/30/2000
Time: 9:58:21 AM
User: N/
Computer: EXCHANGESRVR
Description: NSPI Proxy can contact Global Catalog GCName but it does not support
The NSPI service. After a Domain Controller is promoted to a Global Catalog,
Global Catalog must be rebooted to support MAPI Clients. Reboot GCName as soon as possible.
For more information, click http://www.microsoft.com/contentredirect.asp.
If you restart the Global Catalog server, the problem cannot be fixed. Before this problem occurs, the Outlook 2000 and later clients connected to the server can still be connected. However, the new client connection attempt will not succeed. The reason for this is the cache value generated by the Smart Client function and the rfr api retrieved by the Directory Service.
Cause
This problem occurs because the name service provider interface (NSPI) is not published by the Global Catalog server.
Solution
This problem is fixed in Windows 2000 Service Pack 3 (SP3.
Alternative Method
To solve this problem, downgrade the identity of the domain controller from the Global Catalog server, restart the Global Catalog server, and then upgrade the domain controller to the Global Catalog server again.
Note: For information about upgrading a Windows 2000 Domain Controller to a Global Catalog Server, see Windows 2000 Server online help.
After the domain controller reports that it is successfully published as a Global Catalog server by recording event ID 1119 in the directory service Event Log), restart the server to publish the NSP interface.
Stop and restart the Exchange service, or restart the Exchange Server computer. The Exchange Server should now be able to connect to the Global Catalog Server.
More information
For more information about the Directory Service retrieval, click the following article number to view the article in the Microsoft Knowledge Base:
256976 XCLN: How MAPI Clients Access Active DirectoryMAPI client Access Active Directory)
302914 XCCC: How Outlook 2000 Accesses Active DirectoryOutlook 2000 How to access Active Directory)
Notes about upgrading the Windows 2000 Domain Controller to a Global Catalog server, and how to use the Global Catalog Partition Occupancy registry value to indicate the Global Catalog upgrade process, before publishing itself, complete other information for copying all name contexts. Click the following article number to view the article in the Microsoft Knowledge Base:
304403 XADM: Exchange Considerations for Promoting a Domain Controller to a Global Catalog
Notes about Exchange when the Server upgrades the domain controller to a Global Catalog Server) http://support.microsoft.com/default.aspx? Scid = kb; zh-cn; 280401)
Later, under the guidance of Friday, I learned that the key to gc migration was to allow the new and old forces to coexist for about two hours. So I went to the free overtime test one afternoon,
In the past, the identity of a was downgraded and immediately stopped. After outlook login on all clients failed to pass the exchange2k verification. Yesterday I tested to downgrade the GC of, transfer the GC identity to the dc of B (including the operating host, pdc, rid, infrastructure ). let the two dc servers run in parallel for about two hours, so that the original gc information is fully copied to the new gc, and the previous outlook login exchange2k verification error does not exist, however, it may be because of a dns error. All users cannot browse the internet (including the server). event a with the id of 1265 appears on a, and it appears every 15 minutes.
Event Type: Warning
Event Source: NTDS KCC
Event-like consistency lookup Program
Event awareness: 1265
Date: 2003/8/18
Time: 18:46:31
User: unavailable
Telephone:
Description:
When creating a dynamic route table with the following numbers:
Disk separation: CN = Schema, CN = Configuration, DC = gsmc, DC = com, DC = cn
Source dsa dn: CN = NTDS Settings, CN = MAILSRV, CN = Servers, CN = gsmc, CN = Sites,
CN = Configuration, DC = gsmc, DC = com, DC = cn
Origin DSA address: 50231c98-b38f-459b-af50-bc9c6e1d1ed8. _ msdcs.gsmc.com.cn
Station region (if any): CN = IP, CN = Inter-Site Transports, CN = Sites, CN = Configuration, DC = gsmc, DC = com, DC = cn
However, if this operation fails, the following error messages are returned:
The DSA operation cannot perform failover because the DNS response fails.
The record is just a few clicks. This operation will be re-executed.
MATERIALS:
0000: 4c 21 00 00 L !..
I found that:
As per Microsoft: "If this error is being reported for Active Directory
Replication between two domain controllers of different domains which have
A parent/child or tree root trust relationship, this error may be due to
Absent critical object that represents the trust relationship between the two domains ."
Status: "The DSA operation is unable to proceed because of a DNS lookup failure." See Q319202,
This issue occurs because the DNS Database does not have a service (SRV) resource record for
Domain controller.
Microsoft prompts the following KB:
SYMPTOMS
When you try to replicate changes between replica partners in Active Directory directory service
Sites and Services, you may receive the following error message:
The following error occurred during the attempt to synchronize the domain controllers.
The naming context is in the process of being removed or is not replicated from the specified server.
An event ID message that is similar to the following may also be logged in the System event log:
Event ID: 1265
Source: NTDS KCC
Type: Warning
Category: Knowledge Consistency
The attempt to establish a replication link with parameters
Partition: DC = yourinfo, DC = com Source dsa dn: CN = NTDS Settings, CN = NT5-PCI-20, CN = Servers, CN = GSCIntranet, CN = Sites, CN = Configuration, DC = child, DC = yourdomain, DC = com
Source DSA Address:
YourDomainController. YourDomain.com
Inter-site Transport (if any ):
Failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure. The record data
Is the status code. This operation will be retried. CAUSE
This issue occurs because the DNS Database does not have a service (SRV) resource record
For the YourDomainController.YourDomain.com domain controller.
RESOLUTION
To resolve this issue, follow these steps:
1. Ping the Domain Controller. To do so, type YourDomainController.YourDomain.com at
Command prompt, and then press ENTER.
If you receive a reply that the ping request cocould not find the host, the domain controller's
SRV record is not populated in the DNS Database.
2. Check the configuration of DNS and make sure that Allow Dynamic Updates is enabled.
To do this, follow these steps:
1. Click Start, point to Programs, click Administrative Tools, and then click DNS.
2. Expand the DNS folder.
3. Expand the Forward Lookup Zones folder.
4. Right-click the folder, and then click Properties.
5. In the Allow Dynamic Updates box, click Yes.
6. Click OK.
7. Stop and then restart DNS.
3. Stop and then restart the Netlogon service on YourDomainController.
By doing this, you force the domain controller to register the appropriate SRV records.
Change is then replicated to DNS.
STATUS
Microsoft has confirmed this to be a problem in Microsoft Windows 2000.
I checked a's dns-Forward Lookup Zones-Properties, and now it supports dynamic updates, and I also restarted the dns and netlogon services. however, this error event still appears every 15 minutes.
Later, I finally found some problems yesterday. You should pay attention to the one in event 1265: CN = MAILSRV. This mailsrv may have a header. It was a test server created by the water cargo network management system before I came here, it was first used as a separate dc. then I went to the ad site and the domain console to check whether there was a site containing two dc servers: mailsrv and mailserver. the two dc servers are useless now. so I right-click to delete it .... Result prompt: The ads component cannot be deleted. After a while, find the method on the M $ website, install win2k tools, modify it With adsi, and delete unnecessary dc. The problem is solved, no error message is displayed in the event.
Now I started again. My original intention was to completely remove a from my dc group. I found that once I stopped a, the common user would still be unable to find the exchange error. at this time, I had to take a deep breath and start to find some problems. I suddenly found that I had to select an ex master server when creating a user. Why ?? So I create a new user, select "ex server" as "B", turn off "a", and test "--------- audience, OK... Everything is normal, so I can use exchage tasks to move mailbox to migrate the mailbox to B, so that a is killed. So I put my hands on it... The world is quiet ........
To sum up, there are several problems: gc, dns error prompt caused by host migration. Solution: Delete the dc with expired or deprecated. (you need to install windows2000 surport tools and use adsi edit in it)
Ex2k migration causes an incorrect outlook login resolution name. Solution: Use the move mailbox method in tsks to migrate the mailbox.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.