I had an issue at a customers site where it was a vMWARE Virtualized environment and the Exchange 2010 server was randomly loosing access to Active Directory.  There were two Active Directory Domain Controllers with the Global Catalog role in the same Active Directory site as the Exchange 2010 server with 1GB LAN connectivity between the servers.

When the issue occurred Exchange 2010 would begin spitting the generic errors you receive whenever there is no Active Directory domain controller available.  Some examples of these errors:

Exchange2010-1

Log Name:      Application
Source:        MSExchange ADAccess
Date:          13/08/2012 9:01:56 AM
Event ID:      2103
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Exchange2010.domain.local
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1468). All Global Catalog Servers in forest DC=internal,DC=domain,DC=com are not responding:
DC1.domain.local
DC2.domain.local

 

Exchange2010-2

 

Log Name:      Application
Source:        MSExchange ADAccess
Date:          13/08/2012 8:58:37 AM
Event ID:      2114
Task Category: Topology
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Exchange2010.domain.local
Description:
Process STORE.EXE (PID=3788). Topology discovery failed, error 0x80040952 (LDAP_LOCAL_ERROR (Client-side internal error or bad LDAP message)). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, “Microsoft LDAP Error Codes.” Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

Exchange2010-3

 

Log Name:      Application
Source:        MSExchange AuditLogSearch
Date:          13/08/2012 8:58:37 AM
Event ID:      4001
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Exchange2010.domain.local
Description:
A runtime exception occured in AuditLogSearchServicelet while processing a request. Exception:
Microsoft.Exchange.Data.Directory.ADTransientException: Could not find any available Global Catalog in forest domain.local

When this issue was occurring I verified that the Exchange 2010 server was successfully talking to a domain controller in the same Active Directory site by issuing the following command from a command prompt:
NLTEST /DSGETDC:domain.local
The problem was with the Exchange 2010 application itself randomly loosing access to Active Directory. (For our customer it was happening at least once every 12-24 hours)
After further diagnosing I made the following changes to the Windows TCP Network stack on the Exchange 2010 server:
netsh int tcp set global chimney=disabled
netsh int tcp set global rss=disabled
netsh int tcp set global taskoffload=disabled
netsh int tcp set global autotuninglevel=disabled
On the Domain Controllers you could also restart the “Kerberos Key Distrubution Center” Service or restart the DC’s if they haven’t been done in a while.

 

Leave a Reply

Your email address will not be published. Required fields are marked *