Exchange 2010 running on 2012 server does not see new PDC

I have a 2012 server (S1) running exchange 2010. I also had a 2008 PDC (S2) and 2012 DC (S3). The 2008 PDC failed. I seized FSMO to the 2012 server (S3), but the exchange server (S1) does not see it. It pines for the dead 2008 server (S2).

Exchange server is not a DC. All servers are part of the same domain. The error I get on the exchange server is that an error occurred when trying to check the suitability of server 'S2'. Error 'Active directory response: The LDAP server is unavailable.

Help is needed. Thanks.



Exchange does cache the last DC it connected to. So a few questions.

1) Have you cleaned out the old DC's DNS records?
2) Did you clean up the metadata?
3) Did you remove the failed DC's computer account from active directory (users and computers as well as sites and services?)

And did you flush the DNS cache on the exchange server and reboot it *after* doing all of the above?



Exchange does cache the last DC it connected to. So a few questions.

1) Have you cleaned out the old DC's DNS records?
2) Did you clean up the metadata?
3) Did you remove the failed DC's computer account from active directory (users and computers as well as sites and services?)

And did you flush the DNS cache on the exchange server and reboot it *after* doing all of the above?



I have the exchange server now seeing the DC. I tried to delete this question, but you were too quick on the draw. (I used default DC and it then saw the old dead PDC and the new DC).

I don't know how to clean out the old DCs DNS records.
I don't know what metadata is
3) This is important - I think. I have not done this, don't know if I should, and don't know the right steps to do so.



1) You go through DNS and remove any records referencing the old server. Active Directory has several DC related zones so this is important, but not complicated.

2) Active Directory stores various details about domain controllers to assist in replication. When a DC is gracefully demoted, it is removed. But when one fails, that metadata can linger. There is a TechNet article on how to remove metadata using ntdsutil. It is only a few commands. Again, important, but not complicated.

3) Every computer in a domain has an account in ADUC. Removing the account is as simple as finding it in ADUC and deleting it. Similarly, sites and services holds information about some servers (including DCs.) Simply expand the various nodes, find your servers and their references, and delete them.

Fairly standard practice for a failed DC and there are several tutorials on the web. I'd recommend sticking to TechNet if possible and if you have that level of skill though, as following bad advice can be worse than just leaving things alone. Worst case, hire a consultant familiar with managing AD and have them assist.



Always good to have solid advice when faced with a tricky situation

Thanks



Share this

Related Posts

There was an error in this gadget