Exchange on-prem and Global Catalog Servers
Hi everyone, We have an Exchange 2016 server on windows server 2016. And there are 3 DC and GC server that Exchange uses. I listed them with Get-ExchangeServer -Identity “ServerName” -status | fl command. One of the GC server is Server 2012 and the others are server 2016. I noticed repeated error messages on Application logs event viewer about the 2012 server. The message is below: What must we do? Get-Notification -Summary "True" contoso.com/Users/Administrator S-1-5-21-4142341382-305344678-3004717128-500 S-1-5-21-4142341382-305344678-3004717128-500 Local-ECP-Unknown 5204 w3wp#MSExchangeECPAppPool 123 00:00:00.0350004 View Entire Forest: 'True', Configuration Domain Controller: 'DC2012.contoso.com', Preferred Global Catalog: 'DC2012.contoso.com', Preferred Domain Controllers: '{ DC2012.contoso.com }' Microsoft.Exchange.Data.DataSourceOperationException: The request failed. The underlying connection was closed: An unexpected error occurred on a send. ---> Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The underlying connection was closed: An unexpected error occurred on a send. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest, Boolean renegotiation) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.Data.Storage.Management.EwsHttpWebRequestEx.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request) --- End of inner exception stack trace --- at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request) at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ValidateAndEmitRequest(IEwsHttpWebRequest& request) at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute() at Microsoft.Exchange.WebServices.Data.ExchangeService.FindFolders(FolderId parentFolderId, SearchFilter searchFilter, FolderView view) at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.InvokeServiceCall[T](Func`1 callback) --- End of inner exception stack trace --- at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.InvokeServiceCall[T](Func`1 callback) at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.GetOrCreateFolderCore(String folderName, FolderId parentFolder, Func`1 creator) at Microsoft.Exchange.Data.Storage.Management.AsyncOperationNotificationDataProvider.GetDefaultFolder() at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.get_DefaultFolder() at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.<>c__DisplayClass24_0`1.<InternalFindPaged>b__0() at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.InvokeServiceCall[T](Func`1 callback) at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.<InternalFindPaged>d__24`1.MoveNext() at Microsoft.Exchange.Data.Storage.Management.AsyncOperationNotificationDataProvider.<GetNotificationDetails>d__17.MoveNext() at Microsoft.Exchange.Configuration.Tasks.GetTaskBase`1.WriteResult[T](IEnumerable`1 dataObjects) at Microsoft.Exchange.Management.StoreTasks.GetNotification.InternalProcessRecord() at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1() at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed) ServerOperation Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The underlying connection was closed: An unexpected error occurred on a send. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) --- End of inner exception stack trace --- at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size) at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest, Boolean renegotiation) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetResponse() at Microsoft.Exchange.Data.Storage.Management.EwsHttpWebRequestEx.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse() at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request) --- End of inner exception stack trace --- at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request) at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ValidateAndEmitRequest(IEwsHttpWebRequest& request) at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest`1.Execute() at Microsoft.Exchange.WebServices.Data.ExchangeService.FindFolders(FolderId parentFolderId, SearchFilter searchFilter, FolderView view) at Microsoft.Exchange.Data.Storage.Management.EwsStoreDataProvider.InvokeServiceCall[T](Func`1 callback) False 0 objects execution has been proxied to remote server. 0 ActivityId: 381df104-eb5c-440b-9ec4-5441b0b6bf21 ServicePlan:;IsAdmin:True;Server 2019 Domain Controllers: lsass.exe terminated unexpectedly with status code -1073741819
Basically my issue matches https://learn.microsoft.com/en-us/answers/questions/612097/windwos-2019-lsass-exe-terminated-unexpectedly-wit?source=docs exactly. We have Server 2019 DCs running on VMware vSphere 7.0 U3c. The non-PDC DCs are randomly rebooting with the below event log message: EventID : 1074 MachineName : DC19** Data : {} Index : 544467 Category : (0) EntryType : Information Message : The process wininit.exe has initiated the restart of computer DC19RP on behalf of user for the following reason: No title for this reason could be found Reason Code: 0x50006 Shutdown Type: restart Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart. Source : User32 ReplacementStrings : {wininit.exe, DC19**, No title for this reason could be found, 0x50006...} InstanceId : 2147484722 TimeGenerated : 4/23/2023 5:07:58 AM TimeWritten : 4/23/2023 5:07:58 AM UserName : NT AUTHORITY\SYSTEM The servers are all patched to the current CU - 2023-04 (KB5025229), so they should all have the most recent KB I've found that addresses lsass.exe crashes (KB5010791) installed. I've also noticed that shortly before the lsass.exe crash, there will be an event log similar to the one below, although each references a different WMI filter: EventID : 1065 MachineName : DC19** Data : {} Index : 544466 Category : (0) CategoryNumber : 0 EntryType : Error Message : The processing of Group Policy failed. Windows could not evaluate the Windows Management Instrumentation (WMI) filter for the Group Policy object cn={***},cn=policies,cn=system,DC=fabrikam,DC=com. This could be caused by RSOP being disabled or Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Make sure the WMI service is started and the startup type is set to automatic. New Group Policy objects or settings will not process until this event has been resolved. Source : Microsoft-Windows-GroupPolicy ReplacementStrings : {4, 714, 0, 136750...} InstanceId : 1065 TimeGenerated : 4/23/2023 5:07:58 AM TimeWritten : 4/23/2023 5:07:58 AM UserName : NT AUTHORITY\SYSTEM Once the server is back up and running after the reboot crash, WMI appears to be working fine, and I'm not seeing any other errors specifically referencing WMI itself in the period leading up to the crash.Cannot Sign into Edge on Domain Controllers running Windows Server 2019 Standard
I know this is more of an Edge issue than a Server issue, but it's specific to Server 2019 Standard running as a domain controller, so I'm starting here. Edge version: 108.0.1462.76 (Official build) (64-bit) OS: Windows Server 2019 Standard (Build 17763.3770) When I launch Edge on any of my 23 Domain Controllers running Windows Server 2019, I am unable to sign into Edge with my "work or school" account (my AD/AAD credentials). I have no issues signing into Edge on Server 2019 member servers. When I first launch Edge on a member server, it automatically logs me in and gives me the below screen: However, when I launch Edge on a domain controller I get this: After clicking "Sign in to sync data", I get an MS login window: Then, upon typing in my AD/AAD credentials, I get a popup window with the below message: We can't sign you in right now The Microsoft Edge team has been notified of this issue. Please try again later. Error code: 3, 15, -2146893039 edge://signin-error/ Any suggestions?
RPC server is unavailable
After latest update in Monday (11.1.2022), our Windows server 2019 domain controller was crashing every 4 minutes or so After trying to log in via RD or Hyper-V, server replied "RPC server is unavailable" and crashed. I fixed the issue with removing virtual network switch for DC (I guess removing network cable will work similarly), logging in and uninstalling update KB5009557. Hope this helps somebody.
Exchange 2013 with 2019 domain controller
Hi Current environment: Exchange 2013 CU23 2008r2 Domain - Running at 2008r2 domain & forest functional level I know from the Exchange server matrix that Ex2013 is not supported in a full 2019 Active Directory environment, but my question is; can I add a 2019 domain controller into a 2008r2 domain (keeping the forest & domain functional level at 2008r2) keeping the Exchange server pointed at the 2008r2 DCs without any issues? I ask because I know that once you promote a 2019 server to a DC the Schema version goes from 47 (2008r2) to 88 (2019) and I do not know if this affects 2013 Exchange even if still pointed at writeable DC + GC on 2008r2. Thanks for any adviceMultiple domain controllers and domain time server
I maintain existing solutions, almost never setting up an entire new network. One of my customers has three DC's (DC1, DC2, DC3). When running nltest /dsgetdc:<DomName> /timeserv on the servers I'm getting different results. Some times pointing to DC1, some times DC3. W32tm /query /source also gives varying results, some looking to free running clock, some to a DC, some to CMOS. I've read this https://docs.microsoft.com/en-us/services-hub/health/remediation-steps-ad/configure-the-root-pdc-with-an-authoritative-time-source-and-avoid-widespread-time-skew about network time servers. The customer's Default Domain Controller Policy (group policy) has the following settings enabled - Configure Windows NTP Client - Enable Windows NTP Client - Enable Windows NTP Server With the settings in place, on the Default Domain Controller Policy (which is applied to each of the DC), wouldn't it make each DC fight over who is the time server for the domain? Thank you in advance.
Move and Rename Computer Object Despite Slow DC Syncronization
At my workplace, I configure properties of computer objects in my domain using PowerShell. Specifically, I change the name of a computer, then move it to its respective organizational unit. Seems simple enough, right? Unfortunately, my Powershell script only works intermittently due to domain controllers not syncing fast enough? Allow me to explain exactly what happens by showing commands. Note that each command works fine when run separately. $computername = 'oldname' $newcomputername = 'newname' $path = 'someworkingpath' Rename-Computer -ComputerName $computername -NewName $newcomputername -DomainCredential $credential -Restart Get-ADComputer -ComputerName $newcomputername | Move-ADObject -TargetPath $Path After Rename-Computer is executed, the name is changed, but changes are slow to synchronize across the 10 other domain controllers in my domain. Then once Get-ADComputer is executed, the newcomputername cannot be located. Changing the Get-ADComputer command to get the $oldcomputername causes strange behavior. Given that I do not have access to change domain controller settings myself, is there anything I can do to make these commands run one after the other despite having domain controllers that are slow to sync?
Windows Server 2012 - Replication Event on Secondary Domain Controller
We are looking for a way to track when a user account was created/delete/changed on the secondary domain controller. When we make the change on the primary, I can see the event in the event log but we want to see that replication event on the secondary domain controller. I'm not sure what I'm looking for and we have so many logon/logoff events that the event log only holds 2-3 minutes of data before filling up. Since it takes time to replicate, I can't catch the event. I've gone into the group policy settings for the domain controllers and turned on advanced audit for the replication service but it's really only showing me that it was able to talk to the other domain controller, not what was actually replicated. I'm hoping there is a way that we can track the change, even if it is as simple as something like a change was made. It doesn't have to be in great detail. If maybe someone knows what event id is that I need to look for then I can filter through and find it. Maybe I'm looking in the wrong place all together? Any help would be greatly appreciated.
