Exchange Setup and AD Replication Latency

Posted on by

When setting up Exchange, by default setup assumes the domain controller it talks to is up to date and replication is working almost instantly. Unfortunately, depending on your Active Directory configuration and replication scheme, this isn’t always guaranteed. In such cases, issues can arise of which one I would like to show below.

Note that the problem mentioned due to replication latency may also occur when running cmdlets or scripts.

A typical issue caused by replication lag is the following error which is shown when trying to install the Mailbox server role:

Active Directory operation failed on dc01.contoso.com. This error is not retriable. Additional information: The name reference is invalid.  This may be caused by replication latency between Active Directory domain controllers.  Active directory response: 000020B5: AtrErr: DSID-03152392, #1:  0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 200ab (homeMTA)

In the Exchange setup log you can notice something like the following pattern (in this case setup takes place from a sub domain):

[04/18/2012 09:59:15.0328] [2] Active Directory session settings for 'Enable-Mailbox' are: View Entire Forest: 'True', Configuration Domain Controller: 'dc01.nl.contoso.com', Preferred Global Catalog: 'dc01.nl.contoso.com', Preferred Domain Controllers: '{ dc01.nl.contoso.com }' <snip> [04/18/2012 09:59:36.0945] [1] 0.  ErrorRecord: Active Directory operation failed on dc01.contoso.com. This error is not retriable. Additional information: The name reference is invalid. This may be caused by replication latency between Active Directory domain controllers.

You can see the Domain Controller used for updating Active Directory is different than the one used for checking. Assuming replication is working correctly, you have several options to get around the situation, depending on whether you’re running setup or executing a cmdlet or script:

First, when running setup, you can use the /DomainController parameter to specify a Domain Controller setup should use, e.g.:

setup.com /Mode:Install /Role:Mailbox /DomainController:dc1.contoso.com

Alternatively, when running a cmdlet or script you can configure the Domain Controller to use by using Set-ADServerSettings in conjunction with the PreferredServer parameter, e.g.

Set-ADServerSettings –PreferredServer dc.contoso.com

Of course, there’s also a 3rd option which would be to wait for replication cycle. However, this could take a while, depending on the structure and replication scheme.

Note that the (potential) problem mentioned in this blog is the reason why you should let scripts stick to the same Domain Controller after picking one or respect the Set-ADServerSettings setting, preventing potential replication issues like this.

For more information on Set-ADServerSettings, consult TechNet here.

This entry was posted in Exchange Server and tagged , , by Michel de Rooij. Bookmark the permalink.
Unknown's avatar

About Michel de Rooij

Michel de Rooij, with over 25 years of mixed consulting and automation experience with Exchange and related technologies, is a consultant for Rapid Circle. He assists organizations in their journey to and using Microsoft 365, primarily focusing on Exchange and associated technologies and automating processes using PowerShell or Graph. Michel's authorship of several Exchange books and role in the Office 365 for IT Pros author team are a testament to his knowledge. Besides writing for Practical365.com, he maintains a blog on eightwone.com with supporting scripts on GitHub. Michel has been a Microsoft MVP since 2013.

2 thoughts on “Exchange Setup and AD Replication Latency

  1. Pingback: Exchange & Domain Controllers - Exchange 2010 - Pro-Exchange,Lync & Office 365

  2. Pingback: Exchange & Domain Controllers

Leave a comment