Exchange can’t start due to misconfigured AD sites

Posted on by

Recently, a customer had issues with their Exchange server which didn’t start properly after rebooting. After checking out the Eventlog, I noticed the it was full of messages, generated by all services. The most interesting events were the ones generated by MSExchange ADAccess:

MSExchange ADAccess, EventID 2141
Process STORE.EXE (PID=2996). Topology discovery failed, error 0x8007077f

MSExchange ADAccess, EventID 2142

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1760). Topology discovery failed, error 0x8007077f

Also, the results of the active directory discovery process generated every 15 minutes, which are normally logging in event 2080, “Exchange Active Directory Provider has discovered the following servers with the following characteristics”, was missing.

Note that because the system could start the Microsoft Exchange Active Directory Topology service (until it failed and is restarted by dependent services), Exchange’s other services were also triggered, leading to almost indefinitely restarting services as configured in their corresponding service recovery actions sections.

Now, since I had connected to a domain controller using an RDP session from my client, and I was able to connect to port 389 (Global Catalog) from Exchange using LDP, so communications looked ok. Then, I switched to Active Directory Sites and Services:

image

As you can see from the shot, here was a potential cause of the problem. First, there was a site without domain controllers. Second, there were no subnets defined. So, in this situation, it is undetermined in which site Exchange is located.

When a system can’t be determined to which site a computer belongs, the function DSGetSiteName, used to retrieve the current site, returns an error 1919 0x77f (ERROR_NO_SITENAME). Consequently, the Exchange Active Directory discovery process fails and eventually Exchange fails. You can inspect the current discovered site using nltest /dsgetsite or by having a peek in the registry at HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteName.

Now, to solve the situation we have three options:

  1. Making the site association static using a registry key, which isn’t a best practice.If you must, set registry key HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SiteName (REG_SZ) to the desired site name;
  2. Adding proper subnet definitions;
  3. Remove the empty site definition.

It turned out the empty site was a place holder for a future site, so we went with the option of adding proper subnet definitions. After adding subnet definitions, like you normally should when working with multiple sites, including the scopes where the Exchange servers and domain controllers were located, and associating it with the main site, things started working again.

Note that the NetLogon service determines site association membership at startup and every 15 minutes. The Microsoft Exchange Discovery Topology service maintains this information by caching the information in the msExchServerSite attribute of the Exchange server object, in order to reduce load on active directory and DNS. Therefor, you might need to wait or restart Microsoft Exchange Discovery Topology  if you want to renew site association membership.

This entry was posted in Active Directory, Exchange Server and tagged , , , by Michel de Rooij. Bookmark the permalink.
Unknown's avatar

About Michel de Rooij

Michel de Rooij, with over 25 years of mixed consulting and automation experience with Exchange and related technologies, is a consultant for Rapid Circle. He assists organizations in their journey to and using Microsoft 365, primarily focusing on Exchange and associated technologies and automating processes using PowerShell or Graph. Michel's authorship of several Exchange books and role in the Office 365 for IT Pros author team are a testament to his knowledge. Besides writing for Practical365.com, he maintains a blog on eightwone.com with supporting scripts on GitHub. Michel has been a Microsoft MVP since 2013.

11 thoughts on “Exchange can’t start due to misconfigured AD sites

  4. Hi Michel,
    Need your expert advice. I have an exch 2013 set up in my organization. We need to demote the only DC /GC in site A where i have my exchange server. I Will still have 2 DC/GC’s in site B.i know this is not recommended but would it work at all ? what could be the possible aftermath

    Like

    Reply ↓

  10. Please I need assistance, what I am currently experiencing is similar but not entirely the same, I have 2 exchange server, Primary and the secondary, the secondary has just been deployed and moved to a new AD site associated to a new subnet, once we the secondary exchange server to the new AD site, we observed that all the services on the primary exchange which was working fine will stop working. not until we delete the AD site before services on the primary exchange will be restored. The Primary exchange is on the default AD site. Please I want to confirm if the resolution would work in this my scenario.

    Like

    Reply ↓

    • I am assuming you created a cluster. Both nodes in different AD sites is fine, with 2 servers it’s minimal setup for resilience. Are both nodes able to see each other and is traffic unrestricted? Is the 2nd node in the 2nd AD site able to access the witness? You might need to configure DAG network manually, Set-DatabaseAvailabilityGroup .. -ManualDagNetworkConfiguration $true, then New-DatabaseAvailabilityGroupNetwork .. -Name “Site1Network” -Subnets -ReplicationEnabled $true and another one for the other network in the other site. Make sure you defined both subnets for both in AD sites. For the witness, best practice is to place the witness in a 3rd site, when available. If not, you might want to engage DAC mode to prevent unplanned fail-overs/backs (DatacenterActivationMode DagOnly).|

      Like

      Reply ↓

Leave a comment