Home > Computers > Sure Raise the FFL & DFL…No Problem

Sure Raise the FFL & DFL…No Problem

UPDATE: The Exchange Team blog also wrote about this recently. http://blogs.technet.com/b/exchange/archive/2015/02/13/considering-updating-your-domain-functional-level-from-windows-2003-read-this.aspx

They say raising the Forest Functional Level (FFL) & Domain Functional Level (DFL) aren’t a big deal…won’t affect anything. Well apparently I found one of the rare instances where it does & in a big noticeable way. About 9 hours after raising both the FFL & DFL from 2003 to 2008 R2, Exchange 2010 just stopped working. Long story short, restart the KDC service on all DC (or reboot if you can). I also rebooted all Exchange servers for good measure.

As you can see I’m not the only one:

http://visualplanet.org/blog/?p=20

http://www.winsysadminblog.com/2013/02/fixing-kdc-authentication-problems-when-upgrading-your-domain-and-forest-functional-level-from-2003-to-2008-r2/

Here were some of the errors I was getting:

Log Name: Application
Source: MSExchangeRepl
Date: 11/12/2013 6:36:54 PM
Event ID: 4123
Task Category: Service
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Failed to get the boot time of witness server ‘dc01.domain.com’. Error: The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:40:35 PM
Event ID: 2114
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MAD.EXE (PID=8580). Topology discovery failed, error 0x80040952 (LDAP_LOCAL_ERROR (Client-side internal error or bad LDAP message)). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, “Microsoft LDAP Error Codes.” Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:41:23 PM
Event ID: 2103
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=10908). All Global Catalog Servers in forest DC=domain,DC=com are not responding:
DC02.domain.com
DC01.domain.com
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:42:14 PM
Event ID: 2130
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process w3wp.exe () (PID=4212). Exchange Active Directory Provider could not find an available domain controller in domain DC=domain,DC=com. This event may be caused by network connectivity issues or configured incorrectly DNS server. This event may also occur if you have not configured correctly your multiple Active Directory sites.
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:44:23 PM
Event ID: 2604
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGY (PID=10908). When updating security for a remote procedure call (RPC) access for the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object ABCEX01 – Error code=80040934.
The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions.
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:44:23 PM
Event ID: 2102
Task Category: Topology
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=10908). All Domain Controller Servers in use are not responding:
DC02.domain.com
DC01.domain.com
 
 
Log Name: Application
Source: MSExchange ADAccess
Date: 11/12/2013 6:47:23 PM
Event ID: 2501
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Process MSEXCHANGEADTOPOLOGY (PID=10908). The site monitor API was unable to verify the site name for this Exchange computer – Call=HrSearch Error code=80040934. Make sure that Exchange server is correctly registered on the DNS server.
 
 
Log Name: Application
Source: MSExchangeRepl
Date: 11/12/2013 6:48:14 PM
Event ID: 4116
Task Category: Service
Level: Error
Keywords: Classic
User: N/A
Computer: EX01.domain.com
Description:
Failed to resolve the fully qualified domain name for the short name ‘EX02’. Verify that the computer account exists. Other operations may fail because of this problem. Error: An Active Manager operation failed with a transient error. Please retry the operation. Error: The fully qualified domain name for node ‘EX02’ could not be found because of a problem accessing Active Directory: Could not find any available Global Catalog in forest domain.com.
Advertisements
  1. Andre Winkler
    October 24, 2014 at 9:12 am

    Hi,

    we got same problem here. In our case it was additionally an entry in the HOSTS of the Domaincontrollers, with the name and ip address of itself. After deleting this and reboot everything works fine.

    • patrickhoban
      October 24, 2014 at 12:08 pm

      HOSTS file entries on a Domain Controller, ugh.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: