Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Thu, 15 Sep 2005 19:41:50 +0200,    group: microsoft.public.exchange2000.active.directory.integration        back       


GAL? What GAL?    
In the beginning, there was an user who opened his Outlook, tried to log on 
to the new Exchange 2003 server, and was promptly rejected with a message 
saying that his name couldn't be found in the users list.
The company called an external conslutant (me), and this is what, after lots 
of struggling, I was able to understand (if it makes any sense at all).


The company was implementing a Windows 2003 domain, with its DCs/DNSs and 
the clients using them.

The company's ISP sold them a firewall which, even if fully opened, 
interacted really badly with Microsoft's DNS service: the server wasn't able 
to forward any query at all to external servers, so no Internet name 
resolution was available.

The admins couldn't get the ISP to change or properly configure the 
firewall, but noted that only the server wasn't able to resolve queries: any 
other program running on their computers (up to and including NSLOOKUP) 
could. So they tried to bypass the problem by telling all the computers to 
use the ISP's DNS, instead of their own one.

As anyone can imagine, complete chaos begun.

The LAN is heavily subnetted, so even NetBIOS broadcasts weren't enough to 
find domain controllers. WINS was then thrown in the mix.

Everything seemed to work; clients could authenticate (altough somewhat 
slowly), and could open web pages.

The, they tried to set up some server applications like Symantec antivirus 
and some definitely overpowered backup software. They begun seeing more and 
more errors about unavailable domain controllers, so tought something like 
"well, if you need a DC, I'll give you one", and proceeded to promote each 
and every server in the company to DC.

They somewhat managed to get them (and their applications) up and running, 
and only by not knowing what they had done (and never, ever looking at the 
event logs) were they able to survive the shame.

Actually, there were almost 15 domain controllers, *NONE OF WHICH EVER 
REPLICATED WITH ANY OTHER*. Oh, sorry, they were not 15: some of them were 
test servers, so they disconnected them from the network and threw them 
away. Some of these DCs weren't existing anymore at all.

Oh, and did I mention that when they tried group policies, they weren't 
working *so* well? Like sometimes they were applied, and sometimes they 
weren't...

All of this worked (...somewhat...) until they installed Exchange 2003 (on 
another DC, of course). It apparently worked, but then, everytime an user 
tried to log on, he was greeted with a message saying he wasn't on the list 
of users, so goodbye. So, they tried *another* workaround, and directed 
users (only 15, thanks to this being only a test) to OWA and/or POP3, which, 
strangely enough, worked perfectly.

Now, I'm trying to bring some order into this, so, after two days spent on 
trying to understand what was happening, I applied SP1 to the "main" DC and 
DNS and it suddenly resolved Internet queries properly. I then proceeded to 
point every server to the right DNS, apply SP1 and demote it. I've narrowed 
down the AD to five DC's (some servers also have other problems and/or 
couldn't be rebooted), and tomorrow I'll try to demote the remaining ones. 
But at least they are properly replicating.

Thanks for reading. Now comes the question: since Exchange continues to give 
the same error when Outlook (and only Outlook!) clients try to connect, how 
can I make it work, even for long enough to export mailboxes before putting 
an end to its sufferings and re-installing from scratch?

The GAL in the System Manager is absolutely empty, altough when previewing 
the AD query it shows users correctly.
I've already tried running RUS, but it was useless. I don't know if the AD 
schema was properly extended, and I don't know if Exchange attributes were 
populated. I only know Exchange actually *works*, but it says users aren't 
there when using Outlook.

Can anybody please help?

Massimo
date: Thu, 15 Sep 2005 19:41:50 +0200   author:   Massimo

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us