Hi all, and thanks in advance for any and all help!
So my client had an SBS 2003 server that I migrated to SBS 2011 earlier this year. The migration went pretty well, but as I recall demoting the old server didn't go as smoothly as it should have. I worked through several "clean up xyz" guides back then and the only issue with the new server was a painfully slow Exchange console and shell. Trying to open the properties of something in the console would take well over a minute. I could modify settings just fine, but slow slow slow. I didn't find much info on the problem back then, but did try a few fixes to no avail.
Luckily, the client has had very stable employment since the upgrade and are just now adding a new employee. Went to create the user, great, and then the wizard attempts to create her mailbox and fails.
Active Directory operation failed on MYFQDN. This error could have been caused by user input or by theActive Directory server being unavailable. Please retry at a later time. Additional information: Additional information: The global catalog verification failed. The global catalog is not available or does not support the operation. Some part of the directory is currently not available.Active directory response: 000020E1: SvcErr: DSID-03200674, problem 5002 (UNAVAILABLE), data 0. + CategoryInfo : NotSpecified: (:) [Enable-Mailbox], ADPossibleOperationException
+ FullyQualifiedErrorId : 21EA16E9,Microsoft.Exchange.Management.RecipientTasks.EnableMailbox
Hrm, so the server can't reach itself? Weird. I attempt to ping it, which results in "General failure." Pinging itself via IPv4 works just fine. I attempted to disable IPv6 via the networking config, but then the server wouldn't boot so that's no good.
The server does have two NICs with one disabled (not just unplugged). They were out of order priority-wise so I corrected that. Still not able to ping itself via IPv6.
Adding itself to its own hosts file w/ 127.0.0.1 gets it pinging itself fine with FQDN, but that's not a great solution and still doesn't solve the mailbox creation issue.
Applied MS Fix It 50410 (Prefer IPv4 to IPv6), which allowed the server to boot fine and is now pinging its FQDN successfully. This also resolved my issues of a painfully slow console and shell.
I have turned off Windows Firewall, but no change.
Moving past the IPv6 ping issue, I've tried the following to solve the mailbox issue directly, but no luck:
1. Verified the Exchange Servers group is part of the "Manage audit and security log" setting in GPO.
2. Issued the create mailbox command via the shell as opposed to the console.
3. Removed any reference to the old server from DNS.
4. Removed any reference to the old server from AD Sites.
5. Added server to Domain Admins group (I know, ew!)
A few other notes:
1. Forest and domain functional levels are 2003.
2. Only item in event viewer when creating the mailbox:
Log Name: Application
Source: MSExchange ADAccess
Date: 12/23/2012 12:21:56 PM
Event ID: 2080
Task Category: Topology
Level: Information
Keywords: Classic
User: N/A
Computer: MYFQDN
Description:
Process MAD.EXE (PID=2560). Exchange Active Directory Provider has discovered the following servers with the following characteristics:
(Server name | Roles | Enabled | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:
MYFQDNCDG 1 7 7 1 0 1 1 7 1
Out-of-site:
---
After a dcdiag and some digging on the failures received, it's clear the server can't contact the GC, which is itself. I verified this by attempting to connect to the domain controller using the "Change Directory Server" tool and specifying the global catalog port (3rd to last test on http://technet.microsoft.com/en-us/library/cc756476(v=ws.10).aspx).
I hopped on my physical firewall and aside from being pretty sure there's no reason it should affect internal traffic, let alone traffic from a machine to itself, and also verified there are no blocks of any sort of the GC port.
Help!?
Thanks and happy holidays!