Event ID 2114 & 40961

[Matthew Blanshard]

I keep getting an Event Id 2114 for Source MSExchangeDSAccess every 15
minutes for Topology:

Process EMSMTA.EXE (PID=456). Topology Discovery failed, error
0x80040952.

The only other error I still have occuring (Possibly related) and have
yet to remove is Event ID 40961 for Source LSASRV every hour for
SPNEGO:

The Security System could not establish a secured connection with the
server ldap/127.0.0.1. No authentication protocol was available.

This always occurs with another identical error but has server
ldap/<virtual exchange server name>

I have checked all the DNS and no errors showing, checked credentials
in DHCP and am stuck for further ideas. (The 40961 error occurs on the
Virtual Exchange Server and the 2114 occurs on the DC1)

Setup is Windows Server 2003 Ent Cluster with Exchange 2003 Ent 2
nodes active/passive

Any help would be much appreciated.

[Matthew Blanshard]

I have turned full monitoring on for all the MSExchangeDSAccess
settings and I now have the following extra info:

I firstly get an error Event 2110

Process EMSMTA.EXE (PID=6752). Could not bind to DS server 127.0.0.1,
error 52 at port 389.

Then Event 2115

Process EMSMTA.EXE (PID=6752). DSAccess needs to close a connection to
the Domain Controller 127.0.0.1 due to error 0x80040952.

Which is repeated about 5 times followed by Event 2114

Process EMSMTA.EXE (PID=6752). Topology Discovery failed, error
0x80040952.

The Event Topology 2080 Shows the following:

Process STORE.EXE (PID=3576). DSAccess has discovered the following
servers with the following characteristics:
(Server name | Roles | Reachability | Synchronized | GC capable | PDC
| SACL right | Critical Data | Netlogon | OS Version)
In-site:
DC1.DOMAIN.local CDG 7 7 1 0 1 1 7 1
DC2.DOMAIN.local CDG 7 7 1 0 1 1 7 1
Out-of-site:

Please could someone shed some light on this?

[anon...@discussions.microsoft.com]

Do you also get any replication errors on your GC?

>.
>

[Matthew Blanshard]

No errors on GC replication. The errors also occur if I move the group
over to the other node. Exactly the same errors on both. It always
seems to be trying to authenticate with itself that leads to the
problem.

[Mauro Patrucco]

Hi Matthew.

I have a setup very similar: exchange 2003 enterprise on windows 2003
server enterprise: LS-CL01 and LS-CL02 are the cluster nodes, LS-MAIL
is the exchange virtual server. LS-CL01 and LS-CL02 are also Domain
Controllers.

On event viewer I keep getting Events 2114 from (application) and
40961 (system) from LS-MAIL. It seems that the virtual server's MTA
fail to connect to AD ... I've run setspn utility to list the
registered Services Principal Names on LS-MAIL

setspn -l LS-MAIL

Registered ServicePrincipalNames for
CN=LS-MAIL,CN=Computers,DC=xxxxxx,DC=local:
exchangeRFR/LS-MAIL
exchangeRFR/LS-MAIL.xxxxxx.local
exchangeMDB/LS-MAIL
exchangeMDB/LS-MAIL.xxxxxx.local
MSClusterVirtualServer/LS-MAIL.xxxxxx.local
MSClusterVirtualServer/LS-MAIL
HOST/LS-MAIL.xxxxxx.local
HOST/LS-MAIL

As you can see... there are no principal name for ldap. So I
registered them manually:

setspn -a ldap/LS-MAIL
setspn -a ldap/LS-MAIL.xxxxxx.local

And ... no more event ID 2114 and 40961! MSExchangeMTA on LS-MAIL
succesfully discorver all domain controllers on my domain.

I'm not sure that this works even if cluster nodes are not Domain
Controllers (if <active_node> is the active node, the ip address for
LS-MAIL "points" to <active-node>, so ldap/LS-MAIL is the same that
ldap/<active-node>, and <active-node> is a domain controller, so
accept LDAP requests)

This is not documented anywhere ... so if you plan to test this
solution, do that at your own risk! :-)

Hope that this help you.

m.bla...@medicsight.com (Matthew Blanshard) wrote in message news:<4f31d004.03111...@posting.google.com>...

[zilber]

Excellent, professional, 100% working solution for very annoying problem!
Thanks!

"Mauro Patrucco" <maur...@tin.it> wrote in message
news:badc84e.03112...@posting.google.com...