2601, 2604, and 2501 MSExchange ADAccess Event IDs when a Microsoft Exchange server restarts

Article ID: 2025528 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

After you restart an Exchange Server 2010 server that resides on a Windows Server 2008 R2 server, the following events are logged in the Application log:

Log Name: Application
Source: MSExchange ADAccess
Event ID: 2601
Task Category: General
Level: Warning
Keywords: Classic
User: N/A
Computer: Exchange Server
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1600). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=XXXXXXXXXXXXXXXXX,CN=Microsoft Exchange,CN=Services,CN=Configuration,...> - Error code=8007077f.
The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions

Log Name: Application
Source: MSExchange ADAccess
Event ID: 2604
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: Exchange Server
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1600). When updating security for a remote procedure call (RPC) access for the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the security descriptor for Exchange server object Exchange Server - Error code=8007077f.
The Microsoft Exchange Active Directory Topology service will continue starting with limited permissions

Log Name: Application
Source: MSExchange ADAccess
Event ID: 2501
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: Exchange Server
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1600). The site monitor API was unable to verify the site name for this Exchange computer - Call=DsctxGetContext Error code=8007077f. Make sure that Exchange server is correctly registered on the DNS server.

You may also see a NetLogon error of 5719 in the Application log.

CAUSE

When the server restarts, Windows queries Active Directory to determine the Active Directory Site information. On a Windows Server 2008 R2-based server, this operation sometimes fails. Additionally, Exchange Services performs a query for its Active Directory Site during the startup process. This query also fails. The causes of this lookup failure include, but are not limited to, the following:
  • Transient DNS failures
  • Transient issues with Domain Controllers
  • Transient network connectivity issues
  • Network switches that have the PortFast functionality disabled on the ports to which the Exchange servers connect
Windows will continue to try to determine its Active Directory Site name and will eventually succeed. However, Exchange does not retry the query, and the errors that are mentioned in the Symptoms section are logged in the Application log every 15 minutes.

RESOLUTION

After the server has been up for a minute or two, run NLTest /DSGetSite to verify that that the proper Active Directory Site is being returned by Windows. Once that has been verified, restart the MSExchange ADTopology service.

Warning Depending on the function of the Exchange Server 2010 server, restarting the MSExchange ADTopology service may result in an unplanned outage, and other services may have to be restarted.

WORKAROUND

To work around this issue, hardcode the Active Directory Site name in the registry. To do this, follow these steps:
  1. Click Start, click Run, type Regedit, and then press OK.
  2. Locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
  3. On the Edit menu, click New, and then click String Value.
  4. Type SiteName, and then press Enter.
  5. Right-click SiteName, click Modify, type the name of the Active Directory Site that the Exchange server belongs to in the Value data box, and then click OK.
  6. Exit Registry Editor, and then restart the computer to apply the change.
When you hardcode the Active Directory Site name, Windows will return the hardcoded site name in response to the query from Exchange. This behavior enables Exchange server to bypass any site name lookup failures.

MORE INFORMATION

For more information on Troublshooting AD isssues please see the following TechNet documentation:

Overview of Active Directory Troubleshooting
http://technet.microsoft.com/en-us/library/bb727052.aspx

Troubleshooting Active Directory—Related DNS Problems
http://technet.microsoft.com/en-us/library/bb727055.aspx

Nltest - Microsoft TechNet: Resources for IT Professionals
http://technet.microsoft.com/en-us/library/cc731935(v=WS.10).aspx


For additional Information on a related issue please see the following documentation:

Services for Exchange Server 2007 or Exchange Server 2010 cannot start automatically after you install Exchange Server 2007 and Exchange Server 2010 on a global catalog server
http://support.microsoft.com/kb/940845


Properties

Article ID: 2025528 - Last Review: October 24, 2011 - Revision: 6.0
APPLIES TO
  • Microsoft Exchange Server 2007 Standard Edition
  • Microsoft Exchange Server 2010 Enterprise
Keywords: 
KB2025528

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com