Exchange mail stops working when primary domain controller is down

Arkom Intarachot 1 Reputation point
2022-04-21T00:19:38.697+00:00

Hello,

I have Exchange server 2019 running in windows 2019 virtual machine. I have 3 domain controllers and GC enabled on two servers at HQ and one domain controller at branch site.
These three DC as running as logon server and replication between all domain controller is working fine.

My Issue: I have restarted primary domain controller for monthly windows pathing activity, At that point, It seem Exchange server not working.

Note: Each server is also a DNS server so both servers are listed in the DNS network connection. When this main DC is off there is still Internet connectivity

My Question: How to prevent Exchange server stop working when restart primary domain controller? Is it possible?

Arkom

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
6,527 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Kael Yao-MSFT 26,481 Reputation points Microsoft Vendor
    2022-04-21T03:10:52.73+00:00

    Hi Arkom,

    To me it seems to be the expected behavior.

    If the primary domain controller (or the domain controller Exchange is currently using) become unavailable,
    Exchange would lose connection with AD and it would keep trying to connect to this domain controller for about 15 minutes (you would see Event 2070 generated in the Event Viewer).
    It would not only affect mail flow but also client access.

    If it fails to connect during this period, Exchange would switch to connect to other available DCs found in Event 2080.

    Thus if possible, it is recommended to restart the domain controller during off work time.

    Another method is to specify another domain controller for Exchange to connect to, but it may also require a restart of the Exchange server to take effect.

    Here is a link discussing the same issue for your reference: Exchange server stops working when Domain Controller is restart.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Arkom Intarachot 1 Reputation point
    2022-04-21T03:52:18.197+00:00

    Hi KaelYao-MSFT,

    Thank you for you answer, Could you please guide me how to another method is to specify another domain controller for Exchange to connect to? I can't see final solution in link discussing.

    Thank you.
    Arkom


  3. Arkom Intarachot 1 Reputation point
    2022-04-29T08:07:04.843+00:00

    Hi KaelYao-MSFT,

    Thank you for your information that can help me. I don't have any questions.

    Thank you.

    Arkom


  4. Arkom Intarachot 1 Reputation point
    2022-06-16T09:01:31.7+00:00

    Hi
    I can resolved this issue!!

                Issue: Exchange not working if the primary active directory down ( Can’t send and receive email).  
                Case: Group Policy of Default Domain Controller policy., it was because the Computer Object was missing from the following Exchange Security Groups:  
    

    Step to resolved:

    1. Setup the Exchange lab environment.
    2. Check the warning Application event logs of exchange server. it says that the Audit Security Privilege on the domain controller......error below:
      211948-1.jpg

    The error we were receiving was due to the absence of the User Rights Assignment, Manage auditing and security logs. This right is granted to the Exchange Servers and Administrators built-in groups.
    3. Right-click on the Default Domain Controller policy and select Edit. This will launch the Group Policy Management Editor. Expand the following nodes. Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment
    4. Under User Rights Assignments double-click Manage auditing and security log.
    5. Exchange does not have Audit Security Privilege on the domain controller.
    6. Check the box Define these policy settings. Click Add User or Group and then Browse. From the Select Users and Computers dialog add Exchange Servers. Click Ok.
    211918-2.jpg
    7. Running “GPUPDATE /FORCE” from the command line on the problem domain controllers.
    8. Run command “Get-ExchangeServer | FL” for check the OriginatingServer point to the primary AD
    9. Try to disable network of the primary AD.
    10. Run command “Get-ExchangeServer | FL” for check the OriginatingServer point to the secondary AD.
    11. Check outlook web access that working fine, It can send and receive email.
    12. Try to disable network of Sthe secondary AD. Then check the OriginatingServer point to the primary AD.
    13. Check outlook web access that working fine, It can send and receive email.

    Good luck
    Arkom

    0 comments No comments