interview question and answer

November 11, 2012

Event ID: 9176 error logged on Exchange 2007 server


We had a client last week who suffered a SAN failure which required them to restore SAN snapshots that were a month old.  I won’t go into the details of the situation but I was brought in to bring their directory services up and determine what course of action we could take.  To make a long story short, they had most of their infrastructure virtualized with only 1 physical domain controller named DC2.  The virtualized environment which included DC1 and their Exchange server was restored but since DC1 was a snapshot, the event logs were littered with errors about USN rollback.  From here on, I had the choice of either fixing the USN rollback to get DC1 operational OR use DC2 which had a more recent directory services database up and fix the rest of the infrastructure servers.  I personally did not want to lose all the changes they made to their Active Directory and therefore opted to use DC2. 

Problem
After I completed seizing the FSMO roles from DC1 and rejoined the Exchange server to the domain, I began to notice that the Exchange server continuously logged the following error:
NSPI Proxy can contact Global Catalog DC1.domain.local but it does not support the NSPI service. After a Domain Controller is promoted to a GLobal Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot DC1.domain.local as soon as possible.
image
Solution
What threw me off was that DC1 was no longer on the network and I had completely removed the domain controller’s metadata with NTDSUtil and all records in DNS.  After reviewing the event logs a few more times, I began remembering that I had come across an article a few years ago (don’t ask me how I remember) that had a fix for an Outlook Anywhere issue.  The article required registry changes on the Exchange server which referenced an NSPI Target Server.  From there on, I did a search on Google and finally found that article here:
Not surprisingly, I reviewed the registry for the keys and found references to DC1 hardcoded into the registry.  What I ended up doing was updating the registry keys to the appropriate DC, DC2, and the event errors went away.
image
image
image 
Hope this helps anyone that may come across this problem.

No comments: