This week I demoted an older domain controller, one which originally hosted the FSMO roles, though they had been moved off. The demotion went just as expected, server was rebooted, everything appeared to be fine.
As a side note, Exchange 2010 had been installed and all Exchange services and mailboxes migrated a few weeks prior to this demotion…
Shortly after demoting this server, an Exchange Administrator tried to open the Exchange Management Console to create a new mailbox and “discovered” that they couldn’t see anything. Mail was flowing, the Exchange services were started, OWA worked, etc, but the system could not be managed. For example, when expanding the Server Configuration menu, if we clicked Mailbox, we were told there were not mailbox servers in the organization. If we clicked Client Access, we were told there were no client access servers in the organization, etc, etc.
When opening the properties of a mailbox user, clicking on any tab displayed an error message stating that Exchange could not read from a domain controller. This was not looking very good….
Reviewing the Application Event Log revealed many “MSExchange Configuration Cmdlet – Remote Management” errors with Event ID’s 4 and 5. Event ID 4 displayed the following text on the General information tab:
(PID 10132, Thread 24) Task Get-UserPrincipalNamesSuffix writing error when processing record of index 0. Error: Microsoft.Exchange.Data.Directory.SuitabilityDirectoryException: An Active Directory error 0x51 occurred when trying to check the suitability of server ‘DEMOTED DOMAIN CONTROLLER‘. Error: ‘Active directory response: The LDAP server is unavailable.’ —> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
Fortunately for us, the answer to our problem was found pretty quickly with the Microsoft KB article:
Basically it says, “It is correct that the DC, mentioned in the application log is not available. The server may have been demoted, nevertheless Exchange still tries to connect to the unavailable DC. This obsolete Information is cached in an EMC file in the Windows profile with whom user has logged into the server.”
Sure enough, a cached EMC file was found within the Windows profile for the Exchange Administrators.
Once deleted, we were able to administer the Exchange 2010 system without the Domain Controller read errors. One more thing to keep in mind….when I originally deleted the EMC cache file for one administrator, I was unaware that he had a disconnected remote session with the EMC open. The errors continued until we closed the EMC and deleted the cache file once again. So if you deleted the EMC cache file and the error still continues, it may be because an RDP session was disconnected with the EMC open.