question

derSchweiger avatar image
0 Votes"
derSchweiger asked KaelYao-MSFT commented

Exchange On-Premise Login-Prompt after restarting redundant Domain Controller

Hello,

to explain our problem, it might be useful to first give you a quick overview over our infrastructure:

  • Exchange 2016 DAG (in sum 4 Exchange nodes)

  • 2 Domain Controllers (each W2k19) on-site


As mentioned, we've two Global Catalog Domain Controllers in the same AD-Site with the names dc01 and dc02. Our so called "CurrentConfigDomainController" (Get-ExchangeServer -Status | select Name, CurrentConfigDomainController) on each Exchange node is "dc01.domain.local". All Outlook clients are connecting via NTLM.

If we restart the second Domain Controller (dc02.domain.local) there is no problem at all. But if we restart the "CurrentConfigDomainController" (in this case dc01.domain.local) a big number of Outlook users get a login prompt. The event logs of the corresponding Exchange nodes don't show any errors - just the normal "current dc not available, switch to second dc" messages.

So the basic question is: Why do the users get this login prompt and is there a chance to solve this?



office-exchange-server-administrationoffice-exchange-server-connectivity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

KaelYao-MSFT avatar image
0 Votes"
KaelYao-MSFT answered KaelYao-MSFT commented

Hi @derSchweiger

I suppose it is the expected behavior.

If the Exchange server fails to connect to the current domain controller (which is listed in the CurrentConfigDomainController parameter) , it would try to connect to other domain controllers which are accessible.
The "current dc not available, switch to second dc" also indicates this process.

Since during this period, Exchange cannot extract the required information used for authentication from Active Directory.
The Outlook users would be unable to access their mailboxes.

To resolve this issue, I suppose you may need to manually configure the default domain controller to be the one which doesn't need to be restarted.
Or you may have to wait for the Exchange server changing the domain controller it uses.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @derSchweiger

I am writing here to confirm with you how thing going now?
Did the issue get resolved?

0 Votes 0 ·