You are on page 1of 4

Support

2601, 2604, and 2501 MSExchange ADAccess Event IDs


when a Microsoft Exchange server restarts

SYMPTOMS
After you restart an Exchange Server 2010 server that resides on a Windows Server 2008 R2 server,
the following events are logged in the Application log:
Log Name: Application
Source: MSExchange ADAccess
Event ID: 2601
Task Category: General
Level: Warning
Keywords: Classic
User: N/A
Computer: Exchange Server
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1600). When initializing a remote procedure call (RPC)
to the Microsoft Exchange Active Directory Topology service, Exchange could not retrieve the SID
for account <WKGUID=XXXXXXXXXXXXXXXXX,CN=Microsoft
Exchange,CN=Services,CN=Configuration,...> - Error code=8007077f.
The Microsoft Exchange Active Directory Topology service will continue starting with limited
permissions
Log Name: Application
Source: MSExchange ADAccess
Event ID: 2604
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: Exchange Server
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1600). When updating security for a remote procedure
call (RPC) access for the Microsoft Exchange Active Directory Topology service, Exchange could
not retrieve the security descriptor for Exchange server object Exchange Server - Error
code=8007077f.
The Microsoft Exchange Active Directory Topology service will continue starting with limited
permissions

Log Name: Application


Source: MSExchange ADAccess
Event ID: 2501
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: Exchange Server
Description:
Process MSEXCHANGEADTOPOLOGY (PID=1600). The site monitor API was unable to verify the
site name for this Exchange computer - Call=DsctxGetContext Error code=8007077f. Make sure
that Exchange server is correctly registered on the DNS server.
You may also see a NetLogon error of 5719 in the Application log.

CAUSE
When the server restarts, Windows queries Active Directory to determine the Active Directory Site
information. On a Windows Server 2008 R2-based server, this operation sometimes fails.
Additionally, Exchange Services performs a query for its Active Directory Site during the startup
process. This query also fails. The causes of this lookup failure include, but are not limited to, the
following:
Transient DNS failures
Transient issues with Domain Controllers
Transient network connectivity issues
Network switches that have the PortFast functionality disabled on the ports to which the
Exchange servers connect
Windows will continue to try to determine its Active Directory Site name and will eventually
succeed. However, Exchange does not retry the query, and the errors that are mentioned in the
Symptoms section are logged in the Application log every 15 minutes.

RESOLUTION
After the server has been up for a minute or two, run NLTest /DSGetSite to verify that that the
proper Active Directory Site is being returned by Windows. Once that has been verified, restart the
MSExchange ADTopology service.

Warning Depending on the function of the Exchange Server 2010 server, restarting the
MSExchange ADTopology service may result in an unplanned outage, and other services may have
to be restarted.

WORKAROUND
To work around this issue, hardcode the Active Directory Site name in the registry. To do this,
follow these steps:
1. Click Start, click Run, type Regedit, and then press OK.
2. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
3. On the Edit menu, click New, and then click String Value.
4. Type SiteName, and then press Enter.
5. Right-click SiteName, click Modify, type the name of the Active Directory Site that the
Exchange server belongs to in the Value data box, and then click OK.
6. Exit Registry Editor, and then restart the computer to apply the change.
When you hardcode the Active Directory Site name, Windows will return the hardcoded site name
in response to the query from Exchange. This behavior enables Exchange server to bypass any site
name lookup failures.

MORE INFORMATION
For more information on Troublshooting AD isssues please see the following TechNet
documentation:
Overview of Active Directory Troubleshooting
http://technet.microsoft.com/en-us/library/bb727052.aspx
Troubleshooting Active DirectoryRelated DNS Problems
http://technet.microsoft.com/en-us/library/bb727055.aspx
Nltest - Microsoft TechNet: Resources for IT Professionals
http://technet.microsoft.com/en-us/library/cc731935(v=WS.10).aspx

For additional Information on a related issue please see the following documentation:
Services for Exchange Server 2007 or Exchange Server 2010 cannot start automatically after you
install Exchange Server 2007 and Exchange Server 2010 on a global catalog server
http://support.microsoft.com/kb/940845

Properties
Article ID: 2025528 - Last Review: 10/24/2011 08:28:00 - Revision: 6.0
Applies to
Microsoft Exchange Server 2007 Standard Edition
Microsoft Exchange Server 2010 Enterprise
Keywords:
KB2025528