Event ID 2080 Detailing : Addressing Exchange 2019 Service Startup Failures

Posted by

Hello Everyone,

I hope you are all doing great. Today, I would like to share my experience with an issue we encountered after applying security patches and rebooting our Exchange 2019 server.

Issue

After installing the security patches and rebooting the server, the Exchange 2019 services were stuck in the starting stage.

Observation

We monitored the situation for 30 minutes, but nothing changed, and the services remained in the starting stage.

Troubleshooting

We suspected that the issue might be related to the security patching. We uninstalled the patches, but the problem persisted.

Event Viewer

Upon checking the Event Viewer, we found Event ID 2080, which indicated that the in-site domain controller was not reachable.

We were unable to ping the domain controller or establish an RDP session, although the server was reachable via its IP address.

Possible Causes

  1. Recently Changed IP Address: The IP address for the domain controller's hostname was recently changed by the AD team.
  2. Dynamic DNS (DynDNS) Configuration: The domain controller was configured in a Dynamic DNS (DynDNS) scope. There might be issues with the dynamic registration of DNS records, leading to the domain controller not being properly registered in DNS and making it unreachable by the Exchange server.
  3. DNS Scavenging: DNS scavenging settings can prematurely delete DNS records, including those of domain controllers. This can result in the domain controller being unreachable.

Resolution

We engaged the Active Directory team, and they resolved the DNS issue by running the following commands:

net stop dns
net start dns
net stop ntds
net start ntds
ipconfig /flushdns
ipconfig /registerdns

Understanding Event ID 2080

Overview Event ID 2080 is logged by the MSExchange ADAccess component in the Exchange Server application log. This event provides detailed information about the Active Directory (AD) servers that the Exchange server can use. It helps diagnose issues related to AD access by Exchange servers.

Event Details When Event ID 2080 is logged, it includes a table with several columns that describe the characteristics of the domain controllers and global catalog servers. Here's a breakdown of the key columns:

  • Server Name: The name of the domain controller.
  • Roles: Indicates the roles the server can perform for Exchange:
    • C: Configuration Domain Controller
    • D: Domain Controller
    • G: Global Catalog Server
  • Enabled: Shows whether the server is enabled for use by Exchange.
  • Reachability: Indicates if the server is reachable via TCP connections. The value is a bitwise OR of:
    • 0x1: Reachable as a Global Catalog server (port 3268)
    • 0x2: Reachable as a Domain Controller (port 389)
    • 0x4: Reachable as a Configuration Domain Controller (port 389)
  • Synchronized: Indicates if the server is synchronized.
  • GC Capable: Shows if the server is capable of being a Global Catalog server.
  • PDC: Indicates if the server is a Primary Domain Controller.
  • SACL Right: Shows if the server has the necessary permissions.
  • Critical Data: Indicates if the server holds critical data.
  • Netlogon Check: Shows the status of the Netlogon service.
  • OS Version: The operating system version of the server.

Example Breakdown





In Event ID 2080, the string "CDG 100000000" provides specific information about the characteristics and status of a domain controller (DC) or global catalog (GC) server that the Exchange server has discovered. Let's break down what each part of this string means:

CDG

  • C: Configuration Domain Controller - This indicates that the server can be used as a Configuration Domain Controller.
  • D: Domain Controller - This shows that the server can function as a Domain Controller.
  • G: Global Catalog Server - This means that the server can act as a Global Catalog Server.

When combined as "CDG," it signifies that the server can perform all three roles: Configuration Domain Controller, Domain Controller, and Global Catalog Server


100000000

This part of the string represents a series of binary flags that provide additional information about the server's status. Each digit in the binary sequence corresponds to a specific attribute:

  1. Enabled: The first digit (1) indicates that the server is enabled for use by Exchange.
  2. Reachability: The second digit (0) shows whether the server is reachable via TCP connections. In this case, 0 means it is not reachable.
  3. Synchronized: The third digit (0) indicates if the server is synchronized. Here, 0 means it is not synchronized.
  4. GC Capable: The fourth digit (0) shows if the server is capable of being a Global Catalog server. 0 means it is not GC capable.
  5. PDC: The fifth digit (0) indicates if the server is a Primary Domain Controller. 0 means it is not a PDC.
  6. SACL Right: The sixth digit (0) shows if the server has the necessary permissions. 0 means it does not have the SACL right.
  7. Critical Data: The seventh digit (0) indicates if the server holds critical data. 0 means it does not hold critical data.
  8. Netlogon Check: The eighth digit (0) shows the status of the Netlogon service. 0 means the Netlogon service is not running.
  9. OS Version: The ninth digit (0) represents the operating system version. 0 means the OS version is not specified or not relevant in this context
    .

Summary

In summary, "CDG 100000000" in Event ID 2080 indicates that the server can perform all three roles (Configuration Domain Controller, Domain Controller, and Global Catalog Server) but is currently not reachable, not synchronized, not GC capable, not a PDC, does not have the necessary permissions, does not hold critical data, and the Netlogon service is not running.

===================================================================

In Event ID 2080, the string "CDG 1 7 7 1 0 1 1 7 1" provides specific information about the characteristics and status of a domain controller (DC) or global catalog (GC) server that the Exchange server has discovered. Let's break down what each part of this string means:




CDG

  • C: Configuration Domain Controller - The server can be used as a Configuration Domain Controller.
  • D: Domain Controller - The server can function as a Domain Controller.
  • G: Global Catalog Server - The server can act as a Global Catalog Server.

When combined as "CDG," it indicates that the server can perform all three roles: Configuration Domain Controller, Domain Controller, and Global Catalog Server.

1 7 7 1 0 1 1 7 1

Each number in this sequence represents a specific attribute of the server:

  1. Enabled (1): The server is enabled for use by Exchange.
  2. Reachability (7): The server is reachable via TCP connections. The value 7 is a bitwise OR of:
    • 0x1: Reachable as a Global Catalog server (port 3268)
    • 0x2: Reachable as a Domain Controller (port 389)
    • 0x4: Reachable as a Configuration Domain Controller (port 389)
    • Combined, 0x1 | 0x2 | 0x4 = 0x7, meaning the server is reachable as all three roles.
  3. Synchronized (7): The server is synchronized. The value 7 indicates synchronization for all roles.
  4. GC Capable (1): The server is capable of being a Global Catalog server.
  5. PDC (0): The server is not a Primary Domain Controller.
  6. SACL Right (1): The server has the necessary permissions (SACL rights).
  7. Critical Data (1): The server holds critical data.
  8. Netlogon Check (7): The Netlogon service is running and functioning correctly. The value 7 indicates that all checks are passed.
  9. OS Version (1): The operating system version of the server is specified and relevant.

I hope this helps us in troubleshooting similar issues in the future. Happy learning! 🙂

Location: Chennai, Tamil Nadu, India

Comments

Post a Comment