Boswell's Q&A

Exchange Bites Back

Installation of Exchange on a domain controller leads to nasty results. Plus, NT support for some will be an issue in 2005.

• By Bill Boswell
• 10/26/2004

Question: I'm busy troubleshooting an Exchange 2003 Enterprise installation on a 2-node Windows 2000 cluster. The servers in the cluster were once a DC and a GC that were demoted prior to the Exchange installation. There have been a few problems that we solved but I'm stuck with one last set of errors:

EventID: 9149 Microsoft Exchange System Attendant failed to start Exchange server 'MAIL'. Error code '0x800705b4'.
Event ID: 1031 One of the System Attendant's task is blocked. Function: ScStartVM
Event ID: 1031 One of the System Attendant's task is blocked. Function: ScGetTaskState
Event ID: 1003 MS Exchange System Attendant: Failed to bring the resource online.
Event ID: 1047 Metabase Update failed to properly initialize its context. It will retry initialized every 60 seconds until succeeds or shutdown is requested.

I reinstalled Exchange several times and also the service pack. This did not resolve the problem. Any clues why this might happen?
— Erwin

Get Help from Bill Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column. When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Answer: Before I could figure out the cause of Erwin's errors, he wrote back to say that he had isolated the problem to a missing ASP.NET account. This problem is documented in KB article 822575, "Metabase Update Service Stops After You Demote an Exchange Server 2003 Domain Controller to a Member Server."

In brief, Exchange 2003 requires ASP.NET to function properly. When you install IIS and ASP.NET prior to installing Exchange, a new local account is created called ASPNET. This account provides a security context for any ASP.NET applications, which includes Exchange 2003. The account is created when the ASP.NET component of IIS is installed.

Here's where the situation gets a little convoluted. When you install ASP.NET on a domain controller, the ASPNET account is created in Active Directory. All domain controllers running ASP.NET share this account. In Erwin's case, when the two nodes of the cluster were demoted from a DC and a GC to member servers, the ASPNET accounts were lost. Without them, Exchange could not properly make use of IIS and that caused the Event Log errors.

Erwin was able to partially resolve the problem by removing and reinstalling the ASP.NET component of IIS. This created a new local ASPNET account. Unfortunately, Outlook Mobile Access (OMA) was unable to function properly with this newly created account.

The only completely sure fix involved removing and reinstalling IIS completely. This required reinstalling Exchange and SP1 (documented in KB article 323672, "Exchange Routing Engine Service Does Not Start Automatically or Manually After You Remove IIS and Then Reinstall It").

Erwin assured me in a later e-mail that he was not responsible for the original Exchange installation. I'm sure he would agree that the root cause of this problem was the failure to install Exchange on a pristine server.

It's also a lesson in the Law of Unexpected Consequences. Other than in a Small Business Server environment, it's not a good idea to install Exchange on a domain controller. There are too many subtle dependencies that can come back to bite you in later years.

Orphanware at an NT Server Near You
In last week's column, I asked for feedback from administrators who still have NT domains or signficant numbers of NT servers.

Kevin wrote to say that he works for a local government agency that has vive NT servers, including two Citrix terminal servers. They plan on replacing the terminal servers with Windows 2003 servers and converting one of the application servers to Linux. As for the other two, Kevin seems resigned to leaving them on NT. "Whenever they die, management will have to make some kind of decision."

Charlie is an administrator in a large university with a central IT staff that appears to be slow in getting off the starting line with their AD migration. He writes that the migration "started over one-and-a-half years ago and all that's happened is a pilot user migration of tech workers, a migration of one small department and new user's accounts being created in the AD domain (Even that didn't happen until a few months ago!)." When speaking of the complexity in doing the migration as a cause for the delay, Charlie says, "I can't blame Microsoft for this; they've given us plenty of time. Fear, poor planning and bad project management are to blame. I'll talk about the department that's still using Netware 3 some other time."

Feel free to write with your own story about the countdown to NT 4 End-Of-Life. I have a feeling that the poet T.S. Eliot foresaw the final hours of NT 4. It will end "not with a bang but a whimper."