Friday, July 31, 2009

Dedicated Exchange Site - Child Domain Controllers

In a centralized Exchange environment with multiple child AD domains and multiple AD sites, the assumption was that multiple global catalog servers and domain controllers that were all members of the same domain as Exchange would be sufficient as long as they are placed in the same dedicated Exchange site.

However, turning MSExchange ADAccess\Topology logging up to expert will reveal information that the site would benefit by having child domain global catalog servers in the site.

Event Type: Information
Event Source: MSExchange ADAccess
Event Category: Topology
Event ID: 2129
Process w3wp.exe (OWA) (PID=5844). Exchange Active Directory Provider needs a Domain Controller in domain DC=childdomain,DC=corp,DC=mytestnetwork,DC=com. Found server

Going a bit further and tracking ntlm requests confirmed that under very heavy load the domain controllers will begin timing out when processing request due to the fact they have to send all of their cross domain traffic to out-of-site domain controllers which leads to the CAS servers not being able to log users in, web services being unavailable, etc.

Here's some additonal blogs regarding the issue:

No comments: