Exchange 2000 Server Services May Not Start on a Windows 2000-Based Member Server (312467)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Exchange 2000 Server
This article was previously published under Q312467

SYMPTOMS

The Exchange 2000 services may not start on a Windows 2000 Server-based computer that is a member server in an Active Directory domain, you may receive the following error messages, and you may not be able to manually start the Exchange 2000 services after the computer starts:
MSExchangeSA,
Error,
General,
1005,
N/A,
Server,
Unexpected error the specified domain either does not exist or could not be contacted.
Facility: Win32 ID no: c007054b Microsoft Exchange System Attendant occurred.

-and-

MSExchangeDSAccess,
Error,
None,
2064,
N/A,
Server,
Process INETINFO.EXE (PID=1336). All the remote DS Servers in use are not responding.

CAUSE

This behavior can occur if you define local Internet protocol security (IPSec) policies that allow only secure communication between the Exchange 2000 server and the Global Catalog server.

RESOLUTION

To resolve this behavior, you can modify the IPSec policies on the Exchange 2000 server and on the Global Catalog server if you can lower network security in your environment. To do this, set the Security methods for the Filter properties to Accept unsecured Communication, but always respond using IPSec and Allow unsecured communication with non IPSec-aware computers so that there is a "fallback" to unsecured communication when IPSec is not available.

MORE INFORMATION

In a Netmon trace you can view unsecured communication attempts that occur when the computer starts. You can view unencrypted Domain Name System (DNS) frames that are never answered because the DNS server is set to allow only IPSec communication. If you are running the DNS server on the same computer as the Exchange 2000 server, you can work around this behavior. However, if you work around this behavior, the Exchange 2000 server sends unencrypted Lightweight Directory Access Protocol (LDAP) frames to the Global Catalog server that will never be answered because the Global Catalog server is set to allow only IPSec communication. When this occurs, the Exchange 2000 services do not work. The behavior is not resolved when you set Service Recovery to Restart Service and Interval 3 minutes.
Modification Type:MajorLast Reviewed:9/22/2003
Keywords:kbenv kbprb KB312467
©2003 Microsoft Corporation. All rights reserved.