The security database on the server does not have a computer account for this workstation trust relationship

Before few days ago I returned snapshot/checkpoint with scvmm and turned on virtual machine, but when I tried to logon with domain user I gave this message, „The security database on the server does not have a computer account for this workstation trust relationship“. I need to mention that snapshot/checkpoint was old only three hours.

I logged in with local Administrator account and removed server from the domain and again join to the domain. After restart I logged in with domain account but few services didn’t start. I again restarted server, tried to logon and I gave the same message „The security database on the server does not have a computer account for this workstation trust relationship“.

Solution/Workaround:

You need to do two things.

1. Reapply values in ADSI Edit (adsiedit.msc) or enter new if SPN missing.

    Open adsiedit.msc like on picture below and check settings inservicePrincipalName

2. Restart the computer.

3. Login on to your server with local Administrator account.

4. Change domain from FQDN to the short name. In my case ekobit.corp change toekobit_corp

5. Restart your server and Login as the domain user.

Relax your mind and enjoy .

NOTE: As you might know Winlogon service on Windows 7, Windows Server 2008 and Windows Server 2008 R2 Operating Systems use Kerberos logon. So the Service Principal Names (SPNs) need to be configured properly to support Kerberos Authentication.

Other Reference Articles:

Kerberos Authentication Problems:http://blogs.technet.com/b/askds/archive/2008/05/29/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx

Symptoms when secure channel is broken:http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx

Machine Account Password Process:http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx

1. What are Address lists?

A list used to organize the Global Address list into small, more manageable grouping. Address list in Microsoft Exchange server 2003 are formed through administrator-defined Light weight Directory Access Protocol queries

2. What is Global Address List (GAL)?

Global Address List is the Primary Address list that contains all Exchange objects in the entire organization and mail-enabled objects in the Microsoft Exchange server organization

3. Where from the GAL retrieved?

Global address list are formed through LDAP queries that filters the Mailbox enabled and mail enabled objects from the Active Directory. The GAL retrieved from the Global catalog servers.

4. How default GAL is created?

When we are installing exchange server 2003, the default address list are created by sending LDAP queries to Active directory users and groups and filters the users that are mailbox enabled and mail enabled.

What is Custom Address list?

Custom address list are the address list that we are creating by providing LDAP queries that filter and display the Address list with respect to users or departments

5. What is Default Address list?
Default Address list are similar to Global Address List, but in a distilled manner.

The default address lists are automatically created when Exchange Server is installed and there is no administration required.

6. What are the Default Address lists?

There are five Default Address lists. Following are the default address lists

• All contacts
• All groups
• All users
• Public folders
• Default Global Address List

7. What is Offline Address List?

Offline Address list are not unique, that is they are not different address list than the regular online address list. Offline Address list are used to make address list available to the users who are all not connected to network.

By default, Global address list is made to be default Offline Address List

8. What is the use of hiding a mailbox?

Hiding a mailbox is to prevent the E-mail address to appear in Global address List. If you are creating a mailbox to receive updates form antivirus and you don’t want to show the Email address in GAL or preventing internal users to send any mail to that particular mailbox from GAL

9. Where all the Exchange Address lists created and stored?

Exchange Address lists are created and stored in Active Directory container

10. What needs to be done so that the users on a mailbox store to be able to use an offline address list?

We have to assign a offline address list to a mailbox store on the properties of the Mailbox store

11. How to associate an offline address list to their mailbox store?

Right click a mailbox store, go to properties, browse next to offline address list, select the offline address list that u want to assign to the mailbox store. Click ok to apply the offline address list to mailbox store

12. How many GAL can appear in user’s Outlook Address book?

Only one GAL appears in users outlook address Book

13. How to view the address list preview?

Right click an address list from the address list container, go the properties of the address list and select preview

14. How to create additional Global Address List?

Start Exchange system manger, expand the recipient container, right click the all global address list and point to new global address list

15. How to create Custom Address list?

• Start Exchange system manger,
• Expand the recipient container, right click all Address list, point to new and then click Address list
• For the custom Address list type a name, click filter rules and then click advance tab
• From the field menu point to users and then department
• On the condition field, select is exactly from the menu
• Give the custom name, click add
• Click ok and click finish

16. What is the difference between additional Global Address List and Custom Address List?

Global Address list contains the full address list for the Exchange organization and the Custom address list are the address list that are created respect to that of our requirement

17. How to create a new offline address list?

• Right click the Address list from the recipient container, point to new and then click offline address list
• Type a name for the new offline Address list and then click browse to select a server to host the offline Address list
• After clicking next remove the default Global Address list form the list and if u want to add a particular address list add it to the list
• Click next and click finish

18. How to hide a User address from address list?

Go to active directory user and computers,

Go to the properties of the user that you want to hide from Address list. Navigate to Exchange Advanced Tab

Select the option to hide from Address list

19. How to hide Address list from users

Go to the properties of the Address list, point to security tab and select advanced button to open the advanced setting

Browse the users or group and set deny permission to open the Address list

20. Which service is responsible for keeping the Exchange address lists up to date?

Recipient Update service is responsible for keeping the exchange Address list up to date

21. What is Recipient Update Service?

Recipient update service updates the email address and distribution list membership and replicates this information on a schedule to other Microsoft Exchange Servers in the Domain

22. Besides keeping the Exchange address lists up to date, what other desirable function does the Recipient Update Service perform in the Exchange organization?

It also updates the distribution list membership to other Exchange Servers inside the domain

23. What are the basic steps to troubleshoot RUS?

The first step in troubleshooting the Recipient Update Service, like most other services is to check the Event Log, we are looking for the events that originated from the MSExchangeAL service.

The next step in troubleshooting the Recipient Update Service is to use ADSI Edit to check a mailbox that should appear in the Global Address List. We need to check and see if the "showInAddressBook" attribute is populated

If the "showInAddressBook" attribute is not populated, the Recipient Update Service may not yet have run, in most cases manually forcing the Recipient Update Service to run will resolve the problems.

24. How to access the RUS?

1. Start System Manager

2. On the Start menu, point to Programs,

3. point to Microsoft Exchange, then click System Manager.

4. In the console tree, double-click Recipients.

5. In the console tree, right-click Recipient Update Services,

25. What is the default preconfigured schedule for RUS?

Always Run schedule is the preconfigured option for RUS

26. Which two different instances are created of the Recipient Update Service?

The following are the two instances created in Recipient Update service

Recipient Update Service (Enterprise Configuration)

Recipient Update Service (Active Directory Domain)

27. What is Recipient Update Service (Enterprise Configuration)?

The Enterprise recipient update service is responsible for updating Email address of the recipients objects located in configuration partition of the domain controller

28. What is Recipient Update Service (Active Directory Domain)?

The Domain Recipient Update Service is responsible for updating recipient objects located in the Active directory

29. What are the group types?

Two types of groups are the

• Security Group
• Distribution Group

30. What is Distribution Group?

A type of Microsoft Windows Server 2003 Active Directory group that is used to define e-mail distribution lists. Distribution Group has no security context and cannot be used to grant permission to resources, but they are useful for grouping users that share a common purpose, such as all employees at a branch location

31. How Distribution groups differ from Security groups?

Distribution Group has no security context and cannot be used to grant permission to resources. But security groups can be used to assign permission on resources.

32. What is Security Group?

Security groups are the Microsoft windows Server 2003 Active Directory Group, with this group; we can assign permission on a resource.

33. Can Security groups be used to distribute messages?

Security Groups can be mail enabled and also used as a Distribution group to distribute messages

34. What is Query-based distribution group?

This group enables you to use a LDAP query to specify membership in a distribution group dynamically. This result is that membership is automatically determined by attributes of a user account, such as department, reducing the amount of administration required to manage distribution list

35. What are the types of Group Scopes?
Following are the types of group scopes

• Domain Local
• Global Group
• Universal

35. Can Exchange 2000 servers run on Windows Server 2003?

No, the only version of Exchange server that will run on Windows server 2003 is Exchange Server 2003, you will need to upgrade your Exchange environment to Exchange Server 2003 prior to upgrading the Windows Server Operating System to Windows server 2003

1. Which services are not supported and hence, need to be removed from an Exchange 2000 Server before performing an upgrade to Exchange Server 2003?

Following are the Exchange Server 2000 functionality that isn’t supported by Exchange Server 2003

• Instance for Messaging Service
• Microsoft Chat Service
• Key management Service
• And connectors for Microsoft Mail and Lotus CC:Mail

Above Service has to uninstalled while upgrading from Exchange Server 2000 to Exchange Server 2003

2. While upgrading from Exchange 2000 to Exchange 2003 which servers must be upgraded first? Front-end server or back end server?

You must upgrade the front end servers prior to upgrading the corresponding back end server while upgrading from Exchange 2000 to Exchange 2003.

3. How to migrate from an old Exchange 2000 Server organization to a new Exchange Server 2003 organization?

Exchange Migration wizard is the process to Migrate Exchange 2000 organization to Exchange server 2003 organization. Similar to migrating Organization from Exchange 5.5

4. How to move users from Coexistence of Exchange 5.5 to Exchange Server 2003?

Active Directory Migration Tool and the Exchange Migration wizard will perform the complete moving of users from Coexistence of Exchange 5.5 to Exchange Server 2003

5. How to migrate from an old Exchange Server 5.5 organization to a new Exchange Server 2003 organization?

There is no in place upgrade, first we have to update Exchange 5.5 to Exchange 2000 and from there we have to migrate it to Server Exchange 2003. The existing users Source Domain has to be first migrated to the new target domain in another Active Directory forest. After that you can begin the Exchange 5.5 to Exchange server 2003. Exchange Migration wizard is the process to Migrate Exchange 5.5 organization to Exchange server 2003 organization.

6. Which messaging systems does the Exchange Server 2003 Migration Wizard support?

• Ms Mail for PC Networks
• CC:Mail
• Microsoft Exchange 5.5
• Lotus Notes
• Novel GroupWise 4.x
• Novel GroupWise 5.x
• Internet Directory (LDAP via ADSI)
• Internet Mail (IMAP4)

7. How can Exchange Server 2003 share calendars and address lists with Lotus Notes R4/R5?

If you the the answer, please help to Me publish

8. What are the requirements of Lotus Notes Connector?

If you the the answer, please help to Me publish

9. How can Exchange Server 2003 share calendar/address lists with Novell GroupWise?
The connectors for Lotus notes and Novel GroupWise only synchronize mailbox and user account data. You must use calendar connector in conjunction with the other connectors to synchronize calendar data.

10. What are the requirements for Novell Group Wise connector?

The following list is the configuration requirements needed on the Exchange Server side:

• Configure a working Novell GroupWise environment with API Gateway version 4.1 or later
• Configure a working Exchange Server 2003 connector server
• Make sure Exchange Server can resolve the name and access the Novell Netware server that is running API Gateway
• Enable Exchange Server to Novell Netware server connectivity by using Gateway Services for NetWare (GSNW) or Novell NetWare Client for Windows. NDS authentication is needed to access NetWare Volumes (shares).
• Activate GroupWise address type on the Exchange Server 2003 recipient policy.

11. What are the tools to validate Exchange Server 5.5/Exchange Server 2003 coexistence?

• ADCConfigCheck – It checks that Exchange Server 5.5 directory config objects have been copied to Active Directory. Writes outputs to Exdeploy.log
• ConfigDSInteg – checks objects in AD to ensure that no problems have arisen since the last installation of ADC. Writes outputs to Exdeploy.log
• ReceipientDSInteg – checks all recipient objects in AD looking for problems. Recipient includes users, groups, contacts or public folders
• PrivFoldCheck – uses exchange 5.5 directory service/Information store consistent adjuster to ascertain the Information store and directory are in sync

12. What is DSScopeScan Tool Group?

DSScopeScan Tool Group used to find out information about the exchange server 5.5 organizations prior to setting up connection between exchange server 5.5 and new Exchange server 2003. Tool should be run with the account that has administrative permission.

13. Which tools are included in DSScopeScan Tool Group?

This includes four important tools

• DSconfigsum – reports the number of exchange server 5.5 sites and server per sites.
• DSObjectsum – reports the number of public folders. Distribution list and contact object
• Useraccount – exports the number of users in the exchange server 5.5 site and in the directory
• Vercheck – check if a server exists with exchange server 5.5 sp3.

14. Before upgrading from Exchange 2000 server to Exchange Server 2003 which service pack must be applied to Exchange 2000 server?
Before upgrading from Exchange server 2000 to Exchange Server 2003 update the windows 2000 server with SP3 or later. And also with Exchange 2003 server sp3 or later

15. How to upgrade from Exchange 5.5 to Exchange server 2003?

Exchange 5.5 cannot be upgraded in-place, you must first upgrade to Exchange 2000 server and then to Exchange Server 2003. Or install Exchange Server 2003 on a different server and move the Exchange server 5.5 resources to the new server.

16. What are the steps involved creating coexistence between Exchange Server 5.5 and Exchange Server 2003?

Install the Basic prerequisites like SMTP, NNTP and WWW services

• Start the Exchange Deployment tools wizard, select co existence with mixed mode Exchange 2000 and exchange server 5.5
• Select the option to install upgrade the first Exchange Server
• On the next deployment tools wizard, check all the steps are done and start the setup. On the setup installation perform the following option
• Install Exchange server 5.5 administrator
• Select the option to create a new organization or existing one.
• Finish the setup

17. Does Lotus Notes and Novell GroupWise connectors supported on Exchange Server 2003 in a clustered configuration? What can be done?

If you the the answer, please help to Me publish

18. Which actions must be taken before the connection to the Lotus Notes/Domino server can be established?

If you the the answer, please help to Me publish

19. Which services must be configured to automatically start to start a Lotus Notes Connector?

To start a connector, u must enable the specific services that the connector relies on.

• Microsoft Exchange connectivity controller
• Microsoft Exchange connector for lotus notes

20. Which services must be configured to automatically start to start a Novell GroupWise Connector?

first a server running Exchange 2003 as a Bridge head server

And the following services are to be set to automatically start

• Microsoft Exchange connectivity controller
• Microsoft Exchange connector for lotus notes

21. Which steps are involved in removing a connector to install it on another Exchange Server 2003 computer?

First you need to stop the connector services

• Remove the connector
• Use the Active directory user and computers console to delete the contacts that the connector has imported in the directory
• You can reinstall lotus or Novel GroupWise connector

21. What is Active Directory Connector (ADC)?

ADC it’s a Microsoft Exchange Server 2003 Service that allows for the replication of information from Active directory and a Microsoft Exchange 5.5 directory

22. What is Connection Agreement?

It is used by Active directory connector to control replication between Active directory and Exchange 5.5 directory. Connection agreements can be used to replicate from exchange 5.5 to Active directory and vice versa.

Part-3

1. What types of permissions are configurable for Exchange?

• Exchange full admin – full control over the exchange organization including permission
• Exchange Admin – Manage everything within the organization except org permission.
• Exchange view only administrator – read only administrative access to Exchange organization

2. Which of the privileges does the Exchange Administrator role have?

This Role has the ability to administer all configuration details of the Exchange organization and ability to modify permission

3. What are the modes of Exchange Server 2003?

There are two modes in Exchange server 2003

1. Mixed Mode – If Exchange 5.5 exists and in future gain to have Exchange 5.5

2. Native Mode – if only Exchange server 2003 running in your organization

4. What are the benefits of running Exchange Server 2003 in native, rather than mixed mode?

There are lot of benefits which includes,

1. Greater flexibility for defining routing groups and Administrative \groups
2. Ability to move mailboxes
3. Configure both routing and administrative groups independent of each other
4. We can create query base distribution group

5. When Exchange Server 2003 Mixed mode is used?

By default exchange server in Mixed mode, we can have mixed mode in situation where Exchange server 5.5 situated in our Exchange organization. Mixed modes are used to have backward compatibility with Exchange server 5.5 and sites

6. When Exchange Server 2003 Native mode is used?

We can choose this option if No Exchange server 5.5 present in our Exchange organization and make sure that all the exchange servers are Exchange server 2000 and Exchange server 2003. Native mode allows administrative groups and Routing Groups to be configured independent of each other

7. Can you switch Exchange Organization from native mode to mixed mode?

yes we can change Exchange organization from Mixed mode to Native mode and changing the mode form Mixed to Native is onetime, one way process and it cannot be reversed

8. How to switch Exchange Organization from mixed mode to native mode?

We can accomplish this by Exchange system Manager, by right clicking the Exchange organization name at the top of the window and click properties. On the New window click the change Mode option. This changed mode option will be unavailable if you are already in Native mode.

9. Which service needs to be restarted on all Exchange Server 2003 systems within the domain once you have switched to native mode?

If you Know the answer, please help to Me publish

10. What is Clustering?

It’s a technique for providing hardware and software redundancy for an application like exchange server 2003, with clustering you can ensure there is no single point of failure with your server hardware that would results in email services going offline. Clustering allows you to bring one node for maintenance by allowing other nodes to continue functioning.

11. What is Network Load balancing?

It is a resource (server-aware) clustering technology. Primary purpose to load balance by distributing the TCP/IP traffic among each server node in cluster. To client computers, the cluster is seen as a single resource and is address by a single IP

12. What are the advantages and disadvantages of Network Load Balancing?

Advantages

• No special hardware required
• Cluster can use different operating system
• Clusters are to be member of domain or perimeter

Disadvantages

• NLB uses hear beat to communicate between cluster, if a server goes offline. It sent 5 heart beats and if no response and if client if a client is requesting a request then it neglect the request
• Work only with TCP/IP. It will not consider network link protocol

13. What is Failover?

Its related to cluster servers, it refers to the ability to of a backup server to immediate begin servicing requests if a primary server fails, without an interruption in servicing user request

14. When Failover occurs?

Failover occurs when a primary server fails to function, this failback automatically process the service request to secondary servers which is already clustered.

15. What is Failback?

Fail back defines how failed over application services are moved back to original server node, once the node is back online

16. How Failback occurs?

By default, cluster groups that failover to another node do not automatically failback. In Failback policy we can configure the allow failback option to take place immediately or over a certain period

To make a failback occur, we have to create a failback policy to occur immediately or over a certain period

17. What are the different clustering options in Exchange 2003?

Exchange server 2003 supports two types of clustering option which is already supported by windows server 2003

1. Network Load balancing – server aware clustering technology , load balance by distributing the TCP/IP traffic among each server node in cluster. To client computers, the cluster is seen as a single resource and is address by a single IP

2. Cluster service – application or service aware clustering technology, provides continual application service availability through failover and failback

18. Name the exchange server 2003 clustering configuring option

Single node server cluster – can be configured with or without external cluster storage device. For this clusters without an external storage device, the local disk in configured as the clustered storage device

Single Quorum device server cluster – have two or more nodes and are configured so that every node is shared to one or more shared devices. Cluster configuration is stored in single cluster storage device, known as quorum device.

Majority node set server cluster – have two or more node and are may or may not be attached to one or more cluster storage devices. Cluster configuration data is stored on multiple disks across the cluster

19. Which service pack is required for installing Exchange Server 2003 Clustering on Windows 2000 Server?

Windows 2000 server SP4 is needed

20. Why SP4 is needed for Windows 2000 server for Exchange Clustering?

If you Know the answer, please help to Me publish

  

21. How many nodes are supported with Exchange Server 2003 clusters?

Exchange Server 2003 supports Two Node active/active clusters and up to eight-node active/passive clusters with at least one passive node

22. What are the hardware requirements for a cluster server configuration?
Network components

1. Each server node the cluster has two static IP address ( public or private) with one net bios name
2. The cluster itself has a primary static IP and NETBIOS Name
3. Each exchange virtual servers have a static IP and NETBIOS Name

Disk Components

1. Quorum Disk resource - maintains configuration data.

For Example: For a 4 Node cluster

Server hardware

• Four 1 gigahertz (GHz), 1 megabyte (MB) or 2 MB L2 cache processors
• 4 gigabytes (GB) of Error Correction Code (ECC) RAM
• Two 100 megabits per second (Mbps) or 1000 Mbps network interface cards
• RAID-1 array with two internal disks for the Windows Server 2003 and Exchange Server 2003 program files
• Two redundant 64-bit fiber Host Bus Adapters (HBAs) to connect to the Storage Area Network

Local area network hardware

• Two 100 Mbps or 1000 Mbps network switches (full duplex)

Storage Area Network hardware

• Redundant fiber switches
• 106 disk spindles (Ultra Wide SCSI) with spindle speeds of 10,000 RPM or greater
• 256 MB or more read/write cache memory

Storage groups and databases

• Three storage groups per Exchange Virtual Server
• Five databases per storage group

23. What is purpose of Exchange Server Clustering?

The purpose of Exchange Server Clustering is to prevent the Exchange server from going offline.

24. What is the version of Windows Server 2003 required for Exchange Server 2003 Clustering?

The cluster service requires windows server 2003 enterprise edition or windows server 2003 Datacenter edition. Up to eight node clusters are supported

25. What is Heartbeat?

Heart beat is a special type of network packet that is sent out to each server node participating in a cluster to determine the responsiveness of a node. Server nodes that do not respond to heart beat packets for a configurable period of time are marked a inactive

26. What are the different numbers of nodes with different type of operating system for Exchange Server 2003?

Windows server 2003 standard edition supports 4 nodes

Windows server 2003 enterprise edition or windows server 2003 Datacenter edition supports up to eight node clusters

27. What are the different cluster models?

Two types of cluster models are there

1. Active/Active – limited to two nodes and both the nodes are active at the same time, limited to 1900 concurrent client connection at a time
2. Active/Passive – supports more than two nodes and highly reliable. Recommended by Microsoft.

28. Which are the Cluster operations modes?

N-Node failover server pairs – applications are configured to failover only between two specified server pairs

N+I Hot-Standby Server – commonly referred to as active/passive mode, on two node cluster, one node process the client request and the second node monitors the first node. where N – Active node, I - Passive Node

Fail over Ring - Active/Active – all servers are active and process the client request, when one node fails the cluster, failover the cluster to another active node. Administrator has to define the failover

Random Failover – similar to failover ring, if a node fails the failover is randomly changed to active node. The Administrative burden of having a define failover is removed

29. What is teaming?

Teaming is the process included in clustering service, where multiple adapters are joined through software to function as a single unit, with a single MAC address and single IP address

30. Which settings must be configured for failover policies?

We can configure the number the times the node to failover (Threshold) during the period, which is defined in hours

  

31. Which settings must be configured for failback policies?

By default, cluster groups that failover to another node do not automatically failback. In Failback policy we can configure the allow failback option to take place immediately or over a certain period