Process (PID=). All Domain Controller Servers in use are not responding:

Product: Exchange
Event ID: 2102
Source: MSExchangeDSAccess
Version: 6.5.6940.0
Component: Microsoft Exchange Directory Access Service
Message: Process <process name> (PID=<process id>). All Domain Controller Servers in use are not responding:<fully qualified domain name>

This event indicates that the DSAccess component on the Exchange server was unable to find any domain controllers suitable for Lightweight Directory Access Protocol (LDAP) queries. This can result in the halting of mail flow, so it should be investigated immediately.

  • The most likely cause is that the Kerberos ticket timed out. When the Kerberos tickets that are associated with the LDAP connections time-out, all LDAP connections get errors because the security contexts have failed and these connections must be re-established. If there are no other servers to obtain a ticket from while this re-establishment takes place, then the error occurs.
  • The Manage Auditing and Security Log right (SeSecurityPrivilege) was removed for the Exchange Enterprise Servers domain local group on some or all of the domain controllers.
  • All intra-site and extra-site domain controllers are down or network problems have rendered them unreachable.
User Action
  • Try to have at least two domain controllers (configured as global catalogs) in a SITE. This is for failover purposes.
  • Run the Exchange setup with the /DOMAINPREP switch. This will reassign the SeSecurityPrivilege right to the Exchange Enterprise Servers Group.
  • Check the event log for DSAccess Event ID 2080 (may need to increase the DSAccess logging level to record this event). The detail in that event will help determine if domain controllers have been contacted that are unsuitable for some reason. They can then be corrected.
  • Look for DSAccess Event ID 2070 in the event logs. These events will detail why each domain controller has become unsuitable. Correct as necessary.


Leave a Reply