Process %1 (PID=%2). All Domain Controller Servers in use are not responding:%3

Product: Exchange
Event ID: 2102
Source: MSExchangeDSAccess
Version: 6.5.0000.0
Message: Process %1 (PID=%2). All Domain Controller Servers in use are not responding:%3
This event indicates that the DSAccess component on the Exchange Server was unable to find any domain controllers suitable for LDAP queries. This can result in the

halting of mail flow, so it should be investigated immediately.

  • The most likely cause is that the Kerberos ticket timed out. When the

    Kerberos tickets that are associated with the Lightweight Directory Access

    Protocol (LDAP) connections time out, all LDAP connections get errors because

    the security contexts have failed and these connections must be re-established.

    If there are no other servers to obtain a ticket from while this

    re-establishment takes place, then the error occurs.

  • The Manage Auditing and Security Log right (SeSecurityPrivilege) was

    removed for the Exchange Enterprise Servers domain local group on some or all

    of the domain controllers.

  • All intra-site and extra-site DCs are down or network problems have

    rendered them unreachable.

User Action
  • Try to have at least two DCs (configured as GCs) in a SITE. This is for

    failover purposes.

  • Run the Exchange setup with the /DOMAINPREP switch. This will reassign

    the SeSecurityPrivilege right to the Exchange Enterprise Servers Group.

  • Check the event log for DSAccess event ID 2080 (may need to increase the

    DSAccess logging level to record this event). The detail in that event will

    help determine if DCs have been contacted that are unsuitable for some

    reason. They can then be corrected.

  • Look for DSAccess event ID 2070 in the event logs. These events will

    detail why each DC has become unsuitable. Correct as necessary.


Leave a Reply