Mercurius
Thu Jan 08 11:26:17 CST 2004
Hi just to let you all know... i took the call up with MS and they sent me a
hotfix Q322051i for the problem... has to do with the dll files not being
the same between NT and 2k when secure channel communication takes place
"
First i need you to check the following at the nt4/Exch 5.5 to see the
encryption level you have ;
Check to see if you have this file on your server "dssenh.dll"
In internet explorer check the "Help" - "About" and see what encryption
level you have there.
Seems that you are experiencing the problem described in the article bellow
(have you installed the srp?);
322051 Programs May Not Connect to the Server with Mismatched Security DLLs
in
http://support.microsoft.com/?id=322051"
I never found the .dll file even after the hotfix that they refer to but hey
it works so all good!
cheers
"Mercurius" <me@me.com> wrote in message
news:OVeI%23zP1DHA.404@tk2msftngp13.phx.gbl...
> still no luck!
>
> I can confirm that my Schema Master DC can resovle my Ex5.5 server by FQDN
> because on my DC i put a static host entry in my win2k DNS server as well
as
> in the DC's host file. My Ex5.5 server can also resovle my DC and Ex2k svr
> by FQDN because i am pointing my server at the win2k DNS svr.
>
> I confirm LDAP port to 390 on Ex5.5
>
> I confirm that I have given the exchangesa account im using to setup ex2k
> "Service Account Admin" rights on the Org, Site & Config levels
>
> I have now logged on to the ex2k svr and ran setup /forestPrep with the
> exchangesa account that has the necessary rights on the Ex5.5 containers
but
> get the same error message. What should i look for now???
>
> I confirm the exchangesa account to be a member of: administrators, domain
> admins, enterprise admins (primary group), exchange domain servers,
exchange
> services & schema admins.
>
> Any help greatly appreciated.
>
> "a" <nospam@nospam.com> wrote in message
> news:eiGFLtI1DHA.4064@tk2msftngp13.phx.gbl...
> > This setup error is normally caused by the Schema Master DC doing a LDAP
> > connection and failing, or a permissions problem. Please make sure that
> you
> > can resolve the FQDN of the Exchange 5.5 server from the DC to the other
> > server and vise versa. Also take a look at these MS KB articles.
> >
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;245596&Product=exch2k
> >
>
http://support.microsoft.com/default.aspx?scid=kb;en-us;293376&Product=exch2k
> >
> >
> > "Mercurius" <me@me.com> wrote in message
> > news:O8xf$LH1DHA.208@TK2MSFTNGP12.phx.gbl...
> > > Im trying to join my ex2k server to my existing ex5.5 site at the
'setup
> > > /forestprep' stage but get the following error: 'Setup encountered an
> > error
> > > while attempting to bind to the Exchange server
> > > "[Server_Name]":0xC103FC93(64659): The Exchange 5.5 directory service
> > could
> > > not be contacted'
> > >
> > > (I believe to migrate mailboxes i have to join my Ex2k svr to the
Ex5.5
> > site
> > > ?)
> > >
> > > i then read this article...
> > >
> > >
> >
>
http://support.microsoft.com/default.aspx?scid=%2Fservicedesks%2Fbin%2Fkbsearch.asp%3FArticle%3D327005
> > >
> > > I'm already using the latest ADC version from Ex2k SP3 so it can't be
> > that.
> > > I'm almost certain my problem is DNS name resolution here but im not
> > certain
> > > either. I have WINS installed and all servers point to it.
> > >
> > > My setup is as follows:
> > > ex5.5 server in my NT4 domain two-way trust with new win2k AD (native
> > mode)
> > > domain. I used ADMT to migrate the accounts across using SID History.
> > >
> > > I followed these docs for migration Q316886 - HOW TO: Migrate from
> > Exchange
> > > Server 5.5 to Exchange 2000 Server and Q296260 Configure Two-Way
> Recipient
> > > Connection Agreement for Exchange 5.5 Users.
> > >
> > > I did the RCA before running 'setup /foresPrep' for ex2k and the
> > replication
> > > worked fine. I can see DL's etc have been replicated to AD from Ex5.5
> > >
> > > My Ex5.5 server is poiting to the win2k DNS (AD-integrated) server and
> can
> > > resolve the to be Ex2k svr and the DC for the domain by FQDN with a
> ping.
> > I
> > > think the problem is the reverse... trying to get my Ex2k server to
ping
> > my
> > > Ex5.5 server by FQDN.
> > > Question: I dont suppose i can get the ex5.5 to register itself with
the
> > > win2k DNS server because the zone is in AD-intgrated mode and the
Ex5.5
> > svr
> > > is a down level client ??? Do i have to change to a standard DNS
server
> > type
> > > or what?
> > >
> > > Anyway besides that i have used the hosts file on my Ex2k svr to input
> the
> > > FQDN of my Ex5.5 server and also put a host entry in the DNS zone for
me
> > > ex5.5 svr. The win2k servers can now ping my Ex5.5 server by FQDN but
i
> > > guess this is a dirty trick... is there a way to get my Ex5.5 svr to
> > > register its own record with the win2k DNS server??? Dynamic updates
are
> > > allowed but my Ex5.5 server cannot register itself. I might be on the
> > wrong
> > > track but it seems to me DNS is the problem...
> > >
> > > any suggestions welcome
> > >
> > > thanks
> > >
> > >
> >
> >
>
>