Got an odd one I’m trying to dig into and would value any useful feedback from you gurus. We recently upgraded a client’s SBS 2000 box to SBS 2003. Went very smoothly, the box is a robust Dell rackmount server with plenty of disk space, 2GB of RAM, etc. They have about 17 users in a single site and they do use Exchange.
They were using Veritas 9.0 for their backup software but not that happy with it so I decided to give the SBS Backup a try. It set up quite easily and I was encouraged that it would be a good solution. We configured it to do a full backup of the server data to an external USB hard drive and the backup was to start at 11PM. The first night the backup didn’t finish in a timely fashion and we had to cancel it – turned out we had let the wizard configure the backup to backup everything and so it had included the backup drive itself in the set of data to be backed up. We fixed that problem so that now it just backs up the C: and D: drives and does a full backup. Then it got exciting…
At 7AM the next morning I get a call from the client. Nobody can log in. We rush over to their offices and find the event viewer logs on the server full of KDC errors and errors like this:
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8270
Description:
LDAP returned the error [1] Operations Error when importing the transaction
dn: CN=Recipient Update Service (Enterprise Configuration),CN=Recipient Update Services,CN=Address Lists Container,CN=CDSINTL,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=theirdc,DC=com
changetype: Modify
msExchServer1LastUpdateTime:20060124090958.0Z
msExchServer1HighestUSN:878708
msExchServer1HighestUSNVector:servername:878708
and this
Event Source: KDC
Event Category: None
Event ID: 7
Description:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was administrator and lookup type 0x0.
Rebooting the server restored everybody’s access and no data was lost. The odd thing is that the timing of the problem appears to coincide with the launch of the backup process at 11PM (and the backup ultimately failed I believe). Everything ran fine all day but the next morning when they came in…same thing. And again today. We’ve cancelled the SBS Backup job for tonight to see if that is truly what is initiating this problem.
Anybody seen this one before or have any suggestions? We’re merrily Googling away but any feedback we can get will be gladly accepted. Obviously not having a backup isn’t an option.