Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cant start Exchange Credential Service 1

Status
Not open for further replies.

bTkalternate

IS-IT--Management
May 31, 2007
80
GB
Hi,

I've started getting event error 1004 on the HT server.
When I check the ET server I see that the Credential Service is stopped and I cant start it. It gives the "unable to start in a timely fashion" message.
I know the error is about pre-emptive authentication between HT and ET.

The event log on ET doesn't really say much other than the service attempted to start and failed.

The Edge server has been live for 3 months and this is the first time we've seen this error.

What do you guys think I should do?

Thanks,
b
 
Check 2 obvious things first, disk space and credentials. The account used for authentication - is it right, is it locked out / expired etc?

Have you restarted both recently? Made any changes like applying patches? Are you running SP1 RU5 on both?
 
Disk space is fine and both servers are patched to SP1 RU5.

Both servers were patched up and restarted on the 29th Dec and event log errors began on the 6th Jan I think.

The service runs as local system. What would the account be for me to check if its locked out? I thought authentication was taken care of by they edge subscription.

Is there a way I can enable more verbose logging or where do I check for other logs to investigate?

Thanks
 
I ran the Troubleshooting Assistant and got this warning back:

"
No EdgeSync credentials found in Active Directory for Edge Transport server role computer...
No EdgeSync credentials were found in Active Directory for Edge Transport server role computer %EDGECN%. This occurs when the tool is unable to retrieve one or more values for the 'msExchEdgeSyncCredential' attribute on the server object '%EDGEDN%' in Active Directory.
"

test-edgesynchronization and start-edgesynchronization work as they should.
 
local system is fine - you don't need to look for lockout on that.

I've seen this error before but need to find it! I'll have a look later and post back if I find anything.
 
I set the service as .\administrator and it started up fine.

Now I need to investigate the missing attribute in AD which causes the 'msExchEdgeSyncCredential' warning.
Using ADSIEdit I see that the value is indeed missing.
Not sure how much of an issue this is now though.

Ta,
b
 
I am having the same exact issue.

If I run the service as ./administrator is starts - but if I use Local System it will not.

I ran the Test-edgescynchronization and everything shows good.

Thanks in advance for the help.
 
Others may disagree but I've not found it to be an issue since running as .\administrator.
I'm not really looking in to it any further.

As long as the service is running then your edge credentials will keep on being renewed. Obviously verify this is OK by checking the event log for errors/warnings indicating the date credentials expire.

HTH
 
Just another note if anyone has this same issue.
I just did a restart and the service wouldn't start at all but I eventually found the solution...

I needed to open up the firewall for Edge to access the crl (certificate revocation list) from the microsoft site. Once it had accessed the list I turned off that rule.
I'm then able to run as local system again.

I've uninstalled the Update Root Certificates windows component to hopefully stop the server trying to get that list.

HTH
 
That's worth a star from me for that information being made available to others.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top