Topic Last Modified: 2006-12-05

The Microsoft® Exchange Server Analyzer Tool queries the Win32_NetworkAdapterConfiguration Microsoft Windows® Management Instrumentation (WMI) class to obtain the DNSServerSearchOrder attribute for remote servers that the server that is running Exchange Server tries to send messages to. This attribute is an array of server IP addresses that are used to query for Domain Name System (DNS) servers.

The Exchange Server Analyzer also queries the Microsoft Active Directory® directory service to determine the value for the msExchSMTPExternalDNSServers attribute in the protocolCfgSMTPServer class for the Exchange 2000 Server and Exchange Server 2003 server objects. The protocolCfgSMTPServer class contains the settings for a Simple Mail Transfer Protocol (SMTP) virtual server. If the msExchSMTPExternalDNSServers attribute is set, the SMTP virtual server uses an external DNS server.

Finally, the Exchange Server Analyzer uses the following Exchange Management Shell cmdlet to query for the values of the ExternalDNSServers and InternalDNSServers properties of any target Exchange 2007 Transport server roles. The ExternalDNSServers property specifies the list of external DNS servers that the server queries when it resolves a remote domain. The InternalDNSServers property specifies the list of DNS servers that should be used to resolve a local domain name for the target server.

Copy Code
get-TransportServer -Identity %ExchangeServerName% -DomainController %DomainControllerName%

The Exchange Server Analyzer displays an error if the following conditions are true:

This error indicates that the Exchange Server Analyzer cannot identify any DNS servers that are used by the target Exchange server. In addition, mail flow may be adversely affected by this condition.

Possible causes of this condition may include the following:

To resolve this issue:

To verify that the Exchange WMI can be accessed
  1. Make sure that the Exchange server has been started and is connected to the network.

  2. Use the PING command to see whether the Exchange server is reachable.

  3. If there is a firewall, check to see whether remote procedure call (RPC) ports are blocked.

  4. Examine the permissions for the account under which the Exchange Server Analyzer is running. The account under which the Exchange Server Analyzer is running must have local Administrator permissions on each Exchange server that it scans.

    Alternatively, you can grant specific WMI permission to the account under which the Exchange Server Analyzer runs:

    1. On the Exchange server, open the Computer Management Microsoft Management Console (MMC) tree.

    2. Under Services and Applications, right-click WMI Control, and then click Properties.

    3. On the WMI Controls Property page, click the Security tab, and then expand Root.

    4. Select the CIMV2 folder, and then click Security.

    5. On the Security for ROOT\CIMV2 page, add the account under which the Exchange Server Analyzer runs.

  5. Select the account that you added in step 4. In Permissions for Selected_Account, under the Allow column, select both Remote Enable and Read Security, and then click OK.

For more information about how to configure DNS to work with Exchange Server, see Microsoft Knowledge Base article 322856, "How to configure DNS to use with Exchange Server" (

For more information about network connectivity problems, see Microsoft Knowledge Base article 325487, "How to troubleshoot network connectivity problems" (

For more information about Exchange Server Analyzer connectivity problems, see "Microsoft Exchange Server Best Practices Analyzer Tool Troubleshooting Connectivity Problems" (

For more information about port requirements, see Knowledge Base article 832017, "Service overview and network port requirements for the Windows Server system" (