Active Directory domain failed
Hello Team,
When i joined to our active directory, everytime bui gives same error messages:
The attempt to join the Active Directory domain failed either because the clocks of the appliance and the domain controller are skewed or the administrative user
does not have the appropriate permissions to create a computer account in Active Directory.
It is recommended that NTP be used to keep clocks synchronized when using Active Directory.
Storage Appliance: 7310 One Controller, No firewall for ntp server also which connect directly NTP Domain server. Actually my believe is that no time sync issue.
Firmware version is latest patch.
What is your idea about this issue?
i did many times this action plan: but result is same
ActiveDirectoryTasks
B)Joining a Domain
1.Configure an ActiveDirectory site in the CIFS context. (optional)
2.Configure a preferred domain controller in the CIFS context. (optional)
3.Enable NTP, or ensure that the clocks of the appliance and domain controller are synchronized
to within five minutes.
4.Ensure that your DNS infrastructure correctly delegates to the ActiveDirectory domain, or add
your domain contoller's IP address as an additional name server in the DNS context.
5.Configure the ActiveDirectory domain, administrative user, and administrative password.
6.Apply/commit the configuration.
A)Joining aWorkgroup
Configure theworkgroup name.
Apply/commit the configuration.
1. First of all LAN Compatibility Mode 4 works fine with Win 2003 (AD Server)
2. While trying to join the AD, using a non ADMIN username and passsword will not help
Try using a username/pass which has Administrative Privileges (specifically having the rights for Account Creation in
the AD Server) on the AD server.
(I was trying by a different username/pass but it was not joing the storage to AD. It joined when i tried a user having
the privileges to create Machine Accounts in AD)
3. For Clock Sync, the tolerance limit is upto 5 Minutes..So you can take care that the difference does not go beyond
5 minutes.
Thanks
Can
Gantek Tech.
Your first post to these OTN forums.
You posted your inquiry to a HARDWARE forum.
Your issue seems to be a Microsoft OS issue and you just happen to have your OS volumes on a model 7310 appliance.
I suggest you go find a forum somewhere that is hosted for Microsoft AD issues.
If you happen to need the documentation for that piece of storage hardware, there are currently three PDF's available:
http://docs.oracle.com/cd/E19935-01/index.html
They are the Installation Guide, the hardware Administration Guide, and the Service Manual.
There are no current Oracle-published documents for that box as related to Active Directory.
Similar Messages
-
Failed to install Active directory domain services
Hi,
I've installed the AD Domain Services on Windows2008R2 by following this guide http://technet.microsoft.com/en-gb/library/cc755059%28WS.10%29.aspx. After click 'Install', step 6, it showed failed to install but there is no clue why it was failed, at all.
Here is a log I copied from C:\Windows\logs\ServerManager.log
2204: 2011-01-05 12:57:54.333 [InstallationProgressPage] Loading progress page...
2204: 2011-01-05 12:57:54.411 [InstallationProgressPage] Begining Sync operation...
2204: 2011-01-05 12:57:54.458 [Sync]
Sync Graph of changed nodes
==========
name : Active Directory Domain Services
state : Changed
rank : 1
sync tech: CBS
guest[1] : Active Directory Domain Controller
guest[2] : Identity Management for UNIX
ant. : empty
pred. : empty
provider : null
name : Active Directory Domain Controller
state : Changed
rank : 4
sync tech: CBS
ant. : .NET Framework 3.5.1
pred. : Active Directory Domain Services, .NET Framework 3.5.1
provider : Provider
2204: 2011-01-05 12:57:54.458 [Sync] Calling sync provider of Active Directory Domain Controller ...
2204: 2011-01-05 12:57:54.473 [Provider] Sync:: guest: 'Active Directory Domain Controller', guest deleted?: False
2204: 2011-01-05 12:57:54.473 [Provider] Begin installation of 'Active Directory Domain Controller'...
2204: 2011-01-05 12:57:54.473 [Provider] Install: Guest: 'Active Directory Domain Controller', updateElement: 'DirectoryServices-DomainController'
2204: 2011-01-05 12:57:54.473 [Provider] Installation queued for 'Active Directory Domain Controller'.
2204: 2011-01-05 12:57:54.473 [CBS] installing 'DirectoryServices-DomainController ' ...
2204: 2011-01-05 12:57:55.020 [CBS] ...parents that will be auto-installed: 'NetFx3 '
2204: 2011-01-05 12:57:55.020 [CBS] ...default children to turn-off: '<none>'
2204: 2011-01-05 12:57:55.036 [CBS] ...current state of 'DirectoryServices-DomainController': p: Staged, a: Staged, s: UninstallRequested
2204: 2011-01-05 12:57:55.036 [CBS] ...setting state of 'DirectoryServices-DomainController' to 'InstallRequested'
2204: 2011-01-05 12:57:55.051 [CBS] ...current state of 'NetFx3': p: Installed, a: Installed, s: InstallRequested
2204: 2011-01-05 12:57:55.051 [CBS] ...skipping 'NetFx3' because it is already in the desired state.
2204: 2011-01-05 12:57:55.098 [CBS] ...'DirectoryServices-DomainController' : applicability: Applicable
2204: 2011-01-05 12:57:55.114 [CBS] ...'NetFx3' : applicability: Applicable
2204: 2011-01-05 12:57:55.770 [CbsUIHandler] Initiate:
2204: 2011-01-05 12:57:55.770 [InstallationProgressPage] Installing...
2204: 2011-01-05 12:58:49.176 [CbsUIHandler] Error: -2147021879 :
2204: 2011-01-05 12:58:49.176 [CbsUIHandler] Terminate:
2204: 2011-01-05 12:58:49.254 [InstallationProgressPage] Verifying installation...
2204: 2011-01-05 12:58:49.270 [CBS] ...done installing 'DirectoryServices-DomainController '. Status: -2147021879 (80070bc9)
2204: 2011-01-05 12:58:49.270 [Provider] Skipped configuration of 'Active Directory Domain Controller' because install operation failed.
2204: 2011-01-05 12:58:49.270 [Provider]
[STAT] ---- CBS Session Consolidation -----
[STAT] For
'Active Directory Domain Controller'[STAT] installation(s) took '54.7870005' second(s) total.
[STAT] Configuration(s) took '0.0003053' second(s) total.
[STAT] Total time: '54.7873058' second(s).
2204: 2011-01-05 12:58:49.270 [Provider] Error (Id=0) Sync Result - Success: False, RebootRequired: True, Id: 110
2204: 2011-01-05 12:58:49.286 [Provider] Error (Id=0) Sync Message - OperationKind: Install, MessageType: Error, MessageCode: -2147021879, Message: <null>, AdditionalMessage: The requested operation failed. A system reboot is required to roll back changes
made
2204: 2011-01-05 12:58:49.286 [InstallationProgressPage] Sync operation completed
2204: 2011-01-05 12:58:49.286 [InstallationProgressPage] Performing post install/uninstall discovery...
2204: 2011-01-05 12:58:49.286 [Provider] C:\Windows\system32\ServerManager\Cache\CbsUpdateState.bin does not exist.
2204: 2011-01-05 12:58:49.286 [CBS] IsCacheStillGood: False.
2204: 2011-01-05 12:58:49.786 [CBS] >>>GetUpdateInfo--------------------------------------------------
2204: 2011-01-05 12:59:46.520 [CBS] Error (Id=0) Function: 'ReadUpdateInfo()->Update_GetInstallState' failed: 80070bc9 (-2147021879)
2204: 2011-01-05 12:59:46.520 [CBS] <<<GetUpdateInfo--------------------------------------------------
2204: 2011-01-05 12:59:46.598 [DISCOVERY] hr: -2147021879 -> reboot required.
2204: 2011-01-05 12:59:46.739 [InstallationProgressPage] About to load finish page...
2204: 2011-01-05 12:59:46.739 [InstallationFinishPage] Loading finish page
2204: 2011-01-05 12:59:46.801 [InstallationFinishPage] Finish page loaded
I also checked the event viewer, here are the event properties occurred during the installation:
Initiating changes to turn on update DirectoryServices-DomainController of package DirectoryServices-DomainController-Package. Client id: RMT
Update Directoryservices-DomainController of package DirectoryServices-DomainController-Package failed to be turned on. Status: 0x80070bc9
Installation failed. A restart is required.
Roles:
Active Directory Domain Services
Error: The server needs to be restarted to undo the changes
Please help.
Thanks,
balrogzAnother thing to check is to ensure the server service is up and running.
http://blogs.dirteam.com/blogs/paulbergson/archive/2014/04/29/can-t-add-the-role-quot-active-directory-domain-services-quot-to-my-2008-r2-server.aspx
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Hi,
I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller
When I run Farm configuration wizard to provision search service application, I get an error:
ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
The log file logged the details of this error as:
ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
that cannot be translated."
After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
I got some pointer from the below thread
https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
However, the above thread doesn't state that the solution worked.
I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
Thanks in advance.
HimanshuMicrosoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
BO XI 3.1 : Active Directory Authentication failed to get the Active Directory groups
Dear all
In our environment, there are 2 domain (domain A and B); it works well all the time. Today, all the user belong to domain A are not logi n; for user in domain B, all of them can log in but BO server response is very slowly. and there is error message popup when opening Webi report for domain B user. Below are the error message:
" Active Directory Authentication failed to get the Active Directory groups for the account with ID:XXXX; pls make sure this account is valid and belongs to an accessible domain"
Anyone has encountered similar issue?
BO version: BO XI 3.1 SP5
Authenticate: Windows AD
Thanks and RegardsPlease get in touch with your AD team and verify if there are any changes applied to the domain controller and there are no network issues.
Also since this is a multi domain, make sure you have 2 way transitive forest trust as mentioned in SAP Note : 1323391 and FQDN for Directory servers are maintained in registry as per 1199995
http://service.sap.com/sap/support/notes/1323391
http://service.sap.com/sap/support/notes/1199995
-Ambarish- -
Hi everyone,
I've been banging my head against this for a while and hope someone can help me.
Running Windows Server 2008 R2 Standard with Service Pack 1.
When I try to add the Active Directory Domain Services role to the server it gets to about 90% complete and then dies.
The ServerManager.log shows the following information, I have run the System Readiness Tool - output below - with no errors found.
At a loss on what to do next. The only other links I've found suggest rebuilding the server which I would really like to avoid...
Help appreciated,
John
ServerManager.log (extract)
==========
name : Active Directory Domain Services
state : Changed
rank : 1
sync tech: CBS
guest[1] : Active Directory Domain Controller
guest[2] : Identity Management for UNIX
ant. : empty
pred. : empty
provider : null
name : Active Directory Domain Controller
state : Changed
rank : 4
sync tech: CBS
ant. : .NET Framework 3.5.1
pred. : Active Directory Domain Services, .NET Framework 3.5.1
provider : Provider
8720: 2012-01-18 10:54:41.853 [Sync] Calling sync provider of Active Directory Domain Controller ...
8720: 2012-01-18 10:54:41.853 [Provider] Sync:: guest: 'Active Directory Domain Controller', guest deleted?: False
8720: 2012-01-18 10:54:41.853 [Provider] Begin installation of 'Active Directory Domain Controller'...
8720: 2012-01-18 10:54:41.853 [Provider] Install: Guest: 'Active Directory Domain Controller', updateElement: 'DirectoryServices-DomainController'
8720: 2012-01-18 10:54:41.853 [Provider] Installation queued for 'Active Directory Domain Controller'.
8720: 2012-01-18 10:54:41.853 [CBS] installing 'DirectoryServices-DomainController ' ...
8720: 2012-01-18 10:54:42.399 [CBS] ...parents that will be auto-installed: 'NetFx3 '
8720: 2012-01-18 10:54:42.399 [CBS] ...default children to turn-off: 'WCF-HTTP-Activation '
8720: 2012-01-18 10:54:42.415 [CBS] ...current state of 'DirectoryServices-DomainController': p: Staged, a: Staged, s: UninstallRequested
8720: 2012-01-18 10:54:42.415 [CBS] ...setting state of 'DirectoryServices-DomainController' to 'InstallRequested'
8720: 2012-01-18 10:54:42.430 [CBS] ...current state of 'NetFx3': p: Installed, a: Installed, s: InstallRequested
8720: 2012-01-18 10:54:42.430 [CBS] ...skipping 'NetFx3' because it is already in the desired state.
8720: 2012-01-18 10:54:42.430 [CBS] ...current state of default child 'WCF-HTTP-Activation': p: Installed, a: Installed, s: InstallRequested
8720: 2012-01-18 10:54:42.430 [CBS] ...skipped child 'WCF-HTTP-Activation' because it is already installed
8720: 2012-01-18 10:54:42.461 [CBS] ...'DirectoryServices-DomainController' : applicability: Applicable
8720: 2012-01-18 10:54:42.461 [CBS] ...'NetFx3' : applicability: Applicable
8720: 2012-01-18 10:54:42.539 [CbsUIHandler] Initiate:
8720: 2012-01-18 10:54:42.539 [InstallationProgressPage] Installing...
8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Verifying installation...
8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Installing...
8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Error: -2147021879 :
8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Terminate:
8720: 2012-01-18 10:55:03.787 [InstallationProgressPage] Verifying installation...
8720: 2012-01-18 10:55:03.802 [CBS] ...done installing 'DirectoryServices-DomainController '. Status: -2147021879 (80070bc9)
8720: 2012-01-18 10:55:03.818 [Provider] Skipped configuration of 'Active Directory Domain Controller' because install operation failed.
8720: 2012-01-18 10:55:03.818 [Provider]
[STAT] ---- CBS Session Consolidation -----
[STAT] For
'Active Directory Domain Controller'[STAT] installation(s) took '21.9535541' second(s) total.
[STAT] Configuration(s) took '0.0007754' second(s) total.
[STAT] Total time: '21.9543295' second(s).
8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Result - Success: False, RebootRequired: True, Id: 110
8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Message - OperationKind: Install, MessageType: Error, MessageCode: -2147021879, Message: <null>, AdditionalMessage: The requested operation failed. A system reboot is required to roll back changes made
8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Sync operation completed
8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Performing post install/uninstall discovery...
8720: 2012-01-18 10:55:03.833 [Provider] C:\Windows\system32\ServerManager\Cache\CbsUpdateState.bin does not exist.
8720: 2012-01-18 10:55:03.833 [CBS] IsCacheStillGood: False.
8720: 2012-01-18 10:55:04.333 [CBS] >>>GetUpdateInfo--------------------------------------------------
8720: 2012-01-18 10:55:34.784 [CBS] Error (Id=0) Function: 'ReadUpdateInfo()->Update_GetInstallState' failed: 80070bc9 (-2147021879)
8720: 2012-01-18 10:55:34.784 [CBS] <<<GetUpdateInfo--------------------------------------------------
8720: 2012-01-18 10:55:34.815 [DISCOVERY] hr: -2147021879 -> reboot required.
8720: 2012-01-18 10:55:34.831 [InstallationProgressPage] About to load finish page...
8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Loading finish page
8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Finish page loaded
CheckSUR.log
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 13.0
2012-01-18 10:33
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 220
No errors detectedHi John,
Thanks for posting.
Performed some research and some results say that this problem can be caused by HD Write Caching.
To disable Write Caching:
1. Go to Device Manager.
2.Click the plus sign (+) next to the Disk Drives branch to expand it.
3.Right-click the drive on which you want to enable or disable disk write caching, and then click Properties.
4.Click the Disk Properties tab.
5.Click to select or clear the Write Cache Enabled check box as appropriate.
6.Click OK.
If no luck, Please check if any erros can be found in Event log, Dcpromoui.Log and Dcpromo.log
The following articles maybe helpful to you:
Known Issues for Installing and Removing AD DS
http://technet.microsoft.com/en-us/library/cc754463(v=WS.10).aspx
You cannot install Active Directory Domain Services
http://support.microsoft.com/kb/975142
Thanks
ZHANG -
I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
I have uninstalled ADDC but i still can't login on SQL server 2008r2.
please help me. it is very very disaster!
I think is loss account SQL server 2008r2!Hello,
I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
You cannot run SQL Server services on a domain controller under a local service account or a network service account.
After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
Regards,
Elvis Long
TechNet Community Support -
Hello.
We have two domain controllers - node1 (Windows 2008 R2) and node2 (Windows 2012 R2). When administrator connects to node2 and tries to rename some object in AD (for example, user) AD Domain Services crashes and reboot server after 60 seconds.
In Events I can see these messages:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 04.03.2014 12:37:58
Event ID: 1173
Task Category: Internal Processing
Level: Warning
Keywords: Classic
User: domain\admin
Computer: NODE2.domain.example
Description:
Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.
Exception:
c0000005
Parameter:
0
Additional Data
Error value:
7ffc7c38e45d
Internal ID:
0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="32768">1173</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>9</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.116264800Z" />
<EventRecordID>881</EventRecordID>
<Correlation />
<Execution ProcessID="572" ThreadID="2580" />
<Channel>Directory Service</Channel>
<Computer>NODE2.domain.example</Computer>
<Security UserID="S-1-5-21-3794920928-4165619442-305938157-2047" />
</System>
<EventData>
<Data>c0000005</Data>
<Data>7ffc7c38e45d</Data>
<Data>0</Data>
<Data>0</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 04.03.2014 12:37:58
Event ID: 1015
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: NODE2.domain.example
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="49152">1015</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
<EventRecordID>189578</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>NODE2.domain.example</Computer>
<Security />
</System>
<EventData>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>c0000005</Data>
</EventData>
</Event>
Log Name: Application
Source: Application Error
Date: 04.03.2014 12:37:58
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: NODE2.domain.example
Description:
Faulting application name: lsass.exe, version: 6.3.9600.16384, time stamp: 0x5215e25f
Faulting module name: ntdsai.dll, version: 6.3.9600.16421, time stamp: 0x524fcaed
Exception code: 0xc0000005
Fault offset: 0x000000000019e45d
Faulting process id: 0x23c
Faulting application start time: 0x01cf3773fe973e1b
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\system32\ntdsai.dll
Report Id: 85cfbe32-a367-11e3-80cc-00155d006724
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
<EventRecordID>189576</EventRecordID>
<Channel>Application</Channel>
<Computer>NODE2.domain.example</Computer>
<Security />
</System>
<EventData>
<Data>lsass.exe</Data>
<Data>6.3.9600.16384</Data>
<Data>5215e25f</Data>
<Data>ntdsai.dll</Data>
<Data>6.3.9600.16421</Data>
<Data>524fcaed</Data>
<Data>c0000005</Data>
<Data>000000000019e45d</Data>
<Data>23c</Data>
<Data>01cf3773fe973e1b</Data>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>C:\Windows\system32\ntdsai.dll</Data>
<Data>85cfbe32-a367-11e3-80cc-00155d006724</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
In node2 we installed all available updates and hotfixes.Hi Azamat Hackimov,
Regarding to error messages, it seems that the
ntdsai.dll file caused the issue. Based on current situation, please use
sfc /scannow command to scan protected system files and check if find error and repair. Meanwhile, you can also navigate to the location of this DLL file and confirm details.
In addition, Windows Server 2012 R2 has reboot unexpectedly. Please check if you get some dump file and then analysis it. It may help us to find the root reason. Please refer
to the following KB.
How to read the small dump memory dump file that is created by Windows if a crash occurs.
http://support.microsoft.com/kb/315263/en-us
By the way, it is not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service
and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu -
Active Directory domain controller could not be contacted
Hello
Help please.
I am trying to add a new server (2008) to domain 'bridgelimited.local' - only one DC (2003) doing everything at the moment. The plan is to add the new server, then move everything over from the old machine, then retire/upgrade the old machine and use as a backup.
I am currently trying to dcpromo on the new machine but I get the following error:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain bridgelimited.local:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.bridgelimited.local
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
212.50.160.100
196.168.16.2
- One or more of the following zones do not include delegation to its child zone:
bridgelimited.local
local
. (the root zone)
For information about correcting this problem, click Help.
192.168.16.2 is IP address for the DC.
Any help would be grately appreciated.
Kind Regards
RichardManaged to get the DCDIAG
Here goes (I know my harddisk is failing - that's why I am desperate to get everything shifted to the new server).
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine bridgeserver, is a DC.
* Connecting to directory service on server bridgeserver.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BRIDGESERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... BRIDGESERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\BRIDGESERVER
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... BRIDGESERVER passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BRIDGESERVER passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BRIDGESERVER passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=BridgeLimited,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=BridgeLimited,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=BridgeLimited,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=BridgeLimited,DC=local
(Domain,Version 2)
......................... BRIDGESERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... BRIDGESERVER passed test NetLogons
Starting test: Advertising
The DC BRIDGESERVER is advertising itself as a DC and having a DS.
The DC BRIDGESERVER is advertising as an LDAP server
The DC BRIDGESERVER is advertising as having a writeable directory
The DC BRIDGESERVER is advertising as a Key Distribution Center
The DC BRIDGESERVER is advertising as a time server
The DS BRIDGESERVER is advertising as a GC.
......................... BRIDGESERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Domain Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role PDC Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Rid Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
......................... BRIDGESERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2609 to 1073741823
* bridgeserver.BridgeLimited.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2109 to 2608
* rIDPreviousAllocationPool is 2109 to 2608
* rIDNextRID: 2121
......................... BRIDGESERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/bridgeserver.BridgeLimited.local/BridgeLimited.local
* SPN found :LDAP/bridgeserver.BridgeLimited.local
* SPN found :LDAP/BRIDGESERVER
* SPN found :LDAP/bridgeserver.BridgeLimited.local/BRIDGELIMITED
* SPN found :LDAP/96d36b0b-a148-4c2f-b3d3-8c2ac83fcaf9._msdcs.BridgeLimited.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/96d36b0b-a148-4c2f-b3d3-8c2ac83fcaf9/BridgeLimited.local
* SPN found :HOST/bridgeserver.BridgeLimited.local/BridgeLimited.local
* SPN found :HOST/bridgeserver.BridgeLimited.local
* SPN found :HOST/BRIDGESERVER
* SPN found :HOST/bridgeserver.BridgeLimited.local/BRIDGELIMITED
* SPN found :GC/bridgeserver.BridgeLimited.local/BridgeLimited.local
......................... BRIDGESERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [BRIDGESERVER]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BRIDGESERVER failed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... BRIDGESERVER passed test OutboundSecureChannels
Starting test: ObjectsReplicated
BRIDGESERVER is in domain DC=BridgeLimited,DC=local
Checking for CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local in domain DC=BridgeLimited,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local in domain CN=Configuration,DC=BridgeLimited,DC=local on 1 servers
Object is up-to-date on all servers.
......................... BRIDGESERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BRIDGESERVER passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... BRIDGESERVER passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... BRIDGESERVER passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:27
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:41
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:55
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:09
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:23
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:38
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:52
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:06
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:20
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:54
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:50:08
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:50:22
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:51:33
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:51:53
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:07
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:21
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:35
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:49
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:03
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:17
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:31
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:45
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:23
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:37
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:51
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:05
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:19
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:33
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:47
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:14:01
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:14:15
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:24
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:38
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:53
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:07
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:21
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:35
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:49
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:17:03
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:17:17
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
......................... BRIDGESERVER failed test systemlog
Starting test: VerifyReplicas
......................... BRIDGESERVER passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local and
backlink on
CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=BRIDGESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=BridgeLimited,DC=local
and backlink on
CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=BRIDGESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=BridgeLimited,DC=local
and backlink on
CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
are correct.
......................... BRIDGESERVER passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... BRIDGESERVER passed test VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : BridgeLimited
Starting test: CrossRefValidation
......................... BridgeLimited passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... BridgeLimited passed test CheckSDRefDom
Running enterprise tests on : BridgeLimited.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... BridgeLimited.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
PDC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
Time Server Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
KDC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
......................... BridgeLimited.local passed test FsmoCheck
The only thing I can see (other then the HDD) is the
IsmServ Service is stopped on [BRIDGESERVER]
Hope you can help. Pretty please.
Kind Regards
Richard -
Install software on multiple client computers in active directory domain win 2008 R2
We have a Windows Server 2008 R2 Active Directory Domain. We will be getting a few new Windows 7 computers that we will need to install all our proprietary software on, and don't want to have to install all programs, including windows
updates, individually, on each machine individually.
Is there a (as simple as possible) way to maybe create an image from a "master client computer" with all software, windows updates etc. and push out to the clients.
Also to create a boot disc with the image in case a hard drive fails and we have to replace it.
* It's not Windows we want to install here (unless we replace a hard drive) but for now, the clients already have windows 7, and we want to install antivirus, Adobe reader, windows updates, and our proprietary software.
ThanksIs there a (as simple as possible) way to maybe create an image from a "master client computer" with all software, windows updates etc. and push out to the clients.
Windows deployment services http://technet.microsoft.com/en-us/windowsserver/dd448616.aspx for an image
it's not Windows we want to install here (unless we replace a hard drive) but for now, the clients already have windows 7, and we want to install antivirus, Adobe reader, windows updates, and our proprietary software.
https://support.microsoft.com/kb/816102?wa=wsignin1.0 msi deployment via gpo - (can be restrictive) if not a script or psexec
for windows updates use WSUS -
Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory. All groups in our SP environment are Active Directory Domain Groups (AD DG). Accessing group members via SharePoint is not
possible (as many of you already know). My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...). I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
Groups" but instead are considered user???
How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup? I do not want to perform this action on the server, but locally on my machine. When I run the below script
it throws a 401 error and complains it "can't find the group". Keep in mind I am trying to get info on a
AD Domain Group, not a
SharePoint Group. I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
clear
$CRED = Get-Credential
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
$uri = "http://{site}/_vti_bin/UserGroup.asmx"
$soap = '<?xml version="1.0" encoding="utf-8"?>'
$soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
$soap+= '<soap:Body>'
$soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
$soap+= '<groupName>TestGroup</groupName>'
$soap+= '</GetRoleCollectionFromGroup>'
$soap+= '</soap:Body>'
$soap+= '</soap:Envelope>'
[xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
echo $WF
$WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
Thank you.Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory. All groups in our SP environment are Active Directory Domain Groups (AD DG). Accessing group members via SharePoint is not
possible (as many of you already know). My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...). I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
Groups" but instead are considered user???
How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup? I do not want to perform this action on the server, but locally on my machine. When I run the below script
it throws a 401 error and complains it "can't find the group". Keep in mind I am trying to get info on a
AD Domain Group, not a
SharePoint Group. I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
clear
$CRED = Get-Credential
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
$uri = "http://{site}/_vti_bin/UserGroup.asmx"
$soap = '<?xml version="1.0" encoding="utf-8"?>'
$soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
$soap+= '<soap:Body>'
$soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
$soap+= '<groupName>TestGroup</groupName>'
$soap+= '</GetRoleCollectionFromGroup>'
$soap+= '</soap:Body>'
$soap+= '</soap:Envelope>'
[xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
echo $WF
$WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
Thank you. -
Help with setting up active directory domain controller/DNS - need this for Clustering
Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
When I look at my server manager AD DS complain about DNS:
NASE-2012-234 4015 Error Microsoft-Windows-DNS-Server-Service DNS Server 1/14/2014 12:54:06 AM
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
When I click on DNS this is the error:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Output of DCDiag -v is below.
PS C:\Users\Administrator> dcdiag -v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine NASE-2012-234, is a Directory Server.
Home Server = NASE-2012-234
* Connecting to directory service on server NASE-2012-234.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
e,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
SDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
N=Configuration,DC=lab,DC=nase,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NASE-2012-234
Starting test: Connectivity
* Active Directory LDAP Services Check
The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
Check the DNS server, DHCP, server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... NASE-2012-234 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NASE-2012-234
Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : lab
Starting test: CheckSDRefDom
......................... lab passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... lab passed test CrossRefValidation
Running enterprise tests on : lab.nasecom
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
PDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
KDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
......................... lab.nase.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... lab.nasecom passed test Intersite
PS C:\Users\Administrator>http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions. You might want to post your question there.
.:|:.:|:. tim -
I'm trying to give a mailbox user Send As right for a distribution group. But the cmdlet comes back with this:
Get-DistributionGroup MyGroup | Add-ADPermission -user albert -ExtendedRights Send-As
Active Directory operation failed on <DC fqdn>. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : WriteError: (0:Int32) [Add-ADPermission], ADOperationException
+ FullyQualifiedErrorId : FE24751F,Microsoft.Exchange.Management.RecipientTasks.AddADPermission
What could be the problem, considering the items below :
- inheritance is not broken to the level of the distribution group object
- the account used to run the cmdlet is a member of the Organization Management group
- creating a new distribution group in the same OU and running the command works as expected; checking the permission for this group against MyGroup (using Get-DistributionGroup testgroup | Get-ADPermission | Sort-Object User,AccessRights | ft user,accessrights,extendedrights,properties)
shows no differences.
- adding the permission using ADUC results in the user being able to Send As the group, however I'm trying to find out the root cause of the Powershell cmdlet execution problem
- there is no Deny permission on the group's ACL
- the group didn't have the "Hide Membership" feature of Exchange 2003 applied, so there shouldn't be any non-canonical ACL issuesAnyone ever come up with a solution to this? I get something similar when Activesync tries to create objects on user containers.
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Test User,OU=Domain Users,DC=domain,DC=com" container under Active Directory user "Active Directory operation failed on DELL7S09.domain.com. This error is not retriable.
Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchActiveSyncDevices" and doesn't have any deny permissions that block such operations.
Details:%3
So...I get this after I introduced a MS Exchange 2010 SP3 RU8 server into my environment. You can find LOTS of people suggesting the same fix but I've not found anything that deviates from those fixes: check the "inherit permissions",
and give full permis to msExchActiveSync devices for the Exchange Servers security group, blah blah.
I got to this point by following a Migrate to Exch2010 paper by MS. I have no Win2k servers, my old Exchange server is Win2003r2SP2 with Exch2003SP2 fully patched. The Exch server is also a DC. I installed a new 2012r2 server and then patched
it. Installed Exch2010SP3Ru8 and all seems well.
The old Exch2003 server is still in production. My iPhone army connects remotely for mail, and all works great. I created a new Test User in AD, gave it a mailbox on the 2003 server, and waited a bit. It eventually shows up in the Server
Manager on the new 2010 Exch Server. I send it a bunch of emails, connect to it with an outook client on a Win7 machine, all works. I go to the SM on the 2010 box and migrate the mailbox to the new server. It works. I can connect with
outlook, send receive mail to other users in the org. I then try to connect with my iPhone and I get the message in Event Viewer over and over.
Went so far as to Promo the new 2012 server to a DC. seems to be fine. Now am wondering if I Demote the old Exch2003 server will it help...or cause a new crop of issues.... -
Active Directory Replication failed
Hi all,
I'm deploying lync server 2010 in virtual server.
My Domain controller is a physical server.
Windows update restart is done when almost 90% of deployment is completed.
During enabling users in Lync Server control panel
I have got an issue after server restart, is active directory replication failed.
Regards,
Arun.The problem is more related with Domain Controller.
Please check the event log on Domain Controller.
You can also refer to the following link to troubleshoot Active Directory Replication Problems:
http://technet.microsoft.com/en-us/library/cc738415(v=ws.10).aspx
Lisa Zheng
TechNet Community Support -
Join acs express to active directory domain
i have a problem joining acs express active directory domain , both are reachable to each other in the same subnet & no firewalls between them , but when i test the connectivity it gives this error:
" required service unavailable. DNS is setup correctly , and the domain controller is reachable , however , one of the required services, such as ldap,kerberos, or global catalog service is not available. This issue may arise if there is a firewall between AD domain controller, and the ACS Express appliance"It is sounds like a bug CSCsw29387 Join AD domain, with one DC down fails. If the ACS Express is trying to join an AD domain in a multi domain controller environment and one of the domain controllers is down, the ACS Express will fail to join the domain.
-
Verification of prerequisites for Active Directory preparation failed
We currently have Windows Server 2003 SBS, SP2, Domain Controller. Would like to add Windows Server 2012, Standard, 64-bit as a backup domain controller.
"Verification of prerequisites for Active Directory preparation failed. Unable to perform Exchange schema conflict check for domain sxxxx.local.
Exception: The RPC server is unavailable.
Adprep could not retrieve data from the server name.xxxxx.local through Windows Managment Instrumentation (WMI).
[User Action]
Check the log file ADPrep.log in the C:\Windows\debug\adprep\logs\20130417103902-test directory for possible cause of failure."
What the log says is really:
"Adprep encountered a Win32 error. Error code: 0x6ba Error messa The RPC server is unavailable."
Can anyone has similar experience shred some lights to troubleshoot this? Have reviewed
other links that have similar probems but that doesn't help.
Many Thanks!Of course I CANNOT remove Symnatec as Meinolf suggests. That would be out of my mind!! I tried to stop all their services though which doesn't help. I know this has nothing to do with Symantec. Here comes another test, the final one:
Test 8
This article is really good as it concludes very thoroughly about the problems about "800706BA - RPC Server Is Unavailable" and other WMI query issues:
http://goo dot gl/l2iha
I started looking at he ISA 2004 on our SBS 2003.
Tried to disable the RPF Filter:
a. Open Microsoft Internet Security and Acceleration Server 2004
b. Go to Configuration > Add-in and location RPC Filter on the right side, right-click on it and select Properties, uncheck 'Enable this filter'
c. Hit Apply....
d. Now I go back to Windows 7 and test the WMI query.
The result: it WORKS!
e. Next, I tried that on the Windows Server 2012 like so:
c:>wmic /node:sbs2003servername computersystem list brief /format:list
It also works!
f. Next also on Windows Server 2012, I continued on what was left over. I did the "Rerun prerequisites check " and no surprise - "All prerequisite checks passed successfully. Click 'Install' to begin installation"!
Well that concludes the problem of installing Windows Server 2012 (standard) as a backup domain controller to a Windows SBS 2003 domain controller and the troubleshooting process that finally led to a solution that solves my problem. Thanks for all
the discussions over the web. Every bit counts!
Well if this helps you in some way, give me some points to buy beer! I am going to have a drink with Bill, Cheers!
Maybe you are looking for
-
4/8/2014 - Release - Flash Player 13
The next version of Flash Player is available for immediate download. In today's release we've updated Flash Player with important security updates and bug fixes. Security update details can be found here: Security Bulletin (APSB14-09) New Features
-
ActiveX- Excel- Adding top and bottom border
Hi, I'm trying to add a border to a range of cells in excel by the mean of activeX. I need to add only the top border and the bottom one. I have tried using the selection property contained in Globals. I have also tried creating a style in the curren
-
Procedure compilation failed with SQL command not properly ended error
Hi All, Kindly help me to fix this. I am compiling a procedure and getting an error. Procedure and error details are as follows: Procedure: CREATE or REPLACE PROCEDURE jiostore_new.auditReportCount (u_name IN VARCHAR2,stdate IN DATE,eddate IN DATE) I
-
Consolidating multiple Itunes accounts
Just bought a new I Mac - need some insight on how to move all of my itunes from 2 PC's to new mac so that i can sync all devices with this one mac
-
it was organized with folders, albums... I am very sad. The phos is in the computer and listed by date in iphot folder but not the folders and albums. I did cmd-alt restore but nothing... any ideas?