Active Directory Not Replicating
Hey Guys,
I have a Windows 2012 server but it has a demo license, this is also my DC. I am trying to create another DC and let it replicate so I can license the new properly and stuff. I have the DNS of each server pointing to each other as the primary and themselves
as the alternative. When I check my SYSVOL folder and go to domains, its empty, as I shutdown my original DC the other one the entries disappear and I get errors. When I go to the event log on my new DC I get errors with event IDs 1202 and 2213. Any assistance
with this issue i'm having will be greatly appreciated, thanks!
Regards,
Jevon.
Please follow this , it should help expecially this section:
For environments that have two domain controllers
Determine whether a dirty shutdown was detected (event ID 2213) on either domain controller. You may find the second domain controller
is waiting to complete initialization of SYSVOL, This is because after promotion, it will have logged a 4614 event that indicates that DFS Replication is waiting to perform initial replication, and it will not have logged a 4604 event signaling that
DFS Replication has initialized SYSVOL.
If content freshness is enabled on both domain controllers
If the second domain controller is waiting to perform initial synchronization (event 4614 logged without the 4604 anti-event), follow
the section of article 2218556 to
set the first domain controller as authoritative. You do not have to configure the second domain controller as nonauthoritative, because it is already waiting to perform initial synchronization.
Or, if the second domain controller is healthy and SYSVOL is shared, perform the following steps:
Back up all SYSVOL contents of the first domain controller.
Evaluate if the second domain controller's SYSVOL data is up to date. If it is not, you may want to copy updated SYSVOL files to the second domain controller from the first domain controller. Otherwise, any existing data
present on first domain controller not present on the second will go into the 'PreExisting' and 'Conflict and Deleted' folders.
Set the first domain controller as nonauthoritative by disabling the membership per 2218556.
Confirm that an event ID 4114 is logged to indicate the membership is disabled.
Enable the first domain controller's membership, and wait for the 4614 and 4604 events that report completion of the initial synchronization. If it is necessary, restore any updated files from "PreExisting" to the
original location.
If content freshness is not enabled or triggered on both domain controllers
If the first domain controller is in the event ID 2213 state and the second domain controller has never completed initialization
after it was promoted and content freshness has not been triggered, perform the following steps:
Run the ResumeReplication WMI method on the first domain controller as instructed in the 2213 event.
After replication resumes, it will log an event ID 4602 that indicates that DFS Replication initialized the SYSVOL replicated folder and designated it as the primary member.
Run the dfsrdiag pollad command on the second domain controller to trigger it to complete initial sync (event ID 4614). As soon as initial sync is finished, event ID 4604 is logged, signaling SYSVOL
has completed initialization.
Or, if the first domain controller is in the 2213 state and the second domain controller is healthy (SYSVOL is shared), run theResumeReplication WMI
method on the first domain controller. It will log event ID 2214 at the completion of dirty shutdown recovery.
This post is provided AS IS with no warranties or guarantees, and confers no rights.
~~~
Questo post non fornisce garanzie e non conferisce diritti
Similar Messages
-
Active Directory not replicating from SBS 2003 to Server 2008 R2 Standard
I have an old SBS 2003 server and am migrating to a 2008 R2 server. I followed this guide:
http://demazter.wordpress.com/2010/04/29/migrate-small-business-server-2003-to-exchange-2010-and-windows-2008-r2/
I followed the guide (except the exchange stuff, because they are moving from exchange to Google apps for business) and everything went fine.
I removed the sbs from Domain controller status (dcpromo'ed it out) and everything seemed to go fine. I haven't turned off the old server yet, because they are still using it for a couple of other unrelated applications.
After I did this I added new computers to active directory, but they only showed up on the active directory on the old sbs (I think something went wrong when I too the old sbs out of domain controller status).
I ran dcdiag on the new server and this is the result:
Time Generated: 01/10/2014 14:57:56
Event String:
The SiSRaid4 service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:57:56
Event String:
The stexstor service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:57:56
Event String:
The vhdmp service failed to start due to the following error:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:57:56
Event String:
The vsmraid service failed to start due to the following error:
A warning event occurred. EventID: 0x8000001D
Time Generated: 01/10/2014 14:58:00
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
An error event occurred. EventID: 0x0000164A
Time Generated: 01/10/2014 14:58:20
Event String:
The Netlogon service could not create server share C:\Windows\SYSVOL
\sysvol\PIIKANIPW.local\SCRIPTS. The following error occurred:
An error event occurred. EventID: 0xC0001B58
Time Generated: 01/10/2014 14:58:21
Event String:
The Qntm3520 service failed to start due to the following error:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 14:58:36
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0x00002724
Time Generated: 01/10/2014 14:58:40
Event String:
This computer has at least one dynamically assigned IPv6 address.For
reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x800013B8
Time Generated: 01/10/2014 14:58:49
Event String:
The application '/tmsWebAgent' belonging to site '1' has an invalid
AppPoolId 'Classic .NET AppPool' set. Therefore, the application will be ignore
d.
A warning event occurred. EventID: 0x80003BC4
Time Generated: 01/10/2014 15:01:53
Event String:
SSL Certificate Settings deleted for Port : 0.0.0.0:50106 .
A warning event occurred. EventID: 0x80003BC5
Time Generated: 01/10/2014 15:01:53
Event String:
SSL Certificate Settings created by an admin process for Port : 0.0.
0.0:50106 .
An error event occurred. EventID: 0xC0001B7A
Time Generated: 01/10/2014 15:01:59
Event String:
The TMS Print Agent service terminated unexpectedly. It has done th
is 1 time(s).
A warning event occurred. EventID: 0x0000000C
Time Generated: 01/10/2014 15:02:00
Event String:
Time Provider NtpClient: This machine is configured to use the domai
n hierarchy to determine its time source, but it is the AD PDC emulator for the
domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a
reliable time service in the root domain, or manually configure the AD PDC to s
ynchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time sou
rce is not configured or used for this computer, you may choose to disable the N
tpClient.
An error event occurred. EventID: 0x0000165B
Time Generated: 01/10/2014 15:02:34
Event String:
The session setup from computer 'PK-PC1' failed because the se
curity database does not contain a trust account 'PK-PC1$' referenced by t
he specified computer.
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:03:37
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
A warning event occurred. EventID: 0x000727AA
Time Generated: 01/10/2014 15:04:01
Event String:
The WinRM service failed to create the following SPNs: WSMAN/PKDC01.
PIIKANIPW.local; WSMAN/PKDC01.
A warning event occurred. EventID: 0x80003BC4
Time Generated: 01/10/2014 15:06:54
Event String:
SSL Certificate Settings deleted for Port : 0.0.0.0:50106 .
A warning event occurred. EventID: 0x80003BC5
Time Generated: 01/10/2014 15:06:54
Event String:
SSL Certificate Settings created by an admin process for Port : 0.0.
0.0:50106 .
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:08:37
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x000016AD
Time Generated: 01/10/2014 15:13:21
Event String:
The session setup from the computer PK-PC1 failed to authentic
ate. The following error occurred:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:13:38
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:18:39
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:20:28
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000457
Time Generated: 01/10/2014 15:20:33
Event String:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:23:39
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:28:40
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:33:41
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following:
An error event occurred. EventID: 0x00000422
Time Generated: 01/10/2014 15:38:41
Event String:
The processing of Group Policy failed. Windows attempted to read the
file \\PIIKANIPW.local\sysvol\PIIKANIPW.local\Policies\{31B2F340-016D-11D2-945F
-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Po
licy settings may not be applied until this event is resolved.
......................... PKDC01 failed test SystemLog
Starting test: VerifyReferences
......................... PKDC01 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : PIIKANIPW
Starting test: CheckSDRefDom
......................... PIIKANIPW passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... PIIKANIPW passed test CrossRefValidation
Running enterprise tests on : PIIKANIPW.local
Starting test: LocatorCheck
......................... PIIKANIPW.local passed test LocatorCheck
Starting test: Intersite
......................... PIIKANIPW.local passed test Intersite
I also noticed that the SYSvol share on the new server is empty and the NETLOGON share doesn't exist.
Please help! Thanks.Hi,
Do you currently have any relevant errors in your System or Application logs?
Seems like the replication is not successfully.
An SBS server shouldn't shut down upon detecting the existence of another DC as that's a fully supported scenario.
Regards.
Vivian Wang -
Active Directory Not Syncing Correctly in ES2
Hello,
We had our Active Directory 2003 synced up using Adobe Livecycle ES. There would be around 30,000 users that would be synced and this would take around 3 - 4 1/2 minutes to run. This worked perfectly for us for the past half of a year or so.
Last week we upgraded to ES2 and moved all of our processes over. We removed ES and did a fresh install of ES2. Everything seems to be working fine now except the Active Directory isn't syncing properly. When we run the sync, different numbers of users will be fetched. Sometimes it's around three thousand, sometimes seven thousand, sometimes ten thousand, but it never seems to get through them all. In the server log it does say that the directory synchronization completed successfully though even though the number fetched is changing. We made sure the settings are exactly the same as they were before, and we even tried a few different settings, but it still doesn't get all the users. For testing purposes, we tried changing the search filter to pick specific people that aren't showing up during the normal sync and it will show up fine, so I'm wondering if there is something stopping it from going all the way through?
We also have another enterprise domain connected which has around 2,000 users on it and have not had this problem with it.
Here are some of the sync statistics from the past few syncs: (The active directory name has been stripped for security purposes). If you need any more information please feel free to ask. We would like to have this resolved as soon as possible.
2010-05-30 21:02:51,366 INFO [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
========== Synch Statistics for ============
Total User Fetched - 5633
Total Group Fetched - 0
Total Members Fetched - 0
Total time taken is 110 sec
[100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 110,375 ms, Max 110359 ms, Min 16 ms, Avg 55187 ms
--[99.99%] [99.99%]User and group phase(1 runs) : Total 110,359 ms, Max 110359 ms, Min 110359 ms, Avg 110359 ms
----[95.78%] [95.80%]Users synch from (6 runs) : Total 105,719 ms, Max 19141 ms, Min 14281 ms, Avg 17619 ms
------[1.18%] [1.23%]Provider (31 runs) : Total 1,298 ms, Max 109 ms, Min 31 ms, Avg 41 ms
--[0.01%] [0.01%]Memberhsip phase(1 runs) : Total 16 ms, Max 16 ms, Min 16 ms, Avg 16 ms
-------Persistence Statistics-------
Users ->
added = 8
removed = 2568
updated = 5625
unchanged = 0
renamed = 0
failed = 0
UniqueId changed = 0
Groups ->
added = 0
removed = 0
updated = 0
unchanged = 0
failed = 0
UniqueId changed = 0
Emails ->
added = 8515
removed = 106
unchanged (In changed Principals) = 16784
Group Members ->
added = 0
removed = 0
unchanged = 0
unknown = 0
failed = 0
-------Batch Statistics-------
Successful User Batches = 113
Failed User Batches = 0
Successful Group Batches = 0
Failed Group Batches = 0
Successful Member Batches = 0
Failed Member Batches = 0
======================================
2010-06-02 21:03:43,692 INFO [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
========== Synch Statistics for ============
Total User Fetched - 7140
Total Group Fetched - 0
Total Members Fetched - 0
Total time taken is 165 sec
[100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 164,781 ms, Max 164750 ms, Min 31 ms, Avg 82390 ms
--[99.98%] [99.98%]User and group phase(1 runs) : Total 164,750 ms, Max 164750 ms, Min 164750 ms, Avg 164750 ms
----[96.78%] [96.79%]Users synch from (8 runs) : Total 159,469 ms, Max 26719 ms, Min 3500 ms, Avg 19933 ms
------[1.01%] [1.05%]Provider (42 runs) : Total 1,667 ms, Max 109 ms, Min 15 ms, Avg 39 ms
--[0.02%] [0.02%]Memberhsip phase(1 runs) : Total 31 ms, Max 31 ms, Min 31 ms, Avg 31 ms
-------Persistence Statistics-------
Users ->
added = 8
removed = 5
updated = 7132
unchanged = 0
renamed = 1
failed = 0
UniqueId changed = 0
Groups ->
added = 0
removed = 0
updated = 0
unchanged = 0
failed = 0
UniqueId changed = 0
Emails ->
added = 3340
removed = 105
unchanged (In changed Principals) = 33761
Group Members ->
added = 0
removed = 0
unchanged = 0
unknown = 0
failed = 0
-------Batch Statistics-------
Successful User Batches = 142
Failed User Batches = 1
Successful Group Batches = 0
Failed Group Batches = 0
Successful Member Batches = 0
Failed Member Batches = 0
======================================
2010-06-03 08:56:43,286 INFO [com.adobe.idp.um.businesslogic.synch.DomainSynchronizer]
========== Synch Statistics for ============
Total User Fetched - 2960
Total Group Fetched - 0
Total Members Fetched - 0
Total time taken is 68 sec
[100.00%] [100.00%]Domain Synchronizer(2 runs) : Total 67,984 ms, Max 67921 ms, Min 63 ms, Avg 33992 ms
--[99.91%] [99.91%]User and group phase(1 runs) : Total 67,921 ms, Max 67921 ms, Min 67921 ms, Avg 67921 ms
----[96.37%] [96.46%]Users synch from (3 runs) : Total 65,516 ms, Max 23016 ms, Min 19766 ms, Avg 21838 ms
------[4.00%] [4.15%]Provider (17 runs) : Total 2,719 ms, Max 844 ms, Min 31 ms, Avg 159 ms
--[0.09%] [0.09%]Memberhsip phase(1 runs) : Total 63 ms, Max 63 ms, Min 63 ms, Avg 63 ms
-------Persistence Statistics-------
Users ->
added = 2
removed = 6632
updated = 2958
unchanged = 0
renamed = 0
failed = 0
UniqueId changed = 0
Groups ->
added = 0
removed = 0
updated = 0
unchanged = 0
failed = 0
UniqueId changed = 0
Emails ->
added = 3
removed = 1
unchanged (In changed Principals) = 10035
Group Members ->
added = 0
removed = 0
unchanged = 0
unknown = 0
failed = 0
-------Batch Statistics-------
Successful User Batches = 60
Failed User Batches = 0
Successful Group Batches = 0
Failed Group Batches = 0
Successful Member Batches = 0
Failed Member Batches = 0
======================================We do have quite a few that are missing an attribute, specifically:
2010-06-06 21:05:47,579 WARN [com.adobe.idp.um.businesslogic.synch.LdapHelper] Record [xxxx] is missing required attribute [objectSID] for canonicalName i.e uniqueIdentifier field
This is something that was on our old system as well:
2010-05-25 03:02:35,559 INFO [com.adobe.idp.um.provider.directoryservices.LDAPDirectoryPrincipalProviderImpl] UserM:: [Thread Hashcode: 3010887] This record is missing a required attribute and cannot be used. Specifically CanonicalName is null. Common Name: xxxx
We have many users in our active directory with just email accounts so that users are able to search for a name and find the email address in outlook. I have checked through these and they look fine (though there are fewer entries in ES2 since there are fewer users being fetched).
As for the locked users, here is what we received:
2010-06-06 21:05:47,579 INFO [com.adobe.idp.um.businesslogic.synch.LdapPrincipalProvider] Found [1257] locked users while synching. These users were ignored
This sounds about right for the amount of users that were fetched.
If you have any more questions or ideas, please let us know. We would like to have this resolved as soon as possible. Thanks. -
Active Directory not working Windows Server 2003 R2
Hi,
Like the subject said my root problem is either my Active Directory or DSN server. In order to properly explain the situation I will have to make the full Story. I was contacted by a family member to help
out a Non profit organisation with there server problem. Their current config is Windows Server 2003 R2 Running DC,AD,DNS,DCHP,File Services( i know is not efficient).
Here is how I come in to play, prior of me helping the had another server running same spec started having hardware failure and the invested in a new server. The person that set it up did replicate the server
on the new one as far as AC and Domain controller but nothing else. We ll now the DC01 failed and no user cannot login into a new computer
or if a new employee will try to added the changes don't take effect. Seeing the situation I went for the basic and seize fsmo roles to the new server. Perform Metadata clean up. Configure the DC02 as Master Domain Controller. Now everything
is set up and running but still No new user can be added or any exiting can log in
a different computer. At this point am out of answer I try everything I found in the forum. Am almost to the verge of deleting all and start
from scratch me knowing all config. Sorry for the long story am not good on resuming stuff. Please let me know If I need to add any other detail
I repeat DC01 is DEAD...
Also when a new user try to login or an existing user try to loging they get the system cannot log you on now because the domain is not availableNot Sure if this is the info requested but I ran the commands
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\administrator.LUTHERAN>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc02
Primary Dns Suffix . . . . . . . : Lutheran.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Lutheran.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #45
Physical Address. . . . . . . . . : 00-1C-23-BF-E6-69
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.6
Primary WINS Server . . . . . . . : 192.168.100.6
C:\Documents and Settings\administrator.LUTHERAN>
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Internet Protocol (TCP/IP)
Bind Name: Tcpip
Binding Paths:
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Client for Microsoft Networks
Bind Name: LanmanWorkstation
Binding Paths:
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: Client for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : WebClient
Bind Name: WebClient
Binding Paths:
Component Name : DHCP Server
Bind Name: DHCPServer
Binding Paths:
Component Name : Wireless Configuration
Bind Name: wzcsvc
Binding Paths:
Component Name : Network Load Balancing
Bind Name: Wlbs
Binding Paths:
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Component Name : Steelhead
Bind Name: RemoteAccess
Binding Paths:
Component Name : Dial-Up Server
Bind Name: msrassrv
Binding Paths:
Component Name : Remote Access Connection Manager
Bind Name: RasMan
Binding Paths:
Component Name : Dial-Up Client
Bind Name: msrascli
Binding Paths:
Component Name : File and Printer Sharing for Microsoft Networks
Bind Name: LanmanServer
Binding Paths:
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Generic Packet Classifier
Bind Name: Gpc
Binding Paths:
Component Name : Application Layer Gateway
Bind Name: ALG
Binding Paths:
Component Name : NetBIOS Interface
Bind Name: NetBIOS
Binding Paths:
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : WAN Miniport (IP)
Bind Name: NdisWanIp
Binding Paths:
Component Name : Direct Parallel
Bind Name: {A4DC6983-452B-41F9-B696-5112E5E6F1C6}
Binding Paths:
Component Name : WAN Miniport (PPPOE)
Bind Name: {5B69EEC5-2676-460B-9E03-F38B02BA4474}
Binding Paths:
Component Name : WAN Miniport (PPTP)
Bind Name: {DEE98315-C28A-4CC8-9233-E6C3506C16D3}
Binding Paths:
Component Name : WAN Miniport (L2TP)
Bind Name: {9BFC4E35-93B2-4811-8A56-69149ED0837E}
Binding Paths:
Component Name : RAS Async Adapter
Bind Name: {50239872-7742-4BB5-A28E-0B814085C2A6}
Binding Paths:
Component Name : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #48
Bind Name: {19218099-5DDC-4936-A111-75E4D7250A24}
Binding Paths:
Component Name : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #45
Bind Name: {52BE526E-7FAE-4458-9691-E333DA333601}
Binding Paths:
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\administrator.LUTHERAN> -
Active Directory not binding in AD Plugin
I cannot bind to the Active Directory at work using the ActiveDirectory Plugin for the Directory Access utility.
I keep getting the error message "Invalid Domain"
If I try to ping server.domain.local it does not work. If I try to ping the IP of the server, it works.
The DNS server is Windows Server 2003 based, and has the entire subnet under Reverse Lookup.
I can connect to Samba Shares based on server names, so it knows how to find servers on the network when looking for shares, just not when looking to ping, bind to domain, or browse websites on local servers.
I am able to bind to the LDAP server and browse all the users and computers using LDapper just fine.In case someone else tries this, this DOES NOT WORK IN LEOPARD!
Leopard added an official Active Directory module that effectively drops any Active Directory support. I have not heard of anyone getting it to work consistently. I was able to check out a kerberos ticket then enable AD authentication, and it worked great, until I turned off the computer and came back the next day and it broke. As soon as the kerberos ticket expires, so does any hope of authenticating against the AD Domain Controller.
Incredibly frustrating. -
Changes in Active Directory not reflected in SharePoint user info
I have change the manager & name in Active directory but it's not reflecting in sharepoint. I found one command
stsadm -o migrateuser
-oldlogin <domain\name>
-newlogin <domain\name>
[-ignoresidhistory]
But i don't want to do one by one i have many users is there any command for migrate all updated user informationThe migrateuser command is really only when a user's ID changes. Making changes such as name and manager should still be reflected under the original ID. If the changes doesn't propagate, ensure that your User Profile Service Sync completed successfully.
Check for errors and address any you find. A successful sync will propagate the changes properly.
Start here:
http://technet.microsoft.com/en-us/library/ff382639(v=office.15).aspx
I trust that answers your question...
Thanks
C
|
RSS |
http://crayveon.com/blog |
SharePoint Scripts | Twitter |
Google+ | LinkedIn |
Facebook | Quix Utilities for SharePoint -
Active Directory not showing up in Shared Service Console
Hi,
I successfully installed EPM Version 11.1.1.1.0 in my PC, can able to access shared services through URL. But I have not seen Active Directory configured, i believe this will taken care automatically during software installation.
I was seeing AD last week, this monday I uninstalled and installed, this time missing AD showing up. I make use of NTLM directory.
Could you please suggest me how to add this AD in shared service console...Its kind of urgent ..please help.
Regards,
UBBut to my surprise, how come I am not able to see this now. I was seeing the AD last week and in fact, i did uninstalls and installs several times, did not face such kind of issues.
Could you please clarify how this has gone from the shared services.
Regards, UB -
Active directory not logging in
We have a mac lab that is logging into active directory. We had all of the logging in with no problems. Now some of the computers will not log in with an a good active directory login. If we unbind and then rebind the computer, it works fine. All macs are running 10.4.5. Any ideas what can be wrong? Thanks.
post your system.log should give you any hint
also check the settings when you can login and compare them when they dont
in tiger, the forest is set to automatically and also you can auhtenticate to cross domains, check uncheck this option to see if it makes any difference -
New Server 2012 install - Active Directory not working properly
We recently converted from 2003 to 2012. Our 2012 R2 server seems to be running fine. We did a DCPROMO on the OLD 2003 DC just fine but now there are all sorts of odd errors (Sharepoint can't authenticate users, Can't run Exchange 2013 on another 2012 server
because it can't find AD, etc.)
on the DC we have a Group Policy error 1096. "Group Policy Object LDAP://CN=User,cn={2B476B3E-2749-4B1B-8EC1-F5672A66F94F},cn=policies,cn=system,DC=mydom,DC=local\\mydom.local\SysVol\mydom.local\Policies\{2B476B3E-2749-4B1B-8EC1-F5672A66F94F}\User\registry.pol"
So far I haven't found anything on how to fix this (and the AD itself.) There are some errors in the DCDIAG log, too:
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\ISD-DC1\netlogon)
[ISD-DC1] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
Any suggestions how we can fix these errors are greatly appreciated!Hi,
Did you migrate the Active Directory from Windows server 2003 to Windows server 2012?
Please refer to this article:
https://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
Regards.
Vivian Wang -
Bootcamp iMac + Active Directory = Not working!
I have a 2009 iMac with bootcamp and XP pro SP3 running great.
Now have to bind to Active directory box and having issues.
Will bind perfectly but upon restart the login windows stalls on selecting the new domain. the machine then needs to be restarted and same again etc etc.
I have a thinkpad with same install and it works a treat so definitely the iMac thats causing the issue.
Could it be the EFI?
Anyone had similar problems?
Any help would be grand
thanksI have a 2009 iMac with bootcamp and XP pro SP3 running great.
Now have to bind to Active directory box and having issues.
Will bind perfectly but upon restart the login windows stalls on selecting the new domain. the machine then needs to be restarted and same again etc etc.
I have a thinkpad with same install and it works a treat so definitely the iMac thats causing the issue.
Could it be the EFI?
Anyone had similar problems?
Any help would be grand
thanks -
Cisco Prime Infrastructure 1.2 synchronizaton with active directory
hi all
I have installed Cisco Prime Infrastructure 1.2 and I want to make a synchronization between the PI and the active directory
note:
I want to make that to be able to search about the users on cisco prime infrastructure using Hostname instead of serching on it using IP or MAC address.
how can I do this task ???
thanks all.
I appreciate your support.Hi Mohamed,
Integration with AD is not supported in PI
Thanks-
Afroz
[Do rate the useful post] -
Fix: Active directory corrupted (NTDS ISAM Database Corruption errors in eventlog)
It worked for me!
Frank Keunen
IT-Pro Evangelist :: Microsoft IT Infrastructure Engineer
Follow the procedure below to fix Microsoft Active Directory database problems (corrupted Active Directory due to e.g memory issues/disk problems):
1. Reboot the server and press F8. Choose Directory Services Restore Mode from the Menu.
2. Check the physical location of the Winnt\NTDS\ folder.
3. Check the permissions on the \Winnt\NTDS folder. The default permissions are: Administrators – Full Control System – Full Control
4. Check the Winnt\Sysvol\Sysvol folder to make sure it is shared.
5. Check the permissions on the Winnt\Sysvol\Sysvol share. The default permissions are: Share Permissions: —————— Administrators – Full Control Authenticated Users – Full Control Everyone – Read NTFS Permissions: —————– Administrators – Full Control Authenticated
Users – Read & Execute, List Folder Contents, Read Creator Owner – none Server Operators – Read & Execute, List Folder Contents, Read System – Full Control Note: You may not be able to change the permissions on these folders if the Active Directory
database is unavailable because it is damaged, however it is best to know if the permissions are set correctly before you start the recovery process, as it may not be the database that is the problem.
6. Make sure there is a folder in the Sysvol share labeled with the correct name for their domain.
7. Open a command prompt and run NTDSUTIL to verify the paths for the NTDS.dit file. These should match the physical structure from Step 2. To check the file paths type the following commands: Start a command prompt NTDSUTIL Files Info The output should
look similar to: Drive Information: C:\ NTFS (Fixed Drive) free (2.9 Gb) total (3.9 Gb) D:\ NTFS (Fixed Drive) free (3.6 Gb) total (3.9 Gb) DS Path Information: Database : C:\WINNT\NTDS\ntds.dit – 10.1 Mb Backup dir: C:\WINNT\NTDS\dsadata.bak Working dir:
C:\WINNT\NTDS Log dir : C:\WINNT\NTDS – 30.0 Mb total res2.log – 10.0 Mb res1.log – 10.0 Mb edb.log – 10.0 Mb This information is pulled directly from the registry and mismatched paths will cause Active Directory not to start. Type Quit to end the NTDSUTIL
session.
8. Rename the edb.chk file and try to boot to Normal mode. If that fails, proceed with the next steps.
9. Reboot into Directory Services Restore mode again. At the command prompt, use the ESENTUTL to check the integrity of the database. NOTE: You can use NTDSUTIL to check the Integrity, however esentutl is usually more reliable. Type the following command:
ESENTUTL /g “\NTDS.dit” /!10240 /8 /v /x /o (Note: Type the path without the quotes). Note: The default path would be C:\Winnt\NTDS\ntds.dit; however it may be different in some cases. The output will tell you if the database is inconsistent and may produce
a jet_error 1206 stating that the database is corrupt. If the database is inconsistent or corrupt it will need to be recovered or repaired . To recover the database type the following at the command prompt: NTDSUTIL Files Recover If this fails with an error,
type quit until back at the command prompt and repair the database using ESENTUTL by typing the following: ESENTUTL /p “\NTDS.dit” /!10240 /8 /v /x /o (Note: Type the path without the quotes). Note: If you do not put the switches at the end of the command
you will most likely get a Jet_error 1213 “Page size mismatch” error.
10. Delete the log files in the NTDS directory, but do not delete or move the ntds.dit file.
11. The NTDSUTIL tool needs to be run again to check the Integrity of the database and to perform a Semantic Database analysis. To check the integrity, at the command prompt type: NTDSUTIL Files Integrity The output should tell you that the integrity check
completed successfully and prompt that you should perform a Semantic Database Analysis. Type quit. To perform the Semantic Database Analysis type the following at the NTDSUTIL Prompt type: Semantic Database Analysis Go The output will tell you that the Analysis
completed successfully. Type quit and closes the command prompt. NOTE: If you get errors running the Analysis then type the following at the semantic checker prompt: semantic checker: go fix This puts the checker in Fixup mode, which should fix whatever errors
there were.
12. Reboot the server to Normal Mode. If any of these steps fail to recover the database the only alternative is to perform an Authoritative System State restore from backup in Directory Services Restore mode. For more information, please refer to the following
articles: 315136 HOW TO: Complete a Semantic Database Analysis for the Active Directory http://support.microsoft.com/?id=315136 265706 DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation http://support.microsoft.com/?id=265706 258007
Error Message: Lsass.exe – System Error : Security Accounts Manager http://support.microsoft.com/?id=258007 265089 Event 1168: Windows 2000 DCs Unable to Boot into Active Directory http://support.microsoft.com/?id=265089 315131 HOW TO: Use Ntdsutil to Manage
Active Directory Files from the Command http://support.microsoft.com/?id=315131 BR – FrankFrank: This procedure (with some variations required for my environment) worked
perfectly. Thank you very much.
To other readers: The procedure works, but it is a loaded gun. Be careful and methodical.
The specifics of my situation, which I offer as additional information, are:
Windows Server 2003 R2 Standard Edition SP2 with all updates.
One server, 20 clients; of course the server is the domain controller.
I suggest running the command prompt window at an elevated security level ("run as:", followed by unchecking the "restricted" box).
I also suggest changing directories to C:\WINNT\NTDS or C:\WINDOWS\NTDS, as appropriate.
Variations:
The location of the NTDS folder is C:\WINDOWS\NTDS for an install that is not an upgrade from Server 2000.
Step 9 -- the parameters for ESENTUTL are different. For the integrity check I used "ESENTUTL /g NTDS.DIT /8" as the other parameters are not available.
Also in step 9 -- For the repair step that was required I used "ESENTUTL /p NTDS.DIT /8". There was a window warning of a possible data loss, which clicking OK cleared.
Step 11 -- NTDSUTIL FILES INTEGRITY works properly without change. However, the Semantic Database Analysis check cannot be run in a single command. I used "NTDSUTIL SEMANTIC DATABASE ANALYSIS" followed by "GO" at the next prompt. The database analysis does
not report a positive result, but if there is no warning the database passes the analysis. To be certain I ran the "GO FIX" step anyway, which gave identical output.
After this procedure the system started perfectly. I recommend this procedure as the answer to the problem.
-- E. R. Quinones -
Active Directory synchronization working, authentication not on CUBM BE5000 8.6(1a)
I successfully set up Active Directory synchronization between my CUCM BE5000 appliance running 8.6(1a) and our Windows 2008 Server Active Directory. Users are replicating successfully, but authentication is not working even though I am using the same LDAP manager distinguished name and password for both. I have a suspicion to the cause of this problem but for the record, the following is my relevant configuration:
System/LDAP/LDAP System:
LDAP Server Type Microsoft Active Directory iPlanet or Sun ONE LDAP Server OpenLDAP Microsoft Active Directory Application Mode
LDAP Attribute for User ID userPrincipalName sAMAccountName mail employeeNumber telephoneNumber
LDAP Server Type: Microsoft Active Directory
LDAP Attribute for User ID: userPrincipalName
System/LDAP/LDAP Directory:
LDAP Configuration Name: bgctnv.local
LDAP Manager Distinguished Name: CN=cm.sync,OU=BGCTNV Users,DC=bgctnv,DC=local
LDAP User Search Base: DC=bgctnv,DC=local
LDAP Server Information: bgctnv.local, port 389 (to query any domain controller in DNS; I have also tried specific IP addresses)
System/LDAP/LDAP Authentication:
LDAP Manager Distinguished Name: CN=cm.sync,OU=BGCTNV Users,DC=bgctnv,DC=local
LDAP User Search Base: LDAP user search base is formed using the User ID information (pre-populated, I cannot change this)
LDAP Server Information: bgctnv.local, port 3268
All of my Active Directory users are now populated and active under End Users. However, I am not able to log into /ccmuser among other things using my valid domain credentials. I am a super user as well as a standard end user.
Curiously, invalid usernames (userPrincipalName in my case) return the error "Log on failed - Invalid User ID or Password" while a valid username, with or without the correct password, returns only "Log on failed." That seems to imply that some part of the authentication or LDAP bind is taking place.
Here's the catch. The base domain here is bgctnv.local while we use bgctnv.org as a valid and acceptable alternative UPN suffix in Active Directory. Every Microsoft and every third-party program I have used will accept [email protected], but I'm beginning to think that CM will not, or is having some sort of translation issue. I read that alternative suffixes can cause problems in Active Directory forests with multiple trees, but this is a vanilla, single domain environment.
I don't even know where to look to debug this issue. Has anyone seen this before or can anyone tell me where to look for logs?
Thanks,
JohnI found the following:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html
As mentioned in the section on LDAP Synchronization, in order to support synchronization with an AD forest that has multiple trees, the UserPrincipalName (UPN) attribute must be used as the user ID within Unified CM. When the user ID is the UPN, the LDAP authentication configuration page within Unified CM Administration does not allow you to enter the LDAP Search Base field, but instead it displays the note, "LDAP user search base is formed using userid information."
This may help in some situations where there are multiple trees in an AD forest, but it is definitely not the solution. Even with multiple trees, it is common to use alternative UPN suffixes. Nothing in AD requires or even recommends that you exclusively use your AD domain root as the UPN suffix.
For example, company.local may use company.com as an alternative but primary UPN suffix to provide simplicity for users. Users can then achieve more broad SSO capabilities by using their familiar email credentials when authenticating for company.local services.
When using UserPrincipalName as the LDAP synchronization attribute for the CM User ID, the configuration requires that the search base for authentication be derived from the UPN suffix, regardless of whether it is a single domain or multiple trees within a forest. This makes it impossible to authenticate by UPN unless your UPN is explicitly your root domain name. From the example above, CM would try to bind [email protected] against DC=company,DC=com instead of the correct DC=company,DC=local.
The logical solution would be to allow the administrator the option. Why not have a choice of whether to generate the user search base from the userid (UPN) information, or be able to specify the search base as well like it allows with any other synchronization attribute?
Would this be a feature request, bug report, or neither? I'd really appreciate it if Cisco considered this but I don't know the proper channel. -
Active Directory domain controller could not be contacted
Hello
Help please.
I am trying to add a new server (2008) to domain 'bridgelimited.local' - only one DC (2003) doing everything at the moment. The plan is to add the new server, then move everything over from the old machine, then retire/upgrade the old machine and use as a backup.
I am currently trying to dcpromo on the new machine but I get the following error:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain bridgelimited.local:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.bridgelimited.local
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
212.50.160.100
196.168.16.2
- One or more of the following zones do not include delegation to its child zone:
bridgelimited.local
local
. (the root zone)
For information about correcting this problem, click Help.
192.168.16.2 is IP address for the DC.
Any help would be grately appreciated.
Kind Regards
RichardManaged to get the DCDIAG
Here goes (I know my harddisk is failing - that's why I am desperate to get everything shifted to the new server).
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine bridgeserver, is a DC.
* Connecting to directory service on server bridgeserver.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BRIDGESERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... BRIDGESERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\BRIDGESERVER
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... BRIDGESERVER passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BRIDGESERVER passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BRIDGESERVER passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=BridgeLimited,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=BridgeLimited,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=BridgeLimited,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=BridgeLimited,DC=local
(Domain,Version 2)
......................... BRIDGESERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... BRIDGESERVER passed test NetLogons
Starting test: Advertising
The DC BRIDGESERVER is advertising itself as a DC and having a DS.
The DC BRIDGESERVER is advertising as an LDAP server
The DC BRIDGESERVER is advertising as having a writeable directory
The DC BRIDGESERVER is advertising as a Key Distribution Center
The DC BRIDGESERVER is advertising as a time server
The DS BRIDGESERVER is advertising as a GC.
......................... BRIDGESERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Domain Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role PDC Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Rid Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
......................... BRIDGESERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2609 to 1073741823
* bridgeserver.BridgeLimited.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2109 to 2608
* rIDPreviousAllocationPool is 2109 to 2608
* rIDNextRID: 2121
......................... BRIDGESERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/bridgeserver.BridgeLimited.local/BridgeLimited.local
* SPN found :LDAP/bridgeserver.BridgeLimited.local
* SPN found :LDAP/BRIDGESERVER
* SPN found :LDAP/bridgeserver.BridgeLimited.local/BRIDGELIMITED
* SPN found :LDAP/96d36b0b-a148-4c2f-b3d3-8c2ac83fcaf9._msdcs.BridgeLimited.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/96d36b0b-a148-4c2f-b3d3-8c2ac83fcaf9/BridgeLimited.local
* SPN found :HOST/bridgeserver.BridgeLimited.local/BridgeLimited.local
* SPN found :HOST/bridgeserver.BridgeLimited.local
* SPN found :HOST/BRIDGESERVER
* SPN found :HOST/bridgeserver.BridgeLimited.local/BRIDGELIMITED
* SPN found :GC/bridgeserver.BridgeLimited.local/BridgeLimited.local
......................... BRIDGESERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [BRIDGESERVER]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BRIDGESERVER failed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... BRIDGESERVER passed test OutboundSecureChannels
Starting test: ObjectsReplicated
BRIDGESERVER is in domain DC=BridgeLimited,DC=local
Checking for CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local in domain DC=BridgeLimited,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local in domain CN=Configuration,DC=BridgeLimited,DC=local on 1 servers
Object is up-to-date on all servers.
......................... BRIDGESERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BRIDGESERVER passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... BRIDGESERVER passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... BRIDGESERVER passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:27
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:41
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:55
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:09
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:23
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:38
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:52
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:06
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:20
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:54
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:50:08
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:50:22
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:51:33
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:51:53
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:07
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:21
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:35
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:49
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:03
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:17
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:31
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:45
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:23
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:37
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:51
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:05
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:19
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:33
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:47
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:14:01
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:14:15
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:24
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:38
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:53
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:07
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:21
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:35
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:49
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:17:03
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:17:17
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
......................... BRIDGESERVER failed test systemlog
Starting test: VerifyReplicas
......................... BRIDGESERVER passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local and
backlink on
CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=BRIDGESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=BridgeLimited,DC=local
and backlink on
CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=BRIDGESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=BridgeLimited,DC=local
and backlink on
CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
are correct.
......................... BRIDGESERVER passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... BRIDGESERVER passed test VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : BridgeLimited
Starting test: CrossRefValidation
......................... BridgeLimited passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... BridgeLimited passed test CheckSDRefDom
Running enterprise tests on : BridgeLimited.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... BridgeLimited.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
PDC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
Time Server Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
KDC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
......................... BridgeLimited.local passed test FsmoCheck
The only thing I can see (other then the HDD) is the
IsmServ Service is stopped on [BRIDGESERVER]
Hope you can help. Pretty please.
Kind Regards
Richard -
Active directory users and computers wont start on a dc, "the server is not operational"
In our environment, we have 3 dc's
two which run server 2008 (they work perfectly)
and one never off branch dc that runs server 2008 r2.
We have been having some problems where we feel the replication isnt up too speed(stuff could take up to 24 hours to replicate) and now when i tried opening active directory users and computers i am met with this error window:
We have a third party DNS solution.
How do i troubleshoot this issue?dc01 (which replicates perfectly with dc02, and vise versa)
dcdiag /test:dns
C:\Users\adminuser>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Hostingpartner\ourdc01
Starting test: Connectivity
......................... ourDC01 passed test Connectivity
Doing primary tests
Testing server: Hostingpartner\ourdc01
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : int
Running enterprise tests on : int.domain.com
Starting test: DNS
Test results for domain controllers:
DC: ourdc01.int.domain.com
Domain: int.domain.com
TEST: Delegations (Del)
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain domaindnszones.int.domain.com.]
Error: DNS server: ourdc02.int.domain.com. IP:xx.xx.xx.32 [Broken delegated domain forestdnszones.int.domain.com.]
Summary of test results for DNS servers used by the above domain controllers:
DNS server: xx.xx.xx.32 (ourdc02.int.domain.com.)
2 test failures on this DNS server
Delegation is broken for the domain domaindnszones.int.domain.com. on the DNS server xx.xx.xx.32
Delegation is broken for the domain forestdnszones.int.domain.com. on the DNS server xx.xx.xx.32
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: int.domain.com
ourdc01 PASS PASS PASS FAIL n/a PASS n/a
......................... int.domain.com failed test DNS
dcdiag on dc01(which can replicate with dc02)
C:\Users\adminuser>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: hostingpartner\ourdc01
Starting test: Connectivity
......................... OURDC01 passed test Connectivity
Doing primary tests
Testing server: hostingpartner\ourdc01
Starting test: Replications
[Replications Check,OURDC01] DsReplicaGetInfoW(PENDING_OPS) failed with error 8453,
Win32 Error 8453.
......................... OURDC01 failed test Replications
Starting test: NCSecDesc
......................... OURDC01 passed test NCSecDesc
Starting test: NetLogons
[OURDC01] User credentials does not have permission to perform this operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... OURDC01 failed test NetLogons
Starting test: Advertising
......................... OURDC01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... OURDC01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... OURDC01 passed test RidManager
Starting test: MachineAccount
......................... OURDC01 passed test MachineAccount
Starting test: Services
......................... OURDC01 passed test Services
Starting test: ObjectsReplicated
......................... OURDC01 passed test ObjectsReplicated
Starting test: frssysvol
......................... OURDC01 passed test frssysvol
Starting test: frsevent
......................... OURDC01 passed test frsevent
Starting test: kccevent
......................... OURDC01 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:04:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:10:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/04/2013 15:11:17
(Event String could not be retrieved)
......................... OURDC01 failed test systemlog
Starting test: VerifyReferences
......................... OURDC01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : int
Starting test: CrossRefValidation
......................... int passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... int passed test CheckSDRefDom
Running enterprise tests on : int.domain.com
Starting test: Intersite
......................... int.domain.com passed test Intersite
Starting test: FsmoCheck
......................... int.domain.com passed test FsmoCheck
The problematic dc03:
Dcdiag gives the same output as dcdiag /test:dns
C:\Users\adminuser>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = OURDC03
Ldap search capabality attribute search failed on server NTSDC03, return
value = 81
We have an infoblox dns server on ip address xxx.y.y.251.
first error in event logs on dc03:
error 1863
This is the replication status for the following directory partition on this directory server.
Directory partition:
CN=Configuration,DC=int,DC=domain,DC=com
This directory server has not received replication information from a number of directory servers within the configured latency interval.
Latency Interval (Hours):
24
Number of directory servers in all sites:
2
Number of directory servers in this site:
2
The latency interval can be modified with the following registry key.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours)
To identify the directory servers by name, use the dcdiag.exe tool.
You can also use the support tool repadmin.exe to display the replication latencies of the directory servers. The command is "repadmin /showvector /latency <partition-dn>".
i have also go several warning 2088, 2093, 2087.
And errors 1863 pointing to different directory partitions like schema/configuration/domaindnszones/forestdnszones
Maybe you are looking for
-
How can I get iCal not to show the same birthday dates from my iCloud
How can I get iCal not to show the same birthday dates from my iCloud?
-
Is ironport blocking emails with large attachements?
I have recently adjusted my exchange server to accept attachments as large as 25mb but still when I tried to send an email with an attachment of 15mb it still bounce back as 552 552 #5.3.4 message size exceeds limit (state 18). I was wondering if nee
-
Hallo miteinander, leider ist das Breeze Forum nicht erreichbar, daher poste ich meine Nachricht mal bei euch. Ich habe mir soeben den Presenter 6 runtergeladen. Im Handbuch sowie im Quick Guide wird jedes mal die Möglichkeit aufgeführt, dass man die
-
Getting Error "Posting can't be made in period ...... and ......"
Hi , I am getting an error like "posting can't be made for period....." while posting a purchase Order receipt. As per help I need to open required periods in finance and also need to check Posting period in Material master. Could anyone pls help by
-
ATV2 Home Sharing Failure after Upgrade to 4.2.1
I have 3 ATV2s in my house. All 3 were working fine and able to stream from either my MBPro or iMac with no difficulties. Since upgrading one of my ATV2s to the newest software/firmware version 4.2.1, it is no longer able to log into my iMac library