Disabled domain controller computer object
on one of our DC's DC01 (RID/PDC) the computer account was disabled this was showing as disabled on all DC's in the domain. I have managed to fix it by changing the
User account control attribute on that object to 532480 in adsiedit on all DC's. I then had to reset the secure password for DC01 using netdom resetpwd as it had got out of sync. Everything now seems fine replication/authentication/DCdiag/netdiag
Why did this occur ? it looks like you cant disable a Domain controller computer account from the GUI ? am i likely to get any further issues
I have seen similar situations on the net but I have not found an explanation to this behavior (assuming here that this is a bug in the system). You can see references here:
http://www.kenmanohar.com/blog/tag/domain-controller-computer-account-disabled/
http://social.technet.microsoft.com/Forums/windowsserver/en-US/9fb5084e-b27d-48c8-92e7-8818fc769a90/disabled-domain-controller-computer-account
You might check if any of the administrators have mistakenly changed the value of UserAccountControl attribute. By using ADUC, you would not be able to disable the computer account of a DC.
Please also enable the auditing in AD so that you can get more details about what happened in the future: http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password
Similar Messages
-
Findout previous deleted domain controller computer name frome SID
Hi
I recently suspicious that some one in my company join new additional domain controller to my primary DC and after replication and get the domain controller partitions ,he disjoint the new additional dc .
I got the his event in my dns log :
The DNS server was unable to create a resource record for d630907c-e2f4-41cf-a2c6-adc087f25f46._msdcs.metro.com. in zone metro.com. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event
data contains the error.
I want to translate the DNS alias sid :d630907c-e2f4-41cf-a2c6-adc087f25f46
to computer name in order to find who did this?
is there a way to find out previous DC computer name after hey disconnected or DC computer account deleted?
I wonder to know ho did this?
RegardsThe guid you're referring to corresponds to the NTDS Settings object for the "lost" DC. You can do this in Powershell to get the DirectoryEntry for that guid:
[adsi]"LDAP://<GUID=d630907c-e2f4-41cf-a2c6-adc087f25f46>"
However, if the object has been deleted, you need to perform another query (in Powershell as well):
$guid = ([guid]"d630907c-e2f4-41cf-a2c6-adc087f25f46")
Get-ADObject -SearchBase "DC=metro,DC=com" -IncludeDeletedObjects -Filter { objectGuid -eq $guid }
Note that by default you need to be a member of Domain Admins or Administrators to be able to query AD for deleted objects.
Best Regards,
Carl S
All code is provided as-is with no guarantees. Always try it out in a test environment before applying it in a production environment. -
Logoncount Attribute on Computer objects in Active Directory
Hello,
I have one question about the logoncount Attribute on Active Directory objects. As I understood on user objects this attribute counts the number of logons per DC (because it is not replicating).
My question is:
What exactly is count here on computer objects?
I can see that on a Domain Controller computer object the logoncount is high for the DC itself and low on the other DC objects.
Thank you.
Regards
DennisHere is an old thread. You will see some of the explanation from our own Richard :)
http://www.techtalkz.com/windows-server-2003/500367-attributes-update-during-computer-logon.html
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights. -
Greetings,
I promoted a 2012 domain controller, with new name and IP, shutdown the old DC and re-ip'ed new DC with old IP address.
after reboot everything is working fine. I would like to deleted the old DC object name from the AD. can I do so without interruption?
Thank youDemotion using DCPROMO would have been the preferred way to go.
You should however be able to get away with deleting the computer object for the old DC using AD Users and Computers. The metadata cleanup is now included in the modern UI, so you shouldn't need to use NTDSUtil to do the cleanup of references to the
old DC.
I would also manually remove the NS record for the old DC from your DNS zone(s) as this is not handled by the object deletion.
Also, have a good look through the DNS records anyway and see if there are any references to the old name (A, SRV records) and delete them manually if you find some.
Alexei -
This is killing my remote management. I have 4 server 2012R2 domain controllers. Only one of them is being affected with this problem. Almost everytime I check, the remote registry service is disabled again. It seems like there is a corrupt
group policy preference that keeps on attacking during a policy refresh, but I can't imagine setting a group policy to disable this service. It is needed for our remote management. Also the IP Tunnel service is also disabling. Another strange
artifact is that when I set a Windows Firewall policy to add an exception for remote administration in a group policy to my Admin workstation, it seemed to set a firewall rule in other computers to block remote administration. I can not figure out where
else this strange Windows Firewall rule Blocking remote administration could have come from. These may be related or they may not, but they are occuring on the same domain controller. I am able to set the RemoteRegistry service to enabled and to
start it (which I have done too many times now), but it constantly is being changed back to disabled. I am searching the registry to find any invalid entries or artifacts that may be affecting these two annoying effects, but I cannot find anything yet.
Any ideas? I need to know what policies will disable the remoteregistry service OR the IPTunelling service, or where in the registry this could be set to enact this during a policy refresh. Of course, any other ideas are welcome, I have spent
several days troubleshooting this, and need to conquer this by tomorrow if possible, thank you. JamesHi,
Please type
services.msc in RUN to open Services panel, navigate to the Remote Registry service. Then open its Properties and set
Startup type: Automatic. Then please check if this issue still exist.
In addition, please refer to mlippold’s suggestion (the last reply) in following thread and configure relevant
value in RemoteRegistry registry key, then check if can help you to solve this issue.
For registry items, please back up all registry items before all operations. That will help us to avoid some unexpected issue.
Remote
Registry Service stops automatically if we do not use it above 10 minutes
By the way, did you open Event Viewer and check if find any relevant errors?
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
This computer is not a domain controller. biztalk configuration?
I am trying to configure biztalk server using domain service account. I have created AD & correesponding users but when i am trying to configure it its throwing belwo error
This computer is not a domain controller.
Can any one let me know what is the reason. Alos my service accound to have admin rights to SQL & BizTalk box along with SSO.
Fredif you have tried to setup the local machine as a domain controller, then it is not functioning properly. For checks and possible issues refer
http://support.microsoft.com/kb/837513/en-us
The most common causes could be
You're working with a DHCP address. It is recommended to work with a fixed IP
You setup a DC (promoted) but forgot to point the local IP Adapter to point to itself?
Your DNS binding (on the local machine) is set on both IP V4/IP V6 and service resolution is failing [this can be verified using NSLOOKUP]
Regards. -
Is it possible to change NETBIOS (Computer Name) of a computer under a domain controller via SCCM 2012 Console?
example:
Domain Name: viyella.com
current Computer (FQDN host) name: vtgit-shohal.viyella.com
New Computer (FQDN host) name: vtgit-moin.viyella.com
if so, I will organized all computer of my organization and managed.
please help.
Thanks,
Shohal Bhuiyan
Shohal BhuiyanHi,
Netdom is
a command-line tool that is built into Windows Server 2008 and Windows Server 2008 R2. It is available if you have the Active Directory Domain Services (AD DS) server role installed. It is also available if you install the Active Directory
Domain Services Tools that are part of the Remote Server Administration Tools (RSAT).
Netdom renamecomputer
http://technet.microsoft.com/en-us/library/cc788029.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Disable domain join unless computer account has first been created
Anyone know if its possible to configure Active Directory so that a computer cannot be joined to the domain unless the computer account is first created manually
Hi Meinolf,
while you are right with a Domain user can join up to 10 Computers to a Domain, that is not exaktly what happened.
Even if a user may join a new computer, this only and only is possible in case the user is allowed to write to the corresponding OU / Container, where the account needs to be created.
A join will fail if the user cannot create the computer account object. The statement is not correct in this way from an end (Computer) to end (Computer object) view.
If you worked with pre-populated Computer objects, the 10 Computer Limit is also obsolete. When you create the object you are (GUI) asked "who can join that Computer to the Domain?". If you are a member of the group put in that Dialog, there is no 10 computer
limit. You will be able to join as many Computers, as needed.
The 10 computer limit per Account is only and only valid if you did not prepopulate the object AND you have access to create a new computer account at the default OU for new computers. This is working for AD Windows Server 2003 up to AD DS Windows Server
2012 R2.
http://support.microsoft.com/kb/243327/en-us
http://blogs.technet.com/b/kevinremde/archive/2013/10/30/what-s-new-for-active-directory-in-server-2012-r2.aspx
Kind regards,
Martin -
Unable to demote a domain controller
Hi Everone,
My primary DC is windows Server 2012 R2 and ADC is windows Server 2008 x64
I am trying to demote Windows Server 2008 x64 and i am facing issues.
when i demote2008 I am getting Error : A Domain Controller could not be contacted for the domain(mydomain.com) that contains
an account for this computers.Make the computer a member of a workgroup then rejoin the domain before retrying the prmotion.
The specified domain either doesnot exist or could not be contacted
When i browse my \\windows2012dc i cannot see sysvol and netlogon shared folders.
on window2012dc C:\windows\sysvol\mydomain and mydomain folder is empty.(no issues with replication in sites and services and no issues with connectivity or gateway )
please guide me because i dont want forceful demote.I would first recommend taking backups of both DCs before proceeding with any changes.
Before trying a forced demotion, you can try the following:
Make sure that both DCs have a single NIC card enabled and only one IP address in use
Make both DCs point to the other as primary DNS server, their private IP addresses as secondary DNS server and 127.0.0.1 as third one. Once done, run
ipconfig /registerdns and restart netlogon service
Disable any security filtering between both DCs and temporary disable security software you use
If this does not help then you need to proceed with a forced demotion.
You can then proceed like the following (First, Use dcdiag to check that the Windows Server 2012 R2 DC has no problems apart of the SYSVOL folder and the replication with the other DC):
Shutdown the DC running Windows Server 2008 (Do not bring it online again without re-installing it later)
Seize all FSMO roles to your Windows Server 2012 R2 DC if it is not already the current FSMO holder: http://support.microsoft.com/KB/255504
Do a metadata cleanup to remove the data of the old Windows Server 2008 DC: Use
dssite.msc to remove its NTDS settings and object over there then use
dsa.msc to remove its AD account
Rebuild your SYSVOL tree: http://support.microsoft.com/kb/315457
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
Having trouble promoting a server to a Child Domain Controller
Hello,
I am having promoting a 2012 server that's already a member of a domain to a child domain controller. All of the prereq's are met. When I try to promote it, it shows the steps being processed. When it begins to replicate the parent domain's
database, it runs all night and never completes. Any Idea what's going on?
Thanks
John G.
John GraceHello,
Just to let you know I can ftp, telnet, and map drives to gptsserver1.gpts.biz from gptsserver2.gpts.biz but can't promote gptsserver2.gpts.biz to a child domain controller. Any help is appreciated.
Here is the contents of dcpromo.log from gptsserver2.gpts.biz:
08/13/2014 21:14:32 [INFO] Promotion request for domain controller of new domain
08/13/2014 21:14:32 [INFO] DnsDomainName gpts2.gpts.biz
08/13/2014 21:14:32 [INFO] FlatDomainName GPTS2
08/13/2014 21:14:32 [INFO] SiteName Default-First-Site-Name
08/13/2014 21:14:32 [INFO] SystemVolumeRootPath C:\Windows\SYSVOL
08/13/2014 21:14:32 [INFO] DsDatabasePath C:\Windows\NTDS, DsLogPath C:\Windows\NTDS
08/13/2014 21:14:32 [INFO] ParentDnsDomainName gpts.biz
08/13/2014 21:14:32 [INFO] ParentServer gptsserver1.gpts.biz
08/13/2014 21:14:32 [INFO] Account (NULL)
08/13/2014 21:14:32 [INFO] Options 5243072
08/13/2014 21:14:32 [INFO] Validate supplied paths
08/13/2014 21:14:32 [INFO] Validating path C:\Windows\NTDS.
08/13/2014 21:14:32 [INFO] Path is a directory
08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
08/13/2014 21:14:32 [INFO] Validating path C:\Windows\NTDS.
08/13/2014 21:14:32 [INFO] Path is a directory
08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
08/13/2014 21:14:32 [INFO] Validating path C:\Windows\SYSVOL.
08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
08/13/2014 21:14:32 [INFO] Path is on an NTFS volume
08/13/2014 21:14:32 [INFO] Child domain creation -- check the new domain name is child of parent domain name.
08/13/2014 21:14:32 [INFO] Domain Creation -- check that the flat name is unique.
08/13/2014 21:14:42 [INFO] Start the worker task
08/13/2014 21:14:42 [INFO] Request for promotion returning 0
08/13/2014 21:14:42 [INFO] Using supplied domain controller: gptsserver1.gpts.biz
08/13/2014 21:14:42 [INFO] Using supplied site: Default-First-Site-Name
08/13/2014 21:14:42 [INFO] Forcing time sync
08/13/2014 21:14:42 [INFO] Forcing a time sync with gptsserver1.gpts.biz
08/13/2014 21:14:42 [INFO] Reading domain policy from the domain controller gptsserver1.gpts.biz
08/13/2014 21:14:42 [INFO] Stopping service NETLOGON
08/13/2014 21:14:42 [INFO] Stopping service NETLOGON
08/13/2014 21:14:42 [INFO] ControlService(STOP) on NETLOGON returned 0(gle=1062)
08/13/2014 21:14:42 [INFO] Exiting service-stop loop after service NETLOGON entered STOPPED state
08/13/2014 21:14:42 [INFO] StopService on NETLOGON returned 0
08/13/2014 21:14:42 [INFO] Configuring service NETLOGON to 1 returned 0
08/13/2014 21:14:42 [INFO] Stopped NETLOGON
08/13/2014 21:14:42 [INFO] Creating the System Volume C:\Windows\SYSVOL
08/13/2014 21:14:42 [INFO] Deleting current sysvol path C:\Windows\SYSVOL
08/13/2014 21:14:43 [INFO] Preparing for system volume replication using root C:\Windows\SYSVOL
08/13/2014 21:14:43 [INFO] Created the system volume
08/13/2014 21:14:43 [INFO] Copying initial Directory Service database file C:\Windows\system32\ntds.dit to C:\Windows\NTDS\ntds.dit
08/13/2014 21:14:43 [INFO] Installing the Directory Service
08/13/2014 21:14:43 [INFO] Calling NtdsInstall for gpts2.gpts.biz
08/13/2014 21:14:43 [INFO] Starting Active Directory Domain Services installation
08/13/2014 21:14:43 [INFO] Validating user supplied options
08/13/2014 21:14:43 [INFO] Determining a site in which to install
08/13/2014 21:14:43 [INFO] Examining an existing forest...
08/13/2014 21:14:43 [INFO] Configuring the local computer to host Active Directory Domain Services
08/13/2014 21:14:44 [INFO] EVENTLOG (Informational): NTDS General / Service Control : 1094
Software write caching for the following disk drive has been disabled to prevent possible data loss during system failures such as power outages or hardware component failures that can cause a sudden shutdown of the system. The disk drive that stores Active
Directory Domain Services log files is the only drive affected by this change.
Disk drive:
c:
08/13/2014 21:14:55 [INFO] EVENTLOG (Informational): NTDS General / Internal Configuration : 2120
This Active Directory Domain Services server does not support the Recycle Bin. Deleted objects may be undeleted, however, when an object is undeleted, some attributes of that object may be lost. Additionally, attributes of other objects that refer to
the object being undeleted may also be lost.
08/13/2014 21:14:56 [INFO] Replicating the schema directory partition
08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
Process ID:
488
Reported error information:
Error value:
Access is denied. (5)
directory service:
gptsserver1.gpts.biz
Extensive error information:
Error value:
Access is denied. 5
directory service:
gptsserver2
Additional Data
Internal ID:
5000dfc
08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
Extended information:
Error value:
Access is denied. (5)
directory service:
gptsserver2
Supplemental information:
Detection location:
1461
Generating component:
RPC Runtime
Time at directory service:
2014-08-14 04:14:56
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
Internal event: This log entry is a continuation from the preceding extended error information entry.
Extended information:
Extended Error Parameters:
0
Parameter 1:
(NULL)
Parameter 2:
(NULL)
Parameter 3:
(NULL)
Parameter 4:
(NULL)
Parameter 5:
(null)
Parameter 6:
(null)
Parameter 7:
(null)
08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
directory service:
gptsserver1.gpts.biz
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
gptsserver1.gpts.biz
Additional Data
Error value:
5 Access is denied.
08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
Process ID:
488
Reported error information:
Error value:
Access is denied. (5)
directory service:
gptsserver1.gpts.biz
Extensive error information:
Error value:
Access is denied. 5
directory service:
gptsserver2
Additional Data
Internal ID:
5000dfc
08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
Extended information:
Error value:
Access is denied. (5)
directory service:
gptsserver2
Supplemental information:
Detection location:
1461
Generating component:
RPC Runtime
Time at directory service:
2014-08-14 04:15:04
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
Internal event: This log entry is a continuation from the preceding extended error information entry.
Extended information:
Extended Error Parameters:
0
Parameter 1:
(NULL)
Parameter 2:
(NULL)
Parameter 3:
(NULL)
Parameter 4:
(NULL)
Parameter 5:
(null)
Parameter 6:
(null)
Parameter 7:
(null)
08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
directory service:
gptsserver1.gpts.biz
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
gptsserver1.gpts.biz
Additional Data
Error value:
5 Access is denied.
08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
Process ID:
488
Reported error information:
Error value:
Access is denied. (5)
directory service:
gptsserver1.gpts.biz
Extensive error information:
Error value:
Access is denied. 5
directory service:
gptsserver2
Additional Data
Internal ID:
5000dfc
08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
Extended information:
Error value:
Access is denied. (5)
directory service:
gptsserver2
Supplemental information:
Detection location:
1461
Generating component:
RPC Runtime
Time at directory service:
2014-08-14 04:15:20
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
Internal event: This log entry is a continuation from the preceding extended error information entry.
Extended information:
Extended Error Parameters:
0
Parameter 1:
(NULL)
Parameter 2:
(NULL)
Parameter 3:
(NULL)
Parameter 4:
(NULL)
Parameter 5:
(null)
Parameter 6:
(null)
Parameter 7:
(null)
08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
directory service:
gptsserver1.gpts.biz
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
gptsserver1.gpts.biz
Additional Data
Error value:
5 Access is denied.
08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
Process ID:
488
Reported error information:
Error value:
Access is denied. (5)
directory service:
gptsserver1.gpts.biz
Extensive error information:
Error value:
Access is denied. 5
directory service:
gptsserver2
Additional Data
Internal ID:
5000dfc
08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
Extended information:
Error value:
Access is denied. (5)
directory service:
gptsserver2
Supplemental information:
Detection location:
1461
Generating component:
RPC Runtime
Time at directory service:
2014-08-14 04:15:52
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
Internal event: This log entry is a continuation from the preceding extended error information entry.
Extended information:
Extended Error Parameters:
0
Parameter 1:
(NULL)
Parameter 2:
(NULL)
Parameter 3:
(NULL)
Parameter 4:
(NULL)
Parameter 5:
(null)
Parameter 6:
(null)
Parameter 7:
(null)
08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
directory service:
gptsserver1.gpts.biz
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
gptsserver1.gpts.biz
Additional Data
Error value:
5 Access is denied.
08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
Process ID:
488
Reported error information:
Error value:
Access is denied. (5)
directory service:
gptsserver1.gpts.biz
Extensive error information:
Error value:
Access is denied. 5
directory service:
gptsserver2
Additional Data
Internal ID:
5000dfc
08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
Extended information:
Error value:
Access is denied. (5)
directory service:
gptsserver2
Supplemental information:
Detection location:
1461
Generating component:
RPC Runtime
Time at directory service:
2014-08-14 04:16:56
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
Internal event: This log entry is a continuation from the preceding extended error information entry.
Extended information:
Extended Error Parameters:
0
Parameter 1:
(NULL)
Parameter 2:
(NULL)
Parameter 3:
(NULL)
Parameter 4:
(NULL)
Parameter 5:
(null)
Parameter 6:
(null)
Parameter 7:
(null)
08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
directory service:
gptsserver1.gpts.biz
Additional Data
Error value:
Access is denied. (5)
08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
Domain controller:
gptsserver1.gpts.biz
Additional Data
Error value:
5 Access is denied.
John Grace -
Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information.
I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is.
The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
setup.)
For 6+ months everyone had access to the shared files and databases on each workstation without issue.
In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already.
Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
no logon servers available to service the logon request”. While access is rejected I’m still able to ping the DC both via its name and IPV4 address.
(Pinging via its name results in an IPv6 address in the response.)
Other network connectivity appears intact (able to browse the web, perform network discovery.)
Things that ‘seem’ to allow access on this computer until the next failure:
Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username.
Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
Most Problematic Computer:
Event ID 8016: System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.)
Event ID 131: NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’
‘No such host is known.”
Event ID 5719: NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
Event 1030: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
Ipconfig/all from the server:
Connection-specific DNS Suffix
Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 234638804
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ipconfig/all from the problematic computer:
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix
. : wp.comcast.net
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
rred)
Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
10.1.10.1
DHCP Server . . . . . . . . . . . : 10.1.10.1
DHCPv6 IAID . . . . . . . . . . . : 54535618
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
DNS Servers . . . . . . . . . . . : 2001:558:feed::1
2001:558:feed::2
10.1.10.42
NetBIOS over Tcpip. . . . . . . . : Enabled
Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next. Could a failing piece of hardware be the culprit?
Thanks,
-JTHi,
According to the error you have posted.
A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
Netlogon 5719 and the Disappearing Domain [Controller]
http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
Did you refer to this KB article?
Event ID 5719 is logged when you start a Domain Member
http://support.microsoft.com/kb/938449
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
I have racked my brain and done everything that I know to do for about two weeks now. I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
profiles. It keeps telling me that the roaming profile could not be loaded because of a slow connection. These are workstations that are connected directly to the switch that the DC is connected to. I have tried multiple connections regarding
the layout (DC into the router, router into the switch). The router is a Cisco RV220W. I have two VLANS, one for public and one for private domain. The Private VLAN has DHCP turned off since I am providing it through the DC. I currently
have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port). I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller. The DC can see
the internet fine and the workstations can connect to the shared folders on the server. I can retrieve files by just using the computer name or FQDN. The DC is also running DNS and DHCP. The DNS has the _msdcs setup from when I installed
the active directory role. I have attempted to assign static IP addresses to the workstations:
IP: 10.0.0.80
Subnet: 255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS: 10.0.0.12
I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
The server is assigned:
IP: 10.0.0.12
Subnet: 255.255.255.0
IPV4 Gateway: 10.0.0.1
IPV4 DNS: 10.0.0.12
The DNS entries have forwarders that forward to my ISP DNS servers for lookup
I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
I've lost my patience with this project and am sinking fast. Can someone please offer some advice as to what I've done wrong? I've created this exact scenario at work many times but, I've never done it with Windows Server 2012. Is this
possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV? I am going to attempt to work on it some more tomorrow when I get over there. I think there may be an issue with the SR-IOV not being enabled on the machine
through the Dell Bios. Would the SR-IOV really cause the workstations to report a slow connection? When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct. I don't
have "ignore slow connections" or any of those GPO's set. I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem. Any help that someone can offer, I am more than willing
to listen. If you need more information, please ask.
Thanks,
JaySo, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
Im disappointed in MS right now. -
Cannot Login to Read Only Domain Controller
One of my Read Only Domain Controller Servers shut down unexpectedly due to a power outage and now I cannot login to it anymore. When the server powered on again, it came up with an error regarding on of the hard drives failing (RAID1)
I get a message Access is Denied when I try to login with one of my domain admin accounts. As it is a RODC, there are no local accounts for me to use. The RODC is running on Windows Server 2008 R2. The server is also running as a DHCP/Print/File server for
the office so these are not working as well.
I checked my PDC and it is coming up with the following error in the event viewer
Log Name: System
Source: Security-Kerberos
Event ID: 4
Level: Error
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server rodc01$. The target name used was domain/rodc01.domain.local. This indicates that the target server failed to decrypt
the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account
used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the
server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.local) is different from the client domain (domain.local), check if there are identically named server accounts in these
two domains, or use the fully-qualified name to identify the server.
I have tried to reset the computer password with netdom but I get the following error
netdom resetpwd /server:rodc01 /userd:administrator /passwordd:*
The machine account password for the local machine could not be reset.
Logon Failure: The target account name is incorrect.
The command failed to complete successfully.
If I try to reset the password using the IP address instead, I get the following error
netdom resetpwd /server:192.168.10.1 /userd:administrator /passwordd:*
The machine account password for the local machine could not be reset.
Access is denied.
The command failed to complete successfully.
I checked my AD and DNS and the rodc object is present
If I run repadmin /replsum on the PDC I get the message for the faulty RODC server
Experienced the following operational errors trying to retrieve replication information:
8341 – rodc01.domain.local
Any advice is appreciated
ThanksLogon to the server in Directory Services Restore Mode (DSRM) using the password you supplied during DCPROMO and verify that the Active Directory database isn't corrupted on the RODC - You will most likely see indications on this in the Directory
Services log.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
Description:
A specific group of users/customers (using Windows7 OS with IE and FireFox web browsers) are facing problems with retrieving the applet File, after they upgraded the JRE on the system(PC) to JRE 1.7.0_25-b17 from JRE version 1.6.0_29-b11.
With JRE 1.7.0_25-b17 it is noticed that when the Java plugin requests for the applet File; it sends a request to the Domain Controller of the user, which causes a delay of 2 to 5 minutes and sometimes hangs. The problem occurs consistently.
The current temporary workaround for this group of users is to use JRE version 1.6.0_29-b11.
Problem analysis:
To investigate the problem the below steps were executed:
1) Collected the Java console outputbelow details from the user's system. (The complete output is not posted due to lengthy content, though can be added further to this post if required.)
(a) Works fine with JRE version 1.6.0_29-b11. Kindly refer to Java console output in the code ‘section A’ towards the end of this post.
(b) The problem occurs with problem with JRE version 1.7.0_25-b17. Kindly refer to Java console output in the code ‘section B’ towards the end of this post. The step where the problem is observed, is indicated as(##<comment>##).
2) The network settings in the user's browser was checked. Internet Options > Connections > LAN setting
The configured option is 'Use automatic configuration script' and the value is http://www.userAppX.com/proxy.pac
This configuration remains the same irrespective of the JRE version in use.
3) The network settings in the Java Control Panel was checked.
The used/selected option is "Use browser settings", although values for 'Use proxy server' and 'use automatic proxy configuration script' are filled-in as 'user-proxy.com' and 'http://www.userAppX.com/proxy.pac' respectively.
This configuration remains the same irrespective of the JRE version in use.
4) The proxy PAC file was checked and debugging was done for the request 'https://myAppletHost.com/download/...'. The FindProxyForUrl function (including the conditions defined in it, for the hostname and domain checks) returns PROXY user-proxy.com:80
5) The user also tried the below
a. Changed the option in the network settings in the browser to 'Proxy server' with Address 'user-proxy.com' and Port '80'
b. Restarted the browser.
c. Tried with Java Plug-in 1.6.0_29, JRE version 1.6.0_29-b11. There was no problem and no request to the Domain Controller of the user.
d. Tried with Java Plug-in 10.40.2.43, JRE version 1.7.0_40-b43. The problem occurs with the delay and a request to the Domain Controller of the user is observed.
Kindly refer to Java console output in the code ‘section C’ towards the end of this post.
6) The user also tried setting the below property in the Java Control panel; restarted the browser, and try with JRE 1.7.0_40-b43. The problem stil persists.
-Djava.net.preferIPv4Stack=true
7) The Global Policy Management of the Domain Controller was verified by the user. It has GPO for proxy setting but nothing related to Java security.
Questions:
The problem seems be specific to a particular (user) environment setup, and the user faces the problem when using JRE 1.7.
We would like to know if the issue is in the (user) environment setup or in JRE 1.7.
Could you please help with information/ideas/suggestions to identify the root cause and solution for this problem?
Section A:
Java Plug-in 1.6.0_29
Using JRE version 1.6.0_29-b11 Java HotSpot(TM) Client VM
User home directory = C:\Users\userA
basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-b1bb5056c5b0e83f=2; Path=/"
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-b1bb5056c5b0e83f=2; Path=/"
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
security: Checking if certificate is in Deployment denied certificate store
network: Connecting https://myAppletHost.com/download/myApplet.jar with cookie "JSESSIONID=0000IK4bEMoqXH10zsl88rwvoRI:175oe9tjd; BCSI-CS-b1bb5056c5b0e83f=2"
network: Downloading resource: https://myAppletHost.com/download/myApplet.jar
Content-Length: 403.293
Content-Encoding: null
Dump system properties ...
https.protocols = TLSv1,SSLv3
java.vm.info = mixed mode, sharing
java.vm.name = Java HotSpot(TM) Client VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Sun Microsystems Inc.
java.vm.specification.version = 1.0
java.vm.vendor = Sun Microsystems Inc.
java.vm.version = 20.4-b02
javaplugin.nodotversion = 160_29
javaplugin.version = 1.6.0_29
javaplugin.vm.options =
os.arch = x86
os.name = Windows 7
os.version = 6.1
trustProxy = true
deployment.proxy.auto.config.url = http://www.userAppX.com/proxy.pac
deployment.proxy.bypass.local = false
deployment.proxy.http.host = user-proxy.com
deployment.proxy.http.port = 80
deployment.proxy.override.hosts =
deployment.proxy.same = false
deployment.proxy.type = 3
deployment.security.SSLv2Hello = false
deployment.security.SSLv3 = true
deployment.security.TLSv1 = true
deployment.security.mixcode = ENABLE
Section B:
Java Plug-in 10.25.2.17
Using JRE version 1.7.0_25-b17 Java HotSpot(TM) Client VM
User home directory = C:\Users\userA
basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@12adac5
basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
(##THE ABOVE REQUEST CAUSES THE DELAY OR HANGS##)
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Loading certificates from Internet Explorer ROOT certificate store
security: Loaded certificates from Internet Explorer ROOT certificate store
network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
network: Connecting https://myAppletHost.com/download/myApplet.jar with cookie "JSESSIONID=0000UQuXWY5tjxjpwcKHlfJKe_8:175oe9j45; BCSI-CS-2d4ce94a2ae7b460=2"
network: ResponseCode for https://myAppletHost.com/download/myApplet.jar : 200
network: Encoding for https://myAppletHost.com/download/myApplet.jar : null
network: Server response: (length: -1, lastModified: Thu Feb xx yy:yy:yy CET 2013, downloadVersion: null, mimeType: text/plain)
network: Downloading resource: https://myAppletHost.com/download/myApplet.jar
Content-Length: -1
Content-Encoding: null
Section C:
Java Plug-in 10.40.2.43
Using JRE version 1.7.0_40-b43 Java HotSpot(TM) Client VM
User home directory = C:\Users\userA
basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-1d67c8b6508ca09c=2; Path=/"
network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
(##THE ABOVE REQUEST CAUSES THE DELAY OR HANGS##)
network: Checking for update at: https://javadl-esd-secure.oracle.com/update/blacklist
network: Checking for update at: https://javadl-esd-secure.oracle.com/update/blacklisted.certs
network: Checking for update at: https://javadl-esd-secure.oracle.com/update/baseline.version
network: Connecting https://javadl-esd-secure.oracle.com/update/blacklist with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
network: Connecting https://javadl-esd-secure.oracle.com/update/baseline.version with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
network: Connecting https://javadl-esd-secure.oracle.com/update/blacklisted.certs with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
Dump system properties ...
https.protocols = TLSv1,SSLv3
java.vm.info = mixed mode, sharing
java.vm.name = Java HotSpot(TM) Client VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Oracle Corporation
java.vm.specification.version = 1.7
java.vm.vendor = Oracle Corporation
java.vm.version = 24.0-b56
javaplugin.nodotversion = 10402
javaplugin.version = 10.40.2.43
os.arch = x86
os.name = Windows 7
os.version = 6.1
trustProxy = true
active.deployment.proxy.auto.config.url = http://www.userAppX.com/proxy.pac
active.deployment.proxy.bypass.local = false
active.deployment.proxy.http.host = user-proxy.com
active.deployment.proxy.http.port = 80
active.deployment.proxy.same = false
active.deployment.proxy.type = 3
deployment.browser.path = C:\Program Files (x86)\Internet Explorer\iexplore.exe
deployment.proxy.auto.config.url = http://www.userAppX.com/proxy.pac
deployment.proxy.bypass.local = false
deployment.proxy.http.host = user-proxy.com
deployment.proxy.http.port = 80
deployment.proxy.override.hosts =
deployment.proxy.same = false
deployment.proxy.type = 3
deployment.security.SSLv2Hello = false
deployment.security.SSLv3 = true
deployment.security.TLSv1 = true
deployment.security.TLSv1.1 = false
deployment.security.TLSv1.2 = false
deployment.security.authenticator = true
deployment.security.disable = false
deployment.security.level = HIGH
deployment.security.mixcode = ENABLE
PS:
Since the JRE 1.7.0_25-b17 update, it is noticed that when the Java plugin requests for the applet File; it sends a request to the Domain Controller of the user, which causes a delay of 2 to 5 minutes and sometimes hangs.
The problem occurs consistently, and also with JRE 1.7.0_45-b18.
Java Plug-in 10.45.2.18
Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
User home directory = C:\Users\userA
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@134a33d
basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@1971f66
basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-f797d4d262467220=2; Path=/"
network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
(##THE ABOVE REQUEST CAUSES THE DELAY AND SOMETIMES HANGS##)My organization is experiencing very similar problems. We have resolved it through several steps.
We upgraded the client to Java 8 and we saw in the console that the hanging connection with the Domain Controller no longer occurs. This may be all that is necessary for your environment as well. -
HI
we have a sharepoint farm and in domain controller server, this error is in event viewer
Log Name: System
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Date: 9/15/2014 10:44:15 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXXAPP01.xxxportal.com
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is HTTP/XXXWFE01.xxxportal.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
this from occuring remove the duplicate entries for HTTP/XXXWFE01.xxxportal.com in Active Directory.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
<EventID Qualifiers="49152">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-15T19:44:15.000000000Z" />
<EventRecordID>131824</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>XXXAPP01.xxxportal.com</Computer>
<Security />
</System>
<EventData>
<Data Name="Name">HTTP/XXXWFE01.xxxportal.com</Data>
<Data Name="Type">DS_SERVICE_PRINCIPAL_NAME</Data>
<Binary>
</Binary>
</EventData>
</Event>
adilHi adil,
Service principal names (SPNs) are stored as a property of the associated account object in Active Directory
Domain Services (AD DS). I noticed that you have used setpn –X to identify the duplicate SPN. Please refer to following articles and check if help you to solve this issue.
Event ID 11 — Service Principal
Name Configuration
Event ID 11 in the System log of domain controllers
Please also refer to following article and check if can help you.
The problem with duplicate SPNs
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Maybe you are looking for
-
Good Morning, I need to create new control accounts associated to the customer. I can classify the control accounts in the chart of accounts but, when I try to enter them in the journal entry just appears the control accounts defined in the G/L Accou
-
Why is NumberFormat.cachedLocaleData still a Hashtable?
Looking at JDK 6, NumberFormat.getInstance(Locale) is a bottleneck at high concurrency, because it hits a synchronized block calling cacheLocaleData.get(locale). The latter is a Hashtable - shouldn't it be a ConcurrentMap by now? Not sure what Locale
-
How do I get Nik, OnOne, and Topaz plugins to work with Photoshop CC?
I recently installed the CC versions of Photoshop and Bridge, but all my plugins disappeared. I've tried reinstalling them, but they still don't appear in Photoshop CC. I use Nik, OnOne, and Topaz plugins - need help to get them to work in Photosho
-
My Ipod home button doesn't work no matter what I try. I think it is a mechanical problem but don't know how much they'll charge.
-
My brush tool is drawing higher than the cursor.
I am using it on a Mac and I tried changing brushes and shutting and reopen info the picture and using different pictures. The brush keeps drawing 1-2 brush spaces higher than where my cursor is.