Disabled domain controller computer object

Similar Messages

• Findout previous deleted domain controller computer name frome SID

  Hi
  I recently suspicious that some one in my company join new additional domain controller  to my primary DC and after replication and get the domain controller partitions ,he disjoint the new additional dc .
  I got the his event in my dns log :
  The DNS server was unable to create a resource record for  d630907c-e2f4-41cf-a2c6-adc087f25f46._msdcs.metro.com. in zone metro.com. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event
  data contains the error.
  I want to translate the DNS alias sid :d630907c-e2f4-41cf-a2c6-adc087f25f46
  to computer name in order to find who did this?
  is there a way to find out previous DC computer name after hey disconnected or DC computer account deleted?
  I wonder to know ho did this?
  Regards

  The guid you're referring to corresponds to the NTDS Settings object for the "lost" DC. You can do this in Powershell to get the DirectoryEntry for that guid:
  [adsi]"LDAP://<GUID=d630907c-e2f4-41cf-a2c6-adc087f25f46>"
  However, if the object has been deleted, you need to perform another query (in Powershell as well):
  $guid = ([guid]"d630907c-e2f4-41cf-a2c6-adc087f25f46")
  Get-ADObject -SearchBase "DC=metro,DC=com" -IncludeDeletedObjects -Filter { objectGuid -eq $guid }
  Note that by default you need to be a member of Domain Admins or Administrators to be able to query AD for deleted objects.
  Best Regards,
  Carl S
  All code is provided as-is with no guarantees. Always try it out in a test environment before applying it in a production environment.

• Logoncount Attribute on Computer objects in Active Directory

  Hello,
  I have one question about the logoncount Attribute on Active Directory objects. As I understood on user objects this attribute counts the number of logons per DC (because it is not replicating).
  My question is:
  What exactly is count here on computer objects?
  I can see that on a Domain Controller computer object the logoncount is high for the DC itself and low on the other DC objects.
  Thank you.
  Regards
  Dennis

  Here is an old thread.  You will see some of the explanation from our own Richard :)
  http://www.techtalkz.com/windows-server-2003/500367-attributes-update-during-computer-logon.html
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Shutdown 2003 domain controller, Used new different name; same IP address on new 2012 DC - can I delete the old name object?

  Greetings,
  I promoted a 2012 domain controller, with new name and IP,   shutdown the old DC and re-ip'ed new DC with old IP address.
  after reboot everything is working fine.  I would like to deleted the old DC object name from the AD.  can I do so without interruption?
  Thank you

  Demotion using DCPROMO would have been the preferred way to go. 
  You should however be able to get away with deleting the computer object for the old DC using AD Users and Computers.  The metadata cleanup is now included in the modern UI, so you shouldn't need to use NTDSUtil to do the cleanup of references to the
  old DC.
  I would also manually remove the NS record for the old DC from your DNS zone(s) as this is not handled by the object deletion. 
  Also, have a good look through the DNS records anyway and see if there are any references to the old name (A, SRV records) and delete them manually if you find some.
  Alexei

• Only One domain controller, Remote Registry service keeps DISABLING itself. Where in the registry could this be set?

  This is killing my remote management. I have 4 server 2012R2 domain controllers.  Only one of them is being affected with this problem.  Almost everytime I check, the remote registry service is disabled again.  It seems like there is a corrupt
  group policy preference that keeps on attacking during a policy refresh, but I can't imagine setting a group policy to disable this service.  It is needed for our remote management.  Also the IP Tunnel service is also disabling.  Another strange
  artifact is that when I set a Windows Firewall policy to add an exception for remote administration in a group policy to my Admin workstation, it seemed to set a firewall rule in other computers to block remote administration.  I can not figure out where
  else this strange Windows Firewall rule Blocking remote administration could have come from.  These may be related or they may not, but they are occuring on the same domain controller.  I am able to set the RemoteRegistry service to enabled and to
  start it (which I have done too many times now), but it constantly is being changed back to disabled.  I am searching the registry to find any invalid entries or artifacts that may be affecting these two annoying effects, but I cannot find anything yet.
   Any ideas?  I need to know what policies will disable the remoteregistry service OR the IPTunelling service, or where in the registry this could be set to enact this during a policy refresh.  Of course, any other ideas are welcome, I have spent
  several days troubleshooting this, and need to conquer this by tomorrow if possible, thank you. James

  Hi,
  Please type
  services.msc in RUN to open Services panel, navigate to the Remote Registry service. Then open its Properties and set
  Startup type: Automatic. Then please check if this issue still exist.
  In addition, please refer to mlippold’s suggestion (the last reply) in following thread and configure relevant
  value in RemoteRegistry registry key, then check if can help you to solve this issue.
  For registry items, please back up all registry items before all operations. That will help us to avoid some unexpected issue.
  Remote
  Registry Service stops automatically if we do not use it above 10 minutes
  By the way, did you open Event Viewer and check if find any relevant errors?
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• This computer is not a domain controller. biztalk configuration?

  I am trying to configure biztalk server using domain service account. I have created AD & correesponding users  but when i am trying to configure it its throwing belwo error
  This computer is not a domain controller.
  Can any one let me know what is the reason. Alos my service accound to have admin rights to SQL & BizTalk box along with SSO.
  Fred

  if you have tried to setup the local machine as a domain controller, then it is not functioning properly. For checks and possible issues refer
  http://support.microsoft.com/kb/837513/en-us
  The most common causes could be
  You're working with a DHCP address. It is recommended to work with a fixed IP
  You setup a DC (promoted) but forgot to point the local IP Adapter to point to itself?
  Your DNS binding (on the local machine) is set on both IP V4/IP V6 and service resolution is failing [this can be verified using NSLOOKUP]
  Regards.

• Change NETBIOS (Computer Name) of a computer under a domain controller by SCCM 2012 colsole

  Is it possible to change NETBIOS (Computer Name) of a computer under a domain controller via SCCM 2012 Console?
  example:
  Domain Name: viyella.com
  current Computer (FQDN host) name: vtgit-shohal.viyella.com
  New Computer (FQDN host) name: vtgit-moin.viyella.com
  if so, I will organized all computer of my organization and managed.
  please help.
  Thanks,
  Shohal Bhuiyan
  Shohal Bhuiyan

  Hi,
  Netdom is
  a command-line tool that is built into Windows Server 2008 and Windows Server 2008 R2. It is available if you have the Active Directory Domain Services (AD DS) server role installed. It is also available if you install the Active Directory
  Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). 
  Netdom renamecomputer
  http://technet.microsoft.com/en-us/library/cc788029.aspx
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Disable domain join unless computer account has first been created

  Anyone know if its possible to configure Active Directory so that a computer cannot be joined to the domain unless the computer account is first created manually

  Hi Meinolf,
  while you are right with a Domain user can join up to 10 Computers to a Domain, that is not exaktly what happened.
  Even if a user may join a new computer, this only and only is possible in case the user is allowed to write to the corresponding OU / Container, where the account needs to be created.
  A join will fail if the user cannot create the computer account object. The statement is not correct in this way from an end (Computer) to end (Computer object) view.
  If you worked with pre-populated Computer objects, the 10 Computer Limit is also obsolete. When you create the object you are (GUI) asked "who can join that Computer to the Domain?". If you are a member of the group put in that Dialog, there is no 10 computer
  limit. You will be able to join as many Computers, as needed.
  The 10 computer limit per Account is only and only valid if you did not prepopulate the object AND you have access to create a new computer account at the default OU for new computers. This is working for AD Windows Server 2003 up to AD DS Windows Server
  2012 R2.
  http://support.microsoft.com/kb/243327/en-us 
  http://blogs.technet.com/b/kevinremde/archive/2013/10/30/what-s-new-for-active-directory-in-server-2012-r2.aspx
  Kind regards,
  Martin

• Unable to demote a domain controller

  Hi Everone,
  My primary DC is windows Server 2012 R2 and ADC is windows Server 2008 x64
  I am trying to demote  Windows Server 2008 x64 and i am facing issues.
  when i demote2008 I am getting Error : A Domain Controller could not be contacted for the domain(mydomain.com) that contains
  an account for this computers.Make the computer a member of a workgroup then rejoin the domain before retrying the prmotion.
  The specified domain either doesnot exist or could not be contacted
  When i browse my \\windows2012dc i cannot see sysvol and netlogon shared folders.
  on window2012dc C:\windows\sysvol\mydomain and mydomain folder is empty.(no issues with replication in sites and services and no issues with connectivity or gateway )
  please guide me because i dont want forceful demote.

  I would first recommend taking backups of both DCs before proceeding with any changes.
  Before trying a forced demotion, you can try the following:
  Make sure that both DCs have a single NIC card enabled and only one IP address in use
  Make both DCs point to the other as primary DNS server, their private IP addresses as secondary DNS server and 127.0.0.1 as third one. Once done, run
  ipconfig /registerdns and restart netlogon service
  Disable any security filtering between both DCs and temporary disable security software you use
  If this does not help then you need to proceed with a forced demotion.
  You can then proceed like the following (First, Use dcdiag to check that the Windows Server 2012 R2 DC has no problems apart of the SYSVOL folder and the replication with the other DC):
  Shutdown the DC running Windows Server 2008 (Do not bring it online again without re-installing it later)
  Seize all FSMO roles to your Windows Server 2012 R2 DC if it is not already the current FSMO holder: http://support.microsoft.com/KB/255504
  Do a metadata cleanup to remove the data of the old Windows Server 2008 DC: Use
  dssite.msc to remove its NTDS settings and object over there then use
  dsa.msc to remove its AD account
  Rebuild your SYSVOL tree: http://support.microsoft.com/kb/315457
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Having trouble promoting a server to a Child Domain Controller

  Hello,
  I am having promoting a 2012 server that's already a member of a domain to a child domain controller.  All of the prereq's are met.  When I try to promote it, it shows the steps being processed.  When it begins to replicate the parent domain's
  database, it runs all night and never completes.  Any Idea what's going on?
  Thanks
  John G.
  John Grace

  Hello,
  Just to let you know I can ftp, telnet, and map drives to gptsserver1.gpts.biz from gptsserver2.gpts.biz but can't promote gptsserver2.gpts.biz to a child domain controller.  Any help is appreciated.
  Here is the contents of dcpromo.log from gptsserver2.gpts.biz:
  08/13/2014 21:14:32 [INFO] Promotion request for domain controller of new domain
  08/13/2014 21:14:32 [INFO] DnsDomainName  gpts2.gpts.biz
  08/13/2014 21:14:32 [INFO] FlatDomainName  GPTS2
  08/13/2014 21:14:32 [INFO] SiteName  Default-First-Site-Name
  08/13/2014 21:14:32 [INFO] SystemVolumeRootPath  C:\Windows\SYSVOL
  08/13/2014 21:14:32 [INFO] DsDatabasePath  C:\Windows\NTDS, DsLogPath  C:\Windows\NTDS
  08/13/2014 21:14:32 [INFO] ParentDnsDomainName  gpts.biz
  08/13/2014 21:14:32 [INFO] ParentServer  gptsserver1.gpts.biz
  08/13/2014 21:14:32 [INFO] Account (NULL)
  08/13/2014 21:14:32 [INFO] Options  5243072
  08/13/2014 21:14:32 [INFO] Validate supplied paths
  08/13/2014 21:14:32 [INFO] Validating path C:\Windows\NTDS.
  08/13/2014 21:14:32 [INFO] Path is a directory
  08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
  08/13/2014 21:14:32 [INFO] Validating path C:\Windows\NTDS.
  08/13/2014 21:14:32 [INFO] Path is a directory
  08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
  08/13/2014 21:14:32 [INFO] Validating path C:\Windows\SYSVOL.
  08/13/2014 21:14:32 [INFO] Path is on a fixed disk drive.
  08/13/2014 21:14:32 [INFO] Path is on an NTFS volume
  08/13/2014 21:14:32 [INFO] Child domain creation -- check the new domain name is child of parent domain name.
  08/13/2014 21:14:32 [INFO] Domain Creation -- check that the flat name is unique.
  08/13/2014 21:14:42 [INFO] Start the worker task
  08/13/2014 21:14:42 [INFO] Request for promotion returning 0
  08/13/2014 21:14:42 [INFO] Using supplied domain controller: gptsserver1.gpts.biz
  08/13/2014 21:14:42 [INFO] Using supplied site: Default-First-Site-Name
  08/13/2014 21:14:42 [INFO] Forcing time sync
  08/13/2014 21:14:42 [INFO] Forcing a time sync with gptsserver1.gpts.biz
  08/13/2014 21:14:42 [INFO] Reading domain policy from the domain controller gptsserver1.gpts.biz
  08/13/2014 21:14:42 [INFO] Stopping service NETLOGON
  08/13/2014 21:14:42 [INFO] Stopping service NETLOGON
  08/13/2014 21:14:42 [INFO] ControlService(STOP) on NETLOGON returned 0(gle=1062)
  08/13/2014 21:14:42 [INFO] Exiting service-stop loop after service NETLOGON entered STOPPED state
  08/13/2014 21:14:42 [INFO] StopService on NETLOGON returned 0
  08/13/2014 21:14:42 [INFO] Configuring service NETLOGON to 1 returned 0
  08/13/2014 21:14:42 [INFO] Stopped NETLOGON
  08/13/2014 21:14:42 [INFO] Creating the System Volume C:\Windows\SYSVOL
  08/13/2014 21:14:42 [INFO] Deleting current sysvol path C:\Windows\SYSVOL 
  08/13/2014 21:14:43 [INFO] Preparing for system volume replication using root C:\Windows\SYSVOL
  08/13/2014 21:14:43 [INFO] Created the system volume
  08/13/2014 21:14:43 [INFO] Copying initial Directory Service database file C:\Windows\system32\ntds.dit to C:\Windows\NTDS\ntds.dit
  08/13/2014 21:14:43 [INFO] Installing the Directory Service
  08/13/2014 21:14:43 [INFO] Calling NtdsInstall for gpts2.gpts.biz
  08/13/2014 21:14:43 [INFO] Starting Active Directory Domain Services installation
  08/13/2014 21:14:43 [INFO] Validating user supplied options
  08/13/2014 21:14:43 [INFO] Determining a site in which to install
  08/13/2014 21:14:43 [INFO] Examining an existing forest...
  08/13/2014 21:14:43 [INFO] Configuring the local computer to host Active Directory Domain Services
  08/13/2014 21:14:44 [INFO] EVENTLOG (Informational): NTDS General / Service Control : 1094
  Software write caching for the following disk drive has been disabled to prevent possible data loss during system failures such as power outages or hardware component failures that can cause a sudden shutdown of the system. The disk drive that stores Active
  Directory Domain Services log files is the only drive affected by this change.
  Disk drive:
  c:
  08/13/2014 21:14:55 [INFO] EVENTLOG (Informational): NTDS General / Internal Configuration : 2120
  This Active Directory Domain Services server does not support the Recycle Bin. Deleted objects may be undeleted, however, when an object is undeleted, some attributes of that object may be lost.  Additionally, attributes of other objects that refer to
  the object being undeleted may also be lost.
  08/13/2014 21:14:56 [INFO] Replicating the schema directory partition
  08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
  Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
  Process ID: 
  488
  Reported error information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver1.gpts.biz
  Extensive error information:
  Error value: 
  Access is denied. 5
  directory service: 
  gptsserver2
  Additional Data
  Internal ID: 
  5000dfc
  08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
  Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
  Extended information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver2
  Supplemental information:
  Detection location: 
  1461
  Generating component: 
  RPC Runtime
  Time at directory service: 
  2014-08-14 04:14:56
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
  Internal event: This log entry is a continuation from the preceding extended error information entry.
  Extended information:
  Extended Error Parameters: 
  0
  Parameter 1: 
  (NULL)
  Parameter 2: 
  (NULL)
  Parameter 3: 
  (NULL)
  Parameter 4: 
  (NULL)
  Parameter 5: 
  (null)
  Parameter 6: 
  (null)
  Parameter 7: 
  (null)
  08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
  Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
  directory service: 
  gptsserver1.gpts.biz
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:14:56 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
  The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
  Domain controller:
  gptsserver1.gpts.biz
  Additional Data
  Error value:
  5 Access is denied.
  08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
  Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
  Process ID: 
  488
  Reported error information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver1.gpts.biz
  Extensive error information:
  Error value: 
  Access is denied. 5
  directory service: 
  gptsserver2
  Additional Data
  Internal ID: 
  5000dfc
  08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
  Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
  Extended information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver2
  Supplemental information:
  Detection location: 
  1461
  Generating component: 
  RPC Runtime
  Time at directory service: 
  2014-08-14 04:15:04
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
  Internal event: This log entry is a continuation from the preceding extended error information entry.
  Extended information:
  Extended Error Parameters: 
  0
  Parameter 1: 
  (NULL)
  Parameter 2: 
  (NULL)
  Parameter 3: 
  (NULL)
  Parameter 4: 
  (NULL)
  Parameter 5: 
  (null)
  Parameter 6: 
  (null)
  Parameter 7: 
  (null)
  08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
  Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
  directory service: 
  gptsserver1.gpts.biz
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:15:04 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
  The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
  Domain controller:
  gptsserver1.gpts.biz
  Additional Data
  Error value:
  5 Access is denied.
  08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
  Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
  Process ID: 
  488
  Reported error information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver1.gpts.biz
  Extensive error information:
  Error value: 
  Access is denied. 5
  directory service: 
  gptsserver2
  Additional Data
  Internal ID: 
  5000dfc
  08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
  Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
  Extended information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver2
  Supplemental information:
  Detection location: 
  1461
  Generating component: 
  RPC Runtime
  Time at directory service: 
  2014-08-14 04:15:20
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
  Internal event: This log entry is a continuation from the preceding extended error information entry.
  Extended information:
  Extended Error Parameters: 
  0
  Parameter 1: 
  (NULL)
  Parameter 2: 
  (NULL)
  Parameter 3: 
  (NULL)
  Parameter 4: 
  (NULL)
  Parameter 5: 
  (null)
  Parameter 6: 
  (null)
  Parameter 7: 
  (null)
  08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
  Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
  directory service: 
  gptsserver1.gpts.biz
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:15:20 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
  The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
  Domain controller:
  gptsserver1.gpts.biz
  Additional Data
  Error value:
  5 Access is denied.
  08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
  Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
  Process ID: 
  488
  Reported error information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver1.gpts.biz
  Extensive error information:
  Error value: 
  Access is denied. 5
  directory service: 
  gptsserver2
  Additional Data
  Internal ID: 
  5000dfc
  08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
  Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
  Extended information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver2
  Supplemental information:
  Detection location: 
  1461
  Generating component: 
  RPC Runtime
  Time at directory service: 
  2014-08-14 04:15:52
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
  Internal event: This log entry is a continuation from the preceding extended error information entry.
  Extended information:
  Extended Error Parameters: 
  0
  Parameter 1: 
  (NULL)
  Parameter 2: 
  (NULL)
  Parameter 3: 
  (NULL)
  Parameter 4: 
  (NULL)
  Parameter 5: 
  (null)
  Parameter 6: 
  (null)
  Parameter 7: 
  (null)
  08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
  Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
  directory service: 
  gptsserver1.gpts.biz
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:15:52 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
  The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
  Domain controller:
  gptsserver1.gpts.biz
  Additional Data
  Error value:
  5 Access is denied.
  08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1963
  Internal event: The following local directory service received an exception from a remote procedure call (RPC) connection. Extensive RPC information was requested. This is intermediate information and might not contain a possible cause.
  Process ID: 
  488
  Reported error information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver1.gpts.biz
  Extensive error information:
  Error value: 
  Access is denied. 5
  directory service: 
  gptsserver2
  Additional Data
  Internal ID: 
  5000dfc
  08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1961
  Internal event: This log entry is a continuation from the preceding extended error information entry on the following error and directory service.
  Extended information:
  Error value: 
  Access is denied. (5)
  directory service: 
  gptsserver2
  Supplemental information:
  Detection location: 
  1461
  Generating component: 
  RPC Runtime
  Time at directory service: 
  2014-08-14 04:16:56
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 2839
  Internal event: This log entry is a continuation from the preceding extended error information entry.
  Extended information:
  Extended Error Parameters: 
  0
  Parameter 1: 
  (NULL)
  Parameter 2: 
  (NULL)
  Parameter 3: 
  (NULL)
  Parameter 4: 
  (NULL)
  Parameter 5: 
  (null)
  Parameter 6: 
  (null)
  Parameter 7: 
  (null)
  08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / DS RPC Client : 1962
  Internal event: The local directory service received an exception from a remote procedure call (RPC) connection. Extended error information is not available.
  directory service: 
  gptsserver1.gpts.biz
  Additional Data
  Error value: 
  Access is denied. (5)
  08/13/2014 21:16:56 [INFO] EVENTLOG (Error): NTDS Replication / Setup : 1125
  The Active Directory Domain Services Installation Wizard (Dcpromo) was unable to establish connection with the following domain controller.
  Domain controller:
  gptsserver1.gpts.biz
  Additional Data
  Error value:
  5 Access is denied.
  John Grace

• Lack of Connectivty to Domain Controller - Domain Controller Access Issues Requires Repeated Reauthentication

  Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information. 
  I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is. 
  The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
  setup.)
  For 6+ months everyone had access to the shared files and databases on each workstation without issue. 
  In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already. 
  Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
  no logon servers available to service the logon request”.  While access is rejected I’m still able to ping the DC both via its name and IPV4 address. 
  (Pinging via its name results in an IPv6 address in the response.) 
  Other network connectivity appears intact (able to browse the web, perform network discovery.)
  Things that ‘seem’ to allow access on this computer until the next failure:
  Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
  Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
  After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username. 
  Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
  Most Problematic Computer:
  Event ID 8016:  System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.) 
  Event ID 131:  NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’ 
  ‘No such host is known.”
  Event ID 5719:  NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
  And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
   The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  Event 1030:  The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
  at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
  On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
  Ipconfig/all from the server:
     Connection-specific DNS Suffix 
     Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
     Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
   10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 234638804
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
     DNS Servers . . . . . . . . . . . : ::1
  127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ipconfig/all from the problematic computer:
  Wireless LAN adapter Wi-Fi:
     Connection-specific DNS Suffix 
  . : wp.comcast.net
     Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
     Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
  rred)
     Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
     Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
  10.1.10.1
     DHCP Server . . . . . . . . . . . : 10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 54535618
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
     DNS Servers . . . . . . . . . . . : 2001:558:feed::1
  2001:558:feed::2
                  10.1.10.42
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next.  Could a failing piece of hardware be the culprit? 
  Thanks,
   -JT

  Hi,
  According to the error you have posted.
  A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
  Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
  Netlogon 5719 and the Disappearing Domain [Controller]
  http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
  Did you refer to this KB article?
  Event ID 5719 is logged when you start a Domain Member
  http://support.microsoft.com/kb/938449
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows Domain Controller on Windows Server 2012 R2: Hyper-V roaming profiles not loading due to slow connection

  I have racked my brain and done everything that I know to do for about two weeks now.  I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
  profiles.  It keeps telling me that the roaming profile could not be loaded because of a slow connection.  These are workstations that are connected directly to the switch that the DC is connected to.  I have tried multiple connections regarding
  the layout (DC into the router, router into the switch).  The router is a Cisco RV220W.  I have two VLANS, one for public and one for private domain.  The Private VLAN has DHCP turned off since I am providing it through the DC.  I currently
  have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
  The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port).  I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller.  The DC can see
  the internet fine and the workstations can connect to the shared folders on the server.  I can retrieve files by just using the computer name or FQDN.  The DC is also running DNS and DHCP.  The DNS has the _msdcs setup from when I installed
  the active directory role.  I have attempted to assign static IP addresses to the workstations:
  IP:                     10.0.0.80
  Subnet:             255.255.255.0
  IPV4 Gateway:  10.0.0.1
  IPV4 DNS:        10.0.0.12
  I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
  The server is assigned:
  IP:                     10.0.0.12
  Subnet:             255.255.255.0
  IPV4 Gateway:  10.0.0.1
  IPV4 DNS:         10.0.0.12
  The DNS entries have forwarders that forward to my ISP DNS servers for lookup
  I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
  I've lost my patience with this project and am sinking fast.  Can someone please offer some advice as to what I've done wrong?  I've created this exact scenario at work many times but, I've never done it with Windows Server 2012.  Is this
  possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV?  I am going to attempt to work on it some more tomorrow when I get over there.  I think there may be an issue with the SR-IOV not being enabled on the machine
  through the Dell Bios.  Would the SR-IOV really cause the workstations to report a slow connection?  When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct.  I don't
  have "ignore slow connections" or any of those GPO's set.  I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem.  Any help that someone can offer, I am more than willing
  to listen.  If you need more information, please ask.
  Thanks,
  Jay

  So, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
  post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
  virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
  Im disappointed in MS right now.

• Cannot Login to Read Only Domain Controller

  One of my Read Only Domain Controller Servers shut down unexpectedly due to a power outage and now I cannot login to it anymore. When the server powered on again, it came up with an error regarding on of the hard drives failing (RAID1)
  I get a message Access is Denied when I try to login with one of my domain admin accounts. As it is a RODC, there are no local accounts for me to use. The RODC is running on Windows Server 2008 R2. The server is also running as a DHCP/Print/File server for
  the office so these are not working as well.
  I checked my PDC and it is coming up with the following error in the event viewer
  Log Name: System
  Source: Security-Kerberos
  Event ID: 4
  Level: Error
  The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server rodc01$. The target name used was domain/rodc01.domain.local. This indicates that the target server failed to decrypt
  the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account
  used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the
  server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.local) is different from the client domain (domain.local), check if there are identically named server accounts in these
  two domains, or use the fully-qualified name to identify the server.
  I have tried to reset the computer password with netdom but I get the following error
  netdom resetpwd /server:rodc01 /userd:administrator /passwordd:*
  The machine account password for the local machine could not be reset.
  Logon Failure: The target account name is incorrect.
  The command failed to complete successfully.
  If I try to reset the password using the IP address instead, I get the following error
  netdom resetpwd /server:192.168.10.1 /userd:administrator /passwordd:*
  The machine account password for the local machine could not be reset.
  Access is denied.
  The command failed to complete successfully.
  I checked my AD and DNS and the rodc object  is present
  If I run repadmin /replsum on the PDC I get the message for the faulty RODC server
  Experienced the following operational errors trying to retrieve replication information:
          8341 – rodc01.domain.local
  Any advice is appreciated
  Thanks

  Logon to the server in Directory Services Restore Mode (DSRM) using the password you supplied during DCPROMO and verify that the Active Directory database isn't corrupted on the RODC - You will most likely see indications on this in the Directory
  Services log.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• JRE 1.7 / Java Plug-in - Long delay in retrieving the applet File(JAR) due to a request to the Domain Controller(on port 53)

  Description:
  A specific group of users/customers (using Windows7 OS with IE and FireFox web browsers) are facing problems with retrieving the applet File, after they upgraded the JRE on the system(PC) to JRE 1.7.0_25-b17 from JRE version 1.6.0_29-b11.
  With JRE 1.7.0_25-b17 it is noticed that when the Java plugin requests for the applet File; it sends a request to the Domain Controller of the user, which causes a delay of 2 to 5 minutes and sometimes hangs. The problem occurs consistently.
  The current temporary workaround for this group of users is to use JRE version 1.6.0_29-b11.
  Problem analysis:
  To investigate the problem the below steps were executed:
  1) Collected the Java console outputbelow details from the user's system. (The complete output is not posted due to lengthy content, though can be added further to this post if required.)
  (a) Works fine with JRE version 1.6.0_29-b11. Kindly refer to Java console output in the code ‘section A’ towards the end of this post.
  (b) The problem occurs with problem with JRE version 1.7.0_25-b17. Kindly refer to Java console output in the code ‘section B’ towards the end of this post. The step where the problem is observed, is indicated as(##<comment>##).
  2) The network settings in the user's browser was checked. Internet Options > Connections > LAN setting
  The configured option is 'Use automatic configuration script' and the value is http://www.userAppX.com/proxy.pac
  This configuration remains the same irrespective of the JRE version in use.
  3) The network settings in the Java Control Panel was checked.
  The used/selected option is "Use browser settings", although values for 'Use proxy server' and 'use automatic proxy configuration script' are filled-in as 'user-proxy.com' and 'http://www.userAppX.com/proxy.pac' respectively.
  This configuration remains the same irrespective of the JRE version in use.
  4) The proxy PAC file was checked and debugging was done for the request 'https://myAppletHost.com/download/...'. The FindProxyForUrl function (including the conditions defined in it, for the hostname and domain checks) returns PROXY user-proxy.com:80
  5) The user also tried the below
  a. Changed the option in the network settings in the browser to 'Proxy server' with Address 'user-proxy.com' and Port '80'
  b. Restarted the browser.
  c. Tried with Java Plug-in 1.6.0_29, JRE version 1.6.0_29-b11. There was no problem and no request to the Domain Controller of the user.
  d. Tried with Java Plug-in 10.40.2.43, JRE version 1.7.0_40-b43. The problem occurs with the delay and a request to the Domain Controller of the user is observed.
  Kindly refer to Java console output in the code ‘section C’ towards the end of this post.
  6) The user also tried setting the below property in the Java Control panel; restarted the browser, and try with JRE 1.7.0_40-b43. The problem stil persists.
  -Djava.net.preferIPv4Stack=true
  7) The Global Policy Management of the Domain Controller was verified by the user. It has GPO for proxy setting but nothing related to Java security.
  Questions:
  The problem seems be specific to a particular (user) environment setup, and the user faces the problem when using JRE 1.7.
  We would like to know if the issue is in the (user) environment setup or in JRE 1.7.
  Could you please help with information/ideas/suggestions to identify the root cause and solution for this problem?
  Section A:
  Java Plug-in 1.6.0_29
  Using JRE version 1.6.0_29-b11 Java HotSpot(TM) Client VM
  User home directory = C:\Users\userA
  basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
  network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-b1bb5056c5b0e83f=2; Path=/"
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-b1bb5056c5b0e83f=2; Path=/"
  security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre6\lib\security\cacerts
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Loading certificates from Internet Explorer ROOT certificate store
  security: Loaded certificates from Internet Explorer ROOT certificate store
  security: Checking if certificate is in Deployment denied certificate store
  network: Connecting https://myAppletHost.com/download/myApplet.jar with cookie "JSESSIONID=0000IK4bEMoqXH10zsl88rwvoRI:175oe9tjd; BCSI-CS-b1bb5056c5b0e83f=2"
  network: Downloading resource: https://myAppletHost.com/download/myApplet.jar
                  Content-Length: 403.293
                  Content-Encoding: null
  Dump system properties ...
  https.protocols = TLSv1,SSLv3
  java.vm.info = mixed mode, sharing
  java.vm.name = Java HotSpot(TM) Client VM
  java.vm.specification.name = Java Virtual Machine Specification
  java.vm.specification.vendor = Sun Microsystems Inc.
  java.vm.specification.version = 1.0
  java.vm.vendor = Sun Microsystems Inc.
  java.vm.version = 20.4-b02
  javaplugin.nodotversion = 160_29
  javaplugin.version = 1.6.0_29
  javaplugin.vm.options =
  os.arch = x86
  os.name = Windows 7
  os.version = 6.1
  trustProxy = true
  deployment.proxy.auto.config.url = http://www.userAppX.com/proxy.pac
  deployment.proxy.bypass.local = false
  deployment.proxy.http.host = user-proxy.com
  deployment.proxy.http.port = 80
  deployment.proxy.override.hosts =
  deployment.proxy.same = false
  deployment.proxy.type = 3
  deployment.security.SSLv2Hello = false
  deployment.security.SSLv3 = true
  deployment.security.TLSv1 = true
  deployment.security.mixcode = ENABLE
  Section B:
  Java Plug-in 10.25.2.17
  Using JRE version 1.7.0_25-b17 Java HotSpot(TM) Client VM
  User home directory = C:\Users\userA
  basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@12adac5
  basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
  network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
  network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
                  (##THE ABOVE REQUEST CAUSES THE DELAY OR HANGS##)
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
  security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  security: Loading certificates from Deployment session certificate store
  security: Loaded certificates from Deployment session certificate store
  security: Loading certificates from Internet Explorer ROOT certificate store
  security: Loaded certificates from Internet Explorer ROOT certificate store
  network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-2d4ce94a2ae7b460=2; Path=/"
  network: Connecting https://myAppletHost.com/download/myApplet.jar with cookie "JSESSIONID=0000UQuXWY5tjxjpwcKHlfJKe_8:175oe9j45; BCSI-CS-2d4ce94a2ae7b460=2"
  network: ResponseCode for https://myAppletHost.com/download/myApplet.jar : 200
  network: Encoding for https://myAppletHost.com/download/myApplet.jar : null
  network: Server response: (length: -1, lastModified: Thu Feb xx yy:yy:yy CET 2013, downloadVersion: null, mimeType: text/plain)
  network: Downloading resource: https://myAppletHost.com/download/myApplet.jar
                  Content-Length: -1
                  Content-Encoding: null
  Section C:
  Java Plug-in 10.40.2.43
  Using JRE version 1.7.0_40-b43 Java HotSpot(TM) Client VM
  User home directory = C:\Users\userA
  basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
  network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-1d67c8b6508ca09c=2; Path=/"
  network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
                  (##THE ABOVE REQUEST CAUSES THE DELAY OR HANGS##)
  network: Checking for update at: https://javadl-esd-secure.oracle.com/update/blacklist
  network: Checking for update at: https://javadl-esd-secure.oracle.com/update/blacklisted.certs
  network: Checking for update at: https://javadl-esd-secure.oracle.com/update/baseline.version
  network: Connecting https://javadl-esd-secure.oracle.com/update/blacklist with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  network: Connecting https://javadl-esd-secure.oracle.com/update/baseline.version with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  network: Connecting https://javadl-esd-secure.oracle.com/update/blacklisted.certs with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  security: Loading Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  security: Loaded Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  security: Loading SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  security: Loaded SSL Root CA certificates from C:\Program Files (x86)\Java\jre7\lib\security\cacerts
  Dump system properties ...
  https.protocols = TLSv1,SSLv3
  java.vm.info = mixed mode, sharing
  java.vm.name = Java HotSpot(TM) Client VM
  java.vm.specification.name = Java Virtual Machine Specification
  java.vm.specification.vendor = Oracle Corporation
  java.vm.specification.version = 1.7
  java.vm.vendor = Oracle Corporation
  java.vm.version = 24.0-b56
  javaplugin.nodotversion = 10402
  javaplugin.version = 10.40.2.43
  os.arch = x86
  os.name = Windows 7
  os.version = 6.1
  trustProxy = true
  active.deployment.proxy.auto.config.url = http://www.userAppX.com/proxy.pac
  active.deployment.proxy.bypass.local = false
  active.deployment.proxy.http.host = user-proxy.com
  active.deployment.proxy.http.port = 80
  active.deployment.proxy.same = false
  active.deployment.proxy.type = 3
  deployment.browser.path = C:\Program Files (x86)\Internet Explorer\iexplore.exe
  deployment.proxy.auto.config.url = http://www.userAppX.com/proxy.pac
  deployment.proxy.bypass.local = false
  deployment.proxy.http.host = user-proxy.com
  deployment.proxy.http.port = 80
  deployment.proxy.override.hosts =
  deployment.proxy.same = false
  deployment.proxy.type = 3                                                                                                                                                                                                                                                            
  deployment.security.SSLv2Hello = false
  deployment.security.SSLv3 = true
  deployment.security.TLSv1 = true
  deployment.security.TLSv1.1 = false
  deployment.security.TLSv1.2 = false
  deployment.security.authenticator = true
  deployment.security.disable = false
  deployment.security.level = HIGH
  deployment.security.mixcode = ENABLE
  PS:
  Since the JRE 1.7.0_25-b17 update, it is noticed that when the Java plugin requests for the applet File; it sends a request to the Domain Controller of the user, which causes a delay of 2 to 5 minutes and sometimes hangs.
  The problem occurs consistently, and also with JRE 1.7.0_45-b18.
  Java Plug-in 10.45.2.18
  Using JRE version 1.7.0_45-b18 Java HotSpot(TM) Client VM
  User home directory = C:\Users\userA
  c:   clear console window
  f:   finalize objects on finalization queue
  g:   garbage collect
  h:   display this help message
  l:   dump classloader list
  m:   print memory usage
  o:   trigger logging
  q:   hide console
  r:   reload policy configuration
  s:   dump system and deployment properties
  t:   dump thread list
  v:   dump thread stack
  x:   clear classloader cache
  0-5: set trace level to <n>
  cache: Initialize resource manager: com.sun.deploy.cache.ResourceProviderImpl@134a33d
  basic: Added progress listener: sun.plugin.util.ProgressMonitorAdapter@1971f66
  basic: Plugin2ClassLoader.addURL parent called for https://myAppletHost.com/download/myApplet.jar
  network: Connecting https://myAppletHost.com/download/myApplet.jar with proxy=HTTP @ user-proxy.com/194.xxx.xx.xx:80
  network: Server https://myAppletHost.com/download/myApplet.jar requesting to set-cookie with "BCSI-CS-f797d4d262467220=2; Path=/"
  network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
  network: Connecting http://10.x.x.xx:53/ with proxy=DIRECT
                  (##THE ABOVE REQUEST CAUSES THE DELAY AND SOMETIMES HANGS##)

  My organization is experiencing very similar problems.  We have resolved it through several steps.
  We upgraded the client to Java 8 and we saw in the console that the hanging connection with the Domain Controller no longer occurs.  This may be all that is necessary for your environment as well. 

• The KDC encountered duplicate names while processing a Kerberos authentication request in a Domain controller server

  HI
  we have a sharepoint farm and in domain controller server, this error is in event viewer
  Log Name:      System
  Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
  Date:          9/15/2014 10:44:15 PM
  Event ID:      11
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      XXXAPP01.xxxportal.com
  Description:
  The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is HTTP/XXXWFE01.xxxportal.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
  this from occuring remove the duplicate entries for HTTP/XXXWFE01.xxxportal.com in Active Directory.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
      <EventID Qualifiers="49152">11</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-09-15T19:44:15.000000000Z" />
      <EventRecordID>131824</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>System</Channel>
      <Computer>XXXAPP01.xxxportal.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="Name">HTTP/XXXWFE01.xxxportal.com</Data>
      <Data Name="Type">DS_SERVICE_PRINCIPAL_NAME</Data>
      <Binary>
      </Binary>
    </EventData>
  </Event>
  adil

  Hi adil,
  Service principal names (SPNs) are stored as a property of the associated account object in Active Directory
  Domain Services (AD DS). I noticed that you have used setpn –X to identify the duplicate SPN. Please refer to following articles and check if help you to solve this issue.
  Event ID 11 — Service Principal
  Name Configuration
  Event ID 11 in the System log of domain controllers
  Please also refer to following article and check if can help you.
  The problem with duplicate SPNs
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu