Does adding a 2008 DC to a 2003 AD break NT 4.0 trusts ?
Hello
we have a AD envionrment with 3 2003 DCs and it has a trust to a seperate NT 4.0 domain.
We are planning to add a 2008 additional DC to the same existing 2003 domain ; it'll require adprep /forest prep switches.
My question here ; does this forest change affect our NT 4.0 two-way trust with 2003 Domain ?
Our domain is running in 2003 forest and domain functional level.
The 2008 box should not affect the trust as long as you have configured
Allow cryptography algorithms compatible with Windows NT 4.0
More on that in this article http://support.microsoft.com/kb/942564
Notice that 2008 R2 will break the trust (no workaround for 2008 R2)
*** Full Disclosure ***
I have not tested your exact scenario (just haven't had the time to build out an NT domain and none of the networks I work on have NT on them at this point)
Thanks
Mike
http://adisfun.blogspot.com
http://twitter.com/mekline
Similar Messages
-
In settings it has a spot to add an e mail address to icloud . What does adding one do ? I haven't finished it by verifying through e mail but my phone keeps saying I am using it for icloudin this phone. Ugh now what ?
if it's a message coming from your yahoo account, it means that your account has been compromised, not your phone itself. i would suggest changing the password for your email account
-
Does Microsoft Entourage 2008 for mac work with the new Mac OS X v 10.7 Lion
Does Microsoft Entourage 2008 for mac work with the new Mac OS X v 10.7 Lion?
I am just about to install Lion just need to check to see if if my work e-mail will workSarah,
Check this link:
http://roaringapps.com/app:2533
It contains some issues that people have encountered with Lion and Office 2008. It appears it can work, but you may have to go through some of the steps a few of the posters there have listed.
That website also contains a pretty large list of applications and if they will work with Lion.
Hope this helps! (I am not affiliated in any way with the site linked). -
Does adding captions to existing JPEGs degrade image?
Using Photshop Elements 5.0, when I open an existing JPEG file and add a caption, the file's date stamp is changed to the current date, even if I don't actually edit the image.
I know that opening, editing and then resaving an existing JPEG file causes the image quality to degrade each time this process is repeated, since the JPEG format format uses lossy compression. I'm wondering if adding a caption does the same thing, i.e., causes the image quality to degrade.
Is adding a caption equivalent to editing the file, even if the actual graphic image isn't altered at the same time? Does adding captions to JPEG files after the fact cause image quality loss?No, adding a caption -- or a date/time, keyword tag, star rating, notes, or GPS location -- updates the file's metadata section without changing the actual photo. (That metadata is sometimes loosely referred to as EXIF, XMP, or IPTC.) So you don't need to worry about loss of image quality due to recompression.
-
Removing Server 2000 DC and adding Server 2008 DC.
Removing Server 2000 DC and adding Server 2008 DC.
From: Server 2000 Sp4 (not leaving in place, no plans to demote)
To: Server 2008 Sp2 (will be a single DC and hold Global Catalog)
Single forest domain. Only one DC.
Problem: The old server 2000 is still a primary DC and the new server 2008 is not taking over.
Completed the following tasks:
NIC binding (connected NIC at top of list on new server)
New server is also DNS server. This role is working and it points to itself 127.0.0.1 and clients have been moved to use the new server for DNS, they are working.
New server has some shared folders. Clients are connected and this is working until we remove the old server, then they cannot authenticate to the mapped drive.
Both servers show the role of Domain Controller
Adprep /forestprep and /domainprep and /domainprep /gpprep were run on the server 2000 (as it was the existing DC) with a successful message. (not sure if enough time was allowed for replication)
All five Flexible Single Master Operations (FSMO) roles were transferred using GUI.
Schema Master, Domain naming master, Infrastructure master, RID master, PDC Emulator.
And have been verified. All roles transferred and the new server 2008 and new server is also the global catalog.
Then to verify new server is handling the role we unplugged the Ethernet cable from the Old server 2000, then went to client stations and re-started them and they would not find the new DC and connect to it.
On the new server when we opened active directory users and computers the domain did not appear.
Verified in DNS manager the A record and reverse pointer were correct.
For some reason the new server is looking to the old server. Even though all roles are moved over and DNS appears to be setup correctly it won’t exist independently.
What’s missing?
If something was missed or performed wrong, do we have to remove the roles and start from scratch? Or can we re-run adprep and walk the steps again leaving all as-is?Hello,
as first step please post an unedited ipconfig /all from the old and new DC/DNS server and one problem client.
It seems that your installation from the new DC wen't well and as described in
http://msmvps.com/blogs/mweber/archive/2010/02/06/upgrading-an-active-directory-domain-from-windows-server-2000-to-windows-server-2008-or-windows-server-2008-r2.aspx Just check again yourself.
A DC should NEVER be shutdown or just disconnected from a domain, it MUST be demoted correct, as you ruin into replication errors in the event viewer without that steps and you will never be able to install a additional DC with using the same name.
See the end of my article about removal steps.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
Does adding a Goggle AdSense crash for anyone else?
I started looking into Google AdSense today and at first it was 50/50 whether iWeb would add an AdSense object or would crash... now it's 100%. Does adding a Google AdSense routinely crash for anyone else? Is this a know issue? is there a workaround?
I've tried:
- restarting my mac
- deleting the test web pages and starting over
- deleting the site and ALL pages, just to start fresh
- adding via the icon at the bottom of the screen, and adding via the menu item
Thanks,
Jeffi can run Dota 2 test but when I'm in game I have this problem https://github.com/ValveSoftware/Dota-2/issues/36
Pc specs:
AMD Phenom(tm) II X4 945 Processor × 4
ram 6GB
ATI 4850HD 13.1 catalyst driver
I added these options in /etc/X11/xorg.conf and my fps increased from 10 to 30 fps. But i still have graphic artefacts on screen.
Option "AllowGLXWithComposite" "true"
Option "backingstore" "true"
Section "Device"
Identifier "aticonfig-Device[0]-0"
Driver "fglrx"
Option "backingstore" "true"
Option "Monitor-DFP2" "0-DFP2"
Option "AllowGLXWithComposite" "true"
Option "UseFastTLS" "off"
BusID "PCI:1:0:0"
EndSection
Section "Extensions"
Option "Composite" "Enable"
EndSection
Last edited by marceel (2013-07-14 09:16:09) -
I just downloaded the mountain lion. I need a new office ... does the microsoft 2008 or 2011 work better/easier??
There are lower cost or free alternatives to MS Office.
IWork is very good and converts Word files easily. If you only need Numbers or Pages, you can purchase them seperately. There is also Neo-Office and OpenOffice. -
Does adding applicaions to Dock slow down start up time?
Does adding applicaions to Dock slow down start up time? I'm thinking about placing the whole creative suite on dock but I'm unsure whether it will slow down time it takes to start up my laptop, please help.
On the dock? Not particularly. If you have things starting up with the computer then yes.
Having lots of stuff on your desktop does though.
Best of luck. -
Does microsoft office 2008 work within Maverick?
Does microsoft office 2008 work within Maverick? I am getting ready to install Maverick and trying to anticipate what upgrades I'll need. Thanks
Thanks, Niel
-
Does adding RAM really help performance?
My iMac 1.8 GHz G5 is about two years old and starting to run slowly. Could it be the 10,000 photos and 6,000 songs? I've started using my MacBook for most work and my iMac for most play (i.e. media).
Does adding RAM really help performance? I've only got one 512 MB chip.
Thanks for any help.Hello,
Yes, adding more memory can make a huge performance improvement.
I've owned two iMac G5 systems. And, in both cases, I noticed a huge performance improvement jumping to 1 GB of RAM. And, while not huge, I noticed even better performance going from 1 GB to 2 GB of RAM.
512 MB is minimal, and adequate. But, more memory makes OS X run considerably better.
I hope this helps.
Let us know if you have other questions.
P.S., if you'd like, go ahead and click the "Helpful" or "Solved" buttons on any of the posts / replies above if you feel they were helpful or adequately answered your question. -
SQL Server Management 6.5.1.0 and 6.5.4.0 does not discovery SQL 2008 databases on Windows 2003
SQL Server Management 6.5.1.0 and 6.5.4.0 does not discovery SQL 2008 databases on a custom instance name or when multiple SQL instances are installed on Windows 2003.
OS Version: Windows 2203 x64 with SP2
Database Version: 10.3.5869.0
The instance in this case: I01 is running on port 49168.
SQL Server Network Configuration | Protocols for I01 | IP Addresses | IPAll | TCP Port = 49168
The DB Engine class is discovered but not the "Tcp Port" property.
The database discovery script then fails as it is missing the 8th parameter; The Port.
Looking at the discovery script DiscoverSQL2008DBEngineDiscovery.vbs i see the following WMI query.
Set oWMI = GetObject("winmgmts:\\" & computerName & "\root\Microsoft\SqlServer\" & SQL_WMI_NAMESPACE)
Set oQuery = oWMI.ExecQuery("SELECT * FROM ServerNetworkProtocolProperty
Using WMI Explorer if I connect to namespace: root\Microsoft\SqlServer\ComputerManagement10
and query "SELECT * FROM ServerNetworkProtocolProperty". There are no instances.
What am I missing or doing wrong?
Closely related to this article. https://gallery.technet.microsoft.com/Hotfix-Management-Pack-SQL-17cf1118#content.
Thanks
GavinHi,
I would like to know is there any update about the issue. If the issue is solved, will you please share the resolution here to help others in this forum who encounter similar issue.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. -
Missing nodes in new GPO objects after adding ADMX to DC (Server 2008 Domain Functional Level 2003)
Hello,
we discovered an issue in GPO console.
DCs: multiple 2008 there is one 2003DC somewhere over the rainbow (don't ask why) :)
Domain Functional Level is 2003.
In June I added Policydefinitions folder into Policy folder in sysvol\domain_name.
I did this for adding ADMX.
Today we found missing nodes when adding new GPO objects and trying to modify them.
Under Computers\Administrative Templates there is only ADMX node. No Administrative Templates with sub nodes: Systeme, Network, Printes, Windows Components.
When edit old GPOs There is Administrative Templates in Administrative Templates with ADMX folder. SEE Screenshot.
My colleague insists that it happened after I made changes by adding ADMX things. Looks that he is right.
Please any help on this issue... How to get back nodes for managing new GPOs as it was before adding ADMX.
Is this something known? I didn't find any prerequisites before adding PolicyDefinistions folder.
Thanks.
"When you hit a wrong note it's the next note that makes it good or bad". Miles DavisMeinolf,
1. I would like to know if it is normal behaviour that after creating a Central Store (adding PolicyDefinitions folder into Policies) Classical Administrative Templates will not appear for any new GPO (they do exist to all previously created) see
picture
2. I followed the links. And eventually will use the script for cleaning up duplicate adms in all GPOs. It is great feature of ADMX. But first I would like to bring back the option of Admin Templates.
So I downloaded latest 2012 ADMXs. Run setup on my computer. Now I have Policydefinitions folder containing new ADMXs with languages (culture) folders.
Am I right? I have to copy all *.admx files to my Central Store Policydefinitions folder and all En admls drop to En-Us language folders. What will happen if I will add Fr-Fr? Would it be correct to have 2 languages for the same admxs. And how they will
appear. Or it will depend on OS language were GP console will be opened?
No conflict to expect?
I will do this "surgery" after your answer.
Thanks for pointing out..
"When you hit a wrong note it's the next note that makes it good or bad". Miles Davis -
2008 event equivalent of 2003 Netlogon 5807 event
I have a custom Opsmgr rule that alerts me when our Network team has made a new subnet and not told us about it.
I am upgrading all my DC's to 2008 and need to find the equivalent event to update this rule. I have a 2008 DC with missing subnets and cannot find any events to indicate this. I know that many event numbers were incremented by 4096 between 2003/2008. There
are no events numbered 9903, and no events that contain phrases from the old event like "undefined site" or "existing sites"
Does anyone know if such an event is still logged, and if so, what is the source/number?
Thanks
Example of the old event from a Win2003 DC:
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5807
Date: 1/10/2003
Time: 10:59:53 AM
User: N/A
Computer: DC1
Description:
During the past 4.18 hours there have been 21 connections to this Domain Controller
from client machines whose IP addresses don't map to any of the existing sites in the
enterprise. Those clients, therefore, have undefined sites and may connect to any
Domain Controller including those that are in far distant locations from the clients.
A client's site is determined by the mapping of its subnet to one of the existing
sites. To move the above clients to one of the sites, please consider creating subnet
object(s) covering the above IP addresses with mapping to one of the existing sites.
The names and IP addresses of the clients in question have been logged on this
computer in the following log file '%SystemRoot%\debug\netlogon.log' and,
potentially, in the log file '%SystemRoot%\debug\netlogon.bak' created if the former
log becomes full. The log(s) may contain additional unrelated debugging information.
To filter out the needed information, please search for lines which contain text
'NO_CLIENT_SITE:'. The first word after this string is the client name and the second
word is the client IP address. The maximum size of the log(s) is controlled by the
following registry DWORD value 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Netlogon\Parameters\LogFileMaxSize'; the default is 20000000 bytes. The current
maximum size is 20000000 bytes. To set a different maximum size, create the above
registry value and set the desired maximum size in bytes.Hi,
I’d like to
confirm the number of the IP range.
If a new range of IP addresses is added to the network, it needs to create a subnet object in Active Directory to correspond to the range of IP addresses.
To create a subnet object, you must have the following information:
Ø
The site to which the subnet is to be associated.
Ø
The network address or any IP address in the range.
Ø
The subnet mask.
The term "subnet" in AD DS does not have the strict networking definition of the set of all addresses behind a single router. The only requirement for an AD DS subnet
is that the address prefix conforms to the IP version 4 (IPv4) or IP version 6 (IPv6) format.
Please refer the following links to untie the doubts:
Managing Sites
http://technet.microsoft.com/en-us/library/bb727051.aspx#ELAA
Appendix B - Procedures Reference
http://technet.microsoft.com/en-us/library/bb727062.aspx#E0MD0AA
Understanding Sites, Subnets, and Site Links
http://technet.microsoft.com/en-us/library/cc754697.aspx
Chapter 4 – Subnetting
http://technet.microsoft.com/en-us/library/bb726997.aspx
Hope this helps! -
Group Policy processing failure on 2008 when MIX Domain 2003 with DC 2008
Dear I try to add additional Windows 2008 Domain to My Domain controller 2003 and I ma Receiving Group policy error in DC 2008 With Event ID 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-03-06T14:36:44.411955300Z" />
<EventRecordID>3859</EventRecordID>
<Correlation ActivityID="{28DAD258-26D0-4C1E-A4B7-F37DEE04C8F1}" />
<Execution ProcessID="952" ThreadID="3276" />
<Channel>System</Channel>
<Computer>PRIMARYDC.Qtit.com</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1578</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied.</Data>
</EventData>
</Event>
I install See KB939820 for a hotfix applicable to Microsoft DC 2003 regrading to he KRBTGT account
Refer Url : http://support.microsoft.com/kb/939820
I run dcdiag /v on and repadmin /showrepl at DC 2008
the dcdiag /v result
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine PRIMARYDC, is a Directory Server.
Home Server = PRIMARYDC
* Connecting to directory service on server PRIMARYDC.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Qtit,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... PRIMARYDC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PRIMARYDC
Starting test: Advertising
The DC PRIMARYDC is advertising itself as a DC and having a DS.
The DC PRIMARYDC is advertising as an LDAP server
The DC PRIMARYDC is advertising as having a writeable directory
The DC PRIMARYDC is advertising as a Key Distribution Center
The DC PRIMARYDC is advertising as a time server
The DS PRIMARYDC is advertising as a GC.
......................... PRIMARYDC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:18:56
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
A warning event occurred. EventID: 0x800034C8
Time Generated: 03/06/2014 10:53:21
Event String:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer PRIMARYDC. The File Replication Service might not recover when power to
the drive is interrupted and critical updates are lost.
......................... PRIMARYDC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... PRIMARYDC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... PRIMARYDC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... PRIMARYDC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SECONDAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
......................... PRIMARYDC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC PRIMARYDC on DC PRIMARYDC.
* SPN found :LDAP/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :LDAP/PRIMARYDC.Qtit.com
* SPN found :LDAP/PRIMARYDC
* SPN found :LDAP/PRIMARYDC.Qtit.com/QTIT
* SPN found :LDAP/e3d8c76c-1b59-4de6-9f7f-c438df9a2863._msdcs.Qtit.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e3d8c76c-1b59-4de6-9f7f-c438df9a2863/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com/Qtit.com
* SPN found :HOST/PRIMARYDC.Qtit.com
* SPN found :HOST/PRIMARYDC
* SPN found :HOST/PRIMARYDC.Qtit.com/QTIT
* SPN found :GC/PRIMARYDC.Qtit.com/Qtit.com
......................... PRIMARYDC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC PRIMARYDC.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
DC=DomainDnsZones,DC=Qtit,DC=com
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=Qtit,DC=com
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=Qtit,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Qtit,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=Qtit,DC=com
(Domain,Version 3)
......................... PRIMARYDC failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\PRIMARYDC\netlogon
Verified share \\PRIMARYDC\sysvol
......................... PRIMARYDC passed test NetLogons
Starting test: ObjectsReplicated
PRIMARYDC is in domain DC=Qtit,DC=com
Checking for CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com in domain DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com in domain CN=Configuration,DC=Qtit,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PRIMARYDC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Qtit,DC=com
Latency information for 18 entries in the vector were ignored.
18 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Qtit,DC=com
Latency information for 20 entries in the vector were ignored.
20 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... PRIMARYDC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 14607 to 1073741823
* SecondAD.Qtit.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 14107 to 14606
* rIDPreviousAllocationPool is 14107 to 14606
* rIDNextRID: 14124
......................... PRIMARYDC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... PRIMARYDC passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000A001
Time Generated: 03/06/2014 16:04:05
Event String:
The Security System could not establish a secured connection with the server ldap/PRIMARYDC.Qtit.com/[email protected]. No authentication protocol was available.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:06:35
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:11:36
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:16:38
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:21:39
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:26:41
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:46
Event String:
Driver TOSHIBA e-STUDIO16/20/25 PCL 6 required for printer TOSHIBA e-STUDIO16/20/25 PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:48
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:30:49
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:14
Event String:
Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 03/06/2014 16:31:16
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000041F
Time Generated: 03/06/2014 16:31:42
Event String:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
......................... PRIMARYDC failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com and backlink on
CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on
CN=NTDS Settings,CN=PRIMARYDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Qtit,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=PRIMARYDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Qtit,DC=com
and backlink on CN=PRIMARYDC,OU=Domain Controllers,DC=Qtit,DC=com are
correct.
......................... PRIMARYDC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Qtit
Starting test: CheckSDRefDom
......................... Qtit passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Qtit passed test CrossRefValidation
Running enterprise tests on : Qtit.com
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
PDC Name: \\SecondAD.Qtit.com
Locator Flags: 0xe00001bd
Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
KDC Name: \\PRIMARYDC.Qtit.com
Locator Flags: 0xe00031fc
......................... Qtit.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Qtit.com passed test Intersite
repadmin /showrepl Result
******************************8
==== INBOUND NEIGHBORS ===================================
DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:04 was successful.
CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:41:39 was successful.
CN=Schema,CN=Configuration,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
DC=DomainDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 16:27:31 was successful.
DC=ForestDnsZones,DC=Qtit,DC=com
Default-First-Site-Name\SECONDAD via RPC
DSA object GUID: c5ef6e17-77f0-43f6-8d39-5497c563f
Last attempt @ 2014-03-06 15:53:01 was successful.
I try to down the DC 2003 and access \\Qtit.com it success open the syslog on DC 2008
Any help or adviceHi,
Were there other error codes logged in Event Viewer?
Regarding Event ID 1055, the following article can be referred to for troubleshooting.
Event ID 1055 — Group Policy Preprocessing (Security)
http://technet.microsoft.com/en-us/library/cc727272(v=ws.10).aspx
Based on the report you posted, this issue may be related to FRS replication service. As a result, we can use ntfrsutl tool to check whether the replication service is healthy.
Regarding this point, the following articles can be referred to for more information.
Troubleshooting File Replication Service
http://technet.microsoft.com/en-us/library/bb727056.aspx
Ntfrsutl
http://technet.microsoft.com/en-us/library/hh875636.aspx
In addition, we can also try doing a non-authoritative Sysvol restore on Windows Server 2008 DC to see whether the issue persists.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
Hope it helps.
Best regards,
Frank Shen -
Crystal Reports 2008 crashes in Windows 2003 terminal Services Session
Hi,
We installed Crystal Reports Server and Crystal Reports 2008 on a new Windows 2003 Small Business Server. Crystal Reports works when run at the physical console, but when accessed from Remote Desktop it crashes to the debugger when I try to:
a) open an existing working report that uses SQL Server 2005 parameterized stored procedure,
b) create a new report using any SQL Server 2005 parameterized stored procedure,
c) access help.
All the above work fine at the physical server but I need to access remotely using RDC.
I log in as administrator, I have tried turning off DEP and I am running RDC via the mstsc command both without and with the /admin switch to run in session 0 but there is still a difference between being at the physical console versus remote that CR does not like.
More: I have to drive a long way to get to the server to try things locally. For now, as a workaround, I have started crw32.exe at the physical server and I can use that when I log in via RDC - I just cannot start crw32.exe remotely and run it successfully. Also, when I do run remotely, I get the entire menu bar on startup with no start page, but running at physical server I get only the File, View and Help menus but I do get the Start page.
Any ideas?
Thanks,
Rob Hershfield
Dave Machado
Edited by: David Machado on Nov 17, 2008 9:39 PMPermission issues
Maybe you are looking for
-
Office or Creative Suite with site licensing on Lion Server
Can Office or Creative Suite with site licensing reside on a mac mini server for the network to use or do the applications need to be on each computer in the network?
-
Has the IOS update on my Ipod caused the Apple TV Remote App to have connection problems?
I recently updated the software on my IPod Touch and now the Apple TV Remote App won't connect to the Apple TV. Home Sharing is turned on for both my computer and Ipod. ITunes and the IPod have both been updated. Is there an issue with the new sof
-
I no longer have code coloring or code hints working on Dreamweaver. I checked the preferences and everything is still set the same but whenever I open an existing document it will not give me the code coloring or code hints. I still get it when I op
-
Vendor master creation using RFBIKR00 program
hi friends can any body help what is the structure and file format i have to give when i run RFBIKR00 program to create vendor master data ... thanx in advance .. by leee
-
Change iCal's default email message text for invitations?
Does anyone know how to modify the default text strings in the e-mail message that iCal generates for invitations? The default text is pretty useless, especially for Outlook users who receive an .ics attachment rather than a "link below." If I knew w