Domain controller anomalous connection to remote Redplaid SMTP server

Similar Messages

• Sqlplus to connect to remote oracle database server

  Hi,
  I have oracle 10g database server on solaris 10 and I usually connect using my solaris account and run sqlplus on the server itself. this works !
  I have downloaded and installed oracle instant client for solaris 64 and I can run sqlplus command but I am confused on what should be the syntax on the command to connect to remote solaris 10 databse server where I have both system and oracle account.
  I have tried sqlplus help but still I could not get correct sysntax which could be used to authenticate myself to oracle server.
  I tried
  sqlplus user@hostname:1512/SID
  then it asked for password but when I typed password and pressed enter, it gave some error
  but it again asked for username so I type user@SID and then password prompt - typed password and this works!
  so I don't understand what should be the correct syntax so that in the first attempt only I am able to connect.
  if possible please give the exact command with realworld examples,(I have tried with sqlplus -help already)
  Thanks in advance.

  wonder what if I did not have tnsnames.ora on the client machine, how will be the syntax?You generally need (or at least strongly want) a tnsnames.ora file on the client machine.
  - You could configure Oracle Internet Directory and let that product provide TNS alias resolution for the organization (similar to setting up DNS for a local network).
  - Many tools (I haven't personally tried SQL*Plus and it may be version dependent) allow you to specify the entire TNS alias from the tnsnames.ora file (i.e. everything after the abcd.domain.com = entry) but that is hugely cumbersome to type
  - Depending on the Oracle client version, the sqlnet.ora file, the complexity of your configuration (i.e. if you are trying to use more sophisticated features like failover), you may be able to use the EZConnect syntax
  sqlplus username/password@host:port:SID/service_nameWhere host is the server that the database is running on, port is the port the listener is listening on (i.e. 1521 by default) and SID/service_name is the SID or service name you're trying to connect to.
  Justin

• How to connect to my provider SMTP server?

  hi,
  i traying to connect to SMTP of my net provider, but i have problem like this:
  DEBUG: setDebug: JavaMail version 1.4ea
  DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
  DEBUG SMTP: useEhlo true, useAuth false
  DEBUG SMTP: trying to connect to host "mailhost", port 25, isSSL false
  javax.mail.MessagingException: Unknown SMTP host: mailhost
  e.getCause() = java.net.UnknownHostException: mailhost
  HELP plz :/

  The name of your "net provider" is probably not "mailhost".
  Set the mail.smtp.host property to the name of the SMTP
  server you want to connect to.

• How to connect to remote MS SQL Server?

  I use:
  Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
  Connection con = DriverManager.getConnection("jdbc:odbc:iweb",userid,passwd);
  to connect to my "iweb" database on MS SQL Server running locally. Works great.
  But now I want to connect to this same database that is now running on a remote MS SQL Server
  on port 1433 of a machine with IP address 123.456.789.123.
  What is the magic incantation to make this happen? I have been trying variations of:
  Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
  String conString = "jdbc:odbc:DRIVER={SQL Server};SERVER=123.456.789.123:1433;"
  + "DATABASE=iweb;UID=" userid ";PWD=" passwd ";";
  Connection con = DriverManager.getConnection(conString);
  but no joy. Any help would be greatly appreciated. Surely this is a common problem
  but I'm having a heck of a time finding helpful docs that spell it out.
  -Dave Maffitt [email protected]

  Configuring a local DSN to point to the remote server is a good solution, but, I am still puzzled by something. On page 216 of Core Java 2, Volume 2, Advanced Features, there is an example of a database URL using a network address as part of the value. The example reads in part:
  For example: jdbc:odbc://whitehouse.gov:5000/CATS;PWD=Hillary
  would connect to the CATS database on port 5000 of whitehouse.gov using ODBC attribute value of PWD set to "Hillary".
  This example is what lead me to believe that I might be able to connect to a remote Data Source if I had the right syntax in the URL. My attempts at duplicating this example with my own MS SQL Server 7.0 database are failing. Have you tried this with any success?

• Outlook 2013 client, not in domain, can't connect to the Exchange 2010 server

  Good Aftermoon,
  Having issues it seems getting to the right forum but here is what I have. Currently we are running an Exchange 2010 server. OWA is configured and I am not having any issues with people connecting through it. The issue I am having is that any user that tries
  to connect through Outlook 2013 gets an error message about the proxy server and then a certificate error. I have run the tests through the toolbox and get the following results. 
  Attempting to test potential Autodiscover URL https://autodiscover.westmoreland-county.org:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
  Additional Details
  Elapsed Time: 694 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 69.89.25.150
  Elapsed Time: 284 ms.
  Testing TCP port 443 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 164 ms.
  Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
  Additional Details
  Elapsed Time: 245 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.westmoreland-county.org on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
  Elapsed Time: 201 ms.
  Validating the certificate name.
  Certificate name validation failed.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl01_ctl02_ctl01_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  Host name autodiscover.westmoreland-county.org doesn't match any name found on the server certificate CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated.
  Elapsed Time: 1 ms.
  Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
  Additional Details
  Elapsed Time: 234 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 69.89.25.150
  Elapsed Time: 14 ms.
  Testing TCP port 80 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 83 ms.
  The Microsoft Connectivity Analyzer is checking the host autodiscover.westmoreland-county.org for an HTTP redirect to the Autodiscover service.
  The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
  Additional Details
  The URL specified in the location HTTP header was not HTTPS. URL: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
  HTTP Response Headers:
  Keep-Alive: timeout=10, max=500
  Connection: Keep-Alive
  Content-Length: 356
  Content-Type: text/html; charset=iso-8859-1
  Date: Wed, 03 Dec 2014 18:10:08 GMT
  Location: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
  Server: Apache
  Elapsed Time: 135 ms.
  Our setup currently our domain is being hosted and the web master has control of domain settings. 
  I am fairly new to the Excchange Server world so any suggestions that you may have as to how I can resolve this would be great. 
  Bill

  Hi Bill
  Thank you for your pos.
  You can use the following command to check whether you have purchased the certificate of audiscovery.westmoreload-country.org in your organization:
  Get-ExchangeCertificate –server CASServerName | fl
  For example: you want to return all certificates stored on the Client Access server named ClientAccess01, you will type the follow command in EMS.
  Get-ExchangeCertificate -Server ClientAccess01 | fl
  If you didn’t purchased the certificate of audiscovery.westmoreload-country.org, you could contact your certificate supplier.
  You could refer to the following link:
  https://support.microsoft.com/kb/940726?wa=wsignin1.0
  If there are any questions regarding this issue, please be free to let me know.
  Best regard,
  Jim

• Can't connect to mountain lion smtp server

  Hello. I've been trying to get outside mail clients (Mac Mail) to connect to a virtual domain mail server I am hosting at work. Our main domain name works fine. And the virtual domain works fine as long as you are on our internal network. But for some reason, outside of our network, I can only receive POP mail with the server but I can't send any mail with the server. This is on a completely new installation of OS X Mountain Lion/Server. Everytime I try to get mail I get a message that the smtp connection to the sever failed even though I know the settings are the exact same settings I use to connect when I'm on our local network and it connects, sends, and receives just fine. How do I allow the outside world to connect?

  I did a work around which I didn't really want to do but my head hurts from trying to find an answer for days and no one here apparently has a clue as to why it's happening.
  I gave my mountain lion a static ip address and then made a hosts entry on all the windows machines. Viola, I can connect to all the mac shares with no account screen/password screens popping up. I shouldn't have to go into the hosts file on every single windows machine just so I can see shares on the macbook. Something's broke somewhere.

• 11 e-mail accounts from different providers are suddenly giving me errors saying they can't connect to IMAP and SMTP server?

  I have 11 e-mail accounts that was working fine a minute ago, but now they all say that they can't connect to the IMAP and SMTP servers.
  They all work fine on my iphone.
  How should i troubleshoot this?
  Thanks in advance.

  Nevermind, restarted for the third or fourth time, and now it works...
  Perhaps it was a time-issue.

• Outlook 2013 client, not in domain, can't connect to the Exchange 2013 server.

  Hello everyone,
  A colleague and me are in the process of rebuilding our Hosted Exchange servers. Everything is working perfectly except for the local Outlook 2013 clients. They are not in the domain but in the same network (through VLANs) as our Exchange server, and still
  they can't connect to Exchange without the use of Outlook anywhere. If we use Outlook Anywhere, it connects perfectly. If I ping the Exchange servers (1 CAS, 2 MBX servers) I get response with the right IP addresses.
  We've tried to create a new profile, this goes without problems. We enter the FQDN (or IP address) of CAS server and the required usersname, and the FQDN gets resolved to the correct MBX server where the mailbox resides on. We complete the whole wizard and
  then start Outlook. We then get the error that Outlook can't logon to the Exchange server.
  Is this an authentication setting that is wrong or do we need to use Outlook Anywhere if the PC is not in the same domain as the Exchange server?
  Thanks in advance!

  Hi,
  Agree with Martina, all Outlook clients use RPC over HTTP to connect to Exchange 2013. if the server version is Exchange 2013 SP1, only Outlook 2013 SP1 use MAPI over HTTP to connect to server after we enable the protocol MAPI over HTTP.
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

  Every few days we see two dialogs with the following messages:
  Dialog 1, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
  Dialog 2, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
  down in 8 day(s) 23 hour(s) 0 minute(s).
  The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
  The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
  adapter properties. 
  I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
  not an option for this scenario.
  I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
  DNS server configured.
  I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

  Thanks for your response Vivian.
  I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
  never displayed these messages.
  The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
  Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
  There are only 2 user accounts configured on this server. The local admin account and another local admin user.
  The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
  The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
  This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
  shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
  server will shut itself down again in 3 days.
  The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
  on its new network and this is what is triggering the messages?
  Am I clutching at straws here?

• Adding a Server 2008 R2 Domain Controller at a remote site

  Hello. I have been trying to set up a hot site at a remote location.  The story is long and involved but a few weeks ago it seemed to be finally working.  Our setup is two mirrored 2008 R2 servers at main site, mirrored with Double Take. 
  The hot site is the same except that so far I only had one server working.  The two sites connected via site to site VPN.
  About a week later our primary server basically crashed.  At first it worked but very slowly.  I was on vacation at the time and so I am not sure of the sequence of events, or exactly what errors were presented, but my associate first tried rebooting. 
  It took over 20 minutes to boot and then it said something to the effect that no domain controllers were available (not sure about this message).  He then discovered that the server at the remote site had some fsmo roles assigned to it.  He transferred
  the roles to the primary at the main site and then demoted the remote server to a workstation (but still a domain member).
  After that, rebooting the primary was much faster and everything at the primary site is working again. Now I want to set the remote site up again, but avoid the problem.  The way I originally set up the remote server was to use an IFM file, generated
  from our primary.  This should have made the remote server a catalog server, with DNS (which it did), but as far as I know should not have transferred any fsmo roles.
  The remote server(s) are wanted to be in the same domain as the primary.  They will also be mirrored from the primary (with Double Take).  If we had total failure at the main site, we wish to be able to immediately begin operations at the hot site
  (after a fail over).  I freely admit that I am swimming out of my depth here.  I am not sure that I have selected the correct architecture or used the correct options in setting up the remote servers.  I am looking for information about what
  went wrong, and whether some other setup is more desirable.
  Thanks for any help, Russ
  Russ

  Philippe, thank you for you answers.  I do not understand everything you said but I will address each point as best I can:
  1. "In the remote site do you simply do a dcpromo / add the ADDS's role to make the server a active Domain Controller ?"  Yes, but I use the method described at
  http://technet.microsoft.com/en-us/library/cc753720(v=ws.10).aspx, The GUI method.  At step #8 I specified to use advanced mode so I could use the IFM file.
  2. "In your AD' Site and Service MMC, do you configured the remote site ?"  R do not know what you mean by this. How does one configure the site as 'remote'?
  3. "Do you added that remote server as a Global catalogue ?".  Yes, when I built the IFM file I specified to add the global catalog.
  4. "Do you added the PC in site 1, the IP of those DNS server in them ? (last of course) So the computer in the main site will talk to the remote server in case of a crash."  I am not sure I understand this item.  After the remote server
  was added, all of the members of both domain servers automatically appeared in the DNS of all servers in the domain.  I do not recall if the new items were last, but I expect that they would be.
  I have since reviewed the happenings with my associate and have a little more information.  The order of the problems and the actions taken are:
  1. Our primary (production) system was still working but extremely slow, and he observed that the slowness was caused by a lot of traffic with the remote site.  Rebooting the production server took over 25 minutes and the server to came up saying
  that domain information was not available.  After another 30 minutes or so he discovered that the domain data was now available and the server worked, but still slow.
  2. He did not check to verify that roles were held by the remote server, but he transferred all roles from the remote to the production server using ntdsutil.  I would expect that if the role was not held by the remote, the transfer command would have
  shown that fact.
  3. He then tried to demote the remote server but had an error that it could not be demoted because "the active directory service is missing mandatory configuration information".
  4. He forcefully demoted the remote server.
  5. After rebooting the production server again performance was slightly better but still slow (and the rebood was still very slow).
  6. After some research he removed the remote domain controller's meta data from the production server and then rebooted the production server again.
  At that point reboot was fast (under 5 minutes) and the production system was working at normal speed again.
  All of the above leads me to believe that somehow the FSMO roles got added to, or moved to the remote site when I used the IFM file to create the new domain controller.  However nothing I have read says that this should happen.  I hope someone
  here can give me a better answer as to what caused the problem, as I do not wish to interrupt our production system like this again.
  Thank you, Russ
  PS: Sorry for the delay in getting back to this but some other priorities took me away from it for a week.
  Russ

• AD account logging to a remote domain controller for authentication

  Hi,
  I have a weird issue with an AD account using a different logonserver when authenticating to AD.  A domain admin account uses the local site domain controller but another account is using a remote domain controller as logonserver. I'm using both account
  to logon to the same server (CRM 2011). But when I issue the command "set l' from the command line, they shows different logonserver value. 
  My issue is the crm account is pointing to a remote domain controller (windows 2012 R2) which I don't want and should use the local site domain controller (windows 2008 R2). The reason being is that the CRM server is on a  test network (isolated) and
  when we test an upgrade of CRM addon product called Experlogix, the upgrade requires to get authenticated by AD but it fails and I think the logonserver is the issue. When the crm account is used on the test server it points not to the local site domain controller
  but to the remote dc which is not in the test server.
  Thanks for your help!!!
  AA

  Start by checking that your are sites and subnets are well configured.
  Use dssite.msc and make sure that:
  You have AD sites that represent your physical sites
  All the subnets in use are created and moved to the correct AD site
  Your DCs belong to the correct AD site
  You can read more about the DC Locator process here: http://social.technet.microsoft.com/wiki/contents/articles/24457.how-domain-controllers-are-located-in-windows.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• DirectAccess Server 2012 Configuration cannot be retrieved from domain controller

  Hi everyone,
  We are using DirectAccess over Server 2012. There is just one server, no load balancing.
  Everything works fine, all clients can connect successfully and operations status page shows all in green. Nevertheless on the dashboard page in the configuration status section it say “Configuration for server [servername] cannot be retrieved
  from the domain controller.”
  I found a few hints what could cause this problem:
  In my case, the RAConfigTask, a scheduled task, was not enabled on the affected WS2012 server (DA entry point in a multisite deployment). After just enabling it, the errors has gone."
  http://blog.gocloud-security.ch/2013/01/11/ws2012-directaccess-and-the-configuration-for-server-server-name-retrieved-from-the-domain-controller-cannot-be-applied-error/
  Group Policy was filtering out my DA server from the GPO object for some reason. To fix, I opened up Group Policy Management on the domain controller and made sure that my DA server was a part of the group."http://www.joedissmeyer.com/2012/12/more-issues-and-solutions-for.html
  Server has no connectivity to the domain in order to update the policies. Run “gpupdate /force” on the server to force policy update. GPO replication might be required in order to retrieve the updated configuration.
   This could be because there is no writable domain controller in the Active Directory site of the Remote Access server. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/56fedb17-1274-4e1a-b2d0-fea809f0bc45
  I checked everything. Task is enabled and completed successfully, GPO is not filtered out, run gpupdate without any errors, could connect to domain controller, no errors on domain controller, domain controller is writable.
  So, I have no idea what could cause this error. Any ideas or hints?
  Thanks
  Regards
  Sebastian

  i have the exact same problem i figured out that there was a problem with the logon as a service
  secpol.msc --> Local Policies --> User Rights Assignement, Logon as a service i have NT Service\All Services
  i can acces the group policy via the cpnsole just fine i have not connectivity issues what so ever.
  i decided to open a call with microsoft, their suggestion .... we dont know reinstall so i did and here we are same problem and no solution. it is getting frustrating...

• Questions About Adding First 2012 R2 domain controller to an existing 2008 Domain

  Our current domain controllers are all running Server 2008 and are VMs in our local office.  We plan to add a new domain controller and also create a new AD site.  This new domain controller will be the only domain controller in the new remote
  site.  It will also be a VM on a new 2012 R2 Hyper-V server at the new remote site.
  There is currently only one site (the default first site).
  The steps planned are to create a new site to represent the remote location in AD configured with the subnets that apply to the remote site.  (Computers in our local office should continue to use the domain controllers in our office and remote PCs should
  start using the new domain controller.)
  Then build the new domain controller VM, join to the domain as a member server and then promote it to domain controller of the new site.
  Are any steps missing?
  Do we need to do anything special with time sync settings on Hyper-V or will both the Hyper-V host and the domain controller guest just automatically sync time with the PDC domain controller across a WAN connection at the main site?
  Is there a way to prepare the domain/schema for the new 2012 R2 domain controller in advance so that the new domain controller can be installed later without needing Schema Admin or Enterprise admin permissions during the installation?

  > Where can I find what is correct for 2012 R2 domain controllers running
  > on Hyper-V 2012 R2 hosts?
  There's no "one fits all" advice on this topic, but I agree with Ahmed:
  Within a domain, the DCs provide a hierarchical time source, and since
  clients are required to be in sync with DCs, this is a "must be".
  If your HV hosts are member of the domain they are hosting, things can
  easily go crazy if you do not disable host time sync.
  Greetings/Grüße,
  Martin
  Mal ein
  gutes Buch über GPOs lesen?
  Good or bad GPOs? - my blog…
  And if IT bothers me -
  coke bottle design refreshment (-:

• Help with setting up active directory domain controller/DNS - need this for Clustering

  Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
  I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
  When I look at my server manager AD DS complain about DNS:
  NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  When I click on DNS this is the error:
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Output of DCDiag -v is below.
  PS C:\Users\Administrator> dcdiag -v
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     * Verifying that the local machine NASE-2012-234, is a Directory Server.
     Home Server = NASE-2012-234
     * Connecting to directory service on server NASE-2012-234.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
  ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
  e,DC=com
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
  SDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
  N=Configuration,DC=lab,DC=nase,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 1 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
           Check the DNS server, DHCP, server name, etc.
           Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
           ......................... NASE-2012-234 failed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Test omitted by user request: DNS
        Test omitted by user request: DNS
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : lab
        Starting test: CheckSDRefDom
           ......................... lab passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... lab passed test CrossRefValidation
     Running enterprise tests on : lab.nasecom
        Test omitted by user request: DNS
        Test omitted by user request: DNS
        Starting test: LocatorCheck
           GC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           PDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           KDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           ......................... lab.nase.com passed test LocatorCheck
        Starting test: Intersite
           Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
           provided.
           ......................... lab.nasecom passed test Intersite
  PS C:\Users\Administrator>

  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
  .:|:.:|:. tim

• Domain Controller Auto-Enrollment Issue

  I recently noticed one of our domain controllers is not auto enrolling its Domain Controller certificate with our AD CS server. 
  We have 2 DC's and one auto-enrolls just fine and the other one doesn't. The one that auto-enrolls fine is a Server 2008 R2 domain controller and the one that doesn't is a Server 2012 R2 domain controller (the schema has been updated to accommodate this
  domain controller). The CA is on the Server 2008 R2 DC (I noticed this issue as I am planning on migrating off the CA from the DC to its own dedicated DC). 
  I see three errors in the event log:
  Event ID 6: Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.
  Event ID 13: Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from DC
  FQDN\CA Name (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)).
  Event ID 82: Certificate enrollment for Local system failed in authentication to all urls for enrollment server associated with policy id: {61B8511A-9BFE-46A8-90D5-FB1709DADB2D} (The RPC server is unavailable. 0x800706ba (WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)).
  Failed to enroll for template: DomainController
  In a packet capture, I am seeing this error: Expert Info (Note/Response): Fault: nca_s_fault_access_denied
  I did notice the "Certificate Service DCOM Access" group had no members, so I added the Authenticated Users group into it (I have a newly stood up development domain and notice Authenticated Users was in this group by default). Still not having
  any success. I tried stopping the CA service and starting it up after this group change and had no success either. I haven't rebooted any of the servers yet...didn't think I needed too. 
  I tried the "certutil -config - -ping" command and it found the proper CA and once I selected it, I was able to connect to the CA just fine and says its alive. 
  Not to sure where to look at from here as I am out of ideas. 

  Ok I got this working, but not sure what finally kicked it in.
  I followed this article first: http://support.microsoft.com/kb/947237 After performing what that article mentions, I still had the same errors.  It only mentions Vista, so didn't think it applied. Not entirely sure what the certutil
  -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG does. I think it added permissions to my DCOM COM Security for Access and Launch/Activation permissions? 
  Initially testing this, it failed with the same errors. After a few minutes, I tried again to see if the packet capture was showing the same authentication error, and it finally succeeded.