Domain Controller Ratio to Lync servers

For Lync 2013/2010, is there some formula that dictates the number of domain controllers that are required for each FE/pool? I see that Exchange 2013 has a requirement that for every 8 mbx servers, one DC is needed.
This could potentially be dealing with 100K users.
Thanks,
Chris
Christian Frank

I have not come across any Lync documentation specifying a number of Front Ends limit to a DC. Usually a DC per site is the only mentioned requirement. Thats not what you are after though. I would assume that if Exchange were deployed with the numbers you
have stated that Lync would be quite happy with that. 
In any event, I don't think you are going to get a straightforward answer as scoping DC's come into play. So it all depends on a huge number of variables. You probably alredy see this but I'll add it anyway
http://social.technet.microsoft.com/wiki/contents/articles/14355.capacity-planning-for-active-directory-domain-services.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Lync Sorted blog

Similar Messages

  • When exchange Domain Controller or Global Catalog servers?

    I have a few questions want to get your help.
    1,which situation exchange would contact with the Domain Controller, and which situation  exchange would contact with the Global Catalog servers?what's the difference?
    2,for the mailbox replication service, besides moving the mailbox ,and  DAD relevant operations, which situation mailbox replication service also contact with Dc?
    Please click the Mark as Answer button if a post solves your problem!

    Hi,
    About Question 1:
    For Exchange, GC is mainly for Address Book lookups. Exchange server access to the global catalog for address information.
    About DC, every domain controller contains the following three directory partitions.
    1. Configuration: Contains the Configuration container, which stores configuration objects for the entire forest in cn=configuration,dc= forestRootDomain.
    2. Schema: Contains the Schema container, which stores class and attribute definitions for all existing and possible Active Directory objects in cn=schema,cn=configuration,dc= forestRootDomain.
    3. Domain: Contains a < domain > container, which stores users, computers, groups, and other objects for a specific domain.
    For example, each Exchange Server object has the attribute Boolean messageTrackingEnabled. The Exchange server processes will turn on or off message tracking depending on the value of this attribute in the directory. This is an example of configuration data.
    Configuration data is stored in the Configuration partition of Active Directory, and this partition is replicated to every DC in the Forest. Therefore Exchange can potentially go to any DC to access this information.
    About Question 2:
    The Mailbox Replication Service is responsible for moving mailboxes, importing and exporting .pst files, and restoring disabled and soft-deleted mailboxes. All these options need to contact with DC.
    Best regards,
    Belinda
    Belinda Ma
    TechNet Community Support
    Thank you so much
    Please click the Mark as Answer button if a post solves your problem!

  • Process MAD.EXE (PID=1932). All Domain Controller Servers in use are not responding:

    Process MAD.EXE (PID=1932). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC).
    Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about
    the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
    Process MAD.EXE (PID=1932). All Domain Controller Servers in use are not responding: 
    DC02.targetiletisim.local 
    DC01.targetiletisim.local 
    Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1148). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge
    Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.
    pls help me :(

    Hi,
    Please use dcdiag and nltest to test the connectivity.
    BTW, have you disabled ipv6 on Exchange Server.
    Thanks,
    Simon Wu
    TechNet Community Support

  • Lack of Connectivty to Domain Controller - Domain Controller Access Issues Requires Repeated Reauthentication

    Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information. 
    I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is. 
    The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
    setup.)
    For 6+ months everyone had access to the shared files and databases on each workstation without issue. 
    In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already. 
    Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
    no logon servers available to service the logon request”.  While access is rejected I’m still able to ping the DC both via its name and IPV4 address. 
    (Pinging via its name results in an IPv6 address in the response.) 
    Other network connectivity appears intact (able to browse the web, perform network discovery.)
    Things that ‘seem’ to allow access on this computer until the next failure:
    Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
    Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
    After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username. 
    Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
    Most Problematic Computer:
    Event ID 8016:  System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.) 
    Event ID 131:  NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’ 
    ‘No such host is known.”
    Event ID 5719:  NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
    And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
     The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
    Event 1030:  The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
    at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
    On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
    Ipconfig/all from the server:
       Connection-specific DNS Suffix 
       Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
       Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
    erred)
       Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
     10.1.10.1
       DHCPv6 IAID . . . . . . . . . . . : 234638804
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
       DNS Servers . . . . . . . . . . . : ::1
    127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Ipconfig/all from the problematic computer:
    Wireless LAN adapter Wi-Fi:
       Connection-specific DNS Suffix 
    . : wp.comcast.net
       Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
       Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
    rred)
       Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
    erred)
       Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
       Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
       Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
    10.1.10.1
       DHCP Server . . . . . . . . . . . : 10.1.10.1
       DHCPv6 IAID . . . . . . . . . . . : 54535618
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
       DNS Servers . . . . . . . . . . . : 2001:558:feed::1
    2001:558:feed::2
                    10.1.10.42
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next.  Could a failing piece of hardware be the culprit? 
    Thanks,
     -JT

    Hi,
    According to the error you have posted.
    A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
    Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
    Netlogon 5719 and the Disappearing Domain [Controller]
    http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
    Did you refer to this KB article?
    Event ID 5719 is logged when you start a Domain Member
    http://support.microsoft.com/kb/938449
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Error in starting domain controller !

    I have installed on Windows 2000, Oracle 9i Database 9.0.1 and Oracle 9iFS release 9.0.1.
    Configuration was OK, but the domain doesn't start.
    I launch 'ifslaunchdc.bat', 'ifslaunchnode.bat', and when I launch 'ifsstartdomain.bat', I receive this error:
    "An exception occurred while starting Domain controller - oracle.ifs.common.IfsException: IFS-40066: Remothed method threw exception java.lang.NoSuchFieldError: OCIEnvHandle"
    OTHER WAY:
    If I try in Oracle Management Server (from Oracle Enterprise Management Console), I go to Internet File Systems, I go to the domain picasso:53140 and it is launched (yellow light). I do right click and I choose 'Start Domain'. I receive the following message:
    " The Domain Controller 'picasso:53140' is launched
    Command failed:
    IFS-40066: Remothed method threw exception java.lang.NoSuchFieldError: OCIEnvHandle"
    So, the same error, and I don't find anywhere this exception !
    What should be done? Thanks, Jeanina

    I am not sure how you got into this state, but to clear it up you can edit the boot.properties file to enter (clear text) the username and password for the server (entered when running the Configuration Wizard).
    The boot.properties file is located in your domain at:
    <domain root>/servers/AdminServer/security
    Just enter the username and password in the file:
    username=myUserName
    password=myPassword
    WebLogic Server will boot up using these values and immediately encrypt the username and password in the file.
    An alternate approach would be to delete boot.properties in which case WLS will prompt you for the id/pw each time it is started/stopped.
    Brad

  • Windows Domain Controller on Windows Server 2012 R2: Hyper-V roaming profiles not loading due to slow connection

    I have racked my brain and done everything that I know to do for about two weeks now.  I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
    profiles.  It keeps telling me that the roaming profile could not be loaded because of a slow connection.  These are workstations that are connected directly to the switch that the DC is connected to.  I have tried multiple connections regarding
    the layout (DC into the router, router into the switch).  The router is a Cisco RV220W.  I have two VLANS, one for public and one for private domain.  The Private VLAN has DHCP turned off since I am providing it through the DC.  I currently
    have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
    The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port).  I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller.  The DC can see
    the internet fine and the workstations can connect to the shared folders on the server.  I can retrieve files by just using the computer name or FQDN.  The DC is also running DNS and DHCP.  The DNS has the _msdcs setup from when I installed
    the active directory role.  I have attempted to assign static IP addresses to the workstations:
    IP:                     10.0.0.80
    Subnet:             255.255.255.0
    IPV4 Gateway:  10.0.0.1
    IPV4 DNS:        10.0.0.12
    I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
    The server is assigned:
    IP:                     10.0.0.12
    Subnet:             255.255.255.0
    IPV4 Gateway:  10.0.0.1
    IPV4 DNS:         10.0.0.12
    The DNS entries have forwarders that forward to my ISP DNS servers for lookup
    I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
    I've lost my patience with this project and am sinking fast.  Can someone please offer some advice as to what I've done wrong?  I've created this exact scenario at work many times but, I've never done it with Windows Server 2012.  Is this
    possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV?  I am going to attempt to work on it some more tomorrow when I get over there.  I think there may be an issue with the SR-IOV not being enabled on the machine
    through the Dell Bios.  Would the SR-IOV really cause the workstations to report a slow connection?  When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct.  I don't
    have "ignore slow connections" or any of those GPO's set.  I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem.  Any help that someone can offer, I am more than willing
    to listen.  If you need more information, please ask.
    Thanks,
    Jay

    So, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
    post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
    virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
    Im disappointed in MS right now.

  • Cannot Login to Read Only Domain Controller

    One of my Read Only Domain Controller Servers shut down unexpectedly due to a power outage and now I cannot login to it anymore. When the server powered on again, it came up with an error regarding on of the hard drives failing (RAID1)
    I get a message Access is Denied when I try to login with one of my domain admin accounts. As it is a RODC, there are no local accounts for me to use. The RODC is running on Windows Server 2008 R2. The server is also running as a DHCP/Print/File server for
    the office so these are not working as well.
    I checked my PDC and it is coming up with the following error in the event viewer
    Log Name: System
    Source: Security-Kerberos
    Event ID: 4
    Level: Error
    The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server rodc01$. The target name used was domain/rodc01.domain.local. This indicates that the target server failed to decrypt
    the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account
    used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the
    server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.local) is different from the client domain (domain.local), check if there are identically named server accounts in these
    two domains, or use the fully-qualified name to identify the server.
    I have tried to reset the computer password with netdom but I get the following error
    netdom resetpwd /server:rodc01 /userd:administrator /passwordd:*
    The machine account password for the local machine could not be reset.
    Logon Failure: The target account name is incorrect.
    The command failed to complete successfully.
    If I try to reset the password using the IP address instead, I get the following error
    netdom resetpwd /server:192.168.10.1 /userd:administrator /passwordd:*
    The machine account password for the local machine could not be reset.
    Access is denied.
    The command failed to complete successfully.
    I checked my AD and DNS and the rodc object  is present
    If I run repadmin /replsum on the PDC I get the message for the faulty RODC server
    Experienced the following operational errors trying to retrieve replication information:
            8341 – rodc01.domain.local
    Any advice is appreciated
    Thanks

    Logon to the server in Directory Services Restore Mode (DSRM) using the password you supplied during DCPROMO and verify that the Active Directory database isn't corrupted on the RODC - You will most likely see indications on this in the Directory
    Services log.
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

  • Maintain access to network(shared folders) resources if the site loses access to a Domain Controller?

    Scenario
    Windows 7 users log on to workstations at a site. Domain Controller is up and does the domain authentication for those users across the WAN. Users are then accessing a local(same building) Shared directory on a Windows 2008r2 server, in order to open, modify,
    save new files, etc.
    Then, the site loses access to the Domain Controller due to a WAN outage.
    Question
    Will those users that have already logged onto their Windows 7 workstations continue to have access to the shared resources on the local Windows 2008r2 server with their cached credentials(assuming they don't logoff or restart their machines)?? This has
    been the case in the past, but wondering if anything has changed with Windows 2008??
    Thanks

    Hi,
    The duration that you can access the server depends on when the server requires re-authentication.
    In Windows implementation, SMB session expiration is enforced based upon the client’s support of dynamic re-authentication capability [MS-SMB].
    If the client enables the CAP_DYNAMIC_REAUTH capability bit, the server will enforce session expiration. If a client does not set CAP_DYNAMIC_REAUTH, the Windows server does not return STATUS_NETWORK_SESSION_EXPIRED. 
    The SMB dynamic re-authentication feature was introduced in Windows XP. From there, Windows-based clients set the CAP_DYNAMIC_REAUTH capability bit to indicate to the server that the client supports re-authentication when the Kerberos service ticket for
    the session expires.
    Windows servers do check CAP_DYNAMIC_REAUTH:
    If clientCapabilities sets CAP_DYNAMIC_REAUTH, the server will set Server. Session.AuthenticationExpirationTime to the expiry time returned by AcceptSecuirtyContext.
    If clientCapabilities does not set CAP_DYNAMIC_REAUTH, the server will not set Server. Session.AuthenticationExpirationTime, basically a CAP_DYNAMIC_REAUTH capability bit not set by the client means the session will not expire on the server side.
    To configure Maximum lifetime for service ticket, you can use grouppolicy. The default value of
    Maximum lifetime for service ticket
    in Default Domain Policy is 600 minutes.
    Note:This setting is applied to DC, not clients.
    For detailed information, please view the link below
    CIFS and SMB Timeouts in Windows
    http://blogs.msdn.com/b/openspecification/archive/2013/03/19/cifs-and-smb-timeouts-in-windows.aspx
    Maximum lifetime for service ticket
    http://technet.microsoft.com/en-us/library/jj852188.aspx
    Hope this helps.
    Steven Lee
    TechNet Community Support

  • Is it possible to restrict a local admin from accessing/viewing AD accounts on a Domain Controller?

    I am working on determining if I can have a separate administrator group handle patching and performing maintenance on four servers that are DCs of their own AD domain, but restrict these administrators from the ability to see the active directory user
    accounts in that AD domain?

    Hello,
    Since you are talking about domain controllers I have to say there are no Power Users group in them. Actually the local user management will be disabled as soon as you promote a server to a domain controller. The only option which is left here is to grant
    Administrators handle the job. In case of RODC you can go through what Albert suggested.
    However since domain controllers are sensitive and plays a key role in your environment I strongly recommend not to allow non administrators to perform maintanance or other related tasks (At least for domain controllers). 
    Another option you have left for your patch management is to use a member server like WSUS to automatically install updates on your DCs.
    Regards.
    Mahdi Tehrani   |  
      |  
    www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as
    and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.
    How to query members of 'Local Administrators' group in all computers?

  • DFS Replication failed to contact Domain Controller.....

    I have seen this error since the inception of this stand alone AD PDC instance of Windows server 2012 R2 Essentials. I understand that Essentials does not support other Domain Controllers ; Member servers ; or trust between Domains of any kind. I also
    understand that DSF Replication is a service that replicates files between other servers and other domain servers that Essentials dose not want to talk to.
    So my question is why am I seeing this DFSR error 1202  in my event log, if Essentials does not support communication to other servers and domain servers? Maybe a better question is why does Essentials even try to implement this
    service? Do I even need to try to resolve this issue or should I just disable it and move on? 
    Contents of Error:
    Log Name:      DFS Replication
    Source:        DFSR
    Date:          2/6/2014 1:57:57 PM
    Event ID:      1202
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      Hxxx2.xxxxxxxxxxxxx.local
    Description:
    The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused
    by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
    Additional Information:
    Error: 160 (One or more arguments are not correct.)
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="DFSR" />
        <EventID Qualifiers="49152">1202</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2014-02-06T19:57:57.000000000Z" />
        <EventRecordID>194</EventRecordID>
        <Channel>DFS Replication</Channel>
        <Computer>Hxxx2.Hxxxxxxxxxxxxx.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data>
        </Data>
        <Data>60</Data>
        <Data>160</Data>
        <Data>One or more arguments are not correct.</Data>
      </EventData>
    </Event>

    Hi, 
    Did you mean that you did not configure a DFS server in the new DC but you get the DFSR error 1202 in your event log? Then the issue is not related to the existing SBS domain. 
    Please try to turn off the Windows Firewall to check if it causes the issue. You could also refer to the articles below to troubleshoot the issue:
    Newly Promoted Win2K8 DC is not advertising as Domain Controller.
    http://blogs.technet.com/b/niraj_kumar/archive/2009/04/23/newly-promoted-win2k8-dc-is-not-advertising-as-domain-controller.aspx
    Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face
    https://blogs.technet.com/b/askds/archive/2011/04/08/restrictions-for-unauthenticated-rpc-clients-the-group-policy-that-punches-your-domain-in-the-face.aspx
    Regards, 
    Mandy
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • DFSR failed to contact domain controller

    Im having an odd problem with DFSR group we created to replicate web content between two of our web servers.
    In event viewer we have this event 1202 for DFSR.
    "The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can
    be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
    Additional Information:
    Error: 160 (One or more arguments are not correct.)"
    In the DFSR logs I see this.
    20140303 12:18:27.874 1404 CFAD 8300 Config::AdConfig::GetLocalComputerNameWithDns Computer's fully-qualified DNS name: DFSRSERVER.domain.tld
    20140303 12:18:27.920 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
    20140303 12:18:27.936 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
    20140303 12:18:28.467 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
    20140303 12:18:28.467 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
    20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
    20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
    20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
    20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
    20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
    20140303 12:18:28.514 1404 SCFS 150 [WARN] ServiceConfig::DsPollIsDue Failed to enable lightweight polling. Error:
    + [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
    + [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
    + [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
    + [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
    20140303 12:18:28.514 1404 CREG 1419 Config::RegReader::IsSysVolCommitFlagSet key: System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Demoting SysVols valueName:'SysVol Information is Committed' result:0
    20140303 12:18:28.514 1404 W2CH 266 ConfigurationHelper::PollAdConfigNow Trying to connect to AD
    20140303 12:18:28.514 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
    20140303 12:18:28.514 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
    20140303 12:18:28.514 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
    20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
    20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
    20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
    20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
    20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
    20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
    20140303 12:18:28.514 1404 EVNT 1194 EventLog::Report Logging eventId:1202 parameterCount:4
    20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter1:
    20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter2:60
    20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter3:160
    20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter4:One or more arguments are not correct.
    20140303 12:18:28.530 1404 W2CH 318 [ERROR] ConfigurationHelper::PollAdConfigNow (Ignored) Failed to connect to AD. Error:
    + [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
    + [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
    + [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
    + [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
    When I run "dfsrdiag pollad":
    [ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
    [ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
    However I can run "dfsrdiag dumpadcfg" and it outputs everything fine.
    We don't have any other problems with AD.  It seems like this started after we installed KB2467173 & KB2538242.  We are going to uninstall those and see if it works.

    I can successfully run "dfsrdiag.exe dumpadcfg" and it outputs the entire config.  Why does "dfsrdiag pollad" fail then if the config can be read.
    Why did it work before I rebooted the server?  In both cases it broke after rebooting.
    PS C:\Windows\system32> dfsrdiag dumpadcfg
    LDAP Bind : mydc.domain.tld
    SitesDn : cn=sites,cn=configuration,dc=domain,dc=tld
    ServicesDn : cn=services,cn=configuration,dc=domain,dc=tld
    SystemDn : cn=system,dc=domain,dc=tld
    DefaultNcDn : dc=domain,dc=tld
    ComputersDn : cn=computers,dc=domain,dc=tld
    DomainCtlDn : ou=domain controllers,dc=domain,dc=tld
    SchemaDn : CN=Schema,CN=Configuration,dc=domain,dc=tld
    COMPUTER: web1
    DN : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    GUID : 152E849C-4D7B-4AE8-B034-83747DBC1E89
    DNS : web1.domain.tld
    Server Ref : (null)
    USN Changed : 10862129
    When Created : Friday, January 31, 2014 8:41:06 PM
    When Changed : Tuesday, March 4, 2014 2:54:36 PM
    LOCAL SETTINGS: DFSR-LOCALSETTINGS
    DN : cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    GUID : 3FD696E7-6598-4CDB-B2AB-98F148C0D2F7
    Version : 1.0.0.0
    USN Changed : 10932017
    When Created : Thursday, March 6, 2014 2:11:12 PM
    When Changed : Thursday, March 6, 2014 2:15:25 PM
    SUBSCRIBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
    DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    GUID : 1119B663-F02A-4F1F-A904-23A87CFC93C3
    Member Ref : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    USN Changed : 10931931
    When Created : Thursday, March 6, 2014 2:11:12 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    SUBSCRIPTION: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
    DN : cn=6783dde1-c795-4e8b-b07d-4ea8d7d0317f,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    GUID : 3737B1F2-7E38-47E2-90E7-E57D82B145F1
    ContentSetGuid: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
    Root Path : c:\inetpub\internetsites
    Root Size : 10240 (MB)
    Staging Path : c:\inetpub\internetsites\dfsrprivate\staging
    Staging Size : 4096 (MB)
    Conflict Path : c:\inetpub\internetsites\dfsrprivate\conflictanddeleted
    Conflict Size : 4096 (MB)
    USN Changed : 10931919
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    SUBSCRIPTION: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
    DN : cn=f2f1f3a2-b36f-4170-b371-8e8043df73f4,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    GUID : 57E7F8D7-1121-4334-BC81-74226ADF8969
    ContentSetGuid: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
    Root Path : c:\internet_data
    Root Size : 10240 (MB)
    Staging Path : c:\internet_data\dfsrprivate\staging
    Staging Size : 4096 (MB)
    Conflict Path : c:\internet_data\dfsrprivate\conflictanddeleted
    Conflict Size : 4096 (MB)
    USN Changed : 10931921
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    SUBSCRIPTION: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
    DN : cn=d0438b52-b706-4e40-b4c3-fe7a1aca5fcf,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    GUID : F8217091-F71A-4D4A-A676-097583171A63
    ContentSetGuid: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
    Root Path : c:\php\phpsites
    Root Size : 10240 (MB)
    Staging Path : c:\php\phpsites\dfsrprivate\staging
    Staging Size : 4096 (MB)
    Conflict Path : c:\php\phpsites\dfsrprivate\conflictanddeleted
    Conflict Size : 4096 (MB)
    USN Changed : 10931923
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    GLOBAL SETTINGS: DFSR-GLOBALSETTINGS
    DN : cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 2E98CE5E-5CC7-4322-B5EA-2B6B340C689F
    USN Changed : 12525
    When Created : Saturday, October 22, 2011 1:56:38 AM
    When Changed : Saturday, October 22, 2011 1:56:38 AM
    REPLICATION GROUP: WEB CONTENT
    DN : cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 9C94A417-6F6C-4F6C-BBFA-B8F52854C4DF
    Type : 0 (UNKNOWN REPLICATION GROUP TYPE)
    Options : 0x1 [Local Time Schedule]
    USN Changed : 10931906
    When Created : Thursday, March 6, 2014 2:11:12 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    CONTENT: CONTENT
    DN : cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 6714C533-E631-4E71-930D-E4934FB7BD7E
    USN Changed : 10931908
    When Created : Thursday, March 6, 2014 2:11:12 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    CONTENT SET: INTERNET_DATA
    DN : cn=internet_data,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : F2F1F3A2-B36F-4170-B371-8E8043DF73F4
    File Filter : ~*, *.bak, *.tmp
    Compression Excl : (null)
    Dir Filter : (null)
    USN Changed : 10931916
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    CONTENT SET: INTERNETSITES
    DN : cn=internetsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
    File Filter : ~*, *.bak, *.tmp
    Compression Excl : (null)
    Dir Filter : (null)
    USN Changed : 10931915
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    CONTENT SET: PHPSITES
    DN : cn=phpsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
    File Filter : ~*, *.bak, *.tmp
    Compression Excl : (null)
    Dir Filter : (null)
    USN Changed : 10931917
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    TOPOLOGY: TOPOLOGY
    DN : cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 16053002-7B99-4DA7-BFE5-2A6418040640
    USN Changed : 10931907
    When Created : Thursday, March 6, 2014 2:11:12 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    MEMBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
    DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 75A99277-C401-409F-A32D-6D8EE18E5D0C
    Server Ref : (null)
    Computer Ref : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    Keywords : (null)
    Computer DNS : web1.domain.tld
    USN Changed : 10931933
    When Created : Thursday, March 6, 2014 2:11:12 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    CXTION: 9ECE3EB7-FE97-4A1B-8DE3-47A77B2C625B
    DN : cn=9ece3eb7-fe97-4a1b-8de3-47a77b2c625b,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 1D26B348-3875-4BD1-9473-E72506AFA222
    Inbound : true
    Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    Enabled : TRUE
    Options : 0x1 [Local Time Schedule]
    USN Changed : 10931924
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    CXTION: 2BFA8BE2-0444-4AAF-8293-A5486CF8D7A3
    DN : cn=2bfa8be2-0444-4aaf-8293-a5486cf8d7a3,cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : A7203451-D95F-44D5-AC04-13056DCE5A89
    Inbound : false
    Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    Enabled : TRUE
    Options : 0x1 [Local Time Schedule]
    USN Changed : 10931925
    When Created : Thursday, March 6, 2014 2:11:13 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    MEMBER: 46F913DB-8509-4581-A66D-D37E4EA3EF29
    DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
    GUID : 1BA26D07-45F5-44A0-8450-9274AFD99B1C
    Server Ref : (null)
    Computer Ref : cn=fccu01web,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
    Keywords : (null)
    Computer DNS : fccu01web.domain.tld
    USN Changed : 10931927
    When Created : Thursday, March 6, 2014 2:11:12 PM
    When Changed : Thursday, March 6, 2014 2:11:27 PM
    Operation Succeeded

  • The processing of Group Policy failed because of lack of network connectivity to a domain controller

    We are setting up a new AD environment  with one AD/DC running DNS services,  and a secondary DNS server configured with secondary zone. The problem is that none of the machines in the the domain are getting GPO.
    When I run a gpupdate /force from a machine, I get the following output:
    "Updating Policy...
    User Policy update has completed successfully.
    Computer policy could not be updated successfully. The following errors were enc
    ountered:
    The processing of Group Policy failed because of lack of network connectivity to
     a domain controller. This may be a transient condition. A success message would
     be generated once the machine gets connected to the domain controller and Group
     Policy has succesfully processed. If you do not see a success message for sever
    al hours, then contact your administrator.
    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
    rom the command line to access information about Group Policy results."
    While the system event log outputs the following:
    "The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy
    has succesfully processed. If you do not see a success message for several hours, then contact your administrator." 
    All the machines that were joined to the domain are able to resolve in forward and reverse lookups, ping the DC and ping each other so  I dont understand how the error can be resolved.
    Here are few things I have tried:
    1. I came across this KB which checked ok for me: http://support.microsoft.com/kb/241515
    2. Made a copy of the default GPO, applied to a OU with one machine, and made sure to remove any GPO links from above
    3. Enabled the following  two local Group policies on a test member:
    GP slow link detection
    Startup policy processing wait time
    4. Modified firewall to allow everything on both member and DC
    5. Verified DSN logs, SRV records, access to sysvol ( added authenticated users to sysvol)
    I have yet to figure out the reason for this issue. Has anyone seen anything like this before?

    1. I checked the NIC, it only has one IP. and I followed your article. I set the primary DNS to its own IP and the secondary DNS to the loopback ip
    2. This is a new DC and DNS server. I dont have old records yet. I also check the DNS event logs. No errors
    3. I made sure the member server is pointing only to the only DC/DNS server
    4. Here is the output from the dcdiag....  everything passed except, the Netlogons part. I'm not sure what means or how to fix it yet:
          Starting test: NetLogons
             * Warning BUILTIN\Administrators did not have the "Access this
             computer
             "*   from network" right.
             [hostname] An net use or LsaPolicy operation failed with error
             1, Incorrect function..
             ......................... hostname failed test NetLogons
    Complete output:
    > hostname
    Server:  hostname.domain.local
    Address:  X.X.X.95
    > ^C
    C:\Windows\system32>
    C:\Windows\system32>nslookup
    > set type=all
    >
    >
    >
    > _ldap._tcp.dc._msdcs.domainname
    _ldap._tcp.dc._msdcs.domain.local SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = hostname.domain.local
    hostname.domain.local      internet address = X.X.X.95
    > ^C
    C:\Windows\system32>cd ..
    C:\Windows>cd SYSVOL
    C:\Windows\SYSVOL>cd sysvol
    C:\Windows\SYSVOL\sysvol>dir
     Volume in drive C has no label.
     Volume Serial Number is F624-CDB2
     Directory of C:\Windows\SYSVOL\sysvol
    10/29/2014  08:25 PM    <DIR>          .
    10/29/2014  08:25 PM    <DIR>          ..
    10/29/2014  08:25 PM    <JUNCTION>     domain.local [C:\Windows\SYSVOL\domain]
                   0 File(s)              0 bytes
                   3 Dir(s)  63,971,037,184 bytes free
    C:\Windows\SYSVOL\sysvol>dcdiag
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       Home Server = hostname
       * Identified AD Forest.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Default-First-Site-Name\hostname
          Starting test: Connectivity
             ......................... hostname passed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\hostname
          Starting test: Advertising
             ......................... hostname passed test Advertising
          Starting test: FrsEvent
             ......................... hostname passed test FrsEvent
          Starting test: DFSREvent
             ......................... hostname passed test DFSREvent
          Starting test: SysVolCheck
             ......................... hostname passed test SysVolCheck
          Starting test: KccEvent
             ......................... hostname passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... hostname passed test
             KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... hostname passed test MachineAccount
          Starting test: NCSecDesc
             ......................... hostname passed test NCSecDesc
          Starting test: NetLogons
             * Warning BUILTIN\Administrators did not have the "Access this
             computer
             "*   from network" right.
             [hostname] An net use or LsaPolicy operation failed with error
             1, Incorrect function..
             ......................... hostname failed test NetLogons
          Starting test: ObjectsReplicated
             ......................... hostname passed test
             ObjectsReplicated
          Starting test: Replications
             ......................... hostname passed test Replications
          Starting test: RidManager
             ......................... hostname passed test RidManager
          Starting test: Services
             ......................... hostname passed test Services
          Starting test: SystemLog
             A warning event occurred.  EventID: 0x000003F6
                Time Generated: 03/04/2015   18:23:06
                Event String:
                Name resolution for the name ctldl.windowsupdate.com timed out after
     none of the configured DNS servers responded.
             ......................... hostname passed test SystemLog
          Starting test: VerifyReferences
             ......................... hostname passed test VerifyReferences
       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation
       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation
       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
       Running partition tests on : emcdsm
          Starting test: CheckSDRefDom
             ......................... emcdsm passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... emcdsm passed test CrossRefValidation
       Running enterprise tests on : domain.local
          Starting test: LocatorCheck
             ......................... domain.local passed test LocatorCheck
          Starting test: Intersite
             ......................... domain.local passed test Intersite
    C:\Windows\SYSVOL\sysvol>

  • Domain controller 2008 Server with SP2

    Here is a real issue which i cannot track down what is causing it.
    It appears that in windows 2008 Server running DHCP, DNS and AD i am getting some weird errors on the clients.
    The client machines are all Windows 7 Professional x64.
    The Issue is that the Domain controller seems to disappear as the logon server from the client after a few days. On some it indicates that there was no logon server available, but still logs in.. Which should be impossible since i have group policy configured
    to block the ability of logon without a logon server.
    The issue with this, is that over time, the desktops seem to go rogue, they no longer populate the information as to password expiration, and at times don't allow the clients to access the network shares.
    The security log, shows hit and miss as to if it sees them log into the domain.
    the weird issue is that if you log out, switch user, and change the users password, then log back into the desktop with domain\username and a new password the issue goes away for about 10 days.. then re-appears and causes all sorts of fun issues on the domain.
    I took another step and decided that i would give a shot to building a clone test network, using a cloned image of the Domain controller, and it doesn't seem to happen on that side..The test network just has less PC's but they are all the same hardware..
    Here is what i have troubleshot so far:
    DNS looks fine.. no errors or issues..
    DHCP looks fine, no duplicates etc..
    AD has all the information correctly, and the security log looks fine, most of the time..
    Windows updates are all up to date
    All desktops have logon scripts, but i have removed the cached data from the management console (Cred manager)
    Modified Group policy and forced it across the network.. Can see the GPResult from the clients and they have the updated settings, but the clients don't seem to care..
    Group policy is set to wait till network comes up and require a domain controller to log into the client desktop.. This sometimes works, sometimes does not, it was done to see if the problem was happening on other machines, there are about 15 total out of
    47 currently having the issue.
    All the desktops are fresh installs, not ghosted images, not clones, or something you would need to sysprep.
    Thoughts?
    Rob

    Hello,
    please post an unedited ipconfig /all from the DC/DNS servers and a client with the problems.
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://blogs.msmvps.com/MWeber
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
    Twitter:  

  • Domain Controller cannot access \\domain\netlogon causing Auth issues

    Hi everyone, I have been spent all day trying to figure out what is going on here, I have a Domain controller (only DC in the environment) that is acting funny
    I first noticed when I was attempting to RDP into a server in my domain I was getting "access denied" (but I could log in as a local admin). So when I looked at the Domain Controller, I ran a DCDiag DNS test and got some an AUTH error, but am not
    able to figure out how to fix this.
    Another thing I notice is when I am signed into the domain Controller (GP2010-a), I cannot browse to
    \\contoso.com\netlogon or any similar share.
    Here is the kicker, other servers on this domain, server3, server4, server5 etc... THEY CAN access
    \\contoso.com\netlogon It is ONLY the Domain controller and Server2 that CANNOT access this share. The other servers also allow me to RDP into them fine, it is only 1 server that is affected by this strange behavior.
    I have checked for no IP conflicts and as far as I can tell all the DNS records are correct.
    Regarding the DYNAMIC ip warning, we have a reservation that assigns the IP
    thanks for any input here as i'm really stuck,
    Directory Server Diagnosis
    Performing initial setup:
       Trying to find home server...
       Home Server = GP2010-A
       * Identified AD Forest.
       Done gathering initial info.
    Doing initial required tests
       Testing server: Default-First-Site-Name\GP2010-A
          Starting test: Connectivity
             ......................... GP2010-A passed test Connectivity
    Doing primary tests
       Testing server: Default-First-Site-Name\GP2010-A
          Starting test: DNS
             DNS Tests are running and not hung. Please wait a few minutes...
             ......................... GP2010-A passed test DNS
       Running partition tests on : ForestDnsZones
       Running partition tests on : DomainDnsZones
       Running partition tests on : Schema
       Running partition tests on : Configuration
       Running partition tests on : contoso
       Running enterprise tests on : contoso.com
          Starting test: DNS
             Test results for domain controllers:
                DC: GP2010-A.contoso.com
                Domain: contoso.com
                   TEST: Authentication (Auth)
                      Error: Authentication failed with specified credentials
                   TEST: Basic (Basc)
                      Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                      (can be a misconfiguration)
             Summary of test results for DNS servers used by the above domain
             controllers:
                DNS server: 128.8.10.90 (d.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90              
                DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235              
                DNS server: 2001:500:2::c (c.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c              
                DNS server: 2001:500:2d::d (d.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d              
                DNS server: 2001:500:2f::f (f.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f              
                DNS server: 2001:500:3::42 (l.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42              
                DNS server: 2001:500:84::b (b.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b              
                DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30              
                DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30              
                DNS server: 2001:7fd::1 (k.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1              
                DNS server: 2001:7fe::53 (i.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53              
                DNS server: 2001:dc3::35 (m.root-servers.net.)
                   1 test failure on this DNS server
                   PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35              
             Summary of DNS test results:
    Auth Basc Forw Del  Dyn  RReg Ext
                Domain: contoso.com
                   GP2010-A                     FAIL WARN PASS PASS PASS PASS n/a 
             ......................... contoso.com failed test DNS

    Hi,
    TEST: Basic (Basc)
                      Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                      (can be a misconfiguration)
    Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
    1) On your DC which is having issue, run "ipconfig /all"
    2) Repadmin /showrepl
    Thanks,
    Umesh.S.K
    Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
    C:\Users\Administrator>repadmin /showrepl
    Repadmin: running command /showrepl against full DC localhost
    Default-First-Site-Name\GP2010-A
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
    DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927

  • Best pracices for setting up Domain controller for our remote European offices

    Hi,,
    We have about 17 remote site across Europe (HQ in UK), I want to start revoking the offices local DC's and host them in a couple of Cloud servers in Germany with local NAS boxes for file storage. I will have MPLS network between the offices to the Cloud
    DC.
    Now what would be the best practices and tips for this situation in respect to the DC's. How can I prioritize the remote offices to use the Cloud DC/DNS and not our DC at our HQ in the UK. Would it be better to have a sub-domain created (europe.company.co.uk)
    for the other offices.
    Any suggestions on this setup for the DC

    Hiya,
    on the conceptual level. The reason for having local DC's, is that if the local sites internet line is offline, people are still able to authenticate and access local resources. From that point of view, you might as well just run with your HQ DC's only. Note:
    the cloud does offer availability on their services, that might not be matched by your HQ in terms of double internet lines.
    That said.
    The DNS server of the clients as well as the sites & services of Active Directory. Your clients will use the nearest domain controller available from sites and services information.
    Managing Intersite Replication
    http://technet.microsoft.com/en-us/library/cc794799%28v=ws.10%29.aspx

Maybe you are looking for

  • Is there a way to create a PRIVATE folder for some of my audiobooks?

    Hello, This might sound cheesy, but I would like to keep some of the audiobooks in my iTunes private and I'm wondering if there's a way of doing it? For example, can I create a second Audiobooks folder and keep there? Is there a way to make that fold

  • How to upgrade OS 10.3.9 to OS 10.4

    Hi, I have an eMac G4 with 1.25 GHz and 1 RAM running operating system 10.3.9 but want to upgrade to 10.4. and was wondering how to do such an upgrade. Anyone know of a step by step on this? Also, I have an IMac with 10.4.11. Can I use this one disk

  • How to implemet rulesets withn our overwring custom rules

    Hi GRC Experts, Recently we have done upgrade from 4.6C to ECC 6 and upgraded the VIRSA component from VIRSA 400_46C to VIRSA 400_700. Before upgrade we have done some custom changes in the rule set. But after upgrade, we need to get the additional r

  • Touch 1st gen and 2nd gen headphone jack question

    Alright so my headphone jack crapped the bed and i was looking into just buying the jack and repairing it myself. Now when i look on the internet for a headphone jack, the only things i see sold are 2nd gen hp-jacks. now would this work in my first g

  • Convert FLA/SWF to FLV

    Hello, although I'm sure this topic has already popped up in this forum, I was still unable to find a satisfactory answer nor was I able to hear from Adobe regarding this- I do have to convert SWFs or FLAs to FLVs; is there a way to do so? I find it