Forest trust unable to find Active Directory Domain Controller
I have two domains with a two-way forest trust. We'll call them ForestA and ForestB. They're on seperate subnets. ForestA's DCs are in one physical location. ForestB's DCs are in two locations, one of which is shared with A.
I'm unable to route traffic directly from the remote DC in ForestB to the subnet ForestA is on, so I created a new DC in ForestA that sits on the subnet ForestB uses (basically, I can't route between subnets via the wireless bridge between locations, but
can within the same location).
I found this: http://www.neomagick.net/zen/2008/11/30/using-dns-to-force-a-domain-trust-through-a-specific-domain-controller-dc/
I followed the instructions to set the new DC in forest A to be the only one the remote DC in forest B was aware of.
Nslookup ForestA.com resolves correctly to this DC, but I'm unable to validate the trust relationship, getting the error:
"Windows cannot find an Active Directory Domain Controller for the ForestA.com domain. Verify that an AD DC is available and then try again."
I'd appreciate any help.
In the event viewer, have you found any event id's that corrospond with this error? Have you ensured all ports required are open? Windows firewall is correctly setup? NIC is properly configured?
Statement below taken from: http://technet.microsoft.com/en-us/library/cc961803.aspx
If you receive the following error, ERROR_NO_LOGON_SERVERS while using the Nltest tool to query the secure channel, this is usually indicative of the inability to find a domain controller for that domain. Run nltest /dsgetdc: < DomainName > : to verify
whether you can locate a domain controller. If you are unable to find a domain controller examine DNS registrations and network connectivity.
ADDS Ports:
http://msdn.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
Similar Messages
-
Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory. All groups in our SP environment are Active Directory Domain Groups (AD DG). Accessing group members via SharePoint is not
possible (as many of you already know). My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...). I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
Groups" but instead are considered user???
How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup? I do not want to perform this action on the server, but locally on my machine. When I run the below script
it throws a 401 error and complains it "can't find the group". Keep in mind I am trying to get info on a
AD Domain Group, not a
SharePoint Group. I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
clear
$CRED = Get-Credential
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
$uri = "http://{site}/_vti_bin/UserGroup.asmx"
$soap = '<?xml version="1.0" encoding="utf-8"?>'
$soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
$soap+= '<soap:Body>'
$soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
$soap+= '<groupName>TestGroup</groupName>'
$soap+= '</GetRoleCollectionFromGroup>'
$soap+= '</soap:Body>'
$soap+= '</soap:Envelope>'
[xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
echo $WF
$WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
Thank you.Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory. All groups in our SP environment are Active Directory Domain Groups (AD DG). Accessing group members via SharePoint is not
possible (as many of you already know). My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...). I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
Groups" but instead are considered user???
How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup? I do not want to perform this action on the server, but locally on my machine. When I run the below script
it throws a 401 error and complains it "can't find the group". Keep in mind I am trying to get info on a
AD Domain Group, not a
SharePoint Group. I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
clear
$CRED = Get-Credential
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
$uri = "http://{site}/_vti_bin/UserGroup.asmx"
$soap = '<?xml version="1.0" encoding="utf-8"?>'
$soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
$soap+= '<soap:Body>'
$soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
$soap+= '<groupName>TestGroup</groupName>'
$soap+= '</GetRoleCollectionFromGroup>'
$soap+= '</soap:Body>'
$soap+= '</soap:Envelope>'
[xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
echo $WF
$WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
Thank you. -
Help with setting up active directory domain controller/DNS - need this for Clustering
Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
When I look at my server manager AD DS complain about DNS:
NASE-2012-234 4015 Error Microsoft-Windows-DNS-Server-Service DNS Server 1/14/2014 12:54:06 AM
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
When I click on DNS this is the error:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Output of DCDiag -v is below.
PS C:\Users\Administrator> dcdiag -v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine NASE-2012-234, is a Directory Server.
Home Server = NASE-2012-234
* Connecting to directory service on server NASE-2012-234.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
e,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
SDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
N=Configuration,DC=lab,DC=nase,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NASE-2012-234
Starting test: Connectivity
* Active Directory LDAP Services Check
The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
Check the DNS server, DHCP, server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... NASE-2012-234 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NASE-2012-234
Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : lab
Starting test: CheckSDRefDom
......................... lab passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... lab passed test CrossRefValidation
Running enterprise tests on : lab.nasecom
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
PDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
KDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
......................... lab.nase.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... lab.nasecom passed test Intersite
PS C:\Users\Administrator>http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions. You might want to post your question there.
.:|:.:|:. tim -
I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
I have uninstalled ADDC but i still can't login on SQL server 2008r2.
please help me. it is very very disaster!
I think is loss account SQL server 2008r2!Hello,
I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
You cannot run SQL Server services on a domain controller under a local service account or a network service account.
After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
Regards,
Elvis Long
TechNet Community Support -
Active Directory domain controller could not be contacted
Hello
Help please.
I am trying to add a new server (2008) to domain 'bridgelimited.local' - only one DC (2003) doing everything at the moment. The plan is to add the new server, then move everything over from the old machine, then retire/upgrade the old machine and use as a backup.
I am currently trying to dcpromo on the new machine but I get the following error:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain bridgelimited.local:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.bridgelimited.local
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
212.50.160.100
196.168.16.2
- One or more of the following zones do not include delegation to its child zone:
bridgelimited.local
local
. (the root zone)
For information about correcting this problem, click Help.
192.168.16.2 is IP address for the DC.
Any help would be grately appreciated.
Kind Regards
RichardManaged to get the DCDIAG
Here goes (I know my harddisk is failing - that's why I am desperate to get everything shifted to the new server).
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine bridgeserver, is a DC.
* Connecting to directory service on server bridgeserver.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BRIDGESERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... BRIDGESERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\BRIDGESERVER
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=BridgeLimited,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... BRIDGESERVER passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BRIDGESERVER passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=BridgeLimited,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BRIDGESERVER passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=BridgeLimited,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=BridgeLimited,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=BridgeLimited,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=BridgeLimited,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=BridgeLimited,DC=local
(Domain,Version 2)
......................... BRIDGESERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... BRIDGESERVER passed test NetLogons
Starting test: Advertising
The DC BRIDGESERVER is advertising itself as a DC and having a DS.
The DC BRIDGESERVER is advertising as an LDAP server
The DC BRIDGESERVER is advertising as having a writeable directory
The DC BRIDGESERVER is advertising as a Key Distribution Center
The DC BRIDGESERVER is advertising as a time server
The DS BRIDGESERVER is advertising as a GC.
......................... BRIDGESERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Domain Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role PDC Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Rid Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
......................... BRIDGESERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2609 to 1073741823
* bridgeserver.BridgeLimited.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2109 to 2608
* rIDPreviousAllocationPool is 2109 to 2608
* rIDNextRID: 2121
......................... BRIDGESERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/bridgeserver.BridgeLimited.local/BridgeLimited.local
* SPN found :LDAP/bridgeserver.BridgeLimited.local
* SPN found :LDAP/BRIDGESERVER
* SPN found :LDAP/bridgeserver.BridgeLimited.local/BRIDGELIMITED
* SPN found :LDAP/96d36b0b-a148-4c2f-b3d3-8c2ac83fcaf9._msdcs.BridgeLimited.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/96d36b0b-a148-4c2f-b3d3-8c2ac83fcaf9/BridgeLimited.local
* SPN found :HOST/bridgeserver.BridgeLimited.local/BridgeLimited.local
* SPN found :HOST/bridgeserver.BridgeLimited.local
* SPN found :HOST/BRIDGESERVER
* SPN found :HOST/bridgeserver.BridgeLimited.local/BRIDGELIMITED
* SPN found :GC/bridgeserver.BridgeLimited.local/BridgeLimited.local
......................... BRIDGESERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [BRIDGESERVER]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BRIDGESERVER failed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... BRIDGESERVER passed test OutboundSecureChannels
Starting test: ObjectsReplicated
BRIDGESERVER is in domain DC=BridgeLimited,DC=local
Checking for CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local in domain DC=BridgeLimited,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local in domain CN=Configuration,DC=BridgeLimited,DC=local on 1 servers
Object is up-to-date on all servers.
......................... BRIDGESERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BRIDGESERVER passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... BRIDGESERVER passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... BRIDGESERVER passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:27
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:41
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:47:55
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:09
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:23
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:38
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:48:52
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:06
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:20
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:49:54
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:50:08
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:50:22
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:51:33
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:51:53
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:07
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:21
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:35
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:52:49
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:03
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:17
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:31
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 16:53:45
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:23
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:37
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:12:51
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:05
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:19
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:33
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:13:47
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:14:01
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:14:15
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:24
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:38
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:15:53
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:07
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:21
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:35
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:16:49
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:17:03
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
An Error Event occured. EventID: 0xC0040075
Time Generated: 09/10/2009 17:17:17
Event String: The driver for device \Device\Scsi\hpt3xx1
detected a port timeout due to prolonged
inactivity. All associated busses were reset in
an effort to clear the condition.
......................... BRIDGESERVER failed test systemlog
Starting test: VerifyReplicas
......................... BRIDGESERVER passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local and
backlink on
CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=BRIDGESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=BridgeLimited,DC=local
and backlink on
CN=BRIDGESERVER,OU=Domain Controllers,DC=BridgeLimited,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=BRIDGESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=BridgeLimited,DC=local
and backlink on
CN=NTDS Settings,CN=BRIDGESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=BridgeLimited,DC=local
are correct.
......................... BRIDGESERVER passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... BRIDGESERVER passed test VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : BridgeLimited
Starting test: CrossRefValidation
......................... BridgeLimited passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... BridgeLimited passed test CheckSDRefDom
Running enterprise tests on : BridgeLimited.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... BridgeLimited.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
PDC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
Time Server Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
KDC Name: \\bridgeserver.BridgeLimited.local
Locator Flags: 0xe00003fd
......................... BridgeLimited.local passed test FsmoCheck
The only thing I can see (other then the HDD) is the
IsmServ Service is stopped on [BRIDGESERVER]
Hope you can help. Pretty please.
Kind Regards
Richard -
Dear Experts,
In our office we have a domain controller call it 'Office.com', all computers and corporate servers e.g. exchange, antivirus etc. are member of this 'office.com', it is also having a DNS. All users in office have there preferred DNS set to the corporate
DNS
We are working for ministry and offering services to them from our data center so have many servers which are for ministry but they are in our data center. For all these servers we created another DNS server which contains all entries for these servers in
forward and reverse lookup zones. In this DNS we also created a forward lookup zone for our corporate servers and zone name is 'office.com'
What we are trying to have is name resolution of all servers which are listed in other DNS build in our office on Win 2008 R2 for ministry servers
If the user change his preferred DNS to ministry DNS he can resolve the ministry server but then we can not control any thing through group policy since they are using other DNS and not the corporate DNS.
How this can be done ? like any group policy applied to corporate domain controller must take effect on users and in addition to this user must also be able to resolve server names in ministry project DNS
Please assist ASAP.
regards,Hello,
ok so the GPO setting doesn't apply in any case.
Clients machines use the first DNS server in the list of configured ones on the NIC. If that one is available search for additional DNS servers will stop.
What i can not really understand is your description about the second DNS server. This should normally either another DC with AD integrated DNS, so everything is replicatedwithin AD replication or you use a secondary DNS on domain member server that pulls
the informations from the Master.
It sounds for me that you have configured a machine with DNS server role and created manually the zone with the same name as the domainand manually create there the required A records?
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
An Active Directory Domain Controller could not be contacted
Hi,
I encountered this error while trying to change windows 8 & 7 from workgroup to a domain. i've tried all i think i know but just to no avail.
i will be very glad if anyone in this forum can help me provide a solution to this issue.
NOTE: i have a windows server 2008 with DNS and DHCP running, and 3 windows xp systems are added to the domain already.
ThanksHi,
Anything updates now?
It seems that the issue was related to DNS. Please make sure that you have pointed the correct DNS server on the client computer. If your DNS server role is installed on the DC, please make sure
that your DNS server is pointed to the DC on the computer that you wanted to join the domain.
In addition, you can also check in DNS to see if the SRV record existing or not. If not, please stop and start the Netlogon service to force the DC to re-register the appropriate SRV
records.
Furthermore, I would appreciate it if you can feedback to us.
Best regards,
Susie -
Findings:
Currently, Windows 2012 R2 AD DS role and RDS With Broker services can only seem to coexist properly in a new domain not an existing domain. Any attempt to add to an existing domain causes internal database user access denied issues and any attempt to
adjust rights and circumvent is dubious at best.
The escalation technician said it best. Out of 50 clients that want to do this, they end up not being able to help 5 right off the bat for whatever reason. As for the other 40 they might be able to help by running reports, adjusting rights and trying to add
the roles until it works. This can end up being a 20 day process. Basically they are playing whack-a-mole with user rights and permissions until something sticks.
We tried creating an OU where any other domain policies would not be inherited to see if that was the issue, a fresh install with different sequence of adding the Roles, no effect.
Given the errors I witnessed when running procmon and then trying to add the roles, the NT System and the Windows Internal database user had access denied issues on 100+ registry keys when trying to add the roles. After that the system is not behaving normally.
The errors displayed almost mirror the errors that would occur on Windows 2012 when those two roles would be added which of course is officially NOT supported on that system.
This blog needs serious revision:
http://blogs.msdn.com/b/rds/archive/2013/07/09/what-s-new-in-remote-desktop-services-for-windows-server-2012-r2.aspx
This is the excerpt from that blog: Single server RDS deployment including Active Directory. We now support running our RD Connection Broker role service on the same physical instance as an Active Directory Domain Controller. In addition, we published
guidelines for how RD Session Host could be used without the RD Connection Broker.
Microsoft Support was curteous and helpful and they were the ones who advised cutting our losses, which mirrored my hunch after seeing what was transpiring in the system. They refunded my money for the support call.
For me, it was an opportunity to find out if there was any way to configure Windows 2012 R2 in the Same manner that it was setup as Windows 2008 R2 and lay that to rest. The coexistence is poorly implemented. It is as if there was a reaction from all the deprecation
of bread and butter features such as shadowing in TS and the coexistence of AD DS and RDS to where those features were re-added haphazardly. (I have no complaints on shadowing on Windows 2012 R2 it works, just do not like having to go to server manager to
use it).
I opted for virtualizing the Domain controller to eliminate the incompatibility issues and that is what I will be doing from now on. I found free solutions for backing up and reporting for virtual machines as well as the suggested procedures for configruing
a Domain controller as a virtual machine on a Hyper-V environment and I will be sticking to those. Thus far the setup has been operational.
I am not allergic to virtualization, but for really small setups it adds additional time and considerations but if that is how it has to be done, so be it. Windows 2008 R2 days are numbered and since we can usually squeeze 5-7 years on quality server equipment,
buying a Windows 2008 R2 setup now is a borderline disservice in my opinion.
Hopefully someone finds this useful and saves some time.Hi,
Thank you for posting in Windows Server Forum.
Do you need any other assistance?
Based on your description, you are describing your story of successfully implementing RDS server with AD role and more regarding all RDS related scenario. For shadowing feature, you can use with command also. Below is the syntax to shadow a session.
mstsc /v:<ServerName> /shadow:<SessionID>
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support -
My work Macbook Pro is using a domain account from my office. When I travel and the domain controller is not reachable it takes 30 to 60 secs longer to log into my system because it has to wait for the active directory domain controller search to timeout before it will use cached credentials (i.e. a mobile account). Does anyone know how to modify my system settings to reduce the timeout or even eliminate the delay all together? I am running the latest version of Yosemite.
Thanks,
MikeHere is the modified VI, saved in LabVIEW 2012. Follow these steps to patch your system:
1. Close LabVIEW 2012.
2. Backup the following file: LabVIEW 2012\resource\Framework\Providers\VILibrary\libFrame_OpenPageRef.vi
3. Replace it with the version attached to this post.
4. Restart LabVIEW 2012.
Now you should no longer experience the 30 second timeout when the class property page loads. I set the timeout to "-1", so it should wait as long as necessary to open the page.
Note that if you ever repair or reinstall LabVIEW 2012, you'll need to patch this file again. Also, I wouldn't try patching any version other than 2012, since there may be other changes made to this VI across LabVIEW upgrades.
Darren Nattinger, CLA
LabVIEW Artisan and Nugget Penman
Attachments:
libFrame_OpenPageRef.vi 24 KB -
Failed to install Active directory domain services
Hi,
I've installed the AD Domain Services on Windows2008R2 by following this guide http://technet.microsoft.com/en-gb/library/cc755059%28WS.10%29.aspx. After click 'Install', step 6, it showed failed to install but there is no clue why it was failed, at all.
Here is a log I copied from C:\Windows\logs\ServerManager.log
2204: 2011-01-05 12:57:54.333 [InstallationProgressPage] Loading progress page...
2204: 2011-01-05 12:57:54.411 [InstallationProgressPage] Begining Sync operation...
2204: 2011-01-05 12:57:54.458 [Sync]
Sync Graph of changed nodes
==========
name : Active Directory Domain Services
state : Changed
rank : 1
sync tech: CBS
guest[1] : Active Directory Domain Controller
guest[2] : Identity Management for UNIX
ant. : empty
pred. : empty
provider : null
name : Active Directory Domain Controller
state : Changed
rank : 4
sync tech: CBS
ant. : .NET Framework 3.5.1
pred. : Active Directory Domain Services, .NET Framework 3.5.1
provider : Provider
2204: 2011-01-05 12:57:54.458 [Sync] Calling sync provider of Active Directory Domain Controller ...
2204: 2011-01-05 12:57:54.473 [Provider] Sync:: guest: 'Active Directory Domain Controller', guest deleted?: False
2204: 2011-01-05 12:57:54.473 [Provider] Begin installation of 'Active Directory Domain Controller'...
2204: 2011-01-05 12:57:54.473 [Provider] Install: Guest: 'Active Directory Domain Controller', updateElement: 'DirectoryServices-DomainController'
2204: 2011-01-05 12:57:54.473 [Provider] Installation queued for 'Active Directory Domain Controller'.
2204: 2011-01-05 12:57:54.473 [CBS] installing 'DirectoryServices-DomainController ' ...
2204: 2011-01-05 12:57:55.020 [CBS] ...parents that will be auto-installed: 'NetFx3 '
2204: 2011-01-05 12:57:55.020 [CBS] ...default children to turn-off: '<none>'
2204: 2011-01-05 12:57:55.036 [CBS] ...current state of 'DirectoryServices-DomainController': p: Staged, a: Staged, s: UninstallRequested
2204: 2011-01-05 12:57:55.036 [CBS] ...setting state of 'DirectoryServices-DomainController' to 'InstallRequested'
2204: 2011-01-05 12:57:55.051 [CBS] ...current state of 'NetFx3': p: Installed, a: Installed, s: InstallRequested
2204: 2011-01-05 12:57:55.051 [CBS] ...skipping 'NetFx3' because it is already in the desired state.
2204: 2011-01-05 12:57:55.098 [CBS] ...'DirectoryServices-DomainController' : applicability: Applicable
2204: 2011-01-05 12:57:55.114 [CBS] ...'NetFx3' : applicability: Applicable
2204: 2011-01-05 12:57:55.770 [CbsUIHandler] Initiate:
2204: 2011-01-05 12:57:55.770 [InstallationProgressPage] Installing...
2204: 2011-01-05 12:58:49.176 [CbsUIHandler] Error: -2147021879 :
2204: 2011-01-05 12:58:49.176 [CbsUIHandler] Terminate:
2204: 2011-01-05 12:58:49.254 [InstallationProgressPage] Verifying installation...
2204: 2011-01-05 12:58:49.270 [CBS] ...done installing 'DirectoryServices-DomainController '. Status: -2147021879 (80070bc9)
2204: 2011-01-05 12:58:49.270 [Provider] Skipped configuration of 'Active Directory Domain Controller' because install operation failed.
2204: 2011-01-05 12:58:49.270 [Provider]
[STAT] ---- CBS Session Consolidation -----
[STAT] For
'Active Directory Domain Controller'[STAT] installation(s) took '54.7870005' second(s) total.
[STAT] Configuration(s) took '0.0003053' second(s) total.
[STAT] Total time: '54.7873058' second(s).
2204: 2011-01-05 12:58:49.270 [Provider] Error (Id=0) Sync Result - Success: False, RebootRequired: True, Id: 110
2204: 2011-01-05 12:58:49.286 [Provider] Error (Id=0) Sync Message - OperationKind: Install, MessageType: Error, MessageCode: -2147021879, Message: <null>, AdditionalMessage: The requested operation failed. A system reboot is required to roll back changes
made
2204: 2011-01-05 12:58:49.286 [InstallationProgressPage] Sync operation completed
2204: 2011-01-05 12:58:49.286 [InstallationProgressPage] Performing post install/uninstall discovery...
2204: 2011-01-05 12:58:49.286 [Provider] C:\Windows\system32\ServerManager\Cache\CbsUpdateState.bin does not exist.
2204: 2011-01-05 12:58:49.286 [CBS] IsCacheStillGood: False.
2204: 2011-01-05 12:58:49.786 [CBS] >>>GetUpdateInfo--------------------------------------------------
2204: 2011-01-05 12:59:46.520 [CBS] Error (Id=0) Function: 'ReadUpdateInfo()->Update_GetInstallState' failed: 80070bc9 (-2147021879)
2204: 2011-01-05 12:59:46.520 [CBS] <<<GetUpdateInfo--------------------------------------------------
2204: 2011-01-05 12:59:46.598 [DISCOVERY] hr: -2147021879 -> reboot required.
2204: 2011-01-05 12:59:46.739 [InstallationProgressPage] About to load finish page...
2204: 2011-01-05 12:59:46.739 [InstallationFinishPage] Loading finish page
2204: 2011-01-05 12:59:46.801 [InstallationFinishPage] Finish page loaded
I also checked the event viewer, here are the event properties occurred during the installation:
Initiating changes to turn on update DirectoryServices-DomainController of package DirectoryServices-DomainController-Package. Client id: RMT
Update Directoryservices-DomainController of package DirectoryServices-DomainController-Package failed to be turned on. Status: 0x80070bc9
Installation failed. A restart is required.
Roles:
Active Directory Domain Services
Error: The server needs to be restarted to undo the changes
Please help.
Thanks,
balrogzAnother thing to check is to ensure the server service is up and running.
http://blogs.dirteam.com/blogs/paulbergson/archive/2014/04/29/can-t-add-the-role-quot-active-directory-domain-services-quot-to-my-2008-r2-server.aspx
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Hi everyone,
I've been banging my head against this for a while and hope someone can help me.
Running Windows Server 2008 R2 Standard with Service Pack 1.
When I try to add the Active Directory Domain Services role to the server it gets to about 90% complete and then dies.
The ServerManager.log shows the following information, I have run the System Readiness Tool - output below - with no errors found.
At a loss on what to do next. The only other links I've found suggest rebuilding the server which I would really like to avoid...
Help appreciated,
John
ServerManager.log (extract)
==========
name : Active Directory Domain Services
state : Changed
rank : 1
sync tech: CBS
guest[1] : Active Directory Domain Controller
guest[2] : Identity Management for UNIX
ant. : empty
pred. : empty
provider : null
name : Active Directory Domain Controller
state : Changed
rank : 4
sync tech: CBS
ant. : .NET Framework 3.5.1
pred. : Active Directory Domain Services, .NET Framework 3.5.1
provider : Provider
8720: 2012-01-18 10:54:41.853 [Sync] Calling sync provider of Active Directory Domain Controller ...
8720: 2012-01-18 10:54:41.853 [Provider] Sync:: guest: 'Active Directory Domain Controller', guest deleted?: False
8720: 2012-01-18 10:54:41.853 [Provider] Begin installation of 'Active Directory Domain Controller'...
8720: 2012-01-18 10:54:41.853 [Provider] Install: Guest: 'Active Directory Domain Controller', updateElement: 'DirectoryServices-DomainController'
8720: 2012-01-18 10:54:41.853 [Provider] Installation queued for 'Active Directory Domain Controller'.
8720: 2012-01-18 10:54:41.853 [CBS] installing 'DirectoryServices-DomainController ' ...
8720: 2012-01-18 10:54:42.399 [CBS] ...parents that will be auto-installed: 'NetFx3 '
8720: 2012-01-18 10:54:42.399 [CBS] ...default children to turn-off: 'WCF-HTTP-Activation '
8720: 2012-01-18 10:54:42.415 [CBS] ...current state of 'DirectoryServices-DomainController': p: Staged, a: Staged, s: UninstallRequested
8720: 2012-01-18 10:54:42.415 [CBS] ...setting state of 'DirectoryServices-DomainController' to 'InstallRequested'
8720: 2012-01-18 10:54:42.430 [CBS] ...current state of 'NetFx3': p: Installed, a: Installed, s: InstallRequested
8720: 2012-01-18 10:54:42.430 [CBS] ...skipping 'NetFx3' because it is already in the desired state.
8720: 2012-01-18 10:54:42.430 [CBS] ...current state of default child 'WCF-HTTP-Activation': p: Installed, a: Installed, s: InstallRequested
8720: 2012-01-18 10:54:42.430 [CBS] ...skipped child 'WCF-HTTP-Activation' because it is already installed
8720: 2012-01-18 10:54:42.461 [CBS] ...'DirectoryServices-DomainController' : applicability: Applicable
8720: 2012-01-18 10:54:42.461 [CBS] ...'NetFx3' : applicability: Applicable
8720: 2012-01-18 10:54:42.539 [CbsUIHandler] Initiate:
8720: 2012-01-18 10:54:42.539 [InstallationProgressPage] Installing...
8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Verifying installation...
8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Installing...
8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Error: -2147021879 :
8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Terminate:
8720: 2012-01-18 10:55:03.787 [InstallationProgressPage] Verifying installation...
8720: 2012-01-18 10:55:03.802 [CBS] ...done installing 'DirectoryServices-DomainController '. Status: -2147021879 (80070bc9)
8720: 2012-01-18 10:55:03.818 [Provider] Skipped configuration of 'Active Directory Domain Controller' because install operation failed.
8720: 2012-01-18 10:55:03.818 [Provider]
[STAT] ---- CBS Session Consolidation -----
[STAT] For
'Active Directory Domain Controller'[STAT] installation(s) took '21.9535541' second(s) total.
[STAT] Configuration(s) took '0.0007754' second(s) total.
[STAT] Total time: '21.9543295' second(s).
8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Result - Success: False, RebootRequired: True, Id: 110
8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Message - OperationKind: Install, MessageType: Error, MessageCode: -2147021879, Message: <null>, AdditionalMessage: The requested operation failed. A system reboot is required to roll back changes made
8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Sync operation completed
8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Performing post install/uninstall discovery...
8720: 2012-01-18 10:55:03.833 [Provider] C:\Windows\system32\ServerManager\Cache\CbsUpdateState.bin does not exist.
8720: 2012-01-18 10:55:03.833 [CBS] IsCacheStillGood: False.
8720: 2012-01-18 10:55:04.333 [CBS] >>>GetUpdateInfo--------------------------------------------------
8720: 2012-01-18 10:55:34.784 [CBS] Error (Id=0) Function: 'ReadUpdateInfo()->Update_GetInstallState' failed: 80070bc9 (-2147021879)
8720: 2012-01-18 10:55:34.784 [CBS] <<<GetUpdateInfo--------------------------------------------------
8720: 2012-01-18 10:55:34.815 [DISCOVERY] hr: -2147021879 -> reboot required.
8720: 2012-01-18 10:55:34.831 [InstallationProgressPage] About to load finish page...
8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Loading finish page
8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Finish page loaded
CheckSUR.log
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 13.0
2012-01-18 10:33
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 220
No errors detectedHi John,
Thanks for posting.
Performed some research and some results say that this problem can be caused by HD Write Caching.
To disable Write Caching:
1. Go to Device Manager.
2.Click the plus sign (+) next to the Disk Drives branch to expand it.
3.Right-click the drive on which you want to enable or disable disk write caching, and then click Properties.
4.Click the Disk Properties tab.
5.Click to select or clear the Write Cache Enabled check box as appropriate.
6.Click OK.
If no luck, Please check if any erros can be found in Event log, Dcpromoui.Log and Dcpromo.log
The following articles maybe helpful to you:
Known Issues for Installing and Removing AD DS
http://technet.microsoft.com/en-us/library/cc754463(v=WS.10).aspx
You cannot install Active Directory Domain Services
http://support.microsoft.com/kb/975142
Thanks
ZHANG -
Removing an 1 way trust Active Directory Domain from SearchActiveDirectoryDomains
One of our AD domains is being retired. After configuration for both, we need to change to only point to one domain. Is running the following advisable to fix?
stsadm
-o setapppassword
-password ******
stsadm
-o setproperty
-pn peoplepicker-searchadforests
-pv "domain:***.**.*****.**.***,TDC\***********,**********"
-url http://url
iisreset
/noforce
Thank you,
MarkHi,
According to your post, my understanding is that you wanted to remove an one way trust Active Directory Domain from SearchActiveDirectoryDomains.
People Picker will only query the forests or domains that you specify in the
peoplepicker-searchadforests property setting.
To specify the forests or domains to be queried together with the credentials, type the following command:
stsadm.exe -o setproperty -pn peoplepicker-searchadforests -pv
<Valid list of forests or domains, Login name, Password> -url
<Web application URL>
More information:
Configure People Picker in SharePoint 2013
All you want to know about People Picker in SharePoint ( Functionality | Configuration
| Troubleshooting )
Thanks,
Jason
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Jason Guo
TechNet Community Support -
How to find the SQL Server Instances running across the given activer directory domain?
How to find the SQL Server Instances running across the given activer directory domain?
I have though of OSQL -L , Microsoft Assessment and Planning ( MAP ) tool and SQLPing3 (SQLSecurity) might help me.
I would appreciate if there any other way of finding the SQL Servers / Instances running across the given active directory domain.
Sivaprasad S
http://sivasql.blogspot.com
Please click the Mark as Answer button if a post solves your problem!Dear ,
Very simple u find all instances through the customized sp which is get all details about inventory. Like i put the sp bellow. This is without any tool.
USE [master]
GO
/****** Object: StoredProcedure [dbo].[DBStatus] Script Date: 08-01-2015 19:46:11 By Damodar Patle Sr. DBA Mumbai India ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[DBStatus]
AS
SELECT
SERVERPROPERTY('servername') AS ServerName,
ConnectionProperty('local_net_address') AS 'local_net_address',
ConnectionProperty('local_tcp_port') AS 'local_tcp_port',
CONVERT(VARCHAR(25), @@VERSION) as VERSIONSQL,
SERVERPROPERTY('ErrorLogFileName') AS ErrorLogFilePath,
database_id,
CONVERT(VARCHAR(25), DB.name) AS DBName,
CONVERT(VARCHAR(10), DATABASEPROPERTYEX(name, 'status')) AS [Status],
CONVERT(VARCHAR(10), DATABASEPROPERTYEX(name, 'Recovery')) AS [Recovery_Model],
create_date as DBCreate_Date, --physical_device_name,
(SELECT COUNT(1) FROM sys.master_files WHERE DB_NAME(database_id) = DB.name AND type_desc = 'rows') AS DataFiles,
(SELECT SUM((size*8)/1024) FROM sys.master_files WHERE DB_NAME(database_id) = DB.name AND type_desc = 'rows') AS [Data MB],
(SELECT COUNT(1) FROM sys.master_files WHERE DB_NAME(database_id) = DB.name AND type_desc = 'log') AS LogFiles,
(SELECT SUM((size*8)/1024) FROM sys.master_files WHERE DB_NAME(database_id) = DB.name AND type_desc = 'log') AS [Log MB],
(SELECT physical_name FROM sys.master_files WHERE DB_NAME(database_id) = DB.name AND type_desc = 'rows') AS MDF_File_Location,
(SELECT physical_name FROM sys.master_files WHERE DB_NAME(database_id) = DB.name AND type_desc = 'log') AS LDF_File_Location,
user_access_desc
FROM sys.databases DB
ORDER BY dbName, [Log MB] DESC, NAME -
Cisco ISE 1.2 and 2 Active Directory Domains
Hi Support,
does anyone know whether I can perform Certificate Authentication for two different Active Directory domains using the same ISE host / deployment?
We have two forests with a trust link between them.
We have a seperate PKI in each domain.
I am thinking that the ISE can only be joined to a single domain, but because we have a trust between the two forests, the ISE can have two certificate profiles in an identity source sequence which can then use in a single authorisation policy.
I take it that I would need local certs from each CA in the local certificate store of the ISE?
We are performing a company merger and we cannot migrate users to the primary AD domain due to several reasons so we would like to use the same ISE deployment to authenticate Wireless users on both AD domains.
Thanks
MarioMario,
This is possible. Here are the guidelines for the Multi-Forest support in ISE 1.2:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1350874
You would have to set a new Certificate Authentication Profile for each domain and use the Authentication Policies to determine which of the Certificate Authentication Profiles to use.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_id_stores.html#pgfId-1349174
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton -
Connecting Mac to Active Directory Domain
I understand there is an AD Plug-in available? Where can I find this and is there a good article or can somebody point me in the right direction to having my powerbook join our corporate active directory domain for authentication.
Thanks in advance
MikeMac OS 10.4 supports active directory out of the box. Open up /Applications/Utilities/Directory Access and click active directory and configure. Enter the name of the forest and domain you want to join and your computer id then click bind. You will be prompted for an admin password to join the domain. When you have joined click OK to go back to Directory Access and click on authentication. Make sure /Actuve Directory/All Domains is listed. If not add it. You should now be able to log onto your machine with your AD user account.
Maybe you are looking for
-
How do i keep my contacts if i delete my icloud account from my phone?
i am trying to delete my icloud account from my phone but how do i keep my contacts? my broher is on the same icloud account how do i get his contacts off of my phone
-
Hi, I have an desktop application and the following are the functionalities of the same. 1. User inputs the data file with path (log file) to parse the required data. 2. Once the user enters the path and starts the tool with start button, the tool pa
-
How to use a complex model with levenberd-marquardt vi
I am trying to use the Levenberg-Marquardt vi. My problem is that I have a model that predicts a complex valued impedance spectrogram. The model requires for input the 3 parameters as well as a collected complex valued data vector also as input to pr
-
Headphone jack problem! Please hel
<FONT color=#3300cc>My brother bought me a Zen Micro 5gb for my birthday last May 2005. a couple of months ago my micro became victim of the headphone jack problem! I can't find the receipt anywhere, can I still send it away to be fixed? Message Edit
-
Results analysis data is calculated through sales order
Hi All, I m trying to calculate WIP of one process Order through KKAX. But I am getting the below error Results analysis data is calculated through sales order 300002423 001000 Message no. KJ112 Diagnosis The order you selected for WIP calculation or