Netlogon 5719

Similar Messages

• Windows 7 x64 and x32 Netlogon 5719 errors

  Ok, let me first start off by saying that this only happens on Windows 7 (x64 or x86).  I do not have this problem with XP (x64 or x86).
  I have several subnets for which I use the HP Procurve IP HELPER-ADDRESS.  This also happens if the DHCP server is a physical or virtual machine.  I was reading about the port fast option for RSTP (HP), though I can see if I need to use that if
  it happens with XP and Windows 7.  I tried the following:
  Disabled IPv6
  Tried a physical and virtual machine
  Ran hotfix 2459530 for both x64 and x32
  Tried the Broadcast registry fix instead of using unicast 
  Tried updating NIC drivers for both Intel and Broadcom
  Changed the gateway for the DHCP options
  Have GPO for "always wait for network before logon"
  Have GPO for "Startup policy wait time (120 seconds)"
  I still run into the issue that some Windows 7 machines will get the Netlogon 5719 errors on startup.  I don't know where to go to next about this issue??  I'm hoping SP2 will help with this issue.

  smKKe wrote:
  Ok, let me first start off by saying that this only happens on
  Windows 7 (x64 or x86).  I do not have this problem with XP (x64 or
  x86).
  I have several subnets for which I use the HP Procurve IP
  HELPER-ADDRESS.  This also happens if the DHCP server is a physical
  or virtual machine.  I was reading about the port fast option for
  RSTP (HP), though I can see if I need to use that if it happens with
  XP and Windows 7.  I tried the following:
  * Disabled IPv6
  * Tried a physical and virtual machine
  * Ran hotfix 2459530 for both x64 and x32
  * Tried the Broadcast registry fix instead of using unicast 
  * Tried updating NIC drivers for both Intel and Broadcom
  * Changed the gateway for the DHCP options
  * Have GPO for "always wait for network before logon"
  * Have GPO for "Startup policy wait time (120 seconds)"
  I still run into the issue that some Windows 7 machines will get the
  Netlogon 5719 errors on startup.  I don't know where to go to next
  about this issue??  I'm hoping SP2 will help with this issue.
  Is this the only error message or do you have other connectivity
  errors, too - like no valid IP-address from dhcp-server, or no dns-name
  resolution working?
  If this is the only error you get and you are able to logon correctly
  and access the domain controller it is only cosmetic and means, that
  netlogon was already trying to access the resource before it was
  available - but it did sucessfully connect later, when the resouce was
  available. If you have other errors as well - please tell us those, too
  - to make troubleshooting easier.
  Wolfgang

• Netlogon 5719 problem

  Hello,
  We have a problem with our domain.
  All computer have a NETLOGON event id 5719 problem
  We have 2 virtual DCs
  Log of netlogon on a computer ( just CRITICAL )
  12/16 10:31:59 [CRITICAL] IPV6SocketAddressList is too small 0.
  12/16 10:31:59 [CRITICAL] Address list changed since last boot. (Forget DynamicSiteName.)
  12/16 10:31:59 [CRITICAL] C:\Windows\system32\config\netlogon.ftj: Unable to open. 2
  12/16 10:31:59 [CRITICAL] NlBrowserSendDatagram: No transports available
  12/16 10:31:59 [CRITICAL] NetpDcGetNameNetbios: ALIBABA: Cannot NlBrowserSendDatagram. (1C) 53
  12/16 10:31:59 [CRITICAL] NetpDcGetName: ALIBABA: IP and Netbios are both done.
  12/16 10:31:59 [CRITICAL] ALIBABA: NlDiscoverDc: Cannot find DC.
  12/16 10:31:59 [CRITICAL] ALIBABA: NlSessionSetup: Session setup: cannot pick trusted DC
  12/16 10:31:59 [CRITICAL] I_NetLogonGetAuthData failed: (null) ALIBABA (Flags 0x1): 0xc000005e
  12/16 10:32:04 [CRITICAL] NlMainLoop: Registry changed
  12/16 10:32:05 [CRITICAL] NetpDcGetNameIp: ALIBABA-SRV1.ALIBABA.str: No data returned from DnsQuery.
  12/16 10:32:05 [CRITICAL] NetpDcGetName: ALIBABA-SRV1.ALIBABA.str: IP and Netbios are both done.
  On each DC, a dcdiag /test:DNS is OK, no error
  On the computer, with nltest :
  C:\Users\>nltest /sc_query:alibaba.str /server:alibaba-srv1
  I_NetLogonControl a échoué : Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
  C:\Users\>nltest /sc_query:alibaba.str /server:alibaba-srv4
  Indicateurs : 30 HAS_IP HAS_TIMESERV
  Nom du contrôleur de domaine approuvé \\alibaba-SRV1.alibaba.str
  Statut de la connexion du contrôleur de domaine approuvé Status = 0 0x0 NERR_Success
  La commande a été correctement exécutée ( Ok )
  Help ..

  Hi,
  Do you have the DCs in time sync with the PDC. Probably one of them is the PDC and the rest will use domain hierachy to sync time?
  I am not seeing anything out of ordinary on the diagnostic reports. Was there any changes (network) at the ESXi hosts level that could cause this?
  Can you rech from the client to DC over 53/389/3268 ports? Can you resolve from the client the AD domain using nslookup.
  Regards,
  Calin

• Slow logins to domain, several event ID errors (group policy, netlogon, NTP errors)

  We have a laptop user who was experiencing slow logons in a remote office.   (Remote office has 100 users, only 1 is reporting the issue).  Helpdesk swapped computers to give the user brand new hardware.   The new laptop worked
  fine while in the IT department in the main office, the user returned to their desk in their remote office after replacing the laptop and logged in and experienced the same slow logon issues as the older laptop.
  Logons take up to 45 mins to process.  (Login script hangs and does not process).  During the process, you can check IPConfig and it received the proper DNS settings.  you can ping the authenticating server by name.  We have scanning
  on our local copiers setup to scan to the users desktop, and this errors out.  DNS on the AD controller shows the proper IP address for the machine and you can ping the machine by name.
  System Event log is loaded with errors:
  Event ID 5719 - Netlogon, computer not able to setup a secure session with a domain controller in the domain
  Event ID 1129 - Group Policy, processing of Group Policy failed because of lack of network connectivity
  Event ID 129 - Time Service, NTP Client was unable to set a domain peer to use as a time source
  Event ID 5783 - NetLogon, The session setup to the WIndows NT or 2000 domain controller (xxx) for the domain is not responsive.  RPC call cancelled.   (NOTE - you can ping this domain controller by name and by IP with no issues)
  Event ID 130 - Time-Service, NTP client unable to set a domain peer
  All these seem to point to RPC errors timing out because they cannot communicate to the network resources.  The problem happens on wired or wireless connections.  We had the user move to a different network connection (one we know is working for
  another user) the problem persists.   The problem was on the original computer and continues to happen even after replacing the hardware with a brand new laptop.
  I have tried running the following hotfix.  Which does not resolve the issue: 
  http://support2.microsoft.com/kb/2459530 which technically this shouldn't be an issue because we use DHCP off the 2003 AD domain controller.
  I have checked the domain controller, AD Replication is processing with no issues.  DNS is working.  The local DHCP server has no issues or events related to this account and neither does the local DNS server or the authenticating server (which
  is in another remote office). 
   

  Hi,
  As we know, most of the time error event 5719 is caused by network connectivity issues or name resolution issue, I suggest you refer to this link to make a further analysis
  http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
  And this link:
  Root Causes for Slow Boots and Logons
  http://social.technet.microsoft.com/wiki/contents/articles/10130.root-causes-for-slow-boots-and-logons-sbsl.aspx
  Yolanda Zhu
  TechNet Community Support

• Lack of Connectivty to Domain Controller - Domain Controller Access Issues Requires Repeated Reauthentication

  Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information. 
  I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is. 
  The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
  setup.)
  For 6+ months everyone had access to the shared files and databases on each workstation without issue. 
  In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already. 
  Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
  no logon servers available to service the logon request”.  While access is rejected I’m still able to ping the DC both via its name and IPV4 address. 
  (Pinging via its name results in an IPv6 address in the response.) 
  Other network connectivity appears intact (able to browse the web, perform network discovery.)
  Things that ‘seem’ to allow access on this computer until the next failure:
  Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
  Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
  After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username. 
  Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
  Most Problematic Computer:
  Event ID 8016:  System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.) 
  Event ID 131:  NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’ 
  ‘No such host is known.”
  Event ID 5719:  NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
  And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
   The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  Event 1030:  The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
  at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
  On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
  Ipconfig/all from the server:
     Connection-specific DNS Suffix 
     Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
     Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
   10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 234638804
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
     DNS Servers . . . . . . . . . . . : ::1
  127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ipconfig/all from the problematic computer:
  Wireless LAN adapter Wi-Fi:
     Connection-specific DNS Suffix 
  . : wp.comcast.net
     Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
     Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
  rred)
     Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
     Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
  10.1.10.1
     DHCP Server . . . . . . . . . . . : 10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 54535618
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
     DNS Servers . . . . . . . . . . . : 2001:558:feed::1
  2001:558:feed::2
                  10.1.10.42
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next.  Could a failing piece of hardware be the culprit? 
  Thanks,
   -JT

  Hi,
  According to the error you have posted.
  A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
  Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
  Netlogon 5719 and the Disappearing Domain [Controller]
  http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
  Did you refer to this KB article?
  Event ID 5719 is logged when you start a Domain Member
  http://support.microsoft.com/kb/938449
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows Server 2008R2 running Remote Desktop Services reports printer process does not exist when installing PDF printer

   Windows Server 2008R2 running Remote Desktop Services reports printer process does not exist when installing PDF printer, And when Installing network printers from the domain controller it reports it cannot connect to printer.  I can ping all
  network devices. I can connect to the internet.
  On boot I get a netlogon 5719 error followed by service control manager errors 7023,7001 and a group policy error 1129.
  Clients can connect to the remote application and RDP operates to connect to the server internally and externally.
  The domain controller is another server 2008r2 box. I have scoured the internet but have not found any solutions that work yet.

  Hi,
  After referring to your post, it can be identified that the issue which you are facing is mostly due to some network issue in your environment. Please recheck your network connection issue between computer and domain controller. 
  Can you able to ping with IP address and also with fully qualified name of a domain controller in the users' and computers' domain. If it fails states that name resolution issue with computer and domain controller. Are you using MS DHCP Relay agent then there’s
  available Hotfix for the particular Event ID. Please go through this KB 2459530 to fix the error event ID.
  As per the net logon error 5719 which you are facing states that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against. Below is one of the reason. If this is being logged on a DC and the event
  refers to the DC's own domain, something might be preventing the client component of Netlogon from starting a network session (to itself or to another DC in the domain). The following event 7001 & 7023 states start & stop operation service. Please
  go through beneath article for more details.
  1.  Event ID 5719 is logged when you start a computer
  2.  Netlogon 5719 and the Disappearing Domain [Controller]
  3.  Event ID 1129 — Microsoft-Windows-GroupPolicy
  Hope it helps!
  Regards.

• Bunch of errors in Windows Server 2008 R2

  Hi everyone,
  I've searched Technet and all the Internet for a clear solution or any clue that could help me solve this issue, but didn't manage.
  Recently Windows Server 2008 R2 SP1 started to frequently and spit out bunch of errors that are connected to each other in my opinion, but I have no idea what is causing them and why they started to appear so suddenly.
  Those errors are (ID):
  TermDD (50, 56)
  Group Policy (1058, 1080, 1006, 1079, 1110)
  Schannel (36888)
  Sometimes also
  Distributed COM (10010) and NETLOGON (5719)
  In first step I did the update of the servers and disabled chimney offloading, but it didn't solve the problem. I found couple of technet's articles describing SIMILAR problems, but I have no idea if they are describing exactly what I need.
  http://support.microsoft.com/kb/2643970/en-us
  http://support.microsoft.com/kb/2519736/en-us
  Those servers are not our ones, but the other company that we are supporting. I'm also student and just started to gain experience with servers, so please mind that when providing any clue for which I will be extremely thankful.

  To be more exact I'll supply logs:
  Schannel:
  System
  Provider
  [ Name]
  Schannel
  [ Guid]
  {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID
  36888
  Version
  0
  Level
  2
  Task
  0
  Opcode
  0
  Keywords
  0x8000000000000000
  TimeCreated
  [ SystemTime]
  2014-11-18T10:57:08.837489800Z
  EventRecordID
  946520
  Correlation
  Execution
  [ ProcessID]
  680
  [ ThreadID]
  35592
  Channel
  System
  Computer
  mydomain.com
  Security
  [ UserID]
  S-1-5-18
  EventData
  AlertDesc
  40
  ErrorState
  252
  and
  System
  Provider
  [ Name]
  Schannel
  [ Guid]
  {1F678132-5938-4686-9FDC-C8FF68F15C85}
  EventID
  36888
  Version
  0
  Level
  2
  Task
  0
  Opcode
  0
  Keywords
  0x8000000000000000
  TimeCreated
  [ SystemTime]
  2014-11-24T11:31:41.382210900Z
  EventRecordID
  951084
  Correlation
  Execution
  [ ProcessID]
  668
  [ ThreadID]
  3744
  Channel
  System
  Computer
  mydomain.coml
  Security
  [ UserID]
  S-1-5-18
  EventData
  AlertDesc
  10
  ErrorState
  10
  Term DD:
  System
  Provider
  [ Name]
  TermDD
  EventID
  56
  [ Qualifiers]
  49162
  Level
  2
  Task
  0
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2014-11-18T13:39:26.755665300Z
  EventRecordID
  946638
  Channel
  System
  Computer
  mydomain.com
  Security
  EventData
  \Device\Termdd
  xxx.xxx.xxx.xxx
  0000040002002C000000000038000AC00000000038000AC0000000000000000000000000000000005E0000C0
  Distributed COM:
  System
  Provider
  [ Name]
  Microsoft-Windows-DistributedCOM
  [ Guid]
  {1B562E86-B7AA-4131-BADC-B6F3A001407E}
  [ EventSourceName]
  DCOM
  EventID
  10010
  [ Qualifiers]
  49152
  Version
  0
  Level
  2
  Task
  0
  Opcode
  0
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2014-11-24T13:45:03.000000000Z
  EventRecordID
  951407
  Correlation
  Execution
  [ ProcessID]
  0
  [ ThreadID]
  0
  Channel
  System
  Computer
  mydomain.com
  Security
  EventData
  param1
  {0002DF01-0000-0000-C000-000000000046}

• Critical Agent errors

  Last weekend I got these errors from the agent on one of our database servers..
  I cleared the messages and resynchronized the agent and it was fine till this weekend, then it did it again.. any ideas..
  ALERT 1:
  Count of targets not uploading exceeded the critical threshold (0). Current value: 2
  Then 20 minutes later I got ALERT 2:
  Message is of following format.Logfile:Sourcename:EventCode:CategoryString:User:ErrorCount:WarningCount [[System:l2nd:4::::warning=1] [System:MRxSmb:8003:::error=1:] [System:W32Time:14::::warning=1] [System:W32Time:29:::error=1:] [System:NETLOGON:5719:::error=1:] ]

  Windows 2003 Enterprise 64bit..
  agent
  Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
  Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
  Agent Version : 10.2.0.5.0
  OMS Version : 10.2.0.5.0
  Protocol Version : 10.2.0.5.0
  Agent Home : d:\oracle\agent10g\agent10g
  Agent binaries : d:\oracle\agent10g\agent10g
  Agent Process ID : 2872
  Agent URL : https://bidb.okladot.state.ok.us:3872/emd/main/
  Repository URL : https://ORAGRID.okladot.state.ok.us:1159/em/upload
  Started at : 2010-04-05 15:55:12
  Started by user : SYSTEM
  Last Reload : 2010-04-05 16:16:11
  Last successful upload : 2010-04-07 15:57:38
  Total Megabytes of XML files uploaded so far : 94.03
  Number of XML files pending upload : 0
  Size of XML files pending upload(MB) : 0.03
  Available disk space on upload filesystem : 44.33%
  Last successful heartbeat to OMS : 2010-04-07 16:10:04
  Agent is Running and Ready

• Home Directories Map Intermittently, then "Break" Forever

  I am not sure if this is the correct forum for my issue. Please let me know if there is a better one and I'll post there.
  We are experiencing a puzzling issue with drive mapping after deploying a new operating system image using SCCM. It is a newly developed image and it is also a change from 32-bit Windows 7 SP1 to 64-bit Windows 7 SP1.
  We immediately began getting calls reporting that the home directory drive did not map. Not all users are affected, but many are. All our user accounts in AD have the homeDirectory and homeDrive attributes populated, including the non-mapping users. All
  permissions to the home directories are correct as in all cases the non-mapping users can access their home directories perfectly using a UNC path. The behavior is computer specific as in all cases, the non-mapping user can go to a different computer and map
  their home directory normally. And most puzzling of all, the behavior is specific to the
  drive letter. On an affected computer, no subsequent user will map that drive letter. This symptom has been confirmed in a few rare cases where the non-mapping drive is a location and drive letter mapped by GPO different than the home directory.
  In those cases, no subsequent user is able to map that specific drive letter. In the case of the home directory and the other drive mapping, the drive letters could be mapping to different UNC paths altogether for different users, which is how we
  are sure that the issue is drive letter specific.
  In the case of the rare GPO delivered mapping that is lost, the System logs report a 1112 Group Policy error, and that it will try again on next processing. Performing a gpupdate /force then results in a series of Group Policy 150* events indicating success
  but no mapping occurs.
  In several cases, users report that initially they were able to reboot and restore the drive mapping, but that eventually it stopped mapping never to return.
  So far we've tried:
  - setting "Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon" to both Enabled and Disabled (currently Enabled)
  -setting HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\SilentForcedAutoReconnect = 1
  Can anyone offer any further advice on how to troubleshoot this issue?

  The offending software is Cisco's AnyConnect. This explains why only laptops were affected. Removing this software allows the Home Directory to be consistently mapped.
  This is the same version of the software that we ran on the previous 32-bit image we deployed without issue. However, now after a certain kind of incident, for example users describe undocking from a docking station  while still logged in as the
  last moment their home directory worked, the computer starts throwing Netlogon 5719  "no logon servers" and ec1express 27 "Network Link is disconnected" errors at login. This temporary outage kills the default home directory mapping but has no effect
  on subsequent group policy processing.
  We've gone as far as to add the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GpNetworkStartTimeoutPolicyValue registry setting in hopes of delaying the processing but the default home directory mapping is just not a GPO and does not respond
  to GPO mechanisms that we have tried.
  Now that said, we ran this exact same software not 1 month ago without incident on our previous image. The key (known) difference between the current and previous os image is a change from 32 to 64 bit. Uninstalling the software is not an option at this
  time and running a login script seems like a waste given that this software is known to work previously.
  Does anyone understand the internals behind the default drive mapping functionality or know whether or not it can be configured in any way for increased resilience  or delays?

• Events 5719, NETLOGON, Event 1129, Microsoft-Windows-GroupPolicy

  I have been seeing these events lately on our Windows 7 PCs. We have 2 domain controllers, Server 2012 and 2003.  I think most of these events started after I added the 2012 DC.  We were running just the one 2003 DC.  I moved DHCP from
  the 2003 to the 2012.  Both servers are AD integrated DNS servers and a third server is a DNS secondary server.
  I tried the hotfix from here...
  http://support.microsoft.com/kb/2459530
  on one PC as a test.  It appears to have solved the 1129 event but I still get the 5719 NETLOGON event.  I also tried updating the Gigabit NIC drivers on this system but it didn't help.  What should I try next?
   

  
  Hi,
  According to the following article,
  this behavior can occur when your server is connected to a switch that has the spanning tree "portfast" setting disabled.
  To work around this behavior, enable the spanning tree "portfast" setting on the switch.
  A “Netlogon event ID 5719” event message is logged when you start a Windows based computer
  http://support.microsoft.com/kb/247922
  Hope this helps.

• Periodic NETLOGON & GroupPolicy errors results server hangs (Hard Hang)

  Hi,
  Our server hangs (Hard hang) randomly once or twice a month. Its Server 2008R2 SP1 with all latest patches, Its Virtual machine on VSphere 5.5, Virtual machine version 10.
  I notice around the time of hang we have NETLOGON error 5719 and Group Policy error 1054
  Log Name:      System
  Source:        NETLOGON
  Date:          26.06.2014 09:49:54
  Event ID:      5719
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      xxx.domain.no
  Description:
  This computer was not able to set up a secure session with a domain controller in domain DOMAIN due to the following:
  The RPC server is unavailable.
  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. 
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="NETLOGON" />
      <EventID Qualifiers="0">5719</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-06-26T07:49:54.000000000Z" />
      <EventRecordID>91928</EventRecordID>
      <Channel>System</Channel>
      <Computer>xxx.domain.no</Computer>
      <Security />
    </System>
    <EventData>
      <Data>DOMAIN</Data>
      <Data>%%1722</Data>
      <Binary>170002C0</Binary>
    </Even
  Log Name:      System
  Source:        Microsoft-Windows-GroupPolicy
  Date:          26.06.2014 08:11:49
  Event ID:      1054
  Task Category: None
  Level:         Error
  Keywords:     
  User:          SYSTEM
  Computer:      xxx.domain.no
  Description:
  The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
      <EventID>1054</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>1</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2014-06-26T06:11:49.361463400Z" />
      <EventRecordID>91916</EventRecordID>
      <Correlation ActivityID="{A79795FE-5CB2-4051-83F7-FA6F9BC566E1}" />
      <Execution ProcessID="872" ThreadID="1148" />
      <Channel>System</Channel>
      <Computer>xxx.domain.no</Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <EventData>
      <Data Name="SupportInfo1">1</Data>
      <Data Name="SupportInfo2">1903</Data>
      <Data Name="ProcessingMode">0</Data>
      <Data Name="ProcessingTimeInMilliseconds">1139</Data>
      <Data Name="ErrorCode">58</Data>
      <Data Name="ErrorDescription">The specified server cannot perform the requested operation. </Data>
    </EventData>
  </Event>tData>
  </Event>
  I have checked all settings such as domain and DNS connectivity, Sysvol access, Ping check (NetBIOS\FQDN), deleted the computer account and rejoined the server to domain and all other basic
  steps but nothing has helped.
  What shall be the next step to figure out the cause?
  Regards
  Prabhash

  Hi,
  Thanks for your response.
  Sharing the netstat output, appears to me high ports are open. This is the only server which has issue, I have some more servers in the same VLAN and no other server has this issue.
  >netstat -an |find /i "listening"
    TCP    0.0.0.0:22             0.0.0.0:0              LISTENING
    TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
    TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
    TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
    TCP    0.0.0.0:2222           0.0.0.0:0              LISTENING
    TCP    0.0.0.0:2223           0.0.0.0:0              LISTENING
    TCP    0.0.0.0:2224           0.0.0.0:0              LISTENING
    TCP    0.0.0.0:2846           0.0.0.0:0              LISTENING
    TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
    TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:48000          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:48001          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:48004          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:48005          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:48006          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:49156          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:49250          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:49297          0.0.0.0:0              LISTENING
    TCP    0.0.0.0:61444          0.0.0.0:0              LISTENING
    TCP    10.88.64.51:139        0.0.0.0:0              LISTENING
    TCP    [::]:22                [::]:0                 LISTENING
    TCP    [::]:80                [::]:0                 LISTENING
    TCP    [::]:135               [::]:0                 LISTENING
    TCP    [::]:445               [::]:0                 LISTENING
    TCP    [::]:3389              [::]:0                 LISTENING
    TCP    [::]:47001             [::]:0                 LISTENING
    TCP    [::]:49152             [::]:0                 LISTENING
    TCP    [::]:49153             [::]:0                 LISTENING
    TCP    [::]:49154             [::]:0                 LISTENING
    TCP    [::]:49156             [::]:0                 LISTENING
    TCP    [::]:49250             [::]:0                 LISTENING
    TCP    [::]:49297             [::]:0                 LISTENING
    TCP    [::]:61444             [::]:0                 LISTENING
  Please advice.
  Regards
  Prabhash

• New DC without netlogon share is not working.

  Hello all,
  I have a brand new DC  (server 2012) that I joined to my domain and it is not behaving. It is a clean install plus the directory services role, the static IP and the promotion, nothing else. The domain has one more DC (server 2012) and it is functioning
  properly. The DNS servers of the new DC are the working DC and 127.0.0.1 as secondary. The time is the same, the name is new on a new install of windows (no images, no cloning, no restores). The promotion completed successfully with the initial replication
  (it said).
  Here is the output of dcdiag:
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = IL-DC2
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\IL-DC2
        Starting test: Connectivity
           ......................... IL-DC2 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\IL-DC2
        Starting test: Advertising
           Warning: DsGetDcName returned information for \\MD-DC.mydomain.com, when we were trying to reach IL-DC2.
           SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
           ......................... IL-DC2 failed test Advertising
        Starting test: FrsEvent
           ......................... IL-DC2 passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
           replication problems may cause Group Policy problems.
           ......................... IL-DC2 passed test DFSREvent
        Starting test: SysVolCheck
           ......................... IL-DC2 passed test SysVolCheck
        Starting test: KccEvent
           A warning event occurred.  EventID: 0x80000481
              Time Generated: 03/06/2014   05:07:50
              Event String: Internal event: The following schema class has a superclass that is not valid.
           A warning event occurred.  EventID: 0x80000481
              Time Generated: 03/06/2014   05:07:50
              Event String: Internal event: The following schema class has a superclass that is not valid.
           A warning event occurred.  EventID: 0x80000481
              Time Generated: 03/06/2014   05:07:50
              Event String: Internal event: The following schema class has a superclass that is not valid.
           A warning event occurred.  EventID: 0x80000B46
              Time Generated: 03/06/2014   05:09:43
              Event String:
              The security of this directory server can be significantly enhanced by configuring the server to reject SASL
   (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple
   binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds,
  configuring the server to reject them will improve the security of this server.
           ......................... IL-DC2 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... IL-DC2 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... IL-DC2 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... IL-DC2 passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\IL-DC2\netlogon)
           [IL-DC2] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
           ......................... IL-DC2 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... IL-DC2 passed test ObjectsReplicated
        Starting test: Replications
           ......................... IL-DC2 passed test Replications
        Starting test: RidManager
           ......................... IL-DC2 passed test RidManager
        Starting test: Services
           ......................... IL-DC2 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/06/2014   04:20:58
              Event String: The WinRM service is not listening for WS-Management requests.
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/06/2014   04:50:41
              Event String:
              Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers r
  esponded.
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 03/06/2014   04:50:41
              Event String:
              Name resolution for the name teredo.ipv6.microsoft.com. timed out after none of the configured DNS servers r
  esponded.
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/06/2014   04:51:32
              Event String: The WinRM service is not listening for WS-Management requests.
           An error event occurred.  EventID: 0x00001001
              Time Generated: 03/06/2014   04:56:46
              Event String:
              The machine IL-DC2 attempted to join the domain mydomain.com but failed. The error code was 1332.
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/06/2014   04:58:07
              Event String: The WinRM service is not listening for WS-Management requests.
           An error event occurred.  EventID: 0x0000271A
              Time Generated: 03/06/2014   04:58:06
              Event String:
              The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 03/06/2014   04:59:21
              Event String:
              Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and t
  his server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:00:09
              Event String:
              Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the
  administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:00:09
              Event String:
              Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact t
  he administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:00:12
              Event String:
              Driver HP Universal Printing PCL 6 required for printer HP Color LaserJet CM1312nfi MFP (192.168.2.20) is un
  known. Contact the administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:00:12
              Event String:
              Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact
  the administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:00:13
              Event String:
              Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver be
  fore you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:00:13
              Event String:
              Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the
   administrator to install the driver before you log in again.
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 03/06/2014   05:08:51
              Event String: The WinRM service is not listening for WS-Management requests.
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 03/06/2014   05:12:17
              Event String:
              Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and t
  his server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:13:02
              Event String:
              Driver HP Universal Printing PCL 6 required for printer HP Universal Printing PCL 6 is unknown. Contact the
  administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:13:02
              Event String:
              Driver Microsoft XPS Document Writer required for printer Microsoft XPS Document Writer is unknown. Contact
  the administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:13:03
              Event String:
              Driver HP Universal Printing PCL 6 required for printer HP Color LaserJet CM1312nfi MFP (192.168.2.20) is un
  known. Contact the administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:13:04
              Event String:
              Driver PrimoPDF required for printer PrimoPDF is unknown. Contact the administrator to install the driver be
  fore you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:13:04
              Event String:
              Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact t
  he administrator to install the driver before you log in again.
           An error event occurred.  EventID: 0x00000457
              Time Generated: 03/06/2014   05:13:05
              Event String:
              Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the
   administrator to install the driver before you log in again.
           ......................... IL-DC2 failed test SystemLog
        Starting test: VerifyReferences
           ......................... IL-DC2 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : mydomain
        Starting test: CheckSDRefDom
           ......................... mydomain passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... mydomain passed test CrossRefValidation
     Running enterprise tests on : mydomain.com
        Starting test: LocatorCheck
           ......................... mydomain.com passed test LocatorCheck
        Starting test: Intersite
           ......................... mydomain.com passed test Intersite
  I also have the following event:
  Log Name:      System
  Source:        NetJoin
  Date:          3/6/2014 4:56:46 AM
  Event ID:      4097
  Task Category: None
  Level:         Error
  Keywords:      
  User:          S-1-5-21-1062633599-3710215183-3313947919-500
  Computer:      IL-DC2
  Description:
  The machine IL-DC2 attempted to join the domain mydomain.com but failed. The error code was 1332.
  Although the machine joined the domain, it is listed with the appropriate records and promoted. 
  Can anybody help me get a second DC for this domain running? It is kind of urgent... I tried demoting/promoting, reinstalling, I tried to do a non-authoritative restore, however, I don't have the appropriate registry key... I saw the various different posts
  on similar issues, please do not paste them as I read them and I was not able to solve this.
  Thank you in advance for any responses!
  Best regards,
  Irina

  Umar,
  Thank you big time for your time and help today. After we finished talking I tried the authoritative restore (vs non-authoritative the first time - didn't help) and then I started over (one more time) and created one more DC. Before promoting it I disabled
  the firewall and the user control in order to make sure nothing is stopping it. I also triple checked the time. I promoted it without the DNS server and Global Catalog functions. I faced the same wall. After the promotion the SYSVOL and NETLOGON shares were
  still not there. 
  After hours of more reading I finally found this:
  http://social.technet.microsoft.com/Forums/en-US/58b8cdc3-a990-46c7-a70e-a51fd6965537/sysvol-and-netlogon-shares-missing-from-new-domain-controllers-using-dfrs?forum=windowsserverpreview
  and it saved me. So I followed this guy's steps and my system shares showed up on both new DCs. Then I had to wait one more hour for everything to get in sync and after that I successfully shut down my main DC and the other two took over. 
  Thank you again for the help!
  Best regards,
  Irina

• Server 08 R2 DC - unable to open ADUC, netlogon does not start

  Hello everyone, and thank you in advance for any possible support.
  Note:  All identifying server/domain names have been replaced with "CORP" "Sub" and "Sibling" where appropriate.  Our forest consists of 3 domains - two which are 'siblings' at the top, CORP and Sibling, (corp being
  the primarily used one), and one which is a 'child' of Corp (Sub).
  Today we identified that on one of my domain controllers (named for this post, CORP-DC6) we are unable to open ADUC. This is only one of our 8 DC's, and it does not hold any FSMO roles; the only two important pieces on this server is that it's where we manage
  our OCS from (we use ADUC on this system to enable a user for OCS, create SIP addresses, etc) and that Certification Authority is installed on the system.
  Attempting to open ADUC gives error "Naming information cannot be located because: The target principal name is incorrect."
  Web searches for this prompted me to check DNS for issues.  In looking into DNS, I found that the system was somehow assigned a different IP address than it should have (it was now at 192.168.1.124 instead of 192.168.1.290 where it should have been).
   I moved the IP address back to the correct IP, and rebooted.  
  The issue was still there, so I continued searching; which lead me to a suggestion to check out my netlogon service.  I found that the Netlogon service was NOT running.   When attempting to start the service, it fails and I am presented wih the
  following error in the System event log:
  Log Name: System
  Source: Service Control Manager
  Date: 7/24/2013 10:54:59 AM
  Event ID: 7023
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: CORP-DC6.corp.com
  Description:
  The Netlogon service terminated with the following error:
  %%-1073741724
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
  <EventID Qualifiers="49152">7023</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8080000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:54:59.175664400Z" />
  <EventRecordID>850085</EventRecordID>
  <Correlation />
  <Execution ProcessID="496" ThreadID="584" />
  <Channel>System</Channel>
  <Computer>CORP-DC6.corp.om</Computer>
  <Security />
  </System>
  <EventData>
  <Data Name="param1">Netlogon</Data>
  <Data Name="param2">%%-1073741724</Data>
  </EventData>
  </Event>
  Additionally, there is also this error:
  Log Name: System
  Source: NETLOGON
  Date: 7/24/2013 10:54:59 AM
  Event ID: 5602
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: CORP-DC6.corp.com
  Description:
  An internal error occurred while accessing the computer's local or network security database.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="NETLOGON" />
  <EventID Qualifiers="0">5602</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:54:59.000000000Z" />
  <EventRecordID>850083</EventRecordID>
  <Channel>System</Channel>
  <Computer>CORP-DC6.corp.com</Computer>
  <Security />
  </System>
  <EventData>
  <Data>%%1317</Data>
  <Binary>640000C0</Binary>
  </EventData>
  </Event>
  At this point, I've read a bunch of stuff online and not really found anything that has helped nor seemed completely relevant.
  Additional Info that may help out:
  When I open Server Manager, it seems to think the local system's name is WIN-3OL3DIFK4S instead of CORP-DC6; similarly opening Device Manager from w/in Server manger gives a message about managing a remote system; even though I am managing the local system.
  There are additional errors in the System and Application log which are certainly issues, but I do not know if they pertain to the main issue at hand here or not.
  Log Name: System
  Source: Microsoft-Windows-GroupPolicy
  Date: 7/24/2013 10:55:04 AM
  Event ID: 1055
  Task Category: None
  Level: Error
  Keywords:
  User: SYSTEM
  Computer: CORP-DC6.corp.com
  Description:
  The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
  a) Name Resolution failure on the current domain controller.
  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
  <EventID>1055</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>1</Opcode>
  <Keywords>0x8000000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:55:04.448473700Z" />
  <EventRecordID>850088</EventRecordID>
  <Correlation ActivityID="{582C2637-5A99-47AE-B50C-C1A063DDABDC}" />
  <Execution ProcessID="888" ThreadID="1056" />
  <Channel>System</Channel>
  <Computer>CORP-DC6.corp.com</Computer>
  <Security UserID="S-1-5-18" />
  </System>
  <EventData>
  <Data Name="SupportInfo1">1</Data>
  <Data Name="SupportInfo2">1632</Data>
  <Data Name="ProcessingMode">1</Data>
  <Data Name="ProcessingTimeInMilliseconds">11762</Data>
  <Data Name="ErrorCode">5</Data>
  <Data Name="ErrorDescription">Access is denied. </Data>
  </EventData>
  </Event>
  Log Name: System
  Source: LsaSrv
  Date: 7/24/2013 10:55:13 AM
  Event ID: 40961
  Task Category: None
  Level: Warning
  Keywords:
  User: SYSTEM
  Computer: CORP-DC6.corp.com
  Description:
  The Security System could not establish a secured connection with the server ldap/corp-dc1.corp.com/[email protected]. No authentication protocol was available.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
  <EventID>40961</EventID>
  <Version>0</Version>
  <Level>3</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:55:13.262489200Z" />
  <EventRecordID>850092</EventRecordID>
  <Correlation />
  <Execution ProcessID="504" ThreadID="1332" />
  <Channel>System</Channel>
  <Computer>CORP-DC6.corp.com</Computer>
  <Security UserID="S-1-5-18" />
  </System>
  <EventData>
  <Data Name="Target">ldap/CORP-dc1.corp.com/[email protected]</Data>
  </EventData>
  </Event>
  Log Name: System
  Source: Microsoft-Windows-DfsSvc
  Date: 7/24/2013 10:55:24 AM
  Event ID: 14548
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: CORP-DC6.corp.com
  Description:
  The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-DfsSvc" Guid="{7DA4FE0E-FD42-4708-9AA5-89B77A224885}" EventSourceName="DfsSvc" />
  <EventID Qualifiers="49152">14548</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:55:24.000000000Z" />
  <EventRecordID>850102</EventRecordID>
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Channel>System</Channel>
  <Computer>CORP-DC6.corp.com</Computer>
  <Security />
  </System>
  <EventData Name="DfsNoTrustedDomainInfo">
  <Binary>B5060000</Binary>
  </EventData>
  </Event>
  Log Name: System
  Source: Microsoft-Windows-Security-Kerberos
  Date: 7/24/2013 10:57:44 AM
  Event ID: 4
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: CORP-DC6.corp.com
  Description:
  The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/corp-dc1.corp.com. The target name used was cifs/corp-dc1.corp.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CORP.COM) is different from the client domain (CORP.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
  <EventID Qualifiers="16384">4</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:57:44.000000000Z" />
  <EventRecordID>850163</EventRecordID>
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Channel>System</Channel>
  <Computer>CORP-DC6.CORP.com</Computer>
  <Security />
  </System>
  <EventData>
  <Data Name="Server">host/corp-dc1.corp.com</Data>
  <Data Name="TargetRealm">CORP.COM</Data>
  <Data Name="Targetname">cifs/corp-dc1.corp.com</Data>
  <Data Name="ClientRealm">CORP.COM</Data>
  <Binary>
  </Binary>
  </EventData>
  </Event>
  There are also the following errors in the Application event log
  Log Name: Application
  Source: Microsoft-Windows-CertificationAuthority
  Date: 7/24/2013 10:55:13 AM
  Event ID: 91
  Task Category: None
  Level: Error
  Keywords: Classic
  User: SYSTEM
  Computer: CORP-DC6.corp.com
  Description:
  Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
  <EventID Qualifiers="49754">91</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:55:13.000000000Z" />
  <EventRecordID>254767</EventRecordID>
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Channel>Application</Channel>
  <Computer>CORP-DC6.corp.com</Computer>
  <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="MSG_E_DS_RETRY">
  </EventData>
  </Event>
  Log Name: Application
  Source: Microsoft-Windows-CertificationAuthority
  Date: 7/24/2013 10:55:30 AM
  Event ID: 44
  Task Category: None
  Level: Error
  Keywords: Classic
  User: SYSTEM
  Computer: CORP-DC6.corp.com
  Description:
  The "Windows default" Policy Module "Initialize" method returned an error. Logon failure: unknown user name or bad password. The returned status code is 0x8007052e (1326). The Active Directory containing the Certification Authority could not be contacted.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
  <EventID Qualifiers="49754">44</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:55:30.000000000Z" />
  <EventRecordID>254773</EventRecordID>
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Channel>Application</Channel>
  <Computer>CORP-DC6.corp.com</Computer>
  <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="MSG_E_POLICY_ERROR">
  <Data Name="PolicyModuleDescription">Windows default</Data>
  <Data Name="MethodName">Initialize</Data>
  <Data Name="ErrorCode">0x8007052e (1326)</Data>
  <Data Name="param4">The Active Directory containing the Certification Authority could not be contacted.
  </Data>
  <Data Name="ErrorString">Logon failure: unknown user name or bad password.</Data>
  </EventData>
  </Event>
  Log Name: Application
  Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
  Date: 7/24/2013 10:55:31 AM
  Event ID: 6
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: CORP-DC6.corp.com
  Description:
  Automatic certificate enrollment for local system failed (0x8007052e) Logon failure: unknown user name or bad password.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" />
  <EventID Qualifiers="16384">6</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2013-07-24T14:55:31.000000000Z" />
  <EventRecordID>254775</EventRecordID>
  <Correlation />
  <Execution ProcessID="0" ThreadID="0" />
  <Channel>Application</Channel>
  <Computer>CORP-DC6.corp.com</Computer>
  <Security />
  </System>
  <EventData>
  <Data Name="Context">local system</Data>
  <Data Name="ErrorCode">0x8007052e</Data>
  <Data Name="ErrorMsg">Logon failure: unknown user name or bad password.
  </Data>
  </EventData>
  </Event>
  Link to output of DCDiag on pastebin: http://pastebin.com/VFPTcEGT
  Smply based on a quick look through of the dcdiag and the various event log messages, It seems to me that the NetLogon service not starting up is causing most of the errors; but I am not aware of how to get it to start up.

  Thank you for the quick response!
  Windows firewall is disabled for all network profiles.
  We have do have 7 DC's in the forest.  here's an image i created a while back that lists our DC's and shows the replication partners (not really relevant, but this shows the DC's) http://i.imgur.com/AtjGuiM.jpg
  I believe May 27 was a date in which we performed maintenance/upgrades on our vmware virtual hardware on this VM; when we upgraded the virtual hardware, it created a new NIC device on this server (which is how the system lost it's IP address configuration).
   Today, I assigned the correct IP to the 'new' NIC.
  will look at link about Kerberos
  I'm unfortunately not familiar enough with the purposes of the internal vs external forwarders to comment on this or make a change at this time.
  IPConfig info shown below
  DNS is AD integrated, each domain has it's own DNS servers and have conditional forwarders to point to the other domain when appropriate. I believe each DC is also running DNS, but via DHCP we only pass out at most two DNS servers to client systems (main
  office, it's 192.168.1.7, 192.168.1.8)
  C:\Users\daniel_da>ipconfig -all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : CORP-DC6
  Primary Dns Suffix . . . . . . . : corp.com
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : corp.com
  sibling.com
  sub.corp.com
  Ethernet adapter Local Area Connection 2:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
  2
  Physical Address. . . . . . . . . : 00-50-56-AD-5C-29
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::f43a:f215:c266:5a70%14(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.1.190(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DHCPv6 IAID . . . . . . . . . . . : 285233238
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-F5-25-A1-00-50-56-AD-5C-29
  DNS Servers . . . . . . . . . . . : 192.168.1.8
  192.168.1.7
  NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{5B04D7AC-9161-4A51-9ADC-166E37EE4D0E}:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  C:\Users\daniel_da>
  C:\Documents and Settings\daniel_da>ipconfig -all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : corp-dc1
  Primary Dns Suffix . . . . . . . : corp.com
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : corp.com
  sibling.com
  sub.corp.com
  Ethernet adapter Local Area Connection 3:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
  Physical Address. . . . . . . . . : 00-50-56-AD-29-1D
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.1.8
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DNS Servers . . . . . . . . . . . : 192.168.1.8
  192.168.1.7
  Primary WINS Server . . . . . . . : 192.168.1.7
  C:\Documents and Settings\daniel_da>
  C:\Documents and Settings\daniel_da>ipconfig -all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : CORP-DC2
  Primary Dns Suffix . . . . . . . : corp.com
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : corp.com
  sibling.com
  sub.corp.com
  Ethernet adapter Local Area Connection:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #3
  Physical Address. . . . . . . . . : 00-50-56-AD-67-B0
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.1.7
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DNS Servers . . . . . . . . . . . : 192.168.1.7
  192.168.1.8
  Primary WINS Server . . . . . . . : 192.168.1.7
  C:\Documents and Settings\daniel_da>
  C:\Documents and Settings\daniel_da>ipconfig -all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : sub-dc2
  Primary Dns Suffix . . . . . . . : sub.corp.com
  Node Type . . . . . . . . . . . . : Unknown
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : sub.corp.com
  corp.com
  Ethernet adapter Local Area Connection:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
  Physical Address. . . . . . . . . : 00-50-56-AD-39-7E
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.1.136
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1
  DNS Servers . . . . . . . . . . . : 192.168.1.8
  192.168.1.7
  C:\Users\daniel_da>ipconfig -all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : Sibling-DC3
  Primary Dns Suffix . . . . . . . : sibling.com
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : sibling.com
  corp.com
  Ethernet adapter Local Area Connection 2:
  Connection-specific DNS Suffix . : corp.com
  Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
  2
  Physical Address. . . . . . . . . : 00-50-56-AD-6E-97
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::7c97:854f:8bf5:efdb%17(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.1.147(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Monday, May 27, 2013 2:53:39 PM
  Lease Expires . . . . . . . . . . : Thursday, July 25, 2013 2:56:42 AM
  Default Gateway . . . . . . . . . : 192.168.1.1
  DHCP Server . . . . . . . . . . . : 192.168.1.7
  DHCPv6 IAID . . . . . . . . . . . : 285233238
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B5-55-91-00-50-56-AD-6E-97
  DNS Servers . . . . . . . . . . . : 192.168.1.8
  192.168.1.7
  Primary WINS Server . . . . . . . : 192.168.1.7
  NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.occfiber.com:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . : corp.com
  Description . . . . . . . . . . . : Microsoft ISATAP Adapter
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
  Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  C:\Documents and Settings\daniel_da>ipconfig -all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : corpsite3-dc7
  Primary Dns Suffix . . . . . . . : corp.com
  Node Type . . . . . . . . . . . . : Unknown
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : corp.com
  sibling.com
  sub.corp.com
  Ethernet adapter Dallas:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : BASP Virtual Adapter
  Physical Address. . . . . . . . . : 00-19-B9-EA-65-FA
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 192.168.35.7
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.35.1
  DNS Servers . . . . . . . . . . . : 192.168.35.7
  C:\Documents and Settings\daniel_da>ipconfig -all
  Windows IP Configuration
  Host Name . . . . . . . . . . . . : siblig-dc1
  Primary Dns Suffix . . . . . . . : siblingsite2.com
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : sibling.com
  corp.com
  Ethernet adapter smpdc1_nw:
  Connection-specific DNS Suffix . :
  Description . . . . . . . . . . . : BASP Virtual Adapter
  Physical Address. . . . . . . . . : 00-14-5E-2B-0D-88
  DHCP Enabled. . . . . . . . . . . : No
  IP Address. . . . . . . . . . . . : 172.20.24.2
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 172.20.24.5
  DNS Servers . . . . . . . . . . . : 172.20.24.2
  172.20.24.221

• AD Replication issues, SYSVOL / NETLOGON not replicating

  Hello Experts!
  We have a client that recently called us for some assistance. The IT department had a new virtual environment stood up. They Created 3 new VMs and promoted them all to domain controllers. The current domain and forest functional levels are (and were) Server
  2003. There were two existing domain controllers, both Server 2003. The new domain controllers are Server 2012 R2. After promoting the 3 new servers to DC’s, they demoted one of the old DC’s. Then they transferred FSMO roles to a new 2012 R2 DC. When they
  went to demote the last server 2003 DC, it was giving them the error that it is the last DC in the domain. That’s when we were called to assist. I have since demoted 2 of the 3 new 2012 R2 DCs and transferred all FSMO roles back to the Server 2003 DC.
  I have been running some tools to try and gather data. Here is the DCDIAG from the last Server 2003 DC:
  C:\Documents and Settings\user>dcdiag /fix
  Domain Controller Diagnosis
  Performing initial setup:
     Done gathering initial info.
  Doing initial required tests
     Testing server: domainname\server2003server
        Starting test: Connectivity
           ......................... server2003server passed test Connectivity
  Doing primary tests
     Testing server: domainname\server2003server
        Starting test: Replications
           ......................... server2003server passed test Replications
        Starting test: NCSecDesc
           ......................... server2003server passed test NCSecDesc
        Starting test: NetLogons
           ......................... server2003server passed test NetLogons
        Starting test: Advertising
           ......................... server2003server passed test Advertising
        Starting test: KnowsOfRoleHolders
           ......................... server2003server passed test KnowsOfRoleHolders
        Starting test: RidManager
           ......................... server2003server passed test RidManager
        Starting test: MachineAccount
           ......................... server2003server passed test MachineAccount
        Starting test: Services
           ......................... server2003server passed test Services
        Starting test: ObjectsReplicated
           ......................... server2003server passed test ObjectsReplicated
        Starting test: frssysvol
           ......................... server2003server passed test frssysvol
        Starting test: frsevent
           There are warning or error events within the last 24 hours after the
           SYSVOL has been shared.  Failing SYSVOL replication problems may cause
           Group Policy problems.
           ......................... server2003server failed test frsevent
        Starting test: kccevent
           ......................... server2003server passed test kccevent
        Starting test: systemlog
           An Error Event occured.  EventID: 0x0000410B
              Time Generated: 02/18/2015   19:27:04
              Event String: The request for a new account-identifier pool
           An Error Event occured.  EventID: 0xC4350607
              Time Generated: 02/18/2015   19:28:22
              Event String: Component: System Information Agent
           An Error Event occured.  EventID: 0xC00110CD
              Time Generated: 02/18/2015   19:28:22
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00072787
              Time Generated: 02/18/2015   19:28:22
              Event String: The WinRM service is unable to start because of a
           An Error Event occured.  EventID: 0xC0060024
              Time Generated: 02/18/2015   19:28:34
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0xC0002720
              Time Generated: 02/18/2015   19:32:26
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0xC25A001D
              Time Generated: 02/18/2015   14:33:27
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x825A0011
              Time Generated: 02/18/2015   14:33:28
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x825A0011
              Time Generated: 02/18/2015   14:33:31
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x0000410B
              Time Generated: 02/18/2015   14:36:18
              Event String: The request for a new account-identifier pool
           An Error Event occured.  EventID: 0xC4350607
              Time Generated: 02/18/2015   14:38:48
              Event String: Component: System Information Agent
           An Error Event occured.  EventID: 0x00072787
              Time Generated: 02/18/2015   14:38:48
              Event String: The WinRM service is unable to start because of a
           An Error Event occured.  EventID: 0xC4350505
              Time Generated: 02/18/2015   14:38:54
              Event String: NIC Agent: Connectivity has been lost for the NIC
           An Error Event occured.  EventID: 0x825A0011
              Time Generated: 02/18/2015   14:39:00
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x825A0011
              Time Generated: 02/18/2015   14:39:14
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168E
              Time Generated: 02/18/2015   14:39:54
              Event String: The dynamic registration of the DNS record
           An Error Event occured.  EventID: 0x0000168F
              Time Generated: 02/18/2015   14:42:09
              Event String: The dynamic deletion of the DNS record
           An Error Event occured.  EventID: 0x0000168F
              Time Generated: 02/18/2015   14:42:09
              Event String: The dynamic deletion of the DNS record
           An Error Event occured.  EventID: 0x0000168F
              Time Generated: 02/18/2015   14:42:09
              Event String: The dynamic deletion of the DNS record
           An Error Event occured.  EventID: 0x0000168F
              Time Generated: 02/18/2015   14:42:09
              Event String: The dynamic deletion of the DNS record
           An Error Event occured.  EventID: 0xC25A001D
              Time Generated: 02/18/2015   14:42:10
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x825A0011
              Time Generated: 02/18/2015   14:42:22
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x825A0011
              Time Generated: 02/18/2015   14:42:37
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0xC4350607
              Time Generated: 02/18/2015   14:48:03
              Event String: Component: System Information Agent
           An Error Event occured.  EventID: 0x00072787
              Time Generated: 02/18/2015   14:48:03
              Event String: The WinRM service is unable to start because of a
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:06
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:06
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:06
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   14:50:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x40000004
              Time Generated: 02/18/2015   14:55:30
              Event String: The kerberos client received a
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:36
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:37
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:37
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:38
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:38
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:38
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:38
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:38
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:38
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:11:39
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:07
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:08
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:08
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:09
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:09
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:09
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:10
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:10
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:10
              (Event String could not be retrieved)
           An Error Event occured.  EventID: 0x00000457
              Time Generated: 02/18/2015   15:16:10
              (Event String could not be retrieved)
           ......................... server2003server failed test systemlog
        Starting test: VerifyReferences
           Some objects relating to the DC server2003server have problems:
              [1] Problem: Missing Expected Value
               Base Object:
              CN= server2003server,OU=Domain Controllers,DC=domainname,DC=com
               Base Object Description: "DC Account Object"
               Value Object Attribute Name: frsComputerReferenceBL
               Value Object Description: "SYSVOL FRS Member Object"
               Recommended Action: See Knowledge Base Article: Q312862
              [1] Problem: Missing Expected Value
               Base Object:
              CN=NTDS Settings,CN= server2003server,CN=Servers,CN=domainname,CN=Sites,CN=C
  onfiguration,DC=domainname,DC=com
               Base Object Description: "DSA Object"
               Value Object Attribute Name: serverReferenceBL
               Value Object Description: "SYSVOL FRS Member Object"
               Recommended Action: See Knowledge Base Article: Q312862
           ......................... server2003server failed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
     Running partition tests on : DomainDnsZones
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
     Running partition tests on : Schema
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
     Running partition tests on : Configuration
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
     Running partition tests on : domainname
        Starting test: CrossRefValidation
           ......................... domainname passed test CrossRefValidation
        Starting test: CheckSDRefDom
           ......................... domainname passed test CheckSDRefDom
     Running enterprise tests on : domainname.com
        Starting test: Intersite
           ......................... domainname.com passed test Intersite
        Starting test: FsmoCheck
           ......................... domainname.com passed test FsmoCheck
  C:\Documents and Settings\user>
  Now the DCDIAG for the Server 2012 R2 DC.
  2012R2DC
  PS C:\Users\user > dcdiag /fix
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = 2012R2DC
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: domainname\2012R2DC
        Starting test: Connectivity
           ......................... 2012R2DC
  passed test Connectivity
  Doing primary tests
     Testing server: domainname\2012R2DC
        Starting test: Advertising
           Warning: DsGetDcName returned information for \\server2003server.domainname.com, when we were trying to reach 2012R2DC.
           SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
           ......................... 2012R2DC
  failed test Advertising
        Starting test: FrsEvent
           There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
           replication problems may cause Group Policy problems.
           ......................... 2012R2DC
  passed test FrsEvent
        Starting test: DFSREvent
           ......................... 2012R2DC passed test DFSREvent
        Starting test: SysVolCheck
           ......................... 2012R2DC passed test SysVolCheck
        Starting test: KccEvent
           ......................... 2012R2DC passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... 2012R2DC passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... 2012R2DC passed test MachineAccount
        Starting test: NCSecDesc
           ......................... 2012R2DC passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\2012R2DC \netlogon)
           [2012R2DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
           ......................... 2012R2DC failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... 2012R2DC passed test ObjectsReplicated
        Starting test: Replications
           [Replications Check, 2012R2DC] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105
           "Replication access was denied."
           ......................... 2012R2DC failed test Replications
        Starting test: RidManager
           ......................... 2012R2DC passed test RidManager
        Starting test: Services
              Could not open NTDS Service on 2012R2DC, error 0x5 "Access is denied."
           ......................... 2012R2DC failed test Services
        Starting test: SystemLog
           An error event occurred.  EventID: 0x0000041E
              Time Generated: 02/18/2015   14:39:32
              Event String:
              The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
  be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
           An error event occurred.  EventID: 0x0000041E
              Time Generated: 02/18/2015   14:44:34
              Event String:
              The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
  be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
           An error event occurred.  EventID: 0x40000004
              Time Generated: 02/18/2015   14:47:09
              Event String:
              The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server cr-dc3$. The target name used was C
  RDC02$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when t
  he target server principal name (SPN) is registered on an account other than the account the target service is using. En
  sure that the target SPN is only registered on the account used by the server. This error can also happen if the target
  service account password is different than what is configured on the Kerberos Key Distribution Center for that target se
  rvice. Ensure that the service on the server and the KDC are both configured to use the same password. If the server nam
  e is not fully qualified, and the target domain (domainname.COM) is different from the client domain (domainname.COM),
   check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify
  the server.
           ......................... 2012R2DC failed test SystemLog
        Starting test: VerifyReferences
           ......................... 2012R2DC passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : domainname
        Starting test: CheckSDRefDom
           ......................... domainname passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... domainname passed test CrossRefValidation
     Running enterprise tests on : domainname.com
        Starting test: LocatorCheck
           ......................... domainname.com passed test LocatorCheck
        Starting test: Intersite
           ......................... domainname.com passed test Intersite
  PS C:\Users\user>
  From here I can see SYSVOL and NETLOGON are not replicating from server2003server. When I log on to server2003server and run ‘net share’ the SYSVOL and NETLOGON shares are shared. But, when I do the same on 2012R2DC there are no NETLOGON or SYSVOL shares.
  I see ntfrs issues. So I ran ntfrsutl ds on server2003server and the results are here:
  C:\Documents and Settings\user>ntfrsutl ds
  NTFRS CONFIGURATION IN THE DS
  SUBSTITUTE DCINFO FOR DC
     FRS  DomainControllerName: (null)
     Computer Name            : SERVER2003SERVER
     Computer DNS Name        : SERVER2003SERVER.domainname.com
  BINDING TO THE DS:
     ldap_connect     : SERVER2003SERVER.domainname.com
     DsBind     : SERVER2003SERVER.domainname.com
  NAMING CONTEXTS:
     SitesDn    : CN=Sites,cn=configuration,dc= domainname,dc=com
     ServicesDn : CN=Services,cn=configuration,dc= domainname,dc=com
     DefaultNcDn: DC= domainname,DC=com
     ComputersDn: CN=Computers,DC= domainname,DC=com
     DomainCtlDn: OU=Domain Controllers,DC= domainname,DC=com
     Fqdn       : CN= SERVER2003SERVER,OU=Domain Controllers,DC= domainname,DC=com
     Searching  : Fqdn
  COMPUTER: SERVER2003SERVER
     DN   : cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
     Guid : d3cfdf56-a013-40ab-a2e9ffc3d88896bd
     UAC  : 0x00082000
     Server BL : CN= SERVER2003SERVER,CN=Servers,CN=domainname,CN=Sites,CN=Configuration,D
  C= SERVER2003SERVER,DC=com
     Settings  : cn=ntds settings,cn= SERVER2003SERVER,cn=servers,cn= domainname,cn=sites,c
  n=configuration,dc= domainname,dc=com
     DNS Name  : SERVER2003SERVER. domainname.com
     WhenCreated  : 5/29/2007 10:36:30 Eastern Standard Time Eastern Daylight Time
   [300]
     WhenChanged  : 2/17/2015 11:21:58 Eastern Standard Time Eastern Daylight Time
   [300]
     SUBSCRIPTION: NTFRS SUBSCRIPTIONS
        DN   : cn=ntfrs subscriptions,cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
        Guid : 5d0ca299-209d-4814-ae6d7acd9209e10a
        Working       : c:\windows\ntfrs
        Actual Working: c:\windows\ntfrs
        WhenCreated  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
  ime [300]
        WhenChanged  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
  ime [300]
        SUBSCRIBER: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
           DN   : cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn
  = SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
           Guid : fb56d707-3c40-429f-bd7c63d227b9fb5d
           Member Ref: (null)
           Root      : c:\windows\sysvol\domain
           Stage     : c:\windows\sysvol\staging\domain
           WhenCreated  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
  t Time [300]
           WhenChanged  : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
  t Time [300]
     SERVER2003SERVER IS NOT A MEMBER OF ANY SET!
  C:\Documents and Settings\user>
  Also worth noting that when we power down SERVER2003SERVER no computer can contact a logon server. 
  The last line of this worries me as well. I am going to continue to work on this but I wanted to get these logs to some other eyes in case you have some ideas off the bat. Thanks in advance!

  I would first recommend to make sure that the new DCs are also global catalogs and to refer to IP setting recommendations I shared here: http://www.ahmedmalek.com/web/fr/home.asp
  It is possible to do a non-authoritative restore of SYSVOL to make it appear on the other DCs: https://support.microsoft.com/kb/290762?wa=wsignin1.0
  However, you would need to upgrade to DFSR.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Domain Controller cannot access \\domain\netlogon causing Auth issues

  Hi everyone, I have been spent all day trying to figure out what is going on here, I have a Domain controller (only DC in the environment) that is acting funny
  I first noticed when I was attempting to RDP into a server in my domain I was getting "access denied" (but I could log in as a local admin). So when I looked at the Domain Controller, I ran a DCDiag DNS test and got some an AUTH error, but am not
  able to figure out how to fix this.
  Another thing I notice is when I am signed into the domain Controller (GP2010-a), I cannot browse to
  \\contoso.com\netlogon or any similar share.
  Here is the kicker, other servers on this domain, server3, server4, server5 etc... THEY CAN access
  \\contoso.com\netlogon It is ONLY the Domain controller and Server2 that CANNOT access this share. The other servers also allow me to RDP into them fine, it is only 1 server that is affected by this strange behavior.
  I have checked for no IP conflicts and as far as I can tell all the DNS records are correct.
  Regarding the DYNAMIC ip warning, we have a reservation that assigns the IP
  thanks for any input here as i'm really stuck,
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = GP2010-A
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\GP2010-A
        Starting test: Connectivity
           ......................... GP2010-A passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\GP2010-A
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           ......................... GP2010-A passed test DNS
     Running partition tests on : ForestDnsZones
     Running partition tests on : DomainDnsZones
     Running partition tests on : Schema
     Running partition tests on : Configuration
     Running partition tests on : contoso
     Running enterprise tests on : contoso.com
        Starting test: DNS
           Test results for domain controllers:
              DC: GP2010-A.contoso.com
              Domain: contoso.com
                 TEST: Authentication (Auth)
                    Error: Authentication failed with specified credentials
                 TEST: Basic (Basc)
                    Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                    (can be a misconfiguration)
           Summary of test results for DNS servers used by the above domain
           controllers:
              DNS server: 128.8.10.90 (d.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90              
              DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235              
              DNS server: 2001:500:2::c (c.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c              
              DNS server: 2001:500:2d::d (d.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d              
              DNS server: 2001:500:2f::f (f.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f              
              DNS server: 2001:500:3::42 (l.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42              
              DNS server: 2001:500:84::b (b.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b              
              DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30              
              DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30              
              DNS server: 2001:7fd::1 (k.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1              
              DNS server: 2001:7fe::53 (i.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53              
              DNS server: 2001:dc3::35 (m.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35              
           Summary of DNS test results:
  Auth Basc Forw Del  Dyn  RReg Ext
              Domain: contoso.com
                 GP2010-A                     FAIL WARN PASS PASS PASS PASS n/a 
           ......................... contoso.com failed test DNS

  Hi,
  TEST: Basic (Basc)
                    Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                    (can be a misconfiguration)
  Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
  1) On your DC which is having issue, run "ipconfig /all"
  2) Repadmin /showrepl
  Thanks,
  Umesh.S.K
  Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
  C:\Users\Administrator>repadmin /showrepl
  Repadmin: running command /showrepl against full DC localhost
  Default-First-Site-Name\GP2010-A
  DSA Options: IS_GC
  Site Options: (none)
  DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
  DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927