Only contact Domain Controller when on a particular network
As per subject, I have a laptop joined to a domain and logging on is slow when outside the network. Obviously it is trying to contact the domain contoller but fails. Can we set it to immediately use the last saved password when not within the network?
That might be the reason.
but as you could logon it, the cached info is worked here. the logon is slow might caused by the mapped drives. and disable the always wait ..policy should fit this, which is not recommended when mapped drive is in use.
Run Xperf to take a check with the slow logon process.
http://blogs.technet.com/b/yongrhee/archive/2013/10/15/tool-windows-performance-toolkit-xperf-wprui-and-wpr-updated-version-as-of-aug-2013.aspx
Rgds
Similar Messages
-
DFSR failed to contact domain controller
Im having an odd problem with DFSR group we created to replicate web content between two of our web servers.
In event viewer we have this event 1202 for DFSR.
"The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can
be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)"
In the DFSR logs I see this.
20140303 12:18:27.874 1404 CFAD 8300 Config::AdConfig::GetLocalComputerNameWithDns Computer's fully-qualified DNS name: DFSRSERVER.domain.tld
20140303 12:18:27.920 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
20140303 12:18:27.936 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
20140303 12:18:28.467 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
20140303 12:18:28.467 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
20140303 12:18:28.514 1404 SCFS 150 [WARN] ServiceConfig::DsPollIsDue Failed to enable lightweight polling. Error:
+ [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
20140303 12:18:28.514 1404 CREG 1419 Config::RegReader::IsSysVolCommitFlagSet key: System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Demoting SysVols valueName:'SysVol Information is Committed' result:0
20140303 12:18:28.514 1404 W2CH 266 ConfigurationHelper::PollAdConfigNow Trying to connect to AD
20140303 12:18:28.514 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
20140303 12:18:28.514 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
20140303 12:18:28.514 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
20140303 12:18:28.514 1404 EVNT 1194 EventLog::Report Logging eventId:1202 parameterCount:4
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter1:
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter2:60
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter3:160
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter4:One or more arguments are not correct.
20140303 12:18:28.530 1404 W2CH 318 [ERROR] ConfigurationHelper::PollAdConfigNow (Ignored) Failed to connect to AD. Error:
+ [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
When I run "dfsrdiag pollad":
[ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
[ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
However I can run "dfsrdiag dumpadcfg" and it outputs everything fine.
We don't have any other problems with AD. It seems like this started after we installed KB2467173 & KB2538242. We are going to uninstall those and see if it works.I can successfully run "dfsrdiag.exe dumpadcfg" and it outputs the entire config. Why does "dfsrdiag pollad" fail then if the config can be read.
Why did it work before I rebooted the server? In both cases it broke after rebooting.
PS C:\Windows\system32> dfsrdiag dumpadcfg
LDAP Bind : mydc.domain.tld
SitesDn : cn=sites,cn=configuration,dc=domain,dc=tld
ServicesDn : cn=services,cn=configuration,dc=domain,dc=tld
SystemDn : cn=system,dc=domain,dc=tld
DefaultNcDn : dc=domain,dc=tld
ComputersDn : cn=computers,dc=domain,dc=tld
DomainCtlDn : ou=domain controllers,dc=domain,dc=tld
SchemaDn : CN=Schema,CN=Configuration,dc=domain,dc=tld
COMPUTER: web1
DN : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 152E849C-4D7B-4AE8-B034-83747DBC1E89
DNS : web1.domain.tld
Server Ref : (null)
USN Changed : 10862129
When Created : Friday, January 31, 2014 8:41:06 PM
When Changed : Tuesday, March 4, 2014 2:54:36 PM
LOCAL SETTINGS: DFSR-LOCALSETTINGS
DN : cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 3FD696E7-6598-4CDB-B2AB-98F148C0D2F7
Version : 1.0.0.0
USN Changed : 10932017
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:15:25 PM
SUBSCRIBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 1119B663-F02A-4F1F-A904-23A87CFC93C3
Member Ref : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
USN Changed : 10931931
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
SUBSCRIPTION: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
DN : cn=6783dde1-c795-4e8b-b07d-4ea8d7d0317f,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 3737B1F2-7E38-47E2-90E7-E57D82B145F1
ContentSetGuid: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
Root Path : c:\inetpub\internetsites
Root Size : 10240 (MB)
Staging Path : c:\inetpub\internetsites\dfsrprivate\staging
Staging Size : 4096 (MB)
Conflict Path : c:\inetpub\internetsites\dfsrprivate\conflictanddeleted
Conflict Size : 4096 (MB)
USN Changed : 10931919
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
SUBSCRIPTION: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
DN : cn=f2f1f3a2-b36f-4170-b371-8e8043df73f4,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 57E7F8D7-1121-4334-BC81-74226ADF8969
ContentSetGuid: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
Root Path : c:\internet_data
Root Size : 10240 (MB)
Staging Path : c:\internet_data\dfsrprivate\staging
Staging Size : 4096 (MB)
Conflict Path : c:\internet_data\dfsrprivate\conflictanddeleted
Conflict Size : 4096 (MB)
USN Changed : 10931921
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
SUBSCRIPTION: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
DN : cn=d0438b52-b706-4e40-b4c3-fe7a1aca5fcf,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : F8217091-F71A-4D4A-A676-097583171A63
ContentSetGuid: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
Root Path : c:\php\phpsites
Root Size : 10240 (MB)
Staging Path : c:\php\phpsites\dfsrprivate\staging
Staging Size : 4096 (MB)
Conflict Path : c:\php\phpsites\dfsrprivate\conflictanddeleted
Conflict Size : 4096 (MB)
USN Changed : 10931923
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
GLOBAL SETTINGS: DFSR-GLOBALSETTINGS
DN : cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 2E98CE5E-5CC7-4322-B5EA-2B6B340C689F
USN Changed : 12525
When Created : Saturday, October 22, 2011 1:56:38 AM
When Changed : Saturday, October 22, 2011 1:56:38 AM
REPLICATION GROUP: WEB CONTENT
DN : cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 9C94A417-6F6C-4F6C-BBFA-B8F52854C4DF
Type : 0 (UNKNOWN REPLICATION GROUP TYPE)
Options : 0x1 [Local Time Schedule]
USN Changed : 10931906
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT: CONTENT
DN : cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 6714C533-E631-4E71-930D-E4934FB7BD7E
USN Changed : 10931908
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT SET: INTERNET_DATA
DN : cn=internet_data,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : F2F1F3A2-B36F-4170-B371-8E8043DF73F4
File Filter : ~*, *.bak, *.tmp
Compression Excl : (null)
Dir Filter : (null)
USN Changed : 10931916
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT SET: INTERNETSITES
DN : cn=internetsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
File Filter : ~*, *.bak, *.tmp
Compression Excl : (null)
Dir Filter : (null)
USN Changed : 10931915
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT SET: PHPSITES
DN : cn=phpsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
File Filter : ~*, *.bak, *.tmp
Compression Excl : (null)
Dir Filter : (null)
USN Changed : 10931917
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
TOPOLOGY: TOPOLOGY
DN : cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 16053002-7B99-4DA7-BFE5-2A6418040640
USN Changed : 10931907
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
MEMBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 75A99277-C401-409F-A32D-6D8EE18E5D0C
Server Ref : (null)
Computer Ref : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
Keywords : (null)
Computer DNS : web1.domain.tld
USN Changed : 10931933
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CXTION: 9ECE3EB7-FE97-4A1B-8DE3-47A77B2C625B
DN : cn=9ece3eb7-fe97-4a1b-8de3-47a77b2c625b,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 1D26B348-3875-4BD1-9473-E72506AFA222
Inbound : true
Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
Enabled : TRUE
Options : 0x1 [Local Time Schedule]
USN Changed : 10931924
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CXTION: 2BFA8BE2-0444-4AAF-8293-A5486CF8D7A3
DN : cn=2bfa8be2-0444-4aaf-8293-a5486cf8d7a3,cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : A7203451-D95F-44D5-AC04-13056DCE5A89
Inbound : false
Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
Enabled : TRUE
Options : 0x1 [Local Time Schedule]
USN Changed : 10931925
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
MEMBER: 46F913DB-8509-4581-A66D-D37E4EA3EF29
DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 1BA26D07-45F5-44A0-8450-9274AFD99B1C
Server Ref : (null)
Computer Ref : cn=fccu01web,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
Keywords : (null)
Computer DNS : fccu01web.domain.tld
USN Changed : 10931927
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
Operation Succeeded -
DFS Replication failed to contact Domain Controller.....
I have seen this error since the inception of this stand alone AD PDC instance of Windows server 2012 R2 Essentials. I understand that Essentials does not support other Domain Controllers ; Member servers ; or trust between Domains of any kind. I also
understand that DSF Replication is a service that replicates files between other servers and other domain servers that Essentials dose not want to talk to.
So my question is why am I seeing this DFSR error 1202 in my event log, if Essentials does not support communication to other servers and domain servers? Maybe a better question is why does Essentials even try to implement this
service? Do I even need to try to resolve this issue or should I just disable it and move on?
Contents of Error:
Log Name: DFS Replication
Source: DFSR
Date: 2/6/2014 1:57:57 PM
Event ID: 1202
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Hxxx2.xxxxxxxxxxxxx.local
Description:
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused
by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="DFSR" />
<EventID Qualifiers="49152">1202</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-02-06T19:57:57.000000000Z" />
<EventRecordID>194</EventRecordID>
<Channel>DFS Replication</Channel>
<Computer>Hxxx2.Hxxxxxxxxxxxxx.local</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>60</Data>
<Data>160</Data>
<Data>One or more arguments are not correct.</Data>
</EventData>
</Event>Hi,
Did you mean that you did not configure a DFS server in the new DC but you get the DFSR error 1202 in your event log? Then the issue is not related to the existing SBS domain.
Please try to turn off the Windows Firewall to check if it causes the issue. You could also refer to the articles below to troubleshoot the issue:
Newly Promoted Win2K8 DC is not advertising as Domain Controller.
http://blogs.technet.com/b/niraj_kumar/archive/2009/04/23/newly-promoted-win2k8-dc-is-not-advertising-as-domain-controller.aspx
Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face
https://blogs.technet.com/b/askds/archive/2011/04/08/restrictions-for-unauthenticated-rpc-clients-the-group-policy-that-punches-your-domain-in-the-face.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
This is killing my remote management. I have 4 server 2012R2 domain controllers. Only one of them is being affected with this problem. Almost everytime I check, the remote registry service is disabled again. It seems like there is a corrupt
group policy preference that keeps on attacking during a policy refresh, but I can't imagine setting a group policy to disable this service. It is needed for our remote management. Also the IP Tunnel service is also disabling. Another strange
artifact is that when I set a Windows Firewall policy to add an exception for remote administration in a group policy to my Admin workstation, it seemed to set a firewall rule in other computers to block remote administration. I can not figure out where
else this strange Windows Firewall rule Blocking remote administration could have come from. These may be related or they may not, but they are occuring on the same domain controller. I am able to set the RemoteRegistry service to enabled and to
start it (which I have done too many times now), but it constantly is being changed back to disabled. I am searching the registry to find any invalid entries or artifacts that may be affecting these two annoying effects, but I cannot find anything yet.
Any ideas? I need to know what policies will disable the remoteregistry service OR the IPTunelling service, or where in the registry this could be set to enact this during a policy refresh. Of course, any other ideas are welcome, I have spent
several days troubleshooting this, and need to conquer this by tomorrow if possible, thank you. JamesHi,
Please type
services.msc in RUN to open Services panel, navigate to the Remote Registry service. Then open its Properties and set
Startup type: Automatic. Then please check if this issue still exist.
In addition, please refer to mlippold’s suggestion (the last reply) in following thread and configure relevant
value in RemoteRegistry registry key, then check if can help you to solve this issue.
For registry items, please back up all registry items before all operations. That will help us to avoid some unexpected issue.
Remote
Registry Service stops automatically if we do not use it above 10 minutes
By the way, did you open Event Viewer and check if find any relevant errors?
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Restoring a Domain Controller - When other DC's are available
I'm trying to get some clarity and confidence on the proper way to restore domain controllers. here are my questions:
1. What is the proper way to restore a Domain controller into an existing Forrest where other domain controllers are present when you have a system state backup taken by Windows Server Backup?
1a. In this scenario - will i need to enter into DSRM mode prior to booting the server?
2. What is the proper way to restore a Virtualized Domain Controller into an existing Forrest where other domain controllers are present when you have a 3rd party image based backup solution that has HyperV VSS writers?
2a. In this scenario - will i need to enter into DSRM mode prior to booting the server?1. What is the proper way to restore a Domain controller into an existing Forrest where other domain
controllers are present when you have a system state backup taken by Windows Server Backup?
You can restore the DC using two possible methods:
Method 1: Do a non-authoritative restore using a system state backup. Do not do an authoritative restore so that you do not lose recent changes here.
Method 2: If the DC is an FSMO holder then size the FSMO roles to another DC, do a metadata cleanup and then re-install the server and promote it again as a DC. If it is not an FSMO holder then simply do a metadata cleanup and then re-install
the server and promote it again as a DC.
1a. In this scenario - will i need to enter into DSRM mode prior to booting the server?
Yes. You need to get inside DSRM mode to restore the DC from a system state backup.
2. What is the proper way to restore a Virtualized Domain Controller into an existing Forrest where
other domain controllers are present when you have a 3rd party image based backup solution that has HyperV VSS writers?
You can read that: http://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#backup_and_restore_considerations_for_virtualized_domain_controllers
Also, see that about DC cloning in Windows Server 2012 and higher: http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012.aspx
2a. In this scenario - will i need to enter into DSRM mode prior to booting the server?
You can find the details in the links I shared.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
ICM ready only access \ domain controller
Hi All,
How to create ready only acces for a user in ICM system through domain controller
regards
balaHi all,
To be able to achieve the following
a) Able to login to AW Server
b) Able to open Configuration Manager
c) Able to open Script Editor and have full access in here
d) Able to open Agent Explorer and have full access in here
e) Not able to access any other options in Configuration Manager
f) Not able to access Diagnostic Framework / Services
I will need to do the following?
a) put user in the Configuration Group
b) control the access through Feature Control Set
c) Windows related options (Services) can be controlled through Group/Local policy
Appreciate confirmation.
Thanks!
-JT- -
Hi,
hummmm...
The client had 1 Server with AD and All Apps, IIS, Terminal Servers (30 device Cal), File Server, SQL2008R2 on it
Task: Install new AD server promote it to DC, bring in 2nd server, Replicate the File Server (DFSR) on these 2 servers, and demote it to standard server.
1) Old AD with name "Server" with OS-2008R2 SP1 and is a DC.
2) Brought in a new server "PrimaryAD", Installed 2008R2, done DC Promo, and added it as Additional Domain controller
3) Transferred roles from old server "Server" to "PrimaryAD"
4) Brought in a new File Server replicating server "Backup-Server"
5) Copied all the data from Server to Backup-server as DFS initial file sync with robocopy
6) here the problem started, after the copy finished, next morning the "Server" server crashed.....
7) thank god the data was backed up on Backup-server. but we didnt get the time to Demote the server "Server" and remove AD from it.
8) Since AD was replicated so "PrimaryAD" was are DC, brought 2nd Server "SecondaryDC" as additional domain controller.
9) we cleaned up the metadata and used ASIEDIT to clean the remaining stuff.
10) the "Server" server was formatted and renamed as "Primary-Server" and OS2008R2 SP1 was installed with rest of required apps
11) so now the PrimaryAD the DC, SecondaryAD the Additional Domain controller, Primary-Server the mail server and File server, the Backup-server, the replicated server.
Now configured DFS Replication from Primary-Server to Backup-server and receive following Event ID 1202
If i Configure DFS Replication as follows
PrimaryAD <<>> SecondaryAD -= Works... no errors...
PrimaryAD <<>> Backup-Server = Creates but Dosent works Event ID 5012, error The DFS Replication service failed to communicate with partner BACKUP-SERVER, Additional Information: Error: 9026 (The connection is invalid)
PrimaryAD <<>> Primary-Server = Dosent creates replication job just hangs,
on primaryad continious Eveni ID 10009, DCOM was unable to communicate with the computer "SERVER" using any of the configured protocols
......something on PrimaryAD is still trying to connect to old corrupt AD server "Server"
No errors with AD replication, SYSVOL & Netlogon shares also working fine and accessible.
DFS Diagnose report says
DNS name: backup-server.mydomain.com
Domain name: mydomain.COM
Reference domain controller: -- (HERE there is NO DOMAIN CONTROLLER mentioned)
IP address: 192.168.1.248,192.168.1.251,::1
Site: Default-First-Site-Name
Forgot to mention, gave full rights with ADSIEDIT to DFSR-LocalSettings for all server to Administrator and read permissions to "Authenticated Users"
DFSRDIAG POLLAD throws following error
c:\Dfsrdiag pollad /verbose
[INFO] Computer Name: BACKUP-SERVER
[INFO] Computer DNS: Backup-Server.mydomain.COM
[INFO] Domain Name: mydomain
[INFO] Domain DNS: mydomain.COM
[INFO] Site Name: Default-First-Site-Name
[INFO] Connected to WMI services on computer: Backup-Server.mydomain.COM
[INFO] Invoke PollDsNow() method on Backup-Server.mydomain.COM
[ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
[ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
Can anyone point me to any direction which can lead to resolution of this ERROR and make DFS_R work..
Thanks
bikramHi,
It seems that DCPROMO did its work without complaints, still the DFSR references remained in AD. You could refer to the article below to clean up the DFS Replication object.
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/kb/216498
In additional, please refer to the following thread to troubleshoot the issue:
DFS is not working anymore.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/953be9ef-e9e3-4885-a5c4-47fc475ba562/dfs-is-not-working-anymore?forum=winserverfiles
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Remove a domain controller when dcpromo bombs
i'm trying to demote one server in a two server setup
i start dcpromo , it gets part way through and then bombs with an "Access is denied" error
which is b~@:!hit. Ive tied this 2 or 3 times with known good passwords(see dcpromoui.log below)
So how can i fix that or delete the controller without using dcpromo
cheers
dave
============================
dcpromoui E28.638 0466 13:58:28.218 Enter DS::DemoteDC
dcpromoui E28.638 0467 13:58:28.218 Enter State::IsLastDCInDomain false
dcpromoui E28.638 0468 13:58:28.218 Enter State::IsForcedDemotion false
dcpromoui E28.638 0469 13:58:28.218 Enter State::GetAdminPassword
dcpromoui E28.638 046A 13:58:28.218 Enter State::GetAppPartitionList
dcpromoui E28.638 046B 13:58:28.218 Enter AllocateAppPartitionList
dcpromoui E28.638 046C 13:58:28.218 Calling DsRoleDemoteDc
dcpromoui E28.638 046D 13:58:28.218 lpServer : (null)
dcpromoui E28.638 046E 13:58:28.218 lpDnsDomainName : (null)
dcpromoui E28.638 046F 13:58:28.218 ServerRole : DsRoleServerMember
dcpromoui E28.638 0470 13:58:28.218 lpAccount : (null)
dcpromoui E28.638 0471 13:58:28.218 Options : 0x80
dcpromoui E28.638 0472 13:58:28.218 fLastDcInDomain : false
dcpromoui E28.638 0473 13:58:28.218 cRemoteNCs : 0
dcpromoui E28.638 0474 13:58:28.250 HRESULT = 0x00000000
dcpromoui E28.638 0475 13:58:28.250 Enter DeallocateAppPartitionList
dcpromoui E28.638 0476 13:58:28.250 Enter DoProgressLoop
dcpromoui E28.638 0477 13:58:28.250 Enter State::GetOperation DEMOTE
dcpromoui E28.638 0478 13:58:28.250 Enter ProgressDialog::UpdateButton
dcpromoui E28.638 0479 13:58:29.765 Enter ProgressDialog::UpdateText Active Directory Domain Services successfully transferred the remaining data in directory partition DC=ForestDnsZones,DC=data-action,DC=co,DC=uk to Active Directory Domain Controller \\nasbox.data-action.co.uk.
dcpromoui E28.638 047A 13:58:43.297 Enter ProgressDialog::UpdateText Stopping service NETLOGON
dcpromoui E28.638 047B 13:58:44.797 Enter ProgressDialog::UpdateText Stopping service IsmServ
dcpromoui E28.638 047C 13:58:47.797 Enter ProgressDialog::UpdateText Stopping service kdc
dcpromoui E28.638 047D 13:58:49.297 Enter ProgressDialog::UpdateText Creating a new local security account manager (SAM) database...
dcpromoui E28.638 047E 13:58:50.875 Enter ProgressDialog::UpdateText Removing Active Directory Domain Services objects that refer to the local Active Directory Domain Controller from the remote Active Directory Domain Controller nasbox.data-action.co.uk...
dcpromoui E28.638 047F 13:59:02.875 Enter ProgressDialog::UpdateText Configuring service NTDS
dcpromoui E28.638 0480 13:59:04.375 Enter ProgressDialog::UpdateText Configuring service NETLOGON
dcpromoui E28.638 0481 13:59:05.875 Enter ProgressDialog::UpdateText Configuring service DFSR
dcpromoui E28.638 0482 13:59:07.375 Enter ProgressDialog::UpdateText The attempted domain controller operation has completed
dcpromoui E28.638 0483 13:59:07.375 Enter ProgressDialog::UpdateButton
dcpromoui E28.638 0484 13:59:07.375 Progress loop complete.
dcpromoui E28.638 0485 13:59:07.375 Calling DsRoleGetDcOperationResults
dcpromoui E28.638 0486 13:59:07.375 Error 0x0 (!0 => error)
dcpromoui E28.638 0487 13:59:07.375 Operation results:
dcpromoui E28.638 0488 13:59:07.375 OperationStatus : 0x5 !0 => error
dcpromoui E28.638 0489 13:59:07.375 DisplayString : The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 048A 13:59:07.375 ServerInstalledSite : (null)
dcpromoui E28.638 048B 13:59:07.375 OperationResultsFlags: 0x0
dcpromoui E28.638 048C 13:59:07.375 Enter ProgressDialog::UpdateText The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 048D 13:59:07.375 Enter State::SetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 048E 13:59:07.375 Enter State::SetOperationResultsFlags 0x0
dcpromoui E28.638 048F 13:59:07.375 Exception caught
dcpromoui E28.638 0490 13:59:07.375 catch completed
dcpromoui E28.638 0491 13:59:07.375 handling exception
dcpromoui E28.638 0492 13:59:07.375 Enter State::ClearHiddenWhileUnattended
dcpromoui E28.638 0493 13:59:07.375 Enter EnableConsoleLocking
dcpromoui E28.638 0494 13:59:07.375 Enter RegistryKey::Create SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
dcpromoui E28.638 0495 13:59:07.375 Enter RegistryKey::SetValue-DWORD DisableLockWorkstation
dcpromoui E28.638 0496 13:59:07.375 Enter State::SetOperationResults result FAILURE
dcpromoui E28.638 0497 13:59:07.375 Enter ProgressDialog::UpdateText
dcpromoui E28.638 0498 13:59:07.375 Enter State::IsOperationRetryAllowed
dcpromoui E28.638 0499 13:59:07.375 true
dcpromoui E28.638 049A 13:59:07.375 credentials were invalid, hr=0x80070005
dcpromoui E28.638 049B 13:59:07.375 Enter GetErrorMessage 80070005
dcpromoui E28.638 049C 13:59:07.375 Enter State::GetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 049D 13:59:07.375 Enter State::GetOperation DEMOTE
dcpromoui E28.638 049E 13:59:07.375 Enter State::GetParentDomainDnsName
dcpromoui E28.638 049F 13:59:44.469 credential retry canceled
dcpromoui E28.638 04A0 13:59:44.469 Enter ComposeFailureMessage
dcpromoui E28.638 04A1 13:59:44.469 Enter State::GetOperationResultsMessage The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
dcpromoui E28.638 04A2 13:59:44.469 Enter State::GetOperationResultsFlags 0x0
dcpromoui E28.638 04A3 13:59:44.469 Enter State::GetOperationResultsFlags 0x0
dcpromoui E28.638 04A4 13:59:44.469 Enter State::SetFailureMessage The operation failed because:
The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
"Access is denied."
dcpromoui E28.638 04A5 13:59:44.469 posting message to progress window
dcpromoui E28.318 04A6 13:59:44.469 Enter ProgressDialog::UpdateText Operation Stopped
dcpromoui E28.318 04A7 13:59:44.485 Enter ProgressDialog::OnDestroy
dcpromoui E28.318 04A8 13:59:44.485 OPERATION FAILED
dcpromoui E28.318 04A9 13:59:44.485 Enter State::GetNeedsReboot false
dcpromoui E28.318 04AA 13:59:44.485 Enter State::IsOperationRetryAllowed
dcpromoui E28.318 04AB 13:59:44.485 true
dcpromoui E28.318 04AC 13:59:44.485 Enter Wizard::SetNextPageID id = 156
dcpromoui E28.318 04AD 13:59:44.485 push 142
dcpromoui E28.318 04AE 13:59:44.485 Enter FailurePage::OnInit
dcpromoui E28.318 04AF 13:59:44.485 Enter MultiLineEditBoxThatForwardsEnterKey::Init
dcpromoui E28.318 04B0 13:59:44.485 Enter ControlSubclasser::Init
dcpromoui E28.318 04B1 13:59:44.485 Enter FailurePage::OnSetActive
dcpromoui E28.318 04B2 13:59:44.485 Enter State::GetOperationResultsCode FAILURE
dcpromoui E28.318 04B3 13:59:44.485 Enter State::GetNeedsReboot false
dcpromoui E28.318 04B4 13:59:44.485 Enter State::GetFailureMessage The operation failed because:
The attempt at remote directory server nasbox.data-action.co.uk to remove directory server CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk was unsuccessful.
"Access is denied."
dcpromoui E28.318 04B5 13:59:47.876 Enter DCPromoWizardPage::OnWizNext
dcpromoui E28.318 04B6 13:59:47.876 Enter FailurePage::Validate
dcpromoui E28.318 04B7 13:59:47.876 Enter Wizard::SetNextPageID id = 154
dcpromoui E28.318 04B8 13:59:47.876 push 156
dcpromoui E28.318 04B9 13:59:47.876 Enter FinishPage::OnInit
dcpromoui E28.318 04BA 13:59:47.876 Enter MultiLineEditBoxThatForwardsEnterKey::Init
dcpromoui E28.318 04BB 13:59:47.876 Enter ControlSubclasser::Init
dcpromoui E28.318 04BC 13:59:47.876 Enter FinishPage::OnSetActive
dcpromoui E28.318 04BD 13:59:47.876 Enter State::GetNeedsReboot false
dcpromoui E28.318 04BE 13:59:47.876 Enter getCompletionMessage
dcpromoui E28.318 04BF 13:59:47.876 Enter State::GetOperation DEMOTE
dcpromoui E28.318 04C0 13:59:47.876 Enter State::GetOperationResultsCode FAILURE
dcpromoui E28.318 04C1 13:59:47.876 Enter NeedDsBinaryWarning
dcpromoui E28.318 04C2 13:59:47.876 Enter Computer::RemoveLeadingBackslashes
dcpromoui E28.318 04C3 13:59:47.876 Enter GetProductTypeFromRegistry
dcpromoui E28.318 04C4 13:59:47.876 Enter RegistryKey::Open System\CurrentControlSet\Control\ProductOptions
dcpromoui E28.318 04C5 13:59:47.876 Enter RegistryKey::GetValue-String ProductType
dcpromoui E28.318 04C6 13:59:47.876 LanmanNT
dcpromoui E28.318 04C7 13:59:47.876 prodtype : 0x2
dcpromoui E28.318 04C8 13:59:47.876 Enter State::GetFinishMessages
dcpromoui E28.318 04C9 13:59:59.751 Enter FinishPage::OnWizFinish
dcpromoui E28.318 04CA 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04CB 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04CC 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04CD 13:59:59.766 Enter State::GetNeedsReboot false
dcpromoui E28.318 04CE 13:59:59.766 Enter State::GetUserCancelled false
dcpromoui E28.318 04CF 13:59:59.766 Enter State::GetOperationResultsCode FAILURE
dcpromoui E28.318 04D0 13:59:59.766 Enter State::GetHadNonCriticalFailures
dcpromoui E28.318 04D1 13:59:59.766 bHadNonCriticalFailures = false
dcpromoui E28.318 04D2 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D3 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D4 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D5 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D6 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D7 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D8 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04D9 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04DA 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04DB 13:59:59.766 Enter ControlSubclasser::UnhookWindowProc
dcpromoui E28.318 04DC 13:59:59.766 exitCode = 54
dcpromoui E28.318 04DD 13:59:59.766 Enter State::UnbindFromReplicationPartnetDC
dcpromoui E28.318 04DE 13:59:59.766 closing logthis is what i decided to do. unfortunately the metadata cleanup did not complete
Access is denied? - that sounds familiar
the server is still listed in "AD Sites and Services" (and cannot be deleted by the management snapin)
===================================================
select operation target:
select operation target:
select operation target:
select operation target: select server 1
Site - CN=Palatine,CN=Sites,CN=Configuration,DC=data-action,DC=co,DC=uk
Domain - DC=data-action,DC=co,DC=uk
Server - CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,CN=Configuration,DC=data-ac
tion,DC=co,DC=uk
DSA object - CN=NTDS Settings,CN=LPSERVER,CN=Servers,CN=Palatine,CN=Site
s,CN=Configuration,DC=data-action,DC=co,DC=uk
DNS host name - lpServer.data-action.co.uk
No current Naming Context
select operation target:
select operation target: quit
metadata cleanup:
metadata cleanup:
metadata cleanup: remove selected server
Transferring / Seizing FSMO roles off the selected server.
Removing FRS metadata for the selected server.
Unable to find server reference on "CN=LPSERVER,CN=Servers,CN=Palatine,CN=Sites,
CN=Configuration,DC=data-action,DC=co,DC=uk".
LDAP error 0x5e(94 (No result present in message).
The attempt to remove the FRS settings on CN=LPSERVER,CN=Servers,CN=Palatine,CN=
Sites,CN=Configuration,DC=data-action,DC=co,DC=uk failed because "Element not fo
und.";
metadata cleanup is continuing.
DsRemoveDsServerW error 0x5(Access is denied.)
metadata cleanup:
metadata cleanup: -
Event ID 13568 With Only One Domain Controller
I had two domain controllers in an SBS 2003 domain. The very first installed domain controller died. So I seized the FSMO roles and eventually removed it from the domain by cleaning up the metadata. I told my bosses that we
really needed a new server so that there would be a replication of the AD but no go.
Now, I am getting the 13568 Event ID error on the remaining Windows Server 2003 domain controller that has the SBS Active Directory. This error requires a restore of Active Directory from system state (of which I do have a backup). I eventually
fixed the dead server and was wondering if I could install SBS 2003 to this server and then restore AD to it from the system state backup.
If that is possible, then how do I do it and how do I get this server back into the domain so that the existing DC takes its AD and replicates it to itself.
Please let me know if I have not been clear. Susan E. RusselHi,
Event ID 13568 indicates the replica set is in Journal wrap error state, to resolve this, no need to restore AD from backup. This error occurs if a sufficient number of changes that occur while FRS is turned off in such a way that the last USN change that
FRS recorded during shutdown no longer exists in the USN journal during startup. The risk is that changes to files and folders for FRS replicated trees may have occurred while the service was turned off, and no record of the change exists in the USN journal.
To guard against data inconsistency, FRS asserts into a journal wrap state.
What happens in a Journal Wrap? : http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx
Journal Wrap error resolution: http://adfordummiez.com/?p=61
Regards,
Abhijit Waikar - MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA -
Slow logon with domain credentials when not on company network
Hello,
I have my MacBook Pro bound to the domain. When I am connected to the company network via a network cable, login is at normal speed. If I unplug the network cable, reboot, then try to login it takes minutes to get to my desktop. I'm guessing that it's looking for a domain controller or something. I'm doing this to simulate what it would be like if someone was away from the office.
I have another MacBook Pro that acts the same way.
Our domain is a .local domain. If this is the reason it's taking so long, is there a work around? Or a way to make it go through this process a little faster? Sometimes it takes as long at 2.5 minutes.
Thanks,
JoshI called into Apple support since no one has responded on this.
He had two suggestions.
1) Input our domain servers as the DNS servers in Network preferences. This works great except for when I'm wanting to use the Internet. It, of course, doesn't resolve any names to be able to go to websites. (EDIT: What I mean is that when I'm at another location it doesn't resolve names. If I manually input the DNS servers on my ethernet adapter, it will only resolve the name if those servers are available. When I'm not in the office, they aren't available. This speeds the login time up, but causes other issues.)
2) Change our domain to something different than .local. We just can't do that at this time.
I tried something that appears to work on this MacBook, but on the other one that is having the same problem it doesn't work. I manually input our domain.local in the Search Domains right by the DNS options in network settings. To be honest, I'm not 100% sure what that effects. So maybe it's completely happenstance? I'm not sure why it appears to work on one and not the other. When I say 'work' I mean that it only takes a few seconds to log in rather than minutes.
The only difference between the two is processor speed.
Any thoughts or can someone explain to me what affect manually filling out the Search Domain field would have?
Message was edited by: Josh_P -
Login to Domain Controller which is not in network
Scenario
I've taken an online clone of one of my Virtual Window 2003 Enterprise Domain Contoller which doesn't hold any roles. Removed the Clone Domain Controller from Network & powered it on.
Now I want to log into that Domain Controller using my Domain Admin credentials but it's not working.
Is there a way to log in to that Domain Controller which is taken out of network USING DOMAIN ADMIN ID ?
I can log in to Restore Mode but that's not what I'm looking for, I need to log in to that DC using my Domain Admin credentials while It's not in network.
This is for lab purpose.Hi Yankee,
Have you cached credentials on the Domain Controller before you cloned one?
I just tested that if I cache credentials, users are able to log on when domain controllers are offline.
If not, you can try to clone another after cached credentials then test again, please note that do not take the cloned DC online, which will lead USN rollback.
More information for you:
Cached domain logon information
http://support.microsoft.com/kb/172931/en-us
Running Domain Controllers in Hyper-V
http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=WS.10).aspx
Best Regards,
Amy -
Group Policy Management Console Failes to open when one Domain Controller is powered down
Hi All,
This was an accidental discovery, but here's my dilemma. I have a site with 2 domain controllers(Windows 2008 R2), and if I shut down my second domain controller, when I try to open the Group Policy Management Console on the 1st domain controller,
it fails to open and I get the following error, "The specified domain either does not exist or could not be contacted" with 3 options to "retry", "choose another domain controller", or remove. If I go to chose another domain
controller and select the 1st domain controller it still fails. Unless the 2nd DC is turned on, I have no issues opening the GP management console. Not sure, why this is happening, I've done it in the pass without issue.
Any help would be appreciated.
ThanksWell it seems that some how the PDC emulator is set to be the 2nd DC instead of the 1st DC on the 1st DC which explains why the failure after the 2nd DC went down. Why or should I say how could the PDC get switched from the primary DC without human intervention.
Does the PDC automatically switch for any reason? -
Hi,
I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller
When I run Farm configuration wizard to provision search service application, I get an error:
ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
The log file logged the details of this error as:
ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
that cannot be translated."
After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
I got some pointer from the below thread
https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
However, the above thread doesn't state that the solution worked.
I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
Thanks in advance.
HimanshuMicrosoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Domain Controller cannot access \\domain\netlogon causing Auth issues
Hi everyone, I have been spent all day trying to figure out what is going on here, I have a Domain controller (only DC in the environment) that is acting funny
I first noticed when I was attempting to RDP into a server in my domain I was getting "access denied" (but I could log in as a local admin). So when I looked at the Domain Controller, I ran a DCDiag DNS test and got some an AUTH error, but am not
able to figure out how to fix this.
Another thing I notice is when I am signed into the domain Controller (GP2010-a), I cannot browse to
\\contoso.com\netlogon or any similar share.
Here is the kicker, other servers on this domain, server3, server4, server5 etc... THEY CAN access
\\contoso.com\netlogon It is ONLY the Domain controller and Server2 that CANNOT access this share. The other servers also allow me to RDP into them fine, it is only 1 server that is affected by this strange behavior.
I have checked for no IP conflicts and as far as I can tell all the DNS records are correct.
Regarding the DYNAMIC ip warning, we have a reservation that assigns the IP
thanks for any input here as i'm really stuck,
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = GP2010-A
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GP2010-A
Starting test: Connectivity
......................... GP2010-A passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GP2010-A
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... GP2010-A passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : contoso
Running enterprise tests on : contoso.com
Starting test: DNS
Test results for domain controllers:
DC: GP2010-A.contoso.com
Domain: contoso.com
TEST: Authentication (Auth)
Error: Authentication failed with specified credentials
TEST: Basic (Basc)
Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
(can be a misconfiguration)
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235
DNS server: 2001:500:2::c (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c
DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42
DNS server: 2001:500:84::b (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: contoso.com
GP2010-A FAIL WARN PASS PASS PASS PASS n/a
......................... contoso.com failed test DNSHi,
TEST: Basic (Basc)
Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
(can be a misconfiguration)
Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
1) On your DC which is having issue, run "ipconfig /all"
2) Repadmin /showrepl
Thanks,
Umesh.S.K
Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\GP2010-A
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927 -
Rebuilding Domain controller & Transport Routes after system refresh
I have refreshed Dev from Prdn, now my domain controller only shows single system
I have documentation but, it is confusing to me how to have QAS and Prdn join the domain controller again and show the domain as a three tier system
When I log into QAS and Prdn I still see the old 3 tier system including the domain and the other systems.
Please advise
maria
Edited by: Maria Graziano on Mar 27, 2008 3:53 PMYou don't perform backup of domain controller.
You only designate in STMS one of servers as "Backup Domain Controller"
when Primary controller fails than "Backup domain Controller" takes his role and becomes a primary.
So action to refresh domain controller is:
1. Designate one of servers as backup domain controller
2. Backup transport directory if it is on refreshed server (just in case)
3. Switch backup controller to become primary
4. Refresh primary system
5. Join refreshed system to domain
6. Switch back primary function to refreshed server
Regards,
Wojtek
Maybe you are looking for
-
Hi, I'm using Cairngorm Module library in my application. While testing the debug version of my app, all modules are loaded correctly and all dependencies are successfully injected into these modules. However, after I export the release build and lau
-
Hello, My question might be a very common silly question,but I am not able to get a solution for it.My date is in the string in format Friday, July 28, 2006,I want to change it into yyyy-mm-dd format i.e. 2006-07-28. Can some one please suggest me so
-
QuickTime gamma shifts with H.264 HD files
Hi, I experience some odd gamma shifts while playing full 1080p full HD content. During playback the video suddenly gets lighter and after a few moments switches back to normal / darker light. This happens while playing videos in Lion QuickTime 10.1
-
Viewing discussion .dsc files
we have two servers running EP6 SP2 patch 5 (i think). On on e server, from a km explorer (km content) I can simply click on any .dsc (discussion) files and it displays the content of the file in the "correct format" - more like a dicussion page. On
-
Editable ALV Dump: at setting non editable attribute
I have a problem with the ALV. I have 2 fields in the ALV: a editable Key field and a non editable dependent text field. I have binded a free programmed F4-Help at the key field. In the F4Component I set the Key-field AND the text-field via : lr_