Policies not replicating to satellite servers
Hello all: None of my Group Policies are replicating down to our satellite servers. Any suggestions what to look for? Chris.
PS: We run ZCM 11.2.2 on OES2 servers. Bundles do seem to be replicating.
Chris,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com
Similar Messages
-
ZCM 11 Group Policies not applying to satellite servers
Hi there
We are running 2 Windows 2012 Primary Servers and a SQL 2012 Database server at our main site, all remote sites have SLES11 SP2/OES11 SP1 as satellite servers. We upgraded all servers last weekend to 11.3.1 and now have an issue with Group Policies applying to the satellites. The satellites are all set up the same with Authentication, Collection, Content and Imaging roles.
Since we upgraded Group Policies are (99% of the time) not applying on satellite sites. I have tried manually replicating content (I assume policies will come from content replication?) to the satellites - I've done this with a zac cdp replicate and zac cvc and everything seems to replicate over however I tried highlighting a satellite server and clicking on Action, Specify Content - select the Policy that is not applying and move it into the selected Content to update column and when I click finish I get the error "The Wizard cannot continue for the following reason(s): Unable to complete your request for the following reason: Error updating content"
On a managed device at the satellite site if you look at the properties of the Zenworks agent and click on Policies it has applied 4 device assigned policies successfully - Remote Management, Power Management, Application Launcher Config and Application Control Policy, also has successfully applied 3 out of the 4 User Assigned Policies - Mandatory Profile, Dynamic Local User, Application Control - but not the Windows Group Policy.
Our PCs are on Windows 8.1 and all policies were applying fine before the weekend upgrade......
Has anyone else had any experience of Group Policies not applying that could point me where to look? I have logged an SR with Novell through our reseller but as yet I am getting no response back at all, not even asking me for more information.
Many thanks
SharonSounds like you have a content replication issue more than a GPO issue.
Especially if the GPO works for locations that point to the Primaries
for Content.
Do you have throttling configured anywhere in any fashion?
You may need to increase the Replication Timeout to make sure content is
getting over to the Sats. Often increasing from 60 to 240 helps, but
watch out for throttling preventing content replication.
It is possible things are backing up.
On 7/31/2014 8:26 AM, shazzypoos wrote:
>
> I should add that when you looked at the "Click for Details" to the
> right of the Effective "Failed" status the message is "Policy
> Enforcement Failed : The action (0) threw an exception. Message (1).
> Exception (2) (grouppolicy, "None of the source locations could be
> found"
>
> Hmmmm! Currently in closest server rules there is only the server for
> the site it's on set - we do not want it to come back to the Primary for
> policies. As I say, this was working before the weekend upgrade. Thanks!
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Policies not replicating between DCs
I have two DCs...Server 2012. I see that one DC has some different folders under Policies than the other. The key names are different and the folder dates are different. How do I fix this?
Hello,
please use the support tools and check the DCs/domain. If you think we should also have a look into this then please UPLOAD the following files:
ipconfig /all >c:\ipconfig.log [all DCs]
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.log
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.log ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
ADREPLSTATUS:
http://www.microsoft.com/en-us/download/details.aspx?id=30005 can also be exported to file.
As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!)
https://onedrive.live.com and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Group Policies not always applying
I am seeing a problem when trying to apply group policies to windows xp
worstations. Sometimes they apply and other times they will either
partially apply or not apply at all.
After some thorough investigation I have found that sometimes the
directory stucture in "c:\windows\system32\grouppolicy" is just not being
copied fully from the source. The Scheduled task to apply the GPO is
always running but, seems to be before the grouppolicy directory has been
updated.
Enviroment is Netware 6.5sp5, zen 6.5sp2, winxp sp2, novell client 4.9sp2
(also tried 4.91sp2). Problem has been around for some time (previous
versions) and can be randomly replicated on different servers and in test
enviroment.
Note: have tried changing source for group policy to local pc and even
this can fail, this along with other tests have rulled out network
issues. Have noticed though that when enabling logging of zen management
agents that the logging in process is slowed down and will help reduce
the problem. Could be a log-in speed issue?
Hope somebody can offer a solution. Thanks in advance.Unfortunately I cannot read much from your log file. But currently I am
a bit confused about your setting.
* Are you using a ZENworks User Policy Package or a ZENworks
Workstation Policy Package? Or both (which means you have to care
about concurrency)?
* What is your schedule for the policy package and the GPOs (within
the policy package)? The usual schedule for user policy packages
is the user login.
* If you have problems during user login, try a different schedule.
* Is it correct, that the central and the local GPO path is not
always synchronized by ZENworks? Then check access problems to the
server/path (including name resolution, ...), check the ZENworks
policy package schedule (in ConsoleOne and at the local
workstation) and verify that the scheduled job is executed.
* If the synchronization works, but the GPOs are not applied, it
looks more like a Windows problem. There are a couple of Windows
tools for testing this. Unfortunately I am not on site this week
and I don't remember their names.
* Yes, it is important to use the SP2 plugin for ConsoleOne.
* It is also important that the workstation you create the policy
package (with the mmc) and the workstation you apply the GPOs have
exactly the same patch level.
Keep in mind, that ZENworks distributes the policy files and Windows
applies them. Therefore both processes must be considered separately.
There could be said much more about GPOs, so please give us one concrete
problem with clear boundaries (what you have tested).
Regards, Simon
Brendan Clifford schrieb:
> Hi Simon,
>
> Thanks for the input, I have had a look at this tid already and this
> pointed me in the direction of the gpo not copying from the server
> properly to c:\windows\system32\group policy folder (some times). If
> I copy the files off the server into the directory and run wnsched and
> run the scheduled task to appy the policies they will work 100% of the
> time.
>
> Odly sometimes the directory structure will be the same on the pc as
> the server and GPO will not apply correctly. On these occasions if I
> check wmsched all looks like it has run corectly. However if I run the
> task again the policies will apply this time. It's just as though the
> copy is to slow to happen sometimes > therefore the group policy is
> always applying just the wrong one!!!!.
>
> I have also enabled the debug logs for zen 6.5 desktop management to
> try and trace why the files are only partially copying or not copying
> at all on the odd occasion. Does anybody know how to read these logs,
> they look the same to me between working and not working and I can not
> find in any log's where or when the group policy folder structure is
> downloaded from the server. Except, when logging in as a new user the
> wmgrppoluser.log does show copying of files to the group policy folder
> on the local computer. I have attached the wmgrppoluser.log file below
> of one time when it didn;t apply the policy properly.
>
>
> -----------------------------------------------------------
> -- DEBUG LOG FILE -- C:\Program
> Files\Novell\ZENworks\DebugLogs\WMGrpPolUser.log
> -----------------------------------------------------------
> 06/23/2006 16:02:21 Entering WMHelperInteractiveUserEntry!
> 06/23/2006 16:02:21 ProcessID: 2112
> 06/23/2006 16:02:21 Wrote reg. value 0x0 to Don't reparse in key
> Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Wrote reg. value 0x1 to User Logged In in key
> Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 GinaGetUsersSIDInTextualForm ENTERED
> 06/23/2006 16:02:21 Textual SID :
> S-1-5-21-987319440-1293364371-1211451425-1014
> 06/23/2006 16:02:21 GinaGetUsersSIDInTextualForm EXIT : 0
> 06/23/2006 16:02:21 Current time High: 29791882 Low:2541052678
> 06/23/2006 16:02:21 Read reg. value Last Run Time High: 0x1c6968a in
> key Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Read reg. value Last Run Time Low: 0x91acceb4 in
> key Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Previous time High: 29791882 Low: 2444021428
> 06/23/2006 16:02:21 Wrote reg. value 0x1 to Don't reparse in key
> Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Applying user policies
> 06/23/2006 16:02:21 Read reg. value Don't reparse: 0x1 in key
> Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Read reg. value Group Policy User Status: 0x3000
> in key Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Read reg. key Group Policy User Status: 0x3000
> 06/23/2006 16:02:21 Policy applied at predesktop. Skipping
> reapplication at user login.
> 06/23/2006 16:02:21 Wrote reg. value 0x0 to Don't reparse in key
> Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Wrote reg. value 0x1c6968a to Last Run Time High
> in key Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Wrote reg. value 0x97756306 to Last Run Time Low
> in key Software\Novell\Workstation Manager\Group Policies
> 06/23/2006 16:02:21 Apply user policies releasing mutex.
> 06/23/2006 16:02:21 Exiting WMHelperInteractiveUserEntry ccode: 0 -
Patch signature is updating nightly on the specified server and all DAU bundles are marked available on that server, dau is also replicating to all satellites with this server as the parent. Problem is DAU bundles are not replicating to the other 4 primary servers. ZDC on all servers shows all content is available. Satellites missing the content are showing as out of sync missing 85 files. Tried restarting loader services and tried the "replicate now" option for each primary missing it. I have the subscription service set to update after the content.cleanup task runs so it shouldn't be running into a contention issue.
dtemple-sgi,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://www.novell.com/support and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Forums Team
http://forums.novell.com -
We have an three 10.4.7 servers. One is an OD master and two replicas. Today, replica2 stopped replicating. I demoted it to a stand alone and then promoted it back to a replica. It looks like everything is going OK (correct search base and database on the master) and then it just stops and goes back to 'stand alone'.
Console log of the OD master
/usr/sbin/slapconfig: could not load the replica file, error = Conversion of data failed. The file is not UTF-8, or in the encoding specified in XML header if XML.
/usr/sbin/slapconfig: could not load the replica file.
/usr/sbin/slapconfig: The replica file is invalid.
DirectoryService[57]: Search connection failure: During an attempt to bind to [127.0.0.1] LDAP server.
on the failed replica
console log
Nov 20 13:17:26 xserv3 DirectoryService[53]: DSLDAPv3PlugIn: Required Policies not Supported: No ClearText. LDAP Connection for Node 10.20.0.11 denied.
DSOpenNode(): dsOpenDirNode("/LDAPv3/10.20.0.11") == -14002
Nov 20 13:17:36 xserv3 /System/Library/CoreServices/mcxd.app/Contents/MacOS/mcxd: DSOpenNode(): dsOpenDirNode("/LDAPv3/10.20.0.11") == -14002
Nov 20 13:18:50 xserv3 DirectoryService[53]: DSLDAPv3PlugIn: Required Policies not Supported: No ClearText. LDAP Connection for Node 10.20.0.11 denied.
tb2 host[283]: Received core quit AE
tb2 host[283]: Transition to kAppQuitting
tb2 host[283]: Quitting
G5 servers with 10.4.7Ignore the 'question first' part above... stupidity rampant this morning ...
The info from the dscl cmd looks like this...
Is this what it 'should' look like?
PasswordServerList: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DecommissionedReplicas</key>
<array>
<string>Replica1</string>
</array>
<key>ID</key>
<string>29008F112C6B9C76C1BE339F4614FAF1</string>
<key>Parent</key>
<dict>
<key>EntryModDate</key>
<date>2006-10-16T13:37:48Z</date>
<key>IDRangeBegin</key>
<string>0x00000000000000000000000000000c12</string>
<key>IDRangeEnd</key>
<string>0x00000000000000000000000000000e06</string>
<key>IP</key>
<string>10.20.0.11</string>
<key>LastSyncDate</key>
<date>2006-10-16T13:36:00Z</date>
<key>ReplicaPolicy</key>
<string>SyncDefault</string>
</dict>
<key>Replicas</key>
<array>
<dict>
<key>EntryModDate</key>
<date>2006-08-24T13:56:41Z</date>
<key>IDRangeBegin</key>
<string>0x00000000000000000000000000000411</string>
<key>IDRangeEnd</key>
<string>0x00000000000000000000000000000605</string>
<key>IP</key>
<string>10.20.0.12</string>
<key>LastSyncDate</key>
<date>2006-10-16T13:36:00Z</date>
<key>LastSyncFailedAttempt</key>
<date>2006-10-13T17:41:33Z</date>
<key>ReplicaName</key>
<string>Replica2</string>
<key>SASLRealm</key>
<string>xserv2.school.k12.state.us</string>
<key>SyncInterval</key>
<integer>300</integer>
</dict>
<dict>
<key>EntryModDate</key>
<date>2006-10-16T13:37:48Z</date>
<key>IDRangeBegin</key>
<string>0x00000000000000000000000000000e1a</string>
<key>IDRangeEnd</key>
<string>0x0000000000000000000000000000100e</string>
<key>IP</key>
<string>10.20.0.10</string>
<key>ReplicaName</key>
<string>Replica3</string>
<key>SASLRealm</key>
<string>xserv2.school.k12.state.us</string>
<key>SyncInterval</key>
<integer>300</integer>
</dict>
</array>
<key>Status</key>
<string>AllowReplication</string>
</dict>
</plist> -
AD Replication issues, SYSVOL / NETLOGON not replicating
Hello Experts!
We have a client that recently called us for some assistance. The IT department had a new virtual environment stood up. They Created 3 new VMs and promoted them all to domain controllers. The current domain and forest functional levels are (and were) Server
2003. There were two existing domain controllers, both Server 2003. The new domain controllers are Server 2012 R2. After promoting the 3 new servers to DC’s, they demoted one of the old DC’s. Then they transferred FSMO roles to a new 2012 R2 DC. When they
went to demote the last server 2003 DC, it was giving them the error that it is the last DC in the domain. That’s when we were called to assist. I have since demoted 2 of the 3 new 2012 R2 DCs and transferred all FSMO roles back to the Server 2003 DC.
I have been running some tools to try and gather data. Here is the DCDIAG from the last Server 2003 DC:
C:\Documents and Settings\user>dcdiag /fix
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: domainname\server2003server
Starting test: Connectivity
......................... server2003server passed test Connectivity
Doing primary tests
Testing server: domainname\server2003server
Starting test: Replications
......................... server2003server passed test Replications
Starting test: NCSecDesc
......................... server2003server passed test NCSecDesc
Starting test: NetLogons
......................... server2003server passed test NetLogons
Starting test: Advertising
......................... server2003server passed test Advertising
Starting test: KnowsOfRoleHolders
......................... server2003server passed test KnowsOfRoleHolders
Starting test: RidManager
......................... server2003server passed test RidManager
Starting test: MachineAccount
......................... server2003server passed test MachineAccount
Starting test: Services
......................... server2003server passed test Services
Starting test: ObjectsReplicated
......................... server2003server passed test ObjectsReplicated
Starting test: frssysvol
......................... server2003server passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... server2003server failed test frsevent
Starting test: kccevent
......................... server2003server passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 19:27:04
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 19:28:22
Event String: Component: System Information Agent
An Error Event occured. EventID: 0xC00110CD
Time Generated: 02/18/2015 19:28:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 19:28:22
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC0060024
Time Generated: 02/18/2015 19:28:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002720
Time Generated: 02/18/2015 19:32:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:33:27
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:33:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410B
Time Generated: 02/18/2015 14:36:18
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:38:48
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:38:48
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0xC4350505
Time Generated: 02/18/2015 14:38:54
Event String: NIC Agent: Connectivity has been lost for the NIC
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:00
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:39:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168E
Time Generated: 02/18/2015 14:39:54
Event String: The dynamic registration of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0x0000168F
Time Generated: 02/18/2015 14:42:09
Event String: The dynamic deletion of the DNS record
An Error Event occured. EventID: 0xC25A001D
Time Generated: 02/18/2015 14:42:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:22
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 02/18/2015 14:42:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC4350607
Time Generated: 02/18/2015 14:48:03
Event String: Component: System Information Agent
An Error Event occured. EventID: 0x00072787
Time Generated: 02/18/2015 14:48:03
Event String: The WinRM service is unable to start because of a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 14:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 02/18/2015 14:55:30
Event String: The kerberos client received a
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:11:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/18/2015 15:16:10
(Event String could not be retrieved)
......................... server2003server failed test systemlog
Starting test: VerifyReferences
Some objects relating to the DC server2003server have problems:
[1] Problem: Missing Expected Value
Base Object:
CN= server2003server,OU=Domain Controllers,DC=domainname,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN= server2003server,CN=Servers,CN=domainname,CN=Sites,CN=C
onfiguration,DC=domainname,DC=com
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... server2003server failed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : domainname
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Running enterprise tests on : domainname.com
Starting test: Intersite
......................... domainname.com passed test Intersite
Starting test: FsmoCheck
......................... domainname.com passed test FsmoCheck
C:\Documents and Settings\user>
Now the DCDIAG for the Server 2012 R2 DC.
2012R2DC
PS C:\Users\user > dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = 2012R2DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: domainname\2012R2DC
Starting test: Connectivity
......................... 2012R2DC
passed test Connectivity
Doing primary tests
Testing server: domainname\2012R2DC
Starting test: Advertising
Warning: DsGetDcName returned information for \\server2003server.domainname.com, when we were trying to reach 2012R2DC.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... 2012R2DC
failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... 2012R2DC
passed test FrsEvent
Starting test: DFSREvent
......................... 2012R2DC passed test DFSREvent
Starting test: SysVolCheck
......................... 2012R2DC passed test SysVolCheck
Starting test: KccEvent
......................... 2012R2DC passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... 2012R2DC passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... 2012R2DC passed test MachineAccount
Starting test: NCSecDesc
......................... 2012R2DC passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\2012R2DC \netlogon)
[2012R2DC] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... 2012R2DC failed test NetLogons
Starting test: ObjectsReplicated
......................... 2012R2DC passed test ObjectsReplicated
Starting test: Replications
[Replications Check, 2012R2DC] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105
"Replication access was denied."
......................... 2012R2DC failed test Replications
Starting test: RidManager
......................... 2012R2DC passed test RidManager
Starting test: Services
Could not open NTDS Service on 2012R2DC, error 0x5 "Access is denied."
......................... 2012R2DC failed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:39:32
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x0000041E
Time Generated: 02/18/2015 14:44:34
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could
be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x40000004
Time Generated: 02/18/2015 14:47:09
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server cr-dc3$. The target name used was C
RDC02$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when t
he target server principal name (SPN) is registered on an account other than the account the target service is using. En
sure that the target SPN is only registered on the account used by the server. This error can also happen if the target
service account password is different than what is configured on the Kerberos Key Distribution Center for that target se
rvice. Ensure that the service on the server and the KDC are both configured to use the same password. If the server nam
e is not fully qualified, and the target domain (domainname.COM) is different from the client domain (domainname.COM),
check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify
the server.
......................... 2012R2DC failed test SystemLog
Starting test: VerifyReferences
......................... 2012R2DC passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domainname
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domainname passed test CrossRefValidation
Running enterprise tests on : domainname.com
Starting test: LocatorCheck
......................... domainname.com passed test LocatorCheck
Starting test: Intersite
......................... domainname.com passed test Intersite
PS C:\Users\user>
From here I can see SYSVOL and NETLOGON are not replicating from server2003server. When I log on to server2003server and run ‘net share’ the SYSVOL and NETLOGON shares are shared. But, when I do the same on 2012R2DC there are no NETLOGON or SYSVOL shares.
I see ntfrs issues. So I ran ntfrsutl ds on server2003server and the results are here:
C:\Documents and Settings\user>ntfrsutl ds
NTFRS CONFIGURATION IN THE DS
SUBSTITUTE DCINFO FOR DC
FRS DomainControllerName: (null)
Computer Name : SERVER2003SERVER
Computer DNS Name : SERVER2003SERVER.domainname.com
BINDING TO THE DS:
ldap_connect : SERVER2003SERVER.domainname.com
DsBind : SERVER2003SERVER.domainname.com
NAMING CONTEXTS:
SitesDn : CN=Sites,cn=configuration,dc= domainname,dc=com
ServicesDn : CN=Services,cn=configuration,dc= domainname,dc=com
DefaultNcDn: DC= domainname,DC=com
ComputersDn: CN=Computers,DC= domainname,DC=com
DomainCtlDn: OU=Domain Controllers,DC= domainname,DC=com
Fqdn : CN= SERVER2003SERVER,OU=Domain Controllers,DC= domainname,DC=com
Searching : Fqdn
COMPUTER: SERVER2003SERVER
DN : cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : d3cfdf56-a013-40ab-a2e9ffc3d88896bd
UAC : 0x00082000
Server BL : CN= SERVER2003SERVER,CN=Servers,CN=domainname,CN=Sites,CN=Configuration,D
C= SERVER2003SERVER,DC=com
Settings : cn=ntds settings,cn= SERVER2003SERVER,cn=servers,cn= domainname,cn=sites,c
n=configuration,dc= domainname,dc=com
DNS Name : SERVER2003SERVER. domainname.com
WhenCreated : 5/29/2007 10:36:30 Eastern Standard Time Eastern Daylight Time
[300]
WhenChanged : 2/17/2015 11:21:58 Eastern Standard Time Eastern Daylight Time
[300]
SUBSCRIPTION: NTFRS SUBSCRIPTIONS
DN : cn=ntfrs subscriptions,cn= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : 5d0ca299-209d-4814-ae6d7acd9209e10a
Working : c:\windows\ntfrs
Actual Working: c:\windows\ntfrs
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Daylight T
ime [300]
SUBSCRIBER: DOMAIN SYSTEM VOLUME (SYSVOL SHARE)
DN : cn=domain system volume (sysvol share),cn=ntfrs subscriptions,cn
= SERVER2003SERVER,ou=domain controllers,dc= domainname,dc=com
Guid : fb56d707-3c40-429f-bd7c63d227b9fb5d
Member Ref: (null)
Root : c:\windows\sysvol\domain
Stage : c:\windows\sysvol\staging\domain
WhenCreated : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
WhenChanged : 5/29/2007 10:50:26 Eastern Standard Time Eastern Dayligh
t Time [300]
SERVER2003SERVER IS NOT A MEMBER OF ANY SET!
C:\Documents and Settings\user>
Also worth noting that when we power down SERVER2003SERVER no computer can contact a logon server.
The last line of this worries me as well. I am going to continue to work on this but I wanted to get these logs to some other eyes in case you have some ideas off the bat. Thanks in advance!I would first recommend to make sure that the new DCs are also global catalogs and to refer to IP setting recommendations I shared here: http://www.ahmedmalek.com/web/fr/home.asp
It is possible to do a non-authoritative restore of SYSVOL to make it appear on the other DCs: https://support.microsoft.com/kb/290762?wa=wsignin1.0
However, you would need to upgrade to DFSR.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Default Domain Policy Not Applying Settings to Servers or Clients
I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
The change was to enable DES because of a specific need that I have with an application that I work with but enabling DES and leaving the other options such AES unselected caused other applications to not work right. I decided to revert the changes
back to "Not Defined" but those changes did not reflect on the servers even after running the gpupdate /force command.
In order to keep the application working that broke, we enabled all of the encryption levels such as DES, AES, etc. on the server that's running the application via it's Local Security Policy as a temporary fix.
Now, I want to make sure all servers receive the settings from the Default Domain Policy and have their Local Security Policies reflect the "Not Defined" setting but it's not applying. It seems like they worked when I first applied them but
when I try to remove them it does not work.
If I change the setting directly on the Local Security Policy on the server or clients it shows "No minimum" instead of "Not Defined" which I've heard can be fixed by identifying the registry entry for that setting and deleting it...so
help with the location and how to identify that key would also be helpful.
My goal is not to manually have to change servers and clients to revert back to their default settings...I want the Domain policy to apply and override the servers and client's Local Security Policy.
Any help with this would be greatly appreciated and thank you in advance.I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
refer:
http://technet.microsoft.com/en-us/library/jj852180(v=ws.10).aspx
We needed to implement a similar scenario a few years ago (when we introduced Windows7 into our estate).
We had an SAP/NetWeaver implementation which always worked on WinXP, but failed on Win7.
We had to enable the DES ciphers, since those were disabled by default in Win7. We discovered that we also needed to enable all the other ciphers (those which are enabled by default[not configured]).
i.e., when we changed the setting from "Not Configured", enabled DES, and left the RC4/AES stuff untouched by us, the RC4/AES stuff attracted a status of disabled.
So, we had to set the DES ciphers to Enabled, and, also set the RC4/AES ciphers to Enabled - this gave us the "resultant" enablement of the default stuff and the needed change/addition of DES.
When you set a GP setting "back to Not Configured", depending upon the setting *AND* the individual Windows feature itself - one of two things will happen:
a) the feature will "revert" to default behaviour
b) the feature will retain the current configured behaviour but becomes un-managed
In classic Group Policy terms, condition (b) above is often referred to as "tattooing", i.e., the last GP setting remains in effect even though GPMC/RSOP/etc does not reveal that to be the case.
(This is also a really good example of not doing this sort of stuff in the DDP. It could have borked your whole domain :)
What I'd suggest, is that you re-enable your ciphers for KRB settings again - this time, enable all the ciphers that would normally be "default", let that replicate around, and allow time for domain members to action it.
Then, set the setting back to Not Configured. This way, the "last" settings issued by GP will be those you want to remain as the "legacy".
Note: the GP settings reference s/sheet, has this to say:
Network security: Configure encryption types allowed for Kerberos
This policy setting allows you to set the encryption types that Kerberos is allowed to use.
If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Linked policies not copying to sysvol\domain\policies?
This problem started recently, and I have not been able to find any resolutions online.
This is a relatively new installation of Server 2012 R2 on a small network of about 25 PCs. I was able to set up a number of GPOs without issue, but all of a sudden, newly linked GPOs are not copying to sysvol\domain\policies. That path is accessible from client
PCs, but the folder itself (5C53E...) isn't created, and gpupdate is producing the error:
The processing of Group Policy failed. Windows attempted to read the file \\dominionair.local\SysVol\dominionair.local\Policies\{5C53EB48-F4BA-4763-8500-E05BB54E3AB4}\gpt.ini from a domain controller and was not successful. Group Policy settings may
not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
I AM able to add to existing GPOs and the settings update on client PCs, so this doesn't appear to be a permissions issue. Any idea where to start on this?
Thank you!> /The processing of Group Policy failed. Windows attempted to read the
> file
> \\dominionair.local\SysVol\dominionair.local\Policies\{5C53EB48-F4BA-4763-8500-E05BB54E3AB4}\gpt.ini
> from a domain controller and was not successful./
Your sysvol replication is broken. Check NTFRS or DFSR eventlogs on all
DCs and then follow either
http://support.microsoft.com/kb/315457
(NTFRS) or
http://support.microsoft.com/kb/2218556 (DFSR).
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
It appears that my OD replica is not replicating properly. I create a new user and this user tries to log in on a computer bound to the ODR and it will not authenticate. The use CAN log into a computer bound to the ODM. Both ODM and ODR are on 10.5.7 servers and client computers are 10.5.7 or .8. There doesn't appear to be any errors of note in the log files. I am not sure how to proceed. I am hoping that the ODM is not corrupt, but I am thinking that the ODM is fine since the new users can authenticate without issue to it.
As I am digging I am finding this in the LDAP logs:
Sep 9 15:19:43 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:20:13: --- last message repeated 2 times ---
Sep 9 15:20:29 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:21:04 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:21:34: --- last message repeated 1 time ---
Sep 9 15:22:52 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:23:22: --- last message repeated 1 time ---
Sep 9 15:25:36 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:26:47 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:27:17: --- last message repeated 1 time ---
Sep 9 15:27:52 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:29:43 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:30:41 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:31:11: --- last message repeated 1 time ---
Sep 9 15:32:50 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:35:08 condor slapd[84]: <= bdbsubstringcandidates: (authAuthority) index_param failed (18)
Sep 9 15:35:38: --- last message repeated 1 time ---
Condor is the ODM and this is a clip from the LDAP log on that server. There is nothing in the LDAP log on the ODR -
Session not replicated in WL6.1
We are having session-not-replicated problem in WL6.1 Clustering.
We have 3 servers on different machines running WL6.1 sp1, 1 is running the admin
server and the
other 2 are running as managed weblogic server.
We have a web application that has been deployed to the cluster and is set
for PersistantStoreType equal to replicated.
We are using a Cisco Local Redirector with "sticky load balancing" infront of
the servers.
In our applications, most of JSP pages can modify the session data using session.setAttribute().
And we use session.removeAttribute() to clean a session data.
session.setAttribute("mysession1", data1);
....some codes......
if (session.getAttribute("mysession") != null)
session.removeAttribute("mysession");
session.setAttribute("mysession", data2);
With session.removeAttibute() in our codes, some session data is not replicated
to secondary server.
We checked all session data in secondary server after shutting down the primary
server.
But if we comment out all session.removeAttribute() methods, failovers tested
successfully.
All our session data is serializable. Some are String and Some are Objects.
Is this a known problems in WL6.1? Anyone has any idea?
thanks,
Hong
We are having session-not-replicated problem in WL6.1 Clustering.
We have 3 servers on different machines running WL6.1 sp1, 1 is running the admin
server and the
other 2 are running as managed weblogic server.
We have a web application that has been deployed to the cluster and is set
for PersistantStoreType equal to replicated.
We are using a Cisco Local Redirector with "sticky load balancing" infront of
the servers.
In our applications, most of JSP pages can modify the session data using session.setAttribute().
And we use session.removeAttribute() to clean a session data.
session.setAttribute("mysession1", data1);
....some codes......
if (session.getAttribute("mysession") != null)
session.removeAttribute("mysession");
session.setAttribute("mysession", data2);
With session.removeAttibute() in our codes, some session data is not replicated
to secondary server.
We checked all session data in secondary server after shutting down the primary
server.
But if we comment out all session.removeAttribute() methods, failovers tested
successfully.
All our session data is serializable. Some are String and Some are Objects.
Is this a known problems in WL6.1? Anyone has any idea?
thanks,
Hong
-
Policies not applying + Computer name resolution failure
Hi everyone,
We are having issues with the applying of GPOs on our client PCs. We have two DCs - one (Lomu) configured with the master FSMO roles. The issue is completely intermittent, affecting a lagre number of machines that have been reimaged over the Summer (approx.
50 out of 150 machines reimaged are affected).
The results of a dcdiag are below:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine LOMU, is a Directory Server.
Home Server = LOMU
* Connecting to directory service on server LOMU.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ryburn,DC=inte
rnal,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ryburn,DC=inte
rnal,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=VM-MARADONA,CN=Servers
,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\LOMU
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... LOMU passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\LOMU
Starting test: Advertising
The DC LOMU is advertising itself as a DC and having a DS.
The DC LOMU is advertising as an LDAP server
The DC LOMU is advertising as having a writeable directory
The DC LOMU is advertising as a Key Distribution Center
The DC LOMU is advertising as a time server
The DS LOMU is advertising as a GC.
......................... LOMU passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... LOMU passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... LOMU passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... LOMU passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
......................... LOMU passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role Domain Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role PDC Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role Rid Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
Role Infrastructure Update Owner = CN=NTDS Settings,CN=LOMU,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal
......................... LOMU passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC LOMU on DC LOMU.
* SPN found :LDAP/LOMU.ryburn.internal/ryburn.internal
* SPN found :LDAP/LOMU.ryburn.internal
* SPN found :LDAP/LOMU
* SPN found :LDAP/LOMU.ryburn.internal/RYBURN
* SPN found :LDAP/8ee4cad0-4018-428e-b85b-07af05cf933c._msdcs.ryburn.in
ternal
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/8ee4cad0-4018-428e-b8
5b-07af05cf933c/ryburn.internal
* SPN found :HOST/LOMU.ryburn.internal/ryburn.internal
* SPN found :HOST/LOMU.ryburn.internal
* SPN found :HOST/LOMU
* SPN found :HOST/LOMU.ryburn.internal/RYBURN
* SPN found :GC/LOMU.ryburn.internal/ryburn.internal
......................... LOMU passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC LOMU.
* Security Permissions Check for
DC=ForestDnsZones,DC=ryburn,DC=internal
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ryburn,DC=internal
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=ryburn,DC=internal
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ryburn,DC=internal
(Configuration,Version 3)
* Security Permissions Check for
DC=ryburn,DC=internal
(Domain,Version 3)
......................... LOMU passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share
\\LOMU\netlogon
Verified share
\\LOMU\sysvol
[LOMU] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... LOMU failed test NetLogons
Starting test: ObjectsReplicated
LOMU is in domain DC=ryburn,DC=internal
Checking for CN=LOMU,OU=Domain Controllers,DC=ryburn,DC=internal in dom
ain DC=ryburn,DC=internal on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=ryburn,DC=internal in domain CN=Configuration,
DC=ryburn,DC=internal on 1 servers
Object is up-to-date on all servers.
......................... LOMU passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,LOMU] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
error 0x2105 "Replication access was denied."
......................... LOMU failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 11603 to 1073741823
* LOMU.ryburn.internal is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 11103 to 11602
* rIDPreviousAllocationPool is 11103 to 11602
* rIDNextRID: 11249
......................... LOMU passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
Could not open NTDS Service on LOMU, error 0x5 "Access is denied."
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... LOMU failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... LOMU passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=LOMU,OU=Domain Controllers,DC=ryburn,DC=internal and backlink on
CN=LOMU,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration
,DC=ryburn,DC=internal
are correct.
The system object reference (serverReferenceBL)
CN=LOMU,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=ryburn,DC=internal
and backlink on
CN=NTDS Settings,CN=LOMU,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=ryburn,DC=internal
are correct.
The system object reference (frsComputerReferenceBL)
CN=LOMU,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=ryburn,DC=internal
and backlink on CN=LOMU,OU=Domain Controllers,DC=ryburn,DC=internal
are correct.
......................... LOMU passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ryburn
Starting test: CheckSDRefDom
......................... ryburn passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ryburn passed test CrossRefValidation
Running enterprise tests on : ryburn.internal
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
PDC Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
Time Server Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
Preferred Time Server Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
KDC Name:
\\LOMU.ryburn.internal
Locator Flags: 0xe00033fd
......................... ryburn.internal passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ryburn.internal passed test Intersite
Just wondering if anyone has similar issues as us on this?
When running gpupdates, we receive this message:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Thanks,
Tom.Hi,
I would suggest you check the group policy service log under event viewer\Applications and Services log\Microsoft\Windows\Group Policy, find the error log and check the Details, then apply the solutions mentioned in the link below depending on the detailed
error code.
http://technet.microsoft.com/en-us/library/dd392593(v=ws.10).aspx
As
arnavsharma mentioned, members in GP forum are more familiar with this topic.
Yolanda Zhu
TechNet Community Support -
I am trying to deploy our application in a clsutered environment. So far we have
developed the product w/o thinking about clustering and now one of our client
requires our product to be deployed in clustered environment.
Our app has a ear file which has lot of jars, 3 wars.
I configured my cluster with 3 servers ( 1 admin and 2 managed). Lets admin is
called msAdmin, and 2 managed servers are called ms1 and ms2. I also created a
web app outside the cluster httpProxy for HttpClusterServlet.
Before testing our app, I deployed a simple webapp as part of the same ear file
to test if the httpsession replication works or not and it seemed to work absolutely
fine. I could see the httpsession replicated and at the time of fail over I could
see another server handling the request.
Then I tested our app to see if httpsession is getting replicated or not but i
could not see it getting replicated. One thing I noticed is that the http session
has some non-serializable objects in it but I expect only those non-seriazable
object be not replicated. All the seriazable objects should have been replicated.
Any ideas of why the httpsession is not getting replicated.
Praveen
The actual problem once if weblogic throws an error saying Non-serializable
exception then it will not try replicating any more new session.
Here is the CR 102655 in which they have fixed the problem., but i have not
tested so far.
Aravind
"Rajesh Mirchandani" <[email protected]> wrote in message
news:[email protected]...
> This is a known issue. Contact [email protected] for a patch.
>
> Praveen Peddi wrote:
> > Hi Anand,
> > Thanks for the response. It was the problem in our code. We were putting
a non-serializable
> > object in a hashmap and putting that hashmap in the httpSession. But I
think there
> > is a bug in weblogic 7.0. For some reason it did not replicate any
objects (even
> > the objects that are perfectly serializable.
> >
> >
> > anand raman <[email protected]> wrote:
> >
> >>hi praveen
> >>
> >>I am not sure why http session replication isnt happening. Can you
briefly
> >>explain how you
> >>1) performed the test with the simple web app
> >>2) show us your web.xml
> >>
> >>cheers
> >>anand
> >>
> >>In article <[email protected]>, Praveen Peddi wrote:
> >>
> >>>I am trying to deploy our application in a clsutered environment. So
> >>
> >>far we have
> >>
> >>>developed the product w/o thinking about clustering and now one of
> >>
> >>our client
> >>
> >>>requires our product to be deployed in clustered environment.
> >>>Our app has a ear file which has lot of jars, 3 wars.
> >>>I configured my cluster with 3 servers ( 1 admin and 2 managed). Lets
> >>
> >>admin is
> >>
> >>>called msAdmin, and 2 managed servers are called ms1 and ms2. I also
> >>
> >>created a
> >>
> >>>web app outside the cluster httpProxy for HttpClusterServlet.
> >>>Before testing our app, I deployed a simple webapp as part of the same
> >>
> >>ear file
> >>
> >>>to test if the httpsession replication works or not and it seemed to
> >>
> >>work absolutely
> >>
> >>>fine. I could see the httpsession replicated and at the time of fail
> >>
> >>over I could
> >>
> >>>see another server handling the request.
> >>>Then I tested our app to see if httpsession is getting replicated or
> >>
> >>not but i
> >>
> >>>could not see it getting replicated. One thing I noticed is that the
> >>
> >>http session
> >>
> >>>has some non-serializable objects in it but I expect only those
non-seriazable
> >>>object be not replicated. All the seriazable objects should have been
> >>
> >>replicated.
> >>
> >>>Any ideas of why the httpsession is not getting replicated.
> >>>
> >>>Praveen
> >>
> >
>
>
> --
> Rajesh Mirchandani
> Developer Relations Engineer
> BEA Support
>
-
Has imaging update driver been replicated to satellite
Hi,
I'm new to the world of zenworks and linux, so i don't know too much.
We're currently running zenworks 11.2.3 and i recently installed the imaging update driver on our primaries.
Now that i have done that, how do i check if it has been replicated properly to the satellite servers?
We are running zenworks on a SLES setup
We have had some issues regarding the imaging of some of our pc models and i was recommended to do this update, that is why i want to check if it has been applied to the satellite servers.
Regardsbes wrote:
>
> AndersG;2316550 Wrote:
> > Bes,
> > > Now that i have done that, how do i check if it has been
> > > replicated properly to the satellite servers?
> >
> > I would check in the /srv/tftp dir and below to be absolutely sure.
> >
> > http://www.novell.com/rms
>
> What exactly should i check for? A specific file or?
You could check the files in the /srv/tftp/boot folder, do they have
the same time/version as the ones on your primary servers?
Niels
A true red devil...
If you find this post helpful, please show your appreciation by
clicking on the star below
A member must be logged in before s/he can assign reputation points. -
Session not replicated in a different machine
Hi Everybody,
I have an interesting problem related to session replication on a different machine. We have two managed servers in two different machines. When we stop the managed server in the machine where we have admin server, request goes to the second managed server. However the existing session is not replicated, instead a new session is created.
We have used in-memory replication. Any pointer to the problem will be appreciated.
Thanks in advance,
Dev.Also check if the session replication is indeed on. You can see if this is on by looking at cookies (either javascript like alert(Document.cookie) or through browser like navigator; format for replication should be <session id>!<primary server hash>!<secondart server hash>
S
Maybe you are looking for
-
How can i access icloud on my phone as the account is an old one which I can no longer access and I have forgotten the password?
-
Switching from a PC / Educational offer
I'm a PC user, about to make the big switch (I think). Everyone I know is warning me against it, but I'm pretty sure I'm going to get a Mac. Just a few concerns: 1. Everyone keeps telling me that there are heaps of applications that don't work on a M
-
OES11SP2 Not Showing Up for SMT Clients
Since SP2 came out, we've been trying to get everything ready to test the upgrade from OES11SP1 to OES11SP2. We're having trouble getting our SMT clients to see the update though. Our SMT server that connects directly to NCC shows the patch that enab
-
Every time I try to rent a movie error -42110 pops up
Tried to rent catching fire this error pops up everytime I try to play the movie.
-
IPhone & H.264 codec don't sync
I get this message: Yet, looking at the details of the video file, things look ok... its h.264 mov codec, 720HD video: But alas, not working. And the user manual confirms this compatibility: Any ideas? I have tried selecting the video and going to Ad