Turning on a Domain Controller after ntdsutil metadacleanup

Similar Messages

• Os x lion keeps dropping connection to domain controller

  What is the story with OS X Lion. It keeps losing connection to a Windows domain controller after a restart. Ive come back to my lab after the weekend and nealry 30 out of the 50 imacs that were on the domain are saying domain controller not responding resulting in network accounts unavailble. Meaning NO-ONE CAN LOG ON.......!!!!!!!!
  ITS A JOKE.....
  I hold out no hope for an official reponse from someone from apple to address this issue. In the meantime Ill just keep unbinding them, deleting the computer object from AD, force replication on all DCs', repair permission on the HD of the iMAC, rename it and rebind it to the domain. Then I will do that for all the other 29 iMACs that have lost connection to the domain....BECAUSE I HAVE NOTHING BETTER TO DO WITH MY DAY.....!!!!!!!!!!!!!!!!!!!!!!!

  Hello fellow Mac users,
  The root cause of this issue will be different for everyone as it’s usually some rogue app or process that isn’t working properly. In my case it was a Symantec utility called ‘SymUIAgent.app’.
  Follow these steps to identify what specifically is causing the issue on your computer
  Save the code on this file to your desktop using the filename id_issue.py: https://gist.github.com/iMerica/8928556/raw/73832a509de4dc5394cf1747b997ea1bd1b0 ff4e/identify_focus_issue.py
  Open Terminal.app (Located in /Applications/Utilities)
  In Terminal, cd to your Desktop using cd ~/Desktop
  Run python id_issue.py and just let your computer sit for a few minutes (assuming the issue is happening within a few minutes/seconds).
  Basically this code gets the current active window every three seconds and prints it as standard output which you can view in Terminal. Once you find the offending app, search on Google for specific steps on removing it.
  I hope that helps!
  Michael

• Windows Server 2012 Standard - HP OfficeJet Pro 8600 Plus printer not working after promoting to Domain Controller / AD Services

  An associate and myself installed the built-in drivers for the HP OfficeJet Pro 8600 Plus multi-function (network) printer on a Windows Server 2012 Standard server installation and everything worked fine whenever I want to print anything directly from the
  Windows Server machine (there's a reason for this, so please understand that ;)  ).
  We were able to print without any problems from the Windows Server 2012 machine, using the drivers from Microsoft.  Mainly, because HP has not listed any specific support for Windows Server 2012, only Windows Server 2008 R2, however, the drivers that
  came with Windows 2012 seem to work very well.
  PROBLEM: I later had to promote the Windows Server 2012 to a Domain Controller, and created the Active Directory configurations, even enabled the Print Services.  After doing all of that, the HP printer will not print anything.  It's like all print
  requests directly from the Windows Server go to Nil.
  Has anyone encountered a problem like this before? The only thing I can think of is that after perhaps something affected printing directly once we promoted the server to being a DC, and added other features / roles.  I even tried installing the
  HP drivers for Windows Server 2008 R2, and the results are still the same...nothing prints.  Trust me, the printer is set as the Default Printer and even when choosing to print, we make sure the HP OfficeJet Pro is selected, and is on, as other Windows
  Client PC's can print to it directly.
  Does anyone have any suggestions we could try?  Thanks in advance.

  While it is quite a while since this was posted - I can concur a similar issue exists.
  We have spent the better part of a day trying to work out why other HP printers work fine but our 8620 prints are not printing and going to Nil.  The print server is hosted on a shared DC.  Comparing to the initial posters details, for some reason
  it seems to be most commonly related to the OfficeJet Pro 8600/8610/8620/8630 series printers.
  I ended up doing a print server migration from the domain controller to stand alone host and all printers now work from a single server rather than a mix.  Domain controller OSes varied from 2008, 2012, 2012 R2 (tested with multiple) and only after
  all of those failed then tried a stand alone server os machine as a last resort which worked fine.  Printing directly from Win 7 / 8 /8.1 clients to the IP always worked.

• Domain Controller going down after IDM implemented

  Hi,
  We have implemented IDM 7.1 and are using the PSS (Password Self Service), Password Syncronization functionality for 2 AD and 6 ABAP systems. This PSS is implemented to support our company ESS which is on the internet so that users can reset their own password. Hence to support it we have a architecture having one AD on the DMZ and another internal.
  Both the AD repositories have been configured pointing to a perticular DC (Domain Contorller) . All the DC's have Phook installed on them.
  Since Go-live we have not had any issue with the DC on the DMZ but the internal DC keeps going down once in a while and it doesnt have a pattern. We tried switching to different DC's also which didnt work. Right now we are keeping a close watch on the DC and we carryout a restart whenever it happens.
  Did anyone come across such kind of a issue, if so then please let me know.
  Thanks.

  Hi Ahmed,
  Thank you for your quick response!  Our secondary domain controller IP settings were set properly according to the recommendation, but the primary (the one having the issues) was not. I went ahead and changed the settings and did an ipconfig /registerdns
  and restarted the netlogon service. Nothing changed after that. I ran a dcdiag and the only one that failed was this:
        Starting test: NCSecDesc
           Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
              Replicating Directory Changes In Filtered Set
           access rights for the naming context:
           DC=ForestDnsZones,DC=*hidden*,DC=*hidden*
           Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
              Replicating Directory Changes In Filtered Set
           access rights for the naming context:
           DC=DomainDnsZones,DC=*hidden*,DC=*hidden*
           ......................... *hidden PDC Name* failed test NCSecDesc
  I'm going to restart the server tonight after those IP changes and let you know my outcome.
  Thanks again!

• Domain controller VMs using dynamic VHDx corrupt after power failure

  Over the past couple of months I have experienced 4 dead 2008 R2 SP1 domain controllers after power failure on Hyper-V 2012 hosts. The domain controller VMs will start after power failure and have varying degrees of file system corruption. In each instance
  the corruption has rendered the domain controller unusable. The problem has not occurred with every power failure, but in testing the failure rate has been over 10%.
  The Hyper-v 2012 hosts are as follows:
  Dell PowerEdge r720 with flash backed write cache on Raid controller
  Dell PowerEdge T710 with battery backed write cache on Raid controller
  Dell PowerEdge T310 with a single SATA hard drive and write cache disabled
  Generic system with a single SATA hard drive and write cache disabled
  The VM configuration experiencing corruption is as follows:
  Each VM was created from a base 2008 R2 SP1 syspreped VHDx image template file (40 Gigs)
  The image template was originally created as a VHD and was then converted to a VHDx
  The VHDx file has 512k sectors instead of the native 512e of VHDx files (a result of VHD - VHDx conversion)
  Each VM was assigned 1024 Meg RAM and 1 virtual processor
  The domain controllers were created by promoting the base 2008 r2 install to a DC after base image deployment
  Only one corrupt VM was not running the 2012 integration components. The rest were running current 2012 integration components
  I have done extensive testing on this issue and the problem for me seems to revolve around the VHDx file format. I have managed numerous Hyper-v installations since the original 2008 server version was released and I have never seen corruption like this
  until 2012 and VHDx.
  For the past few days I have been testing fixed sized VHD VMs on a 2012 host and I have not been able to reproduce the data corruption issue. I seem to only be able to reproduce the problem when using dynamic VHDx files. I have not done any testing on 2012
  hosts with fixed size VHDx files or dynamic VHD files.
  It would be great to hear from anybody else experiencing similar issues so that we can compare notes and hopefully get to the bottom of this problem.

  To be honest I was excited to see this fix released, but there are two problems.
  1. The hotfix causes BSOD if you have VLANs with a teamed NIC configuration. I found this out the hard way on a production system. How in the world did this thing get through testing and into automatic updates?
  2. The hotfix does not seem to resolve the issue in my test environment.
  I opened up a case with support and they informed me that they would not provide support for this issue and that I had to open a case with premier support. Premier support informed me that I cannot open a case with them unless I sign a $50,000 per year service
  contract. Is there anywhere to get support on this issue?

• Sharepoint 2010 Can't be accessed after becoming a domain controller

  Hi! I have installed Sharepoint 2010 on Windows server 2008 R2, which is was working fine until I became a domain controller. My computer name was changed to "originalname.mydomain.com" . Then,
  I also renamed my original name to something else. So, the full name is completely new!
  I used all sort of available solutions, such as:
  Rename-SPServer [-Identity] <OriginalServerName> -Name <NewServerName>
  AND
  stsadm -o renameserver -oldservername <oldServerName> -newservername -<newServerName>
  using Powershell, but both are giving me this error:
  The '<' operator is reserved for future use.
  At line:1 char:40 + stsadm -o renameserver -newservername < <<<< DC.DAVOKA.COM> -oldservername <w
  in-eli768388rh>     + CategoryInfo          : ParserError: (<:OperatorToken) [], ParentContain
     sErrorRecordException     + FullyQualifiedErrorId : RedirectionNotSupported
  Moreover, all my SQL services are running.
  Thanks in advance!

  I would have though that running IIS on a domain controller is going to be full of problems, IIS by it's nature allows anonymous access, not something you want on a domain controller.  Unless you are seriously limited on hardware, I would keep them
  separate.
  Renaming SharePoint servers after installation also brings up a handle of problems, there are resources on Technet on how to do it as well as various posts in this forum, the over-riding recommendation is decide on the server names before you install and
  then stick to them.
  Check out these resources regarding installing SharePoint on a domain controller, looks like there are a few things to consider.
  Issues to consider when you install SharePoint Foundation 2010 or SharePoint Server 2010 on a Domain Controller
  Installing SharePoint 2010 on a Domain Controller

• 4321 NetBT errors :1b after domain controller becomes pdc

  I am getting  4321 NetBT errors :1b after domain controller becomes pdc errors after moving fsmo roles over to new pdc.  The error is the DOMAIN :1b could not be regitstered with the IP of the new DC.  The computer with the IP would not allow
  it to be claimed.  I can;t ping the computer that would not allow it to be claimed and I dont see WINs on out network.  This is a HYPER-V domain controller.
  Is this gonig to effect network clients?

  Hi,
  Glad to hear that it has been solved! Thank you very much for your sharing.
  Please feel free to let us know if there are any issues in the future.
  Best Regards,
  Amy Wang

• Windows 2012 R2 domain controller fail to advertise after completion of DCpromo

  Hi Guys
  I did promote one of windows 2012 R2 become my 2nd domain controller. After promotion completed, it's show
  " Error determining whether the target server is already a domain controller : The domain controller promotion completed, but the server is not advertising as a domain controller". 
  repadmin/replsummary error show : " (8453 ) Replication access was denied"
  I did refer this link ( http://support.microsoft.com/kb/967336/en-us ) but Operating System is different.
  Any advice ?
  Best Regard
  Darren

  Hi Denis
  This the result for DCDIAG
  C:\Windows\system32>dcdiag
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = dr01dir03
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Secondary\DR01DIR03
        Starting test: Connectivity
           ......................... DR01DIR03 passed test Connectivity
  Doing primary tests
     Testing server: Secondary\DR01DIR03
        Starting test: Advertising
           ......................... DR01DIR03 passed test Advertising
        Starting test: FrsEvent
           There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL
           replication problems may cause Group Policy problems.
           ......................... DR01DIR03 passed test FrsEvent
        Starting test: DFSREvent
           ......................... DR01DIR03 passed test DFSREvent
        Starting test: SysVolCheck
           ......................... DR01DIR03 passed test SysVolCheck
        Starting test: KccEvent
           ......................... DR01DIR03 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... DR01DIR03 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... DR01DIR03 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... DR01DIR03 passed test NCSecDesc
        Starting test: NetLogons
           ......................... DR01DIR03 passed test NetLogons
        Starting test: ObjectsReplicated
           ......................... DR01DIR03 passed test ObjectsReplicated
        Starting test: Replications
           ......................... DR01DIR03 passed test Replications
        Starting test: RidManager
           ......................... DR01DIR03 passed test RidManager
        Starting test: Services
           ......................... DR01DIR03 passed test Services
        Starting test: SystemLog
           ......................... DR01DIR03 passed test SystemLog
        Starting test: VerifyReferences
           ......................... DR01DIR03 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : sc
        Starting test: CheckSDRefDom
           ......................... sc passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... sc passed test CrossRefValidation
     Running enterprise tests on : sc.org
        Starting test: LocatorCheck
           ......................... sc.org passed test LocatorCheck
        Starting test: Intersite
           ......................... sc.org passed test Intersite
  Thanks
  Best regards
  Darren

• SAP Server Manager Error after BPC installation on domain controller

  Hi, I have installed BPC on a domain controller with windows 2003 server (english version). When I launch diagnostic in the "SAP Server Manager"  I have the following error message " Current user Name does not have permission for Adminitrators group" . I think that the application it's taking the local user (the diagnistic show that de current user is "server name\user name" instead of "domain name\user name" but I login with the domain Administrator ( this server is a domain controller don't have local users).
  Thanks

  Hi
  I have the same issue that you had.
  "I have installed BPC on a domain controller with windows 2003 server (english version). When I launch diagnostic in the "SAP Server Manager" I have the following error message " Current user Name does not have permission for Adminitrators group" . The application it's taking the local user (the diagnistic show that de current user is "server name\user name" instead of "domain name\user name" but I login with the domain Administrator ( this server is a domain controller don't have local users)."
  Can you please let me know how you solved this ?
  thanks & regards
  Lokesh

• WSUS server no longer works/clients not receiving updates after replacing domain controller

  I first logged into the WSUS server and found that I couldn't launch the console, event log was full of errors about different web services not working.  I ran
  wsusutil.exe usecustomwebsite true
  which appeared to correct that problem, but the WSUS server and all workstations report the following error code when checking for updates: 
  80072F76
  Client WindowsUpdate log is full of the following:
  2014-10-29 23:36:22:935  832 f48 Misc WARNING: WinHttp: WinHttpQueryHeaders(WINHTTP_QUERY_LAST_MODIFIED) failed. error 0x80072f76
  2014-10-29 23:36:22:935  832 f48 Misc WARNING: GetServerFileTime failed. error 0x80072f76
  The upstream server and another downstream server are working fine.  It is only this one WSUS server and clients on this segment of the network where a new domain controller was put in place last week.
  Thoughts?

  Hi,
  What's the port used by your WSUS server?
  Usecustomwebsite will change the port number used by the WSUS Web services from 80 to 8530 or vice versa.
  If you set this value to true, WSUS Setup will use port 8530 for its Default Web site. If you set it to
  false, WSUS will use port 80.
  If it doesn't work, please post the entire windowsupdate.log here. It may give some hints.
  Best Regards.
  Steven Lee
  TechNet Community Support

• Rebuilding Domain controller & Transport Routes after system refresh

  I have refreshed Dev from Prdn, now my domain controller only shows single system
  I have documentation but, it is confusing to me how to have QAS and Prdn join the domain controller again and show the domain as a three tier system
  When I log into QAS and Prdn I still see the old 3 tier system including the domain and the other systems.
  Please advise
  maria
  Edited by: Maria Graziano on Mar 27, 2008 3:53 PM

  You don't perform backup of domain controller.
  You only designate in STMS one of servers as "Backup Domain Controller"
  when Primary  controller fails than "Backup domain Controller" takes his role and becomes a primary.
  So action to refresh domain controller is:
  1. Designate one of servers as backup domain controller
  2. Backup transport directory if it is on refreshed server (just in case)
  3. Switch backup controller to become primary
  4. Refresh primary system
  5. Join refreshed system to domain
  6. Switch back primary function to refreshed server
  Regards,
  Wojtek

• Lack of Connectivty to Domain Controller - Domain Controller Access Issues Requires Repeated Reauthentication

  Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information. 
  I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is. 
  The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
  setup.)
  For 6+ months everyone had access to the shared files and databases on each workstation without issue. 
  In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already. 
  Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
  no logon servers available to service the logon request”.  While access is rejected I’m still able to ping the DC both via its name and IPV4 address. 
  (Pinging via its name results in an IPv6 address in the response.) 
  Other network connectivity appears intact (able to browse the web, perform network discovery.)
  Things that ‘seem’ to allow access on this computer until the next failure:
  Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
  Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
  After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username. 
  Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
  Most Problematic Computer:
  Event ID 8016:  System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.) 
  Event ID 131:  NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’ 
  ‘No such host is known.”
  Event ID 5719:  NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
  And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
   The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  Event 1030:  The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
  at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
  On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
  Ipconfig/all from the server:
     Connection-specific DNS Suffix 
     Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
     Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
   10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 234638804
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
     DNS Servers . . . . . . . . . . . : ::1
  127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ipconfig/all from the problematic computer:
  Wireless LAN adapter Wi-Fi:
     Connection-specific DNS Suffix 
  . : wp.comcast.net
     Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
     Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
  rred)
     Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
     Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
  10.1.10.1
     DHCP Server . . . . . . . . . . . : 10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 54535618
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
     DNS Servers . . . . . . . . . . . : 2001:558:feed::1
  2001:558:feed::2
                  10.1.10.42
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next.  Could a failing piece of hardware be the culprit? 
  Thanks,
   -JT

  Hi,
  According to the error you have posted.
  A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
  Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
  Netlogon 5719 and the Disappearing Domain [Controller]
  http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
  Did you refer to this KB article?
  Event ID 5719 is logged when you start a Domain Member
  http://support.microsoft.com/kb/938449
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

  Every few days we see two dialogs with the following messages:
  Dialog 1, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
  Dialog 2, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
  down in 8 day(s) 23 hour(s) 0 minute(s).
  The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
  The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
  adapter properties. 
  I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
  not an option for this scenario.
  I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
  DNS server configured.
  I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

  Thanks for your response Vivian.
  I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
  never displayed these messages.
  The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
  Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
  There are only 2 user accounts configured on this server. The local admin account and another local admin user.
  The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
  The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
  This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
  shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
  server will shut itself down again in 3 days.
  The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
  on its new network and this is what is triggering the messages?
  Am I clutching at straws here?

• Windows domain controller in a virtual machine: how dangerous is saving its state for a short period of time?

  I have a Windows Server 2012 R2 virtualization cluster. All the hosts are connected to an external storage system, and virtual machines' files are stored on external volumes (CSVs). All the hosts and virtual machines are a part of the same AD domain
  (mixed Windows Server 2012 RTM / 2008 R2 domain controllers). All the domain controllers are running in the virtual machines on the hosts of this cluster.
  To prevent problems when all the hosts are turned off and then on simultaneously (for example, because of a power failure) all the domain controller VM files has been placed on local disks of the virtualization hosts (not on the Cluster Shared
  Volumes). As Hyper-V services don't depend on other Windows Server services (except its networking components), it means that my domain controllers can always start, providing the virtualization host can start at all. However, it also means
  that those DCs cannot be (quickly) migrated to other hosts while their current hosts are being rebooted. So if I need to reboot a virtualization host to install new updates, for example, I have to shut down the corresponding DC, reboot the host
  and wait for the DC to finish cold boot and come back online. It means some interruption of service for our users, which, in turn, requires me to perform the reboots late in night.
  The downtime can be significantly decreased by saving the state of the VM in which the DC is running. However, all the articles I've found on the Internet strongly recommend against it. I'm trying to understand why this recommendation was issued in the first
  place. However, I'm unable to find a clear explanation. I've found some statements that saving state of a DC can cause serious AD replication problems because of tombstoning, and that the password of a DC computer account may be changed
  while the DC itself stays in the saved state, which could prevent the DC from connecting to the domain after its state has been restored. However, those considerations are non-significant when we discuss a short-time
  (5 to 10 minutes) saved state.
  I work with AD and virtualization long time, and I fail to see any danger in saving state of a DC for several minutes. In my opinion, after its state has been restored it would simply replicate all the AD changes from other DCs, and that's all.
  What's your opinion?
  Evgeniy Lotosh
  MSCE: Server infractructire, MCSE: Messaging

  Hello,
  as stated in "http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=ws.10).aspx"
  Operational Considerations for Virtualized Domain Controllers
  Domain controllers that are running on virtual machines have operational restrictions that do not apply to domain controllers that are running on physical machines. When you use a virtualized domain controller, there are some virtualization software features
  and practices that you should not use:
  Do not pause, stop, or store the
  saved state of a domain controller
  in a virtual machine for time periods longer than the tombstone lifetime of the forest and then resume from the paused or saved state.
  This may sound as it is supported to store it for shorter times and use it.
  BUT recommendation also from the Hyper-V Program manager in
  http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx recommends against using them.
  Also best practices
  http://blogs.technet.com/b/vikasma/archive/2008/07/24/hyper-v-best-practices-quick-tips-2.aspx
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• [Forum FAQ] How to sync time with a Domain Controller for a standalone server

  As we all known, if a computer belongs to an Active Directory domain, it will sync the time automatically by using the Windows Time service that is available on Domain Controllers.
  While a standalone server will synchronize with its local hardware time and Windows time server. (Figure 1)
  Figure 1.
  Under some circumstances, a standalone server is necessary in a product environment. We can sync the time of this standalone server with the Domain Controller using
  the steps below:
  1. Modified the value of the AnnounceFlags:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
  Under this entry we can see the default value of AnnounceFlags is 10 (Decimal), we configure the value as 5 (Decimal). (Figure 2)
  Figure 2.
  2. Confirm the value of the registry key below is set to 0:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer 
  Figure 3.
  3. Configure the standalone server to synchronize with a specific time source (Domain Controller).
  In our test, we configured our Domain Controller (192.168.10.200) as the time source. Used the following commands:
  w32tm /config /syncfromflags:manual /manualpeerlist:192.168.10.200
  4. Sync the time with the Domain Controller using the command below:
  w32tm /config /update
  From the figure below (Figure 4), you can see the after we did all the steps above, the time on the standalone server was synced with the Domain Controller.
  Figure 4.
  (Note: Peerlist is a separated list of DNS servers, or IP Addresses for the time servers)
  More information:
  Windows Time Service Tools and Settings
  http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx#w2k3tr_times_tools_dyax
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Thank you for the instruction! I am sure it is one of the scenarios that majority of administrators will run into. So I suggest to write a wiki about it and publish it for this month's TechNet Guru in Windows Server section. This month's TechNet Guru can
  be found here:
  Calling All Wise Men! Windows
  Server Gurus Needed! Apply Within! No One Turned Away!
  Thanks for your informative post. :)
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?