Unable to demote a domain controller

Similar Messages

• Windows Server 2008 R2: Server unable to authenticate with Domain Controller

  Hello, I was wondering what could be the reason for this error if it is certain that there was no other computer on the network using the same name:
  This computer could not authenticate with<Domain-controller>, a Windows domain controller for domain <Domain-name>, and therefore this computer might deny logon requests. This
  inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. 
  What would cause the machine account pw to be 'not recognized'?

  You can track changes in AD by enabling AD Auditing: https://technet.microsoft.com/en-us/library/cc731764%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  As reading the logs is usually a complicated and time consuming task, it is recommended to use a third party tool for auditing. The one I usually recommend is Lepide Auditor - Active Directory: http://www.lepide.com/lepideauditor/active-directory.html
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Unable to log onto domain controller with user account

  Hi,
  I am able to log onto my DC as domain admin. I cannot log on as myself. I do not see what I am missing in the GPO to make this happen? I am part of a server admin group and would like the server admin group to be able to log on to the domain controller to
  maintain the server. 
  Any suggestions?
  Wave~Chaser

  Log on to this DC and run rsop.msc and check the following policies:
  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on locally
  Add your self to Allow log on locally
  (in default domain controller policy - as I mentioned above) and make sure your user account not belong to any group that have Deny log on locally.
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Unable to complete Additional domain controller installation

  HI Team,
  I have a Lab setup having 3 domain controllers. Initially I promoted a Domain Controller on 2008 server. After that I promoted another 2008 server as additional domain controller. Everything was completed successfully . But when I tried a 2012 server
  as additional controller , the installation was not getting completed. Actually process is stucked in installation Tab. Even I installed 2012 server newly and the issue is persist.
  Can anyone suggest me to fix this issue ?
  Do we need to migrate schema ?
  Regards
  Sajin P S

  Hi Anuj,
  I'm sure that its is some thing related to a network issue. Make sure that all the necessary ports are open between the domain controllers.
  Active Directory and Active Directory Domain Services Port Requirements
  http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
  Active Directory Firewall Ports - Let's Try To Make This Simple
  http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
  Use port query tool to see the opened ports.
  http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#Using_PortQry
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

• Forest trust unable to find Active Directory Domain Controller

  I have two domains with a two-way forest trust. We'll call them ForestA and ForestB. They're on seperate subnets. ForestA's DCs are in one physical location. ForestB's DCs are in two locations, one of which is shared with A.
  I'm unable to route traffic directly from the remote DC in ForestB to the subnet ForestA is on, so I created a new DC in ForestA that sits on the subnet ForestB uses (basically, I can't route between subnets via the wireless bridge between locations, but
  can within the same location).
  I found this: http://www.neomagick.net/zen/2008/11/30/using-dns-to-force-a-domain-trust-through-a-specific-domain-controller-dc/
  I followed the instructions to set the new DC in forest A to be the only one the remote DC in forest B was aware of.
  Nslookup ForestA.com resolves correctly to this DC, but I'm unable to validate the trust relationship, getting the error:
  "Windows cannot find an Active Directory Domain Controller for the ForestA.com domain. Verify that an AD DC is available and then try again."
  I'd appreciate any help.

  In the event viewer, have you found any event id's that corrospond with this error? Have you ensured all ports required are open? Windows firewall is correctly setup? NIC is properly configured?
  Statement below taken from: http://technet.microsoft.com/en-us/library/cc961803.aspx
  If you receive the following error, ERROR_NO_LOGON_SERVERS while using the Nltest tool to query the secure channel, this is usually indicative of the inability to find a domain controller for that domain. Run nltest /dsgetdc: < DomainName > : to verify
  whether you can locate a domain controller. If you are unable to find a domain controller examine DNS registrations and network connectivity.
  ADDS Ports:
  http://msdn.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

• What is the proper way to demote a Win 2003 Domain Controller running SQL Server 2008 WorkGroup Edition?

  Hi, 
  What is the proper way to demote a Windows 2003 Domain Controller running SQL Server 2008 WorkGroup Edition? 
  I will be migrating AD from Win 2003 to 2012....
  Thanks in advanced. 

  Running SQL on a domain controller is highly not recommended for performance reasons and for complexities it introduces in the management of both systems (You are already facing this situation now).
  I would recommend proceeding like the following before demoting your domain controller:
  Install a new SQL server on a member server
  Migrate your databases to the new SQL server
  Once done, you can safely demote your DC.
  More if you ask them here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=sqlserver
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Help with setting up active directory domain controller/DNS - need this for Clustering

  Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
  I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
  When I look at my server manager AD DS complain about DNS:
  NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  When I click on DNS this is the error:
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Output of DCDiag -v is below.
  PS C:\Users\Administrator> dcdiag -v
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     * Verifying that the local machine NASE-2012-234, is a Directory Server.
     Home Server = NASE-2012-234
     * Connecting to directory service on server NASE-2012-234.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
  ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
  e,DC=com
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
  SDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
  N=Configuration,DC=lab,DC=nase,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 1 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
           Check the DNS server, DHCP, server name, etc.
           Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
           ......................... NASE-2012-234 failed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Test omitted by user request: DNS
        Test omitted by user request: DNS
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : lab
        Starting test: CheckSDRefDom
           ......................... lab passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... lab passed test CrossRefValidation
     Running enterprise tests on : lab.nasecom
        Test omitted by user request: DNS
        Test omitted by user request: DNS
        Starting test: LocatorCheck
           GC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           PDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           KDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           ......................... lab.nase.com passed test LocatorCheck
        Starting test: Intersite
           Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
           provided.
           ......................... lab.nasecom passed test Intersite
  PS C:\Users\Administrator>

  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
  .:|:.:|:. tim

• Unable Active Domain Controller

  Joining window 7 PC to the domain,I have already joined some machine in the domain, but few of them just unable to join, and it displays "Active Directory Domain Controller (AD DC) for the domain "mst"
  could not be contacted. 
  The same typed name I used in other machines and work out though system is asking me to type it correctly
  Your assistance will be highly appreciated.
  Thanx in advance!

  Hi  GK Onyango,
  The log file at: %SystemRoot%\debug\netsetup.log will give the detailed error information, I suggest to post the error information for support.
  Besides, to solve this, you can manually set the DNS from the client in this way:
  1. Open Network and Sharing Center.
  2. Click “change adapter settings” then right click the adapter settings
  3. Click properties and find the IP v4 item, input the DNS as the screenshot below:
  Regards
  Wade Liu
  TechNet Community Support

• OD Master/PDC, 10.4.11, why xp clients unable to locate domain controller?

  After a migration/upgrade from 10.3.9 to 10.4.11 Server, windows XP clients are intermittently unable to log in to or even bind to the PDC running on that server.
  I did a clean format and install from the 10.4 media, choosing the standalone server type, and applied all the Software Updates, I got forward and reverse DNS working for my zone, then I followed the instructions at http://www.afp548.com/article.php?story=20050615173039158 to move my OD from a working 10.3.9 server to 10.4.
  This server goes against the usual recommendations, as it provides DNS, OD master, PDC and file services to 32 clients all in the same subnet, 20 running Windows XP SP2 and 12 running OS X Client 10.4.x or 10.5.x.
  File services and various other users of the OD/LDAP, for example Wildfire Jabber/XMPP server and Apache2/LDAP running on a separate Linux server, are able to authenticate against the new 10.4.11 OD.
  However, at this point the symptoms become intermittent approx. 40% of the Windows XP clients were unable to log in with various domain accounts, yielding errors of the form "Unable to find domain FOO". If I remove a client from the domain by joining it to WORKGROUP and rebooting, then try to join FOO again, I'll get an error, "Unable to locate Domain Controller for FOO..."
  The set-up:
  My server's FQDN is myserver.foo.example.com
  The server's DNS is authoritative for the 10.10.10.0/24, foo.example.com zone and I have the trailing dot's in the right places, so ping myserver.foo.example.com, ping myserver, and ping 10.10.10.10 (server's example IP from the foo.example.com zone) all work correctly.
  The DHCP server for this vlan is providing my DNS server to the clients, but is providing no netbios server. The XP clients are all set to use the DHCP server setting, which, according to the TCP/IP Advanced Settings panel, means that they'll revert to netbios over tcp/ip since no wins server is specified.
  In Server Admin->Windows->General:
  Role: Primary Domain Controller (PDC)
  Description: FOO Domain at example.com
  Computer Name: myserver
  Domain: FOO
  Server Admin->Windows->Access:
  Allow Guest Access: Check
  Client Connections: Unlimited
  Authentication: NTLMv2 & Kerberos, NTLM, and LAN Manager: All check
  Logging->Log Detail: High
  Advanced->Code Page: Latin US
  Services: Workgroup Master browser and Domain master browser: check
  WINS Registration: Off
  Homes: Enable virtual share points: check
  Should my Windows service on 10.4.11 be providing WINS or not? If so, should the DHCP server be set to point the clients to it? If not, how do the XP clients reliably resolve the FOO domain?
  Why did all these XP clients work fine with a 10.3.9 Windows PDC but don't work with 10.4.11?
  Another strange point - I can use the XP-side 'net view' command to poke around and things look reasonable. I.E. even the clients that aren't joined to the domain and can't locate the domain controller will return sane results for 'net view /domain:FOO'.

  The new PDC does use the same domain name as the old PDC, and the SID mismatch is at least partially to blame. After I'd performed the upgrade and confused the windows clients, I saw the advice on using samba's net command to duplicate the old PDC's SID to the new PDC. Maybe someday I'll have the opportunity to try that.
  I resorted to removing all the XP clients from the domain and re-joining them. The XP clients were still able to contact the domain intermittently. I used various command-line tools on the XP side, including the built-in net command as well as some others I downloaded such as the quite useful http://www.joeware.net/freetools/tools/findpdc/index.htm, as well as the client-side error messages during the domain join attempts and the messages in the Event log, to determine that the clients couldn't find the domain.
  The XP client TCP/IP settings state that the clients will revert to using netbios if no WINS server is specified, but that clearly wasn't working reliably, so I just enabled the WINS server on the PDC, told the DHCP server to hand out its address for the netbios-related options for that subnet, rebooted the PDC, waited a while for things to settle out, and now all the clients can reliably find the PDC.
  I still have no idea why the WINS-less set-up worked in 10.3 server but didn't work in 10.4 server, but believe me, I'll remember it now!

• Unable to find domain controller for the specified domain. Please explicitly specify the domain controller.

  Im getting error "Unable to find domain controller for the specified domain. Please explicitly specify the domain controller."   when I try to create an AD connection for my User Profile Service.  The entire sharepoint environment is installed
  on one server.  That server has everyting on it, AD, SQL, Sharepoint, and its the domain controller. I cant figure out why this will not identify?Trevor Fielder

  Hi,
  Did you get this error when clicking on the Populate Containers button?
  If yes, please make sure that you have provide the domain credentials in the account name and password
  boxes below when entering the domain information. The account must be granted the replicating directory changes permission on the domain.
  You can refer to this blog:
  http://www.harbar.net/articles/sp2010ups.aspx
  Xue-Mei Chang

• Unable to execute Test-Mailflow cmdlet. Could not find any available Domain Controller

  I started receiving this error in SCOM while testing Exchange 2007 Mail flow. Normally the tests work just fine, and when I execute"test-mailflow" on the offending server, it works just fine. The alert doesn't have enough details to find out what
  is wrong. Can anyone help out?
  Alert Description:
  Unable to execute Test-Mailflow cmdlet. Could not find any available Domain Controller
  Environment: SCOM 2012 R2 UR4
  MP: Exchange 2007 MP, latest update
  Monitor: Exchange 2007 Test Local Mail Flow Monitor
  Brody Kilpatrick

  Hi,
  After you execute"test-mailflow" on the offending server, please also look into event logs to check is there any errors or warnings. SCOM is a tool to collect information, from my point of view, this message is collected from Exchange server, so
  you may need to check event viewer.
  In addition, please also make sure your Exchange environment is under monitored. And have you followed the Exchange 2007 MP guide to configure the MP?
  Make sure the Client Access Server is under monitored, you may check the Application Event log on the Client Access Server, and make sure there are no errors or warnings indicating a problem with the Client Access Server.
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Unable to join virtual machines to domain controller

  Hello all
  I am studying for MCSE 2012 R2 and have decided to move from VMware Esxi 5.5 to Hyper-V in Server 2012R2.
  I built the host (Server 2012r2) and so far 3 VMs (all are Server 2012R2 VMs) . I promoted one of the VMs to a Domain controller and things appear to have installed with no issue. This is what I have done so far:
  Added Static IP addresses for all VMs
  Configured each VM's DNS setting to use the DC 
  When I try to join one of the virtual servers to the domain controller this is what I get.
  Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wolfpack.local":
  The error was: "DNS name does not exist."
  (error code 0x0000232B RCODE_NAME_ERROR)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.wolfpack.local
  Common causes of this error include the following:
  - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals.
  This computer is configured to use DNS servers with the following IP addresses:
  10.0.0.14
  - One or more of the following zones do not include delegation to its child zone:
  wolfpack.local
  local
  . (the root zone)
  Phil Balderos

  Hi Phil,
  I have noticed that the domain is wolfpack.local but  two VMs has another DNS suffix "home.network" .
  Please remove it and join it to domain again .
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.
  Hello Elton and thank you for the response.
  I was looking at that same setting on my VM and its empty.
  Phil Balderos

• Unable to edit Default Domain policy on Server 2012 R2 domain controller

  Hello,
  I recently built a Server 2012 R2 domain controller and added it to my domain.  When trying to edit the default domain policy I get the following error:
  I can make edits to other GPO objects.  All the other domain controllers are Server 2008 and are able to edit that GPO.  The issue is on the Server 2012 box only.  I've checked the delegated permissions, I'm a domain admin, and have opened
  GPMC as administrator.  Does anyone know what I'm missing?  Thank you for your time.
  Tino

  Hi Tino,
  >>Could that be the problem?
  I don't think so, for we can still use FRS to replicate Sysvol. However, it is recommended that we use DFSR to replicate Sysvol if our domain
  function level is Windows Server 2008 or above.
  Besides, we can follow the suggestions from the following thread to check out which replication mechanism we are using.
  DFS-R on 2008 R2 by default?
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/8f2042d3-193d-4414-b9da-cbcedc6a4c32/dfsr-on-2008-r2-by-default?forum=winserverDS
  If the Sysvol is replicated by FRS mechanism, as I suggested in the last reply, we can do a non-authoritative restore for the Sysvol on the new Windows
  Server 2012. This will restore the Sysvol from a healthy DC.
  To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:
  1. Click Start, and then click Run.
  2. In the Open box, type cmd and then press ENTER.
  3. In the Command box, type net stop ntfrs.
  4. Click Start, and then click Run.
  5. In the Open box, type regedit and then press ENTER.
  6. Locate the following subkey in the registry:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  7. In the right pane, double-click BurFlags.
  8. In the Edit DWORD Value dialog box, type D2 and then click OK.
  9. Quit Registry Editor, and then switch to the Command box.
  10. In the Command box, type net start ntfrs.
  11. Quit the Command box.
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Hope it helps.
  Best regards,
  Frank Shen

• Windows 2012 Domain Controller: Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing

  Hi all,
  We have been battling a problem for the last couple of days when we try to add the first windows server 2012 DC to an already existing Domain.
  The Server installation goes smoothly and we can add the computer to the domain and its all green.
  After we promote the server to a domain controller the WinRM service starts acting up (not responding anymore).
  The server manager console shows Remote Management as disabled, and when we try to enable it via the console or Powershell it freezes up.
  The AD DS part of the console is saying that there are post-promotion tasks that need to be completed but once we click on the task it takes us to the promotion wizard again, that basically complains that: Failed to open the runspace pool. The Server Manager
  WinRM plug-in might be corrupted or missing.
  In the Remote Management Event log we see the following entry: "The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)" Event ID 138
  We are unable to do anything with the server (demote, add roles, remotely manage...). We tryed the following already:
  1. Recreate from scratch
  2. Checking the GPOs to see if there is anything setup about RM -> came up with nothing
  We just ran out of ideas so HELP PLEASE !
  BR
  Tomaz Praprotnik

  Hi Cicely,
  Yes the error from the Windows Remote Management event log contains (I took out the User and FQDN of the Computer):
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:38:53 PM
  Event ID:      138
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>138</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:38:53.786357100Z" />
      <EventRecordID>6876</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0003-D261-FD18382BCE01}" />
      <Execution ProcessID="1084" ThreadID="2924" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
    </EventData>
  </Event>
  There is also another entry that sometimes comes up:
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:36:34 PM
  Event ID:      142
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  WSMan operation Invoke failed, error code 2150859046
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>142</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>2</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:36:34.076973400Z" />
      <EventRecordID>6869</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0001-F328-FD18382BCE01}" />
      <Execution ProcessID="4888" ThreadID="4392" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
      <Data Name="operationName">Invoke</Data>
      <Data Name="errorCode">2150859046</Data>
    </EventData>
  </Event>
  Best regards
  Tomaz Praprotnik

• DFSR Replication Event ID 1202 The DFS Replication service failed to contact domain controller Additional Information: Error: 160 (One or more arguments are not correct.)

  Hi,
  hummmm...
  The client had 1 Server with AD and All Apps, IIS, Terminal Servers (30 device Cal), File Server, SQL2008R2 on it
  Task: Install new AD server promote it to DC,  bring in 2nd server, Replicate the File Server (DFSR) on these 2 servers, and demote it to standard server. 
  1) Old AD with name "Server" with OS-2008R2 SP1 and is a DC.
  2) Brought in a new server "PrimaryAD", Installed 2008R2, done DC Promo, and added it as Additional Domain controller
  3) Transferred roles from old server "Server" to "PrimaryAD"
  4) Brought in a new File Server replicating server "Backup-Server"
  5) Copied all the data from Server to Backup-server as DFS initial file sync with robocopy
  6) here the problem started, after the copy finished, next morning the "Server" server crashed.....
  7) thank god the data was backed up on Backup-server. but we didnt get the time to Demote the server "Server" and remove AD from it.
  8) Since AD was replicated so "PrimaryAD" was are DC, brought 2nd Server "SecondaryDC" as additional domain controller.
  9) we cleaned up the metadata and used ASIEDIT to clean the remaining stuff.
  10) the "Server" server was formatted and renamed as "Primary-Server" and OS2008R2 SP1 was installed with rest of required apps
  11) so now the PrimaryAD the DC, SecondaryAD the Additional Domain controller, Primary-Server the mail server and File server, the Backup-server, the replicated server.
  Now configured DFS Replication from Primary-Server to Backup-server and receive following Event ID 1202
  If i Configure DFS Replication as follows
  PrimaryAD <<>> SecondaryAD -= Works... no errors...
  PrimaryAD <<>> Backup-Server = Creates but Dosent works Event ID 5012, error The DFS Replication service failed to communicate with partner BACKUP-SERVER, Additional Information: Error: 9026 (The connection is invalid)
  PrimaryAD <<>> Primary-Server = Dosent creates replication job just hangs,
  on primaryad continious Eveni ID 10009, DCOM was unable to communicate with the computer "SERVER" using any of the configured protocols
  ......something on PrimaryAD is still trying to connect to old corrupt AD server "Server"
  No errors with AD replication, SYSVOL & Netlogon shares also working fine and accessible.
  DFS Diagnose report says
  DNS name: backup-server.mydomain.com
  Domain name: mydomain.COM
  Reference domain controller: --           (HERE there is NO DOMAIN CONTROLLER mentioned) 
  IP address: 192.168.1.248,192.168.1.251,::1
  Site: Default-First-Site-Name
  Forgot to mention, gave full rights with ADSIEDIT to DFSR-LocalSettings  for all server to Administrator and read permissions to "Authenticated Users"
  DFSRDIAG POLLAD throws following error
  c:\Dfsrdiag pollad /verbose
  [INFO] Computer Name: BACKUP-SERVER
  [INFO] Computer DNS: Backup-Server.mydomain.COM
  [INFO] Domain Name: mydomain
  [INFO] Domain DNS: mydomain.COM
  [INFO] Site Name: Default-First-Site-Name
  [INFO] Connected to WMI services on computer: Backup-Server.mydomain.COM
  [INFO] Invoke PollDsNow() method on Backup-Server.mydomain.COM
  [ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
  [ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
  Can anyone point me to any direction which can lead to resolution of this ERROR and make DFS_R work..
  Thanks
  bikram

  Hi,
  It seems that DCPROMO did its work without complaints, still the DFSR references remained in AD. You could refer to the article below to clean up the DFS Replication object.
  How to remove data in Active Directory after an unsuccessful domain controller demotion
  http://support.microsoft.com/kb/216498
  In additional, please refer to the following thread to troubleshoot the issue:
  DFS is not working anymore.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/953be9ef-e9e3-4885-a5c4-47fc475ba562/dfs-is-not-working-anymore?forum=winserverfiles
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.