rwooders
asked on
!!! URGENT!!! !!! HELP !!! Error 1126 & Warning 1655 - Unable to establish a connection with the global catalog
This server was running fine until I started having some problems with a network printer. I had to remove the drivers/software and re-install it all, which required a reboot. After the reboot, printer was fine but everything else is screwed. I am getting the errors and warnings below and it seems that the Global Catalog is unavailable.
I have tried running:
secedit /configure /cfg "setup security.inf" /db ss.sdb /log ss.log /verbose from MS article http://support.microsoft.com/default.aspx?scid=kb;en-us;305837 but this has not helped at all.
I'm not even able to restore the machine from the backups as BackupExec will not start for some reason.
Anyway the errors listed in the Event log are as follows, and if anyone has a solution I'd love to hear from ya as this has been going on since last week now and I am getting desperate.
Just out of interest, would building another machine as a server and promoting it with dcpromo, then demote the current machine and then repromote it help ????????
Any ideas most welcome
Thanks
Rob.
Event Type: Warning
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1655
Date: 10/05/2004
Time: 09:22:01
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER
Description: Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful.
Global catalog:
\\xxxxx.yyyyyyyy.com
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
5 Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1126
Date: 10/05/2004
Time: 09:22:01
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER
Description:
Active Directory was unable to establish a connection with the global catalog.
Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200c45
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Event Type: Information
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1869
Date: 10/05/2004
Time: 09:22:01
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER
Description:
Active Directory has located a global catalog in the following site.
Global catalog:
\\xxxxx.yyyyyyyy.com
Site:
Default-First-Site-Name
The above 3 Events are appearing in the Directory Service log every hour.
This event is appearing in the File Replication Log
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 10/05/2004
Time: 09:11:12
User: N/A
Computer: SERVER
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller server.woodshill.com for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
All the other errors in the event log are related to DNS and Exchange mainly as they are unable to connect to AD/GC
This is the main Exchnage error:
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 10/05/2004
Time: 09:50:22
User: N/A
Computer: SERVER
Description:
Process INETINFO.EXE (PID=1820). Topology Discovery failed, error 0x80040931.
and the DNS Error:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Date: 10/05/2004
Time: 09:44:44
User: N/A
Computer: SERVER
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00 -#..
I have tried running:
secedit /configure /cfg "setup security.inf" /db ss.sdb /log ss.log /verbose from MS article http://support.microsoft.com/default.aspx?scid=kb;en-us;305837 but this has not helped at all.
I'm not even able to restore the machine from the backups as BackupExec will not start for some reason.
Anyway the errors listed in the Event log are as follows, and if anyone has a solution I'd love to hear from ya as this has been going on since last week now and I am getting desperate.
Just out of interest, would building another machine as a server and promoting it with dcpromo, then demote the current machine and then repromote it help ????????
Any ideas most welcome
Thanks
Rob.
Event Type: Warning
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1655
Date: 10/05/2004
Time: 09:22:01
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER
Description: Active Directory attempted to communicate with the following global catalog and the attempts were unsuccessful.
Global catalog:
\\xxxxx.yyyyyyyy.com
The operation in progress might be unable to continue. Active Directory will use the domain controller locator to try to find an available global catalog server.
Additional Data
Error value:
5 Access is denied.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1126
Date: 10/05/2004
Time: 09:22:01
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER
Description:
Active Directory was unable to establish a connection with the global catalog.
Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200c45
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.
Event Type: Information
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1869
Date: 10/05/2004
Time: 09:22:01
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER
Description:
Active Directory has located a global catalog in the following site.
Global catalog:
\\xxxxx.yyyyyyyy.com
Site:
Default-First-Site-Name
The above 3 Events are appearing in the Directory Service log every hour.
This event is appearing in the File Replication Log
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 10/05/2004
Time: 09:11:12
User: N/A
Computer: SERVER
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller server.woodshill.com for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
All the other errors in the event log are related to DNS and Exchange mainly as they are unable to connect to AD/GC
This is the main Exchnage error:
Event Type: Error
Event Source: MSExchangeDSAccess
Event Category: Topology
Event ID: 2114
Date: 10/05/2004
Time: 09:50:22
User: N/A
Computer: SERVER
Description:
Process INETINFO.EXE (PID=1820). Topology Discovery failed, error 0x80040931.
and the DNS Error:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Date: 10/05/2004
Time: 09:44:44
User: N/A
Computer: SERVER
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00 -#..
Fatal_Exception
First, I certainly recommend you having more than one DC anyway, so go ahead and build your second server and promote it. The thing is if your GC is not available, then you will still have an issue. Go to Sites and Services and make sure that the server is holding the GC....
ASKER
Ok, I have checked the NTDS setting and the server is holding the GC.
I have just finished building the new server but I am unable to run DCPROMO as the DNs is not available for the domain, so SRV record was found.......
Any ideas on what next to try?
I have just finished building the new server but I am unable to run DCPROMO as the DNs is not available for the domain, so SRV record was found.......
Any ideas on what next to try?
Have you cked your DNS console to make sure all the records are there and properly created..??
SRV Resource Records May Not Be Created on Domain Controller:
http://support.microsoft.com/?kbid=239897
I might suggest you run some diagnostics on your DNS...
DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation:
http://support.microsoft.com/?kbid=265706
HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000:
http://support.microsoft.com/?kbid=321708
Description of the DNSLint Utility and dnslint.exe dnload:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;321045
SRV Resource Records May Not Be Created on Domain Controller:
http://support.microsoft.com/?kbid=239897
I might suggest you run some diagnostics on your DNS...
DCDiag and NetDiag in Windows 2000 Facilitate Domain Join and DC Creation:
http://support.microsoft.com/?kbid=265706
HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000:
http://support.microsoft.com/?kbid=321708
Description of the DNSLint Utility and dnslint.exe dnload:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;321045
ASKER
The forward lookup zone for the domain is not available as I think it is Active directory intergrated, and as I seem to be having problems with AD this is why it's not available.
I will have a look at the articles above and try and run some of these tools.
The DNS error is below:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Date: 10/05/2004
Time: 09:44:44
User: N/A
Computer: SERVER
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00 -#..
I will have a look at the articles above and try and run some of these tools.
The DNS error is below:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Date: 10/05/2004
Time: 09:44:44
User: N/A
Computer: SERVER
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00 -#..
ASKER
FYI:
DNS is functioning to some degree, as internet browsing etc is working, just the Forward Lookup Zone for the Domain can't be loaded from AD. NSLOOKUP queries are functioning okay.
DNS is functioning to some degree, as internet browsing etc is working, just the Forward Lookup Zone for the Domain can't be loaded from AD. NSLOOKUP queries are functioning okay.
ASKER
It was suggested that this behavior can occur if you lock the system partition and remove the Everyone group from various locations.
I have looked at the Microsoft Article "DNS, Intersite Messaging, Global Catalog, NTFRS, and "Invalid Credentials" Error Messages on Domain Controller" http://support.microsoft.com/default.aspx?scid=kb;en-us;305837
and have tried the suggested fix:
cd \winnt\security\templates
secedit /configure /cfg "setup security.inf" /db ss.sdb /log ss.log /verbose
secedit /configure /cfg basicdc.inf /db basicdc.sdb /log basicdc.log /verbose
but the 3rd line of this doesn't work on 2003 as the basicdc.inf does not exist in 2003. Do you know if this is the absolutely correct way of fixing the locked partion/missing permissions in 2003, or is there other templates that need to be loaded?
I have looked at the Microsoft Article "DNS, Intersite Messaging, Global Catalog, NTFRS, and "Invalid Credentials" Error Messages on Domain Controller" http://support.microsoft.com/default.aspx?scid=kb;en-us;305837
and have tried the suggested fix:
cd \winnt\security\templates
secedit /configure /cfg "setup security.inf" /db ss.sdb /log ss.log /verbose
secedit /configure /cfg basicdc.inf /db basicdc.sdb /log basicdc.log /verbose
but the 3rd line of this doesn't work on 2003 as the basicdc.inf does not exist in 2003. Do you know if this is the absolutely correct way of fixing the locked partion/missing permissions in 2003, or is there other templates that need to be loaded?
Been in and out of meetings today and just have a sec... To answer your question, I just don't know. I will try to take some time tonight to research it and get back to you... Sorry I can't commit more time right now, but am sure you understand..
FE
FE
ASKER
No problem, appreciate the time -
Thanks
Rob.
Thanks
Rob.
Got a question.. Have you cked to make sure that your sysvol and netlogon folders are existing in the right locations..?? I seem to remember a similar problem with this and we directed the user to this page, which resolved the problem... Just a thought..
http://www.jsiinc.com/SUBO/tip7300/rh7394.htm
http://www.jsiinc.com/SUBO/tip7300/rh7394.htm
ASKER
Working ok now...
I managed to get BackupExec working in the Directory Restore Mode and restored the entire System Partition and System State.
Had a few problems with Exchange as i need to import the current database files and they needed to be repaired.
Had to use eseutil /r "C:\Program Files\Exchsrvr\MDBDATA\Pri
The /i was needed as the Database file (edb) and the Streaming Data File (stm) did not match.
Everything is working, except now I get a few errors on Startup, as it seems the timings of the services starting is a bit out. I get errors in Exchange that sort of thing (See below).
All the services do start but errors are logged on startup.... Not a big problem but a little annoying.
Any ideas on how you might be able to sor this? I have had a look at Microsoft and this article (http://support.microsoft.com/default.aspx?scid=kb;en-us;828051) seems to relate even thouggh SBS has not been installed.
I though having a second DC might help but it doesn't unfortunatey.
So in summary, everthing is working now except the problem with the errors being logged at Startup.
Microsofts comments are: This event occurs because of differences in the timing between services as they stop and start. You can ignore this event if it occurs during computer shutdown and startup.
but I would like to stop this and will allocate to 500 points if it can be solved.
thanks for the help
Rob.
Event Type: Error
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8026
Date: 12/05/2004
Time: 23:03:31
User: N/A
Computer: SERVER
Description:
LDAP Bind was unsuccessful on directory server.woodshill.com for distinguished name ''. Directory returned error:[0x51] Server Down.
I managed to get BackupExec working in the Directory Restore Mode and restored the entire System Partition and System State.
Had a few problems with Exchange as i need to import the current database files and they needed to be repaired.
Had to use eseutil /r "C:\Program Files\Exchsrvr\MDBDATA\Pri
The /i was needed as the Database file (edb) and the Streaming Data File (stm) did not match.
Everything is working, except now I get a few errors on Startup, as it seems the timings of the services starting is a bit out. I get errors in Exchange that sort of thing (See below).
All the services do start but errors are logged on startup.... Not a big problem but a little annoying.
Any ideas on how you might be able to sor this? I have had a look at Microsoft and this article (http://support.microsoft.com/default.aspx?scid=kb;en-us;828051) seems to relate even thouggh SBS has not been installed.
I though having a second DC might help but it doesn't unfortunatey.
So in summary, everthing is working now except the problem with the errors being logged at Startup.
Microsofts comments are: This event occurs because of differences in the timing between services as they stop and start. You can ignore this event if it occurs during computer shutdown and startup.
but I would like to stop this and will allocate to 500 points if it can be solved.
thanks for the help
Rob.
Event Type: Error
Event Source: MSExchangeAL
Event Category: LDAP Operations
Event ID: 8026
Date: 12/05/2004
Time: 23:03:31
User: N/A
Computer: SERVER
Description:
LDAP Bind was unsuccessful on directory server.woodshill.com for distinguished name ''. Directory returned error:[0x51] Server Down.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks