chrismaksimik
asked on
Errors 1030 and 1058 in event log every 5 minutes
Server 2003 SBS domain with 3 additional domain controllers and a stand alone server.
This one I have tried everything...
We had a Rootkit Virus a few months ago, we converted the server using ESXI. The server needed a repair install, and a lot of repair work, but it is back to normal,,,
Some time ago, on all of the S2003 servers,but NOT the SBS server, Errors 1030 and 1058 would show up every 5 minutes. On the DC that holds SBS, these errors are not present.
One S2003 server would freeze and have to be rebooted every few days (Although I do Not believe his is related)
I have checked and reset permissions on the sysvol folder, purged the MupCache.
I have added a new Server 2003 on Hyper-v it logs the errors also.
I have a feeling that this is a replication issue, but I have exhausted all options, and I feel Active directory is damaged.
Any help and suggestions will be appreciated, thanks for all your help.
This one I have tried everything...
We had a Rootkit Virus a few months ago, we converted the server using ESXI. The server needed a repair install, and a lot of repair work, but it is back to normal,,,
Some time ago, on all of the S2003 servers,but NOT the SBS server, Errors 1030 and 1058 would show up every 5 minutes. On the DC that holds SBS, these errors are not present.
One S2003 server would freeze and have to be rebooted every few days (Although I do Not believe his is related)
I have checked and reset permissions on the sysvol folder, purged the MupCache.
I have added a new Server 2003 on Hyper-v it logs the errors also.
I have a feeling that this is a replication issue, but I have exhausted all options, and I feel Active directory is damaged.
Any help and suggestions will be appreciated, thanks for all your help.
You do have a replication problem. FRS is the replication process for the sysvol and netlogon shares. FRS problems stem from discrepancies in DNS 99.99% of the time.
FIRTS OFF: Let's provide you with some ammo to understand what's going on.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html
Now, you can open up a 50 point question in DNS to perform DNS troubleshooting. Once done with fixing all DNS discrepancies, then we can reset your replication set, UNLESS we are looking at some tombstoned servers.
FIRTS OFF: Let's provide you with some ammo to understand what's going on.
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html
Now, you can open up a 50 point question in DNS to perform DNS troubleshooting. Once done with fixing all DNS discrepancies, then we can reset your replication set, UNLESS we are looking at some tombstoned servers.
When posting a DNS troubleshooting question, MAKE SURE, you link this thread within your question.
ASKER
OK, I followed the Link, and I see that I have C:\WINDOWS\SYSVOL\sysvol\( Domain name)\scripts.
apparently this is not correct? Should I just cut/paste sysvol subfolder to the root of c:\windows?
apparently this is not correct? Should I just cut/paste sysvol subfolder to the root of c:\windows?
ASKER
I tried this:
REPADMIN /SHOWREPS %UPSTREAMCOMPUTER%
REPADMIN /SHOWREPS %DOWNSTREAMCOMPUTER%
both times, I received this:
[d:\srv03rtm\ds\ds\src\uti l\repadmin \repbind.c , 154] LDAP error 81 (server Down) Win32 Err 58.
REPADMIN /SHOWREPS %UPSTREAMCOMPUTER%
REPADMIN /SHOWREPS %DOWNSTREAMCOMPUTER%
both times, I received this:
[d:\srv03rtm\ds\ds\src\uti
ASKER
The server never goes into standby, I tried that first solution with the service pack reinstall, the errors are every 5 minutes., It didnt work....
You have DNS related issues. AD is not seeing the LDAP servers. This is an SRV record within DNS.
Please provide the output of going to the command prompt and typing:
DCdiag /test:DNS > DNS.txt
and
DCdiag /v > DCdiag.txt
You will need to do this on one DC showing problems. Let's get to the root of the problem.
Please provide the output of going to the command prompt and typing:
DCdiag /test:DNS > DNS.txt
and
DCdiag /v > DCdiag.txt
You will need to do this on one DC showing problems. Let's get to the root of the problem.
ASKER
Still working on the dns issues. I noticed that All of the DC's and PC's have this error. the Pcs are more sporadic in the event logs.
ASKER
I transferred all FSMO roles to A new Server 2003 server. and all errors stopped. I demoted the old server using DCPromo, and all seemed to work OK, Funny thing, The Server membership changed to a workgroup server. So I changed it back to domain membership as a member server, and the errors came back on the new DC.
i hope this sheds some light on the subject
i hope this sheds some light on the subject
If it's now a member server, your remaining DC has metadata on it to replicate the Syvol and Netlogon shares. You don't want that metadata.
Please follow this link for DNS, FRS, and AD metadata cleanup on the remaining DC.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Please follow this link for DNS, FRS, and AD metadata cleanup on the remaining DC.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
ASKER
This is exactly the site that i went to when I transferred the roles. I will go through this again, to make sure no residual serverobjects are there. i will post my results
Any luck, boss?
ASKER
I looked in the system properties of the computer name. it was servername.location.domain .local.
I renamed it to servername.domain.local, I did the same thing on network settings/tcpip/advanced/dn s and the event errors went away.
Well, they are not happenning every 5 minutes anymore. its now like every 2 hours... So Were getting there!
And sorry for the Delay
I renamed it to servername.domain.local, I did the same thing on network settings/tcpip/advanced/dn
Well, they are not happenning every 5 minutes anymore. its now like every 2 hours... So Were getting there!
And sorry for the Delay
ASKER
its still happenning on the new server every 5 min. this is getting crazy. i thought i had it licked!
Oh, you renamed a server while it was an active server?
What roles does the SBS server play?
Were you considering retiring it?
What roles does the SBS server play?
Were you considering retiring it?
ASKER
Not the name, but the DNS suffix of the secondary DC. (Not the SBS Server)
I still have the errors On the New DC, NOT the SBS server. The Old Secondary DC has been reverted to a Member server.Now we have a SBS server and a second DC, both 2003.
The SBS server handles Exchange, Printing, Companyweb, and some file sharing.
Looking in the event logs, I see the server had a successful event, 2/28/2011, event ID 1704 Source: sceCli. The security Policy in GPO has been applied Successfully.
This is at 7:56 PM.
At 8:01 I get a warning: error 53258 MSDTC
MS DTC could not process a Promotion/demotion event. No Callstack.
At 8:01, I get the 1058 1030 errors every 5 minutes until 3/30/2011.
Out of the Blue, I get the Success again
SCECli 1704 Security Policy has been applied successfully.
No similar events as of yet. Nothing in the system log, FRS log, DNS log to indicate issue.(At least with this server)
I am going to look at the event Logs of the SBS server to see any clues.
I still have the errors On the New DC, NOT the SBS server. The Old Secondary DC has been reverted to a Member server.Now we have a SBS server and a second DC, both 2003.
The SBS server handles Exchange, Printing, Companyweb, and some file sharing.
Looking in the event logs, I see the server had a successful event, 2/28/2011, event ID 1704 Source: sceCli. The security Policy in GPO has been applied Successfully.
This is at 7:56 PM.
At 8:01 I get a warning: error 53258 MSDTC
MS DTC could not process a Promotion/demotion event. No Callstack.
At 8:01, I get the 1058 1030 errors every 5 minutes until 3/30/2011.
Out of the Blue, I get the Success again
SCECli 1704 Security Policy has been applied successfully.
No similar events as of yet. Nothing in the system log, FRS log, DNS log to indicate issue.(At least with this server)
I am going to look at the event Logs of the SBS server to see any clues.
ASKER
Nothing in the event logs of the SBS server To shed light on This issue.
At 5:40 on the 30th(After the Successful replication event) There is an event ID 106,
Source: EventForwarderOperation
Subsription Policy has changed
From 3/30/2011 5:18 PM until 8:13 there were no error events until:
error 1003
SceSrv
Notification of Policy change from LSA/SAM has been retried and Failed.Error 4312 to save Policy change for account s-1-5-21................
Again at 5:23 PM , and 1 day later at 5:24 PM on 4/1/2011.
I really hope this sheds some light on this.
At 5:40 on the 30th(After the Successful replication event) There is an event ID 106,
Source: EventForwarderOperation
Subsription Policy has changed
From 3/30/2011 5:18 PM until 8:13 there were no error events until:
error 1003
SceSrv
Notification of Policy change from LSA/SAM has been retried and Failed.Error 4312 to save Policy change for account s-1-5-21................
Again at 5:23 PM , and 1 day later at 5:24 PM on 4/1/2011.
I really hope this sheds some light on this.
Yes, it does. It appears you have metadata of an old server left on that server.
On your problem child server, go to the command prompt and type:
DCdiag /v
and DCdiag /Test:DNS
So, i can see the diagnostics.
On your problem child server, go to the command prompt and type:
DCdiag /v
and DCdiag /Test:DNS
So, i can see the diagnostics.
ASKER
I will post in2 different windows. I have also created a NEW SBS2003 R2 server, and am slowly going through the migration steps, after installing Active directory and transferring roles, the NEW server is also having these same issues, replicating to the 2nd domain controller. SBS setup on the New is not complete, This is just for information. It seems like AD is damaged in some way?
ASKER
ASKER
I see the old DNS server(No Longer a DNS server is still in there..... testdns.txt
ASKER
I have set up a New 2003 SBS r2 Server on 2008 core Hyper-v.
Still getting the errors. How does this happen? Could it just be that the domain is corrupt or something?
Still getting the errors. How does this happen? Could it just be that the domain is corrupt or something?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I removed the two Old DNS servers, although they are still serving a small purpose on the network, I will follow those actions in a day or so and get back to you. sorry for the delay there have been many projects and I have not been following this issue.
ASKER
I found this, I deleted the bad policy, since the domain name was correct...
http://support.microsoft.com/kb/888943
http://support.microsoft.com/kb/888943
ASKER
The suggestions led me to the correct solution
http://support.microsoft.com/kb/842804
It looks like a GP related error. First I would check the path to the gpt.ini file (see kb article) and make sure it exists.
Also, per the kb article, I would either try to put the latest service pack on or reinstall the latest SP.
Lastly, perhaps try to open gpedit and look at the policy in question. Drill down to it in gpedit and see if there is a yellow exclamation mark. If so, this usually means the user or the computer configuratino got disabled. Try toggling the setting to get the policy working again.