Link to home
Start Free TrialLog in
Avatar of chrismaksimik
chrismaksimikFlag for United States of America

asked on

Errors 1030 and 1058 in event log every 5 minutes

Server 2003 SBS domain with 3 additional domain controllers and a stand alone server.
This one I have tried everything...
We had a Rootkit Virus a few months ago, we converted the server using ESXI. The server needed a repair install, and a lot of repair work, but it is back to normal,,,
Some time ago, on all of the S2003 servers,but NOT the SBS server, Errors 1030 and 1058 would show up every 5 minutes. On the DC that holds SBS, these errors are not present.
One S2003 server would freeze and have to be rebooted every few days (Although I do Not believe his is related)
I have checked and reset permissions on the sysvol folder, purged the MupCache.
I have added a new Server 2003 on Hyper-v it logs the errors also.
I have a feeling that this is a replication issue, but I have exhausted all options, and I feel Active directory is damaged.
Any help and suggestions will be appreciated, thanks for all your help.
Avatar of chkdsk01
chkdsk01
Flag of United States of America image

Did you take a look at this KB article?
http://support.microsoft.com/kb/842804

It looks like a GP related error.  First I would check the path to the gpt.ini file (see kb article) and make sure it exists.

Also, per the kb article, I would either try to put the latest service pack on or reinstall the latest SP.

Lastly, perhaps try to open gpedit and look at the policy in question.  Drill down to it in gpedit and see if there is a yellow exclamation mark.  If so, this usually means the user or the computer configuratino got disabled.  Try toggling the setting to get the policy working again.
You do have a replication problem. FRS is the replication process for the sysvol and netlogon shares. FRS problems stem from discrepancies in DNS 99.99% of the time.

FIRTS OFF: Let's provide you with some ammo to understand what's going on.

https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html

Now, you can open up a 50 point question in DNS to perform DNS troubleshooting. Once done with fixing all DNS discrepancies, then we can reset your replication set, UNLESS we are looking at some tombstoned servers.
When posting a DNS troubleshooting question, MAKE SURE, you link this thread within your question.
Avatar of chrismaksimik

ASKER

OK, I followed the Link, and I see that I have C:\WINDOWS\SYSVOL\sysvol\(Domain name)\scripts.
apparently this is not correct? Should I just cut/paste sysvol subfolder to the root of c:\windows?
I tried this:
 REPADMIN /SHOWREPS %UPSTREAMCOMPUTER%
REPADMIN /SHOWREPS %DOWNSTREAMCOMPUTER%

both times, I received this:
[d:\srv03rtm\ds\ds\src\util\repadmin\repbind.c, 154] LDAP error 81 (server Down) Win32 Err 58.
The server never goes into standby, I tried that first solution with the service pack reinstall, the errors are every 5 minutes., It didnt work....
You have DNS related issues. AD is not seeing the LDAP servers. This is an SRV record within DNS.

Please provide the output of going to the command prompt and typing:

DCdiag /test:DNS > DNS.txt
and
DCdiag /v > DCdiag.txt

You will need to do this on one DC showing problems. Let's get to the root of the problem.
Still working on the dns issues. I noticed that All of the DC's and PC's have this error. the Pcs are more sporadic in the event logs.
I transferred all FSMO roles to A new Server 2003 server. and all errors stopped. I demoted the old server using DCPromo, and all seemed to work OK,  Funny thing, The Server membership changed to a workgroup server. So I changed it back to domain membership as a member server, and the errors came back on the new DC.

i hope this sheds some light on the subject
If it's now a member server, your remaining DC has metadata on it to replicate the Syvol and Netlogon shares. You don't want that metadata.

Please follow this link for DNS, FRS, and AD metadata cleanup on the remaining DC.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
This is exactly the site that i went to when I transferred the roles. I will go through this again, to make sure no residual serverobjects are there. i will post my results
Any luck, boss?
I looked in the system properties of the computer name. it was servername.location.domain.local.
I renamed it to servername.domain.local, I did the same thing on network settings/tcpip/advanced/dns and the event errors went away.

Well, they are not happenning every 5 minutes anymore. its now like every 2 hours... So Were getting there!

And sorry for the Delay
its still happenning on the new server every 5 min. this is getting crazy. i thought i had it licked!
Oh, you renamed a server while it was an active server?

What roles does the SBS server play?

Were you considering retiring it?
Not the name, but the DNS suffix of the secondary DC. (Not the SBS Server)
I still have the errors On the New DC, NOT the SBS server. The Old Secondary DC has been reverted to a Member server.Now we have a SBS server and a second DC, both 2003.
The SBS server handles Exchange, Printing, Companyweb, and some file sharing.

Looking in the event logs, I see the server had a successful event, 2/28/2011, event ID 1704 Source: sceCli. The security Policy in GPO has been applied Successfully.
This is at 7:56 PM.
At 8:01 I get a warning: error 53258  MSDTC
MS DTC could not process a Promotion/demotion event. No Callstack.
At 8:01, I get the 1058 1030 errors every 5 minutes until 3/30/2011.
Out of the Blue, I get the Success again
SCECli 1704 Security Policy has been applied successfully.

No similar events as of yet. Nothing in the system log, FRS log, DNS log to indicate issue.(At least with this server)
I am going to look at the event Logs of the SBS server to see any clues.
Nothing in the event logs of the SBS server To shed light on This issue.
At 5:40 on the 30th(After the Successful replication event) There is  an event ID 106,
Source: EventForwarderOperation

Subsription Policy has changed

From 3/30/2011 5:18 PM until 8:13 there were no error events until:
error 1003
SceSrv
Notification of Policy change from LSA/SAM has been retried and Failed.Error 4312 to save Policy change for account s-1-5-21................
Again at 5:23 PM , and 1 day later at 5:24 PM on 4/1/2011.

I really hope this sheds some light on this.
Yes, it does. It appears you have metadata of an old server left on that server.

On your problem child server, go to the command prompt and type:

DCdiag /v

and DCdiag /Test:DNS

So, i can see the diagnostics.
I will post in2 different windows. I have also created a NEW SBS2003 R2 server, and am slowly going through the migration steps, after installing Active directory and transferring roles, the NEW server is also having these same issues, replicating to the 2nd domain controller. SBS setup on the New is not complete, This is just for information. It seems like AD is damaged in some way?
I see the old DNS server(No Longer a DNS server is still in there..... testdns.txt
I have set up a New 2003 SBS r2 Server on 2008 core  Hyper-v.

Still getting the errors. How does this happen? Could it just be that the domain is corrupt or something?
ASKER CERTIFIED SOLUTION
Avatar of ChiefIT
ChiefIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I removed the two Old DNS servers, although they are still serving a small purpose on the network, I will follow those actions in a day or so and get back to you. sorry for the delay there have been many projects and I have not been following this issue.
I found this, I deleted the bad policy, since the domain name was correct...
http://support.microsoft.com/kb/888943
The suggestions led me to the correct solution