Question

Event ID 4000 causing DNS problems and Event ID 1000 userenv problems.

Asked by: stewartje

Help Help Help.

I have been having problems with our server.  We have a:
P3 1200 Dell
785 Ram with around 500 being used currently.
SCSI HDD 18 GB

We have been getting the following errors and it has forced me to reboot the server at least once every 4 to 5 days for the past three weeks.

 Event ID 4000 and 4004 keep repeating themselves whereas 408, 407 and 9999 show up every hour.  We have also been getting userenv errors 1000.  I believe these to be causing network instability, users have trouble sending and receiving files and it seems to be giving GroupWise a hard time.

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4004
Computer:      SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone XXXX.local.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.


Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4000
Computer:      SERVER
Description:
The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      408
Computer:      SERVER
Description:
The DNS server could not open socket for address 0.0.0.0.
Verify that this is a valid IP address for the server computer.  If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.  Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error.  In that case remove the DNS\Parmeters\ ListenAddress value in the services section of the registry and restart.)
 
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.


Event Type:      Warning
Event Source:      DNS
Event Category:      None
Event ID:      9999
Computer:      SERVER
Description:
The DNS server has encountered numerous run-time events.  These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic.  The data is the number of suppressed events encountered in the last 15 minute interval.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-02-27 at 06:19:58ID20900153
Tags

event

,

id

,

dns

,

4000

Topic

Windows 2000 Operating System

Participating Experts
4
Points
500
Comments
34

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Userenv And Autoenrollement
    Good Afternoon. After reading a few articles posted on this site and many others like it, I still have not found a solution to the Userenv and Autoenrollement issues, that keep appearing in my Event Viewer. I am running a SBS 2003 Server Environment with Windows XP Machines...
  2. EVENT ID 1030 & 1090 USERENV
    have three w2k3 server in a 2000 native domain. Since yesterday I started recieveing the following errors in my event logs Error 1:Event Type: Error Event Source: Userenv Event Category: None Event ID: 1030 Date: 7/7/2004 Time: 3:23:18 PM U...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: 1stITMANPosted on 2004-02-27 at 07:53:39ID: 10470176

Event ID: 4004
Source DNS  
Type Error  
Description The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.  
Things to understand What is the role of a DNS server?  
Comments Anonymous (Last update 2/17/2004):
In my case, this error appeared after I changed the network and I forgot to change the reverse-lookupzone.

Ionut Marin (Last update 2/17/2004):
From a newsgroup post: "If you have 2 DC/DNS servers, to avoid this error, make sure you have the following under IP properties:
DC1:
  First DNS address points to DC2.
  Second DNS address points to itself.
DC2:
  First DNS address points to DC1.
  Second DNS address points to itself".

From a newsgroup post: "This can be caused if you have a single DC or two DCs and they point to themselves as the first entry in the DNS list in IP properties and the zone is AD Integrated. Reason could be that the DC has many services running on it (SQL, Exchange, etc.) or is a slower machine, and when the Netlogon service tries to register into the zone at boot time, AD is not quite initialized yet and so you get the error. You can either ignore it or change the zone to a Primary, or if you have multiple DCs, change the first entry to the partner and the second to itself".

Dennis Mueller
The error may occure if the "RootDNSServers"-entry was deleted and the DNS-job not restarted.

Adrian Grigorof
It is likely that DC either is not configured to use a DNS server that has as valid copy of the DNS zone, or the zone does not have the needed SRV records. Running DCDiag (from the Windows 2000 Resource Kit) may provide some information about the source of the errors. Also, NETDiag can be run for additional information.

Benjamin Scott
MS PSS reports this error may occur in a single-server environment, during server startup, for AD-integrated DNS zones.  Apparently, DNS is starting before AD is ready to answer queries, and DNS cannot wait for AD to start since AD needs DNS.  PSS reports the error can be ignored, as the DNS zones will load as soon as AD is ready.  PSS said that switching to a standard (not AD-integrated) zone would work around the problem.  

 

by: 1stITMANPosted on 2004-02-27 at 07:54:24ID: 10470184

Event ID: 408
Source DNS  
Type Error  
Description DNS Server could not open socket for address [IP address of server]. Verify that this is a valid IP address on this machine. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ListenAddress value in the services section of the registry and restart.) If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.  
Things to understand What is the role of a DNS server?  
Comments Adrian Grigorof (Last update 11/10/2003):
According to Microsoft, this problem was corrected in Windows 2000 SP2. See Q260186 for more details.

Ionut Marin (Last update 11/10/2003):
As per Microsoft: "These errors can occur on computers that have both of the following services installed on the same server: Network Address Translation (NAT) and DNS Server". See Q279678 to fix this problem.


Event ID: 9999
Source DNS  
Type Warning  
Description DNS Server has encounters numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minute interval.  
Things to understand What is a “runtime”?
What is the role of a DNS server?  
Comments Adrian Grigorof
As per Microsoft: "The occurrence of these event error messages does not necessarily indicate a problem with the DNS service" This event  indicates that a number of events were blocked by DNS from being logged in Event Viewer (the number itself is in the "Data" section). After this event, the logging starts again.  

 

by: 1stITMANPosted on 2004-02-27 at 07:58:10ID: 10470214

Event ID: 407
Source DNS  
Type Error  
Description Description: DNS server could not bind a Datagram (UDP) socket to [IP_address]. The data is the error.  
Things to understand What is the role of a DNS server?  
Comments Adrian Grigorof (Last update 11/10/2003):
According to Microsoft, this problem was corrected in Windows 2000 SP2. See Q260186 for more details.

Ionut Marin (Last update 11/10/2003):
As per Microsoft: "These errors can occur on computers that have both of the following services installed on the same server: Network Address Translation (NAT)and DNS Server". See Q279678 for more details


For userenv errors http://www.eventid.net/display.asp?eventid=1000&source=userenv

 

by: stewartjePosted on 2004-02-27 at 09:19:51ID: 10470921

1stITMAN

I found the same replies that you did for these problems.  However none fit nor worked for my situation.  I tried to run dcdiag but it would not work on our server.

I only have 1 DC and DNS server and I do not have a reverse zone set up.

I know about AD and how it wants to talk to DNS when the server first boots up.  The problem is forceing me to reboot so that clients can connect to the server and email can work etc...


My server is logon server, a email server, and database server for Lytec (a medical practice management) software.

I am not sure I understand the role of the DNS server and runtime???  

I have used event ID it only gives you a generic response and does not really explain what to do or what is going on.





 

by: 4auHukPosted on 2004-02-27 at 13:09:12ID: 10472606

>I tried to run dcdiag but it would not work on our server.
How's that? Does it give any errors?

And how about netdiag?..

 

by: stewartjePosted on 2004-02-29 at 06:06:23ID: 10480041

should I post the results of the netdiag and if I can get the dcdiag to work, shoul I post them as well?

Jon

 

by: 1stITMANPosted on 2004-02-29 at 11:48:47ID: 10481663

Yes this will help in diagnosing

 

by: 4auHukPosted on 2004-02-29 at 11:55:00ID: 10481685

>should I post the results of the netdiag
Yes it would be handy.

>if I can get the dcdiag to work
Even if you can't, post exact message that appears when you execute "dcdiag" command from command prompt.

 

by: stewartjePosted on 2004-03-02 at 10:10:00ID: 10497384

This is the error I get when trying to run dcdiag from the command prompt.
    "The procedure entry point DsISMangledDnW could not be located in the dynamic link library NTDSAPI.dll"

Also as a side note I have to change directories to the resource folder in order to get dcdiag or netdiag to even think about running.  other programs of this nature usually know and run from the c:

Here is the netdiag info:


    Computer Name: SERVER
    DNS Host Name: SERVER.XXX.local
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 11 Stepping 4, GenuineIntel
    List of installed hotfixes :
        KB329115
        KB819696
        KB823182
        KB823559
        KB824105
        KB824141
        KB824146
        KB825119
        KB826232
        KB828028
        KB828035
        KB828749
        Q147222
        Q816093


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : SERVER
        IP Address . . . . . . . . : 192.168.1.20
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.20


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{CEC6277A-226B-4130-929F-FF93F4D40884}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.20
' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{CEC6277A-226B-4130-929F-FF93F4D40884}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{CEC6277A-226B-4130-929F-FF93F4D40884}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'testserver.SBHS.local'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully

 

by: 4auHukPosted on 2004-03-02 at 11:25:08ID: 10498148

Ok,
Check this PAQ to get dcdiag working.

dcdiag.exe - Entry Point Not Found:
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20585683.html

netdiag output looks fine exept this line:

    [WARNING] Failed to query SPN registration on DC 'testserver.SBHS.local'.

This is not nesessarily an error though. Check this MSKB article:
Netdiag.exe Does Not Query SPN Registration When Down-Level Name Is Different:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;297384

Is testserver another DC in your domain? If so, does it have same problems or working fine?

Don't forget to fix and run dcdiag.

 

by: 1stITMANPosted on 2004-03-02 at 12:05:51ID: 10498523

 

by: stewartjePosted on 2004-03-02 at 17:11:21ID: 10500991

I went to the experts PAQ suggested and tried to reinstall the adminpak.  That did not make dcdiag work.  I got the same error as earlier.
I also downloaded the Windows 2000 SP4 Support tools and installed them.  No change, dcdiag still did not work and I received the same error as listed earlier.


Testserver was a literally a test server to help me learn more about groupwsie and how to manage a server.  I removed it a couple weeks ago.   It is not connected to the server.  

Any suggestions on the dcdiag problem.

I will up the points if thats what it takes.

jon

 

by: 1stITMANPosted on 2004-03-03 at 00:26:18ID: 10502710

How about copying or even checking version number of the dll on all your servers, if it differs then well we ahold be able to copy it over and re-register it I hope.

 

by: stewartjePosted on 2004-03-03 at 12:28:55ID: 10508094

1stITMAN,

Sorry but I am not sure what you are asking.  Which DLL would you like me to check?  I have only one server currently working here.

Jon

 

by: 1stITMANPosted on 2004-03-03 at 14:14:09ID: 10509101

Sorry the dll  NTDSAPI.dll check version etc.. against other servers

 

by: stewartjePosted on 2004-03-03 at 14:24:14ID: 10509176

ok.  what happened????  I guess what I did worked but I did not check it from the c:\.  I navigated to the folder the dcdiag was under to run it.

dcdiag works now and it works from the c:\..........

here are the results

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\SERVER
      Starting test: Connectivity
         ......................... SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\SERVER
      Starting test: Replications
         [Replications Check,SERVER] A recent replication attempt failed:
            From TESTSERVER to SERVER
            Naming Context: CN=Schema,CN=Configuration,DC=XXXX,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failure.
            The failure occurred at 2004-03-03 16:45.20.
            The last success occurred at 2004-01-28 20:45.13.
            844 failures have occurred since the last success.
            The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23a242691ca0._msdcs.XXXX.local
            is not registered on one or more DNS servers.
         [TESTSERVER] DsBind() failed with error 1722,
         The RPC server is unavailable..
         [Replications Check,SERVER] A recent replication attempt failed:
            From TESTSERVER to SERVER
            Naming Context: CN=Configuration,DC=XXXX,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failure.
            The failure occurred at 2004-03-03 16:45.20.
            The last success occurred at 2004-01-28 21:26.58.
            844 failures have occurred since the last success.
            The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23a242691ca0._msdcs.XXXX.local
            is not registered on one or more DNS servers.
         [Replications Check,SERVER] A recent replication attempt failed:
            From TESTSERVER to SERVER
            Naming Context: DC=XXXX,DC=local
            The replication generated an error (8524):
            The DSA operation is unable to proceed because of a DNS lookup failure.
            The failure occurred at 2004-03-03 16:45.20.
            The last success occurred at 2004-01-28 21:34.42.
            844 failures have occurred since the last success.
            The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23a242691ca0._msdcs.
XXXX.local
            is not registered on one or more DNS servers.
         ......................... SERVER passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER passed test NetLogons
      Starting test: Advertising
         ......................... SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER passed test MachineAccount
      Starting test: Services
            SMTPSVC Service is stopped on [SERVER]
         ......................... SERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... SERVER passed test frssysvol
      Starting test: kccevent
         ......................... SERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x0000041B
            Time Generated: 03/03/2004   17:10:59
            Event String: The DHCP/BINL service has determined that it is
         ......................... SERVER failed test systemlog

   Running enterprise tests on : XXXX.local
      Starting test: Intersite
         ......................... XXXX.local passed test Intersite
      Starting test: FsmoCheck
         ......................... XXXX.local passed test FsmoCheck

 

by: 4auHukPosted on 2004-03-03 at 19:14:16ID: 10510793

Most of errors are replication errors. This is because

>Testserver was a literally a test server[..] I removed it a couple weeks ago

I suppose a couple weeks ago was at 2004-01-28 21:34.42. :)
So you have "removed" testserver by just unpugging it from the network or (i hope not) formatting hard drive, right?
This is generally a bad idea because references to this domain controller left in Active Directory databases. If it is possible and if you did nothing with testserver after unplugging from the network, plug testserver back to the network and "remove" it by "dcpromo" command. This will correctly remove all references , transfer FSMO roles and demote testserver from DC to member server.
Be sure to read dcpromo documentation before running. Just to choose right options when Wizard asks for.
If testserver is unavailable, you may have to manually delete all references to this DC from AD.
Another possible trick is to set up a nev server named testserver, promote it to domain controller and then remove it from domain controllers. This will remove most references if not all.

Output also says that there's errors in (surprise) File Replication Service event log, but you did not provided any earlier. Those events may be most important to read because FRS is the service that can prevent server from operating as domain controller if this service has hard time for some reason.

P.S. It is a common practice that test environment and production environment mus be separate all the time. If you play with production environment - you get eventually unworkable production environment.

Best wishes,
4auHuk

 

by: stewartjePosted on 2004-03-05 at 07:48:03ID: 10523693

4auHuk

Thanks for the analysis.

Yes I just unplugged testserver from the network and took it home.  I can plug it back in and try dcpromo.  I have never had to promote or demote a server so this should be fun.  

Here are some errors in the FRS event log:

The first one I am listing showed up after the last time I rebooted.  Seems like rebooting helps restore the sysvol?
The second error is from today and refers to what you wrote about with testserver

Event Type:      Information
Event Source:      NtFrs
Event Category:      None
Event ID:      13516
Date:            2/26/2004
Time:            10:01:39 PM
User:            N/A
Computer:      SERVER
Description:
The File Replication Service is no longer preventing the computer SERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type "net share" to check for the SYSVOL share.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13508
Date:            3/5/2004
Time:            8:57:54 AM
User:            N/A
Computer:      SERVER
Description:
The File Replication Service is having trouble enabling replication from TESTSERVER to SERVER for c:\winnt\sysvol\domain using the DNS name testserver.XXXX.local. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name testserver.XXXX.local from this computer.
 [2] FRS is not running on testserver.XXX.local.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.



What do I do next??????

 

by: 4auHukPosted on 2004-03-05 at 08:28:27ID: 10524125

Let's fix FRS issues first and see if it fixes other.

HOW TO: Promote and Demote Domain Controllers in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;238369#6

 

by: 1stITMANPosted on 2004-03-05 at 14:58:17ID: 10527836

Here we are more info on ur errors

Event ID: 13516
Source NtFrs  
Type Information  
Description The File Replication Service is no longer preventing the computer DESCARTES from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

Type "net share" to check for the SYSVOL share.  
Things to understand  
Comments Ionut Marin (Last update 12/29/2003):
Q315457 gives information on how to rebuild SYSVOL and its content in a Domain. This event also appears in the contents of this article.

Adrian Grigorof
This event is generated when a Windows 2000 domain controller boots or the FRS (File Replication Service) is restarted. This behavior is by design - the event is just informational. The events 13502, 13503, and 13501 are usually generated  before 13516


 

by: 1stITMANPosted on 2004-03-05 at 14:58:35ID: 10527840

Event ID: 13508
Source NtFrs  
Type Warning  
Description The File Replication Service is having trouble enabling replication from <server 1 name> to <server 2 name> for c:\winnt\sysvol\domain; retrying.  
Comments Adrian Grigorof
There could be many reasons for the File Replication Service the experience problems replicating. See Q272279 for general troubleshooting.
One condition that we identified, was a missing SYSVOL share on the domain controller (check with "net share" command). One other reason can be the fact that the computers' time is not synchronized with the domain controller time. See Q285923.

Q326855 indicates that an instance where this error can occur was fixed with Service Pack 2.

Ionut Marin (Last update 12/16/2003):
From a newsgroup post: "Event 13508 in the FRS log is a warning that the FRS service has been unable to complete the RPC connection to a specific replication partner. It indicates that FRS is having trouble, enabling replication with that partner and will keep trying to establish the connection. A single event ID 13508 does not mean anything is broken or not working; simply look for event ID 13509 to make sure that the problem was resolved. Based on the time between event IDs 13508 and 13509, you can determine if there is a real problem that needs to be addressed.
Note that if FRS is stopped after a 13508 event, and then later started at a time when the communication issue has been resolved, no 13509 will be entered in the event log, and without a 13508 message reappearing, replication connections are being made correctly.
Since FRS servers gather their replication topology information from their closest Active Directory domain controller (itself on a domain controller that is also an FRS member), there is also an expected case where a replica partner in another site will not be aware of the replica set until the topology information has been replicated to domain controllers in that site. When the topology information finally reaches that distant domain controller, the FRS partner in that site will be able to participate in the replica set and lead to FRS event ID 13509. Note that intra-site Active Directory replication partners replicate every 5 minutes. Inter-site replication only replicates when the schedule is open (shortest delay is 15 minutes). In addition, FRS polls the topology in the active directory at defined intervals – 5 minutes on domain controllers, and 1 hour on other member servers of a replica set. These delays and schedules (and especially in topologies with multiple hops) can delay propagation of the FRS replication topology
Procedures for Troubleshooting FRS Event 13508 without Event 13509:
1. Examine the 13508 Event in the FRS Event Log in order to determine which machine that FRS has been unable to communicate with.
2. Determine whether the remote machine is working properly, and verify that FRS is running on it. A good method to do this to execute “NTFRSUTL VERSION <FQDN of remote DC name>” from the machine logging the 13508 event. If this fails, check network connectivity by pinging the <FQDN of remote DC name> from the machine logging the 13508 event. If this fails, then troubleshoot as a DNS or TCP/IP issue. If it succeeds, confirm the FRS service is started on the remote DC.
3. Determine whether FRS has ever been able to communicate with the remote computer by looking for 13509 in the event log and review recent change management to networking, firewalls, DNS configuration, and Active Directory infrastructure to see if there is a correlation.
4. Determine whether there is anything between the two machines that is capable of blocking RPC traffic, such as a firewall or router.
5. Confirm that Active Directory replication is working".

Anonymous (Last update 12/16/2003):
The following workaround worked for me. Make the following changes in the registry to instruct FRS to handle the JRNL_WRAP_ERROR status automatically:
1. Stop FRS.
2. Start Registry Editor (Regedt32.exe).
3. Locate and click the following key in the registry:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters
4. On the Edit menu, click Add Value, and then add the following registry value:
   Value name: Enable Journal Wrap Automatic Restore
   Data type: REG_DWORD
   Radix: Hexadecimal
   Value data: 1 (Default 0)
5. Quit Registry Editor.
6. Restart FRS.

Sipho Ntombela (Last update 10/14/2003):
This occurred when an AD database on a DC could not grow because of other files, which were consuming drive space where the database was located. To solve this check the disk drive where your AD database files are located and make sure there is free space available.

Anonymous (Last update 9/27/2003):
Changing from a mixed mode domain to a native mode may fix this problem on SP2 machines.

Anonymous (Last update 9/27/2003):
I have also seen this error repeated times when I have just made a DC a Global Catalog server. It will eventually recover (event ID 13509). Possibly a traffic issue during initial GC replication.

Oded Shafran (Last update 9/27/2003):
In my case, the error was due to low disk space on the DC.

John Orban (Last update 9/27/2003):
After this event I got event 13509 stating: “The FRS has enabled replication...after repeated retries”. To resolve this problem I synchronized the computer's clock with the domain controller that is the authoritative time server. For each server that was experiencing this difficulty, I opened a CMD prompt and typed:
   net time \\ComputerName_Of_Authoritative_Time_Server /set /y
   net stop ntfrs
   net start ntfrs
I started and stopped Ntfrs and got the following: The FRS is no longer preventing the computer DC02 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

CHooper (Last update 5/5/2003):
Corrupted permissions on the Sysvol share or any of the objects below it can cause this error. The ACL should include full access for Administrators, Creator/Owner and system, read for server operators and authenticated users. The ownership on these folders and files may also become corrupt and have to be reset to Administrators.

Brad Turner
Got this error on a Domain DFS which was replicating files between two systems. Server A did not get this error, but Server B did. Upon further investigation, Server B did not have "Authenticated Users" specified in the "Access this computer from the Network" right. Upon correcting this, the error was replaced by a success and replication began to flow. Users - which contains Authenticated Users, should also be sufficent here but wasn't tried.

Anonymous
This can occur if:
1. FRS can not correctly resolve the DNS name for server 2 from server 1.
2. FRS is not running on server 2
3. The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once for each connection. After the problem  is fixed you will see another event log message that indicates that the connection has been established.  

 

by: 4auHukPosted on 2004-03-05 at 15:23:43ID: 10528037

1stITMAN,

You just love to copy-paste from eventid.net as i can see from many posts, eh? :)

No offence, mate...

 

by: 1stITMANPosted on 2004-03-06 at 01:54:50ID: 10530274

Well if they help why not?

 

by: stewartjePosted on 2004-03-07 at 19:15:52ID: 10537891

thanks gentlemen.  this is good info and I will read over this and take the necessary steps tommorrow at work.

jon

 

by: stewartjePosted on 2004-03-08 at 07:58:14ID: 10541436

Ok.  I demoted the testserver and it was successfull, or so it said it was but the event log on the DC Server does not indiacte it yet.

My sysvol seems to be ok.  It is being shared correctly.

I have had time server problems in the past.  We have one server and it acts as the authoritative server for the whole network.  I have the Server SNTP set to get its time from one of the listed time servers I could find on Microsofts web site.  

Lat thing, our server is in Mixed Mode and not Native Mode.  Would this be causing any problems????  I have done my homework and understand the difference.  I thought I would ask?????

Jon

 

by: 4auHukPosted on 2004-03-09 at 12:27:13ID: 10554241

>I have had time server problems in the past
So you fixed this problem earlier? And what exactly was the problem? If you mean that PDC emulator complains that it is upper server in hierarchy and should be configured to acguire time from external source - this is not a real problem. It should be a problem only if you *need* your domain time to be syncronized with external time for some reason which is not always nesessary.

>our server is in Mixed Mode and not Native Mode
This should not be a problem either. However, if you don't have any legacy OS on servers/workstations in your domain or in trusted domains, i don't see a reason for your AD to operate in mixed mode.

So you seem to fix FRS issues. You might want to check this by dcdiag again.

How about main issue, do events 4000, 4004 and 408 still appear?

Best,
4auHuk

 

by: stewartjePosted on 2004-03-10 at 10:49:17ID: 10563645

4auHuk,

The time problem is that the Server does not get an answering from the remote SNTP server.

Would you recommend changing the server to Native mode?

No DNS errors since 2/27/04.  I have no 4000, 4004, 408, or 9999 errors in the event viewer.

Here are the latest dcdiag results.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site\SERVER
      Starting test: Connectivity
         ......................... SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site\SERVER
      Starting test: Replications
         ......................... SERVER passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER passed test NetLogons
      Starting test: Advertising
         ......................... SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER passed test MachineAccount
      Starting test: Services
            SMTPSVC Service is stopped on [SERVER]
         ......................... SERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... SERVER passed test frssysvol
      Starting test: kccevent
         ......................... SERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x0000041B
            Time Generated: 03/10/2004   13:22:58
            Event String: The DHCP/BINL service has determined that it is
         ......................... SERVER failed test systemlog

   Running enterprise tests on : SBHS.local
      Starting test: Intersite
         ......................... SBHS.local passed test Intersite
      Starting test: FsmoCheck
         ......................... SBHS.local passed test FsmoCheck

What do you think?

Jon

 

by: 4auHukPosted on 2004-03-10 at 11:38:54ID: 10564164

>What do you think?
Looks good.

This part
>>Starting test: frssysvol
>>         There are errors after the SYSVOL has been shared.
>>         The SYSVOL can prevent the AD from starting.
>>         ......................... SERVER passed test frssysvol
may be because of old event log entries but you might want to check if there's any recent events related to FRS failures.

This part:
Starting test: systemlog
>>         An Error Event occured.  EventID: 0x0000041B
>>            Time Generated: 03/10/2004   13:22:58
>>            Event String: The DHCP/BINL service has determined that it is
>>         ......................... SERVER failed test systemlog
is because you have unautorized(not configured yet?) DHCP or RIS service. But this is not a problem.

>Would you recommend changing the server to Native mode?
This is up to your setup. If you have pure win2k environment, you can take advantage of advanced options available in native mode. You said that you understand differences between native and mixed mode, but extra reading newer hurts so i will refer you to this article on topic:

Mixed Mode vs. Native Mode:
http://www.win2000mag.com/Articles/Print.cfm?Action=Print&ArticleID=7156


4auHuk

 

by: 4auHukPosted on 2004-03-23 at 10:36:57ID: 10660175

Thanks :)

 

by: stewartjePosted on 2004-03-24 at 08:47:15ID: 10669256

4auKuk,

Thank you for your time and patience.
Jon

 

by: 1stITMANPosted on 2004-03-24 at 09:03:24ID: 10669417

Well done sorted at last..

 

by: shahedkPosted on 2004-04-20 at 03:42:31ID: 10867509

Need help

I have 5 windows 2000 server out of which one of them is master domain controller which holds AD database, PDC, RID, Infrastructure Master and GC along with local DNS and rest of the servers are additional domain controller. Unfortunately my master domain controller was crashed due to severe power fluctuation and I did not have ERD and backup.

4 Additional domain controllers now service the network clients and working fine.

I tried to upgrade the OS on my domain controller but failed so had nothing but to newly installed the OS on the domain controller with same forest name DNS and AD information. Now I am facing the real problem it does not replicate with existing additional domain controller but additional domain controllers replicates each other except the new domain controller.

I demote one of the additional domain controllers successfully. Whenever I try to promote this demoted server with new master domain controller it gives me error regarding DNS. The error message is (The domain  “example.microst.com” cannot be connected. Ensure that the DNS domain name is typed correctly. This condition may be caused by DNS lookup problem). We have checked the DNS lookup by nslookup command and return the expected result.

The additional domain controller does not get access to the domain controller but domain controller can access all additional domain controllers but does not replicate with additional domain controller.

If have answer for the please let me know. I would be enormous held for me.  


Shahed Kamal
skamal@cegisbd.com

 

by: 1stITMANPosted on 2004-04-20 at 04:18:25ID: 10867718

Plz post event log errors that correspond to the problems you are having..

 

by: supag33kPosted on 2004-04-20 at 22:08:36ID: 10875246

Hi shahed,

Would you like to setup a new post and specify some points please??...;)

Dont worry I'll give you some pointers regardless!

Please see my posts in this section..I had a very similar problem though my backups where okay so I had something to start from....

Using the tools (nltest, netdiag, dcdiag etc etc) from Windows 2000 CD support folder (install them first) check for:

1). disjoint namespace....
http://support.microsoft.com/default.aspx?kbid=257623&product=win2000

2). Check the location of the sysvol folder on both the working DC's and your re-installed DC (NOT restored DC - note) - see my post at this site....
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20951901.html

3). Check the machine accounts on the DC's via article 260575 - How To: Use Netdom.exe to reset Machine Account Passwords of Windows 2000 Domain Controllers....
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575

- if you see the following...

"When I run netdiag it fails for the trust relationship test....

Trust relationship test.......failed
[Fatal] Secure channel to domain 'ourdomain' is broken.
[Error_No_Trust_SAM_Account]"

- hope this helps! - good luck...

supag33k

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...