stewartje
asked on
Event ID 4000 causing DNS problems and Event ID 1000 userenv problems.
Help Help Help.
I have been having problems with our server. We have a:
P3 1200 Dell
785 Ram with around 500 being used currently.
SCSI HDD 18 GB
We have been getting the following errors and it has forced me to reboot the server at least once every 4 to 5 days for the past three weeks.
Event ID 4000 and 4004 keep repeating themselves whereas 408, 407 and 9999 show up every hour. We have also been getting userenv errors 1000. I believe these to be causing network instability, users have trouble sending and receiving files and it seems to be giving GroupWise a hard time.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Computer: SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone XXXX.local. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Computer: SERVER
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 408
Computer: SERVER
Description:
The DNS server could not open socket for address 0.0.0.0.
Verify that this is a valid IP address for the server computer. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ ListenAddress value in the services section of the registry and restart.)
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 9999
Computer: SERVER
Description:
The DNS server has encountered numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minute interval.
I have been having problems with our server. We have a:
P3 1200 Dell
785 Ram with around 500 being used currently.
SCSI HDD 18 GB
We have been getting the following errors and it has forced me to reboot the server at least once every 4 to 5 days for the past three weeks.
Event ID 4000 and 4004 keep repeating themselves whereas 408, 407 and 9999 show up every hour. We have also been getting userenv errors 1000. I believe these to be causing network instability, users have trouble sending and receiving files and it seems to be giving GroupWise a hard time.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Computer: SERVER
Description:
The DNS server was unable to complete directory service enumeration of zone XXXX.local. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Computer: SERVER
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 408
Computer: SERVER
Description:
The DNS server could not open socket for address 0.0.0.0.
Verify that this is a valid IP address for the server computer. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ ListenAddress value in the services section of the registry and restart.)
If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 9999
Computer: SERVER
Description:
The DNS server has encountered numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minute interval.
Event ID: 408
Source DNS
Type Error
Description DNS Server could not open socket for address [IP address of server]. Verify that this is a valid IP address on this machine. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ListenAddres s value in the services section of the registry and restart.) If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.
Things to understand What is the role of a DNS server?
Comments Adrian Grigorof (Last update 11/10/2003):
According to Microsoft, this problem was corrected in Windows 2000 SP2. See Q260186 for more details.
Ionut Marin (Last update 11/10/2003):
As per Microsoft: "These errors can occur on computers that have both of the following services installed on the same server: Network Address Translation (NAT) and DNS Server". See Q279678 to fix this problem.
Event ID: 9999
Source DNS
Type Warning
Description DNS Server has encounters numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minute interval.
Things to understand What is a “runtime”?
What is the role of a DNS server?
Comments Adrian Grigorof
As per Microsoft: "The occurrence of these event error messages does not necessarily indicate a problem with the DNS service" This event indicates that a number of events were blocked by DNS from being logged in Event Viewer (the number itself is in the "Data" section). After this event, the logging starts again.
Source DNS
Type Error
Description DNS Server could not open socket for address [IP address of server]. Verify that this is a valid IP address on this machine. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ListenAddres
Things to understand What is the role of a DNS server?
Comments Adrian Grigorof (Last update 11/10/2003):
According to Microsoft, this problem was corrected in Windows 2000 SP2. See Q260186 for more details.
Ionut Marin (Last update 11/10/2003):
As per Microsoft: "These errors can occur on computers that have both of the following services installed on the same server: Network Address Translation (NAT) and DNS Server". See Q279678 to fix this problem.
Event ID: 9999
Source DNS
Type Warning
Description DNS Server has encounters numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minute interval.
Things to understand What is a “runtime”?
What is the role of a DNS server?
Comments Adrian Grigorof
As per Microsoft: "The occurrence of these event error messages does not necessarily indicate a problem with the DNS service" This event indicates that a number of events were blocked by DNS from being logged in Event Viewer (the number itself is in the "Data" section). After this event, the logging starts again.
Event ID: 407
Source DNS
Type Error
Description Description: DNS server could not bind a Datagram (UDP) socket to [IP_address]. The data is the error.
Things to understand What is the role of a DNS server?
Comments Adrian Grigorof (Last update 11/10/2003):
According to Microsoft, this problem was corrected in Windows 2000 SP2. See Q260186 for more details.
Ionut Marin (Last update 11/10/2003):
As per Microsoft: "These errors can occur on computers that have both of the following services installed on the same server: Network Address Translation (NAT)and DNS Server". See Q279678 for more details
For userenv errors http://www.eventid.net/display.asp?eventid=1000&source=userenv
Source DNS
Type Error
Description Description: DNS server could not bind a Datagram (UDP) socket to [IP_address]. The data is the error.
Things to understand What is the role of a DNS server?
Comments Adrian Grigorof (Last update 11/10/2003):
According to Microsoft, this problem was corrected in Windows 2000 SP2. See Q260186 for more details.
Ionut Marin (Last update 11/10/2003):
As per Microsoft: "These errors can occur on computers that have both of the following services installed on the same server: Network Address Translation (NAT)and DNS Server". See Q279678 for more details
For userenv errors http://www.eventid.net/display.asp?eventid=1000&source=userenv
ASKER
1stITMAN
I found the same replies that you did for these problems. However none fit nor worked for my situation. I tried to run dcdiag but it would not work on our server.
I only have 1 DC and DNS server and I do not have a reverse zone set up.
I know about AD and how it wants to talk to DNS when the server first boots up. The problem is forceing me to reboot so that clients can connect to the server and email can work etc...
My server is logon server, a email server, and database server for Lytec (a medical practice management) software.
I am not sure I understand the role of the DNS server and runtime???
I have used event ID it only gives you a generic response and does not really explain what to do or what is going on.
I found the same replies that you did for these problems. However none fit nor worked for my situation. I tried to run dcdiag but it would not work on our server.
I only have 1 DC and DNS server and I do not have a reverse zone set up.
I know about AD and how it wants to talk to DNS when the server first boots up. The problem is forceing me to reboot so that clients can connect to the server and email can work etc...
My server is logon server, a email server, and database server for Lytec (a medical practice management) software.
I am not sure I understand the role of the DNS server and runtime???
I have used event ID it only gives you a generic response and does not really explain what to do or what is going on.
>I tried to run dcdiag but it would not work on our server.
How's that? Does it give any errors?
And how about netdiag?..
How's that? Does it give any errors?
And how about netdiag?..
ASKER
should I post the results of the netdiag and if I can get the dcdiag to work, shoul I post them as well?
Jon
Jon
Yes this will help in diagnosing
>should I post the results of the netdiag
Yes it would be handy.
>if I can get the dcdiag to work
Even if you can't, post exact message that appears when you execute "dcdiag" command from command prompt.
Yes it would be handy.
>if I can get the dcdiag to work
Even if you can't, post exact message that appears when you execute "dcdiag" command from command prompt.
ASKER
This is the error I get when trying to run dcdiag from the command prompt.
"The procedure entry point DsISMangledDnW could not be located in the dynamic link library NTDSAPI.dll"
Also as a side note I have to change directories to the resource folder in order to get dcdiag or netdiag to even think about running. other programs of this nature usually know and run from the c:
Here is the netdiag info:
Computer Name: SERVER
DNS Host Name: SERVER.XXX.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 4, GenuineIntel
List of installed hotfixes :
KB329115
KB819696
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828028
KB828035
KB828749
Q147222
Q816093
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVER
IP Address . . . . . . . . : 192.168.1.20
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.20
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{CEC6277A-226B -4130-929F -FF93F4D40 884}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.20
' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{CEC6277A-226B -4130-929F -FF93F4D40 884}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{CEC6277A-226B -4130-929F -FF93F4D40 884}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'testserver.SBHS.local'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
"The procedure entry point DsISMangledDnW could not be located in the dynamic link library NTDSAPI.dll"
Also as a side note I have to change directories to the resource folder in order to get dcdiag or netdiag to even think about running. other programs of this nature usually know and run from the c:
Here is the netdiag info:
Computer Name: SERVER
DNS Host Name: SERVER.XXX.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 11 Stepping 4, GenuineIntel
List of installed hotfixes :
KB329115
KB819696
KB823182
KB823559
KB824105
KB824141
KB824146
KB825119
KB826232
KB828028
KB828035
KB828749
Q147222
Q816093
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVER
IP Address . . . . . . . . : 192.168.1.20
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.20
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{CEC6277A-226B
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.20
' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{CEC6277A-226B
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{CEC6277A-226B
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'testserver.SBHS.local'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
Ok,
Check this PAQ to get dcdiag working.
dcdiag.exe - Entry Point Not Found:
https://www.experts-exchange.com/questions/20585683/dcdiag-exe-Entry-Point-Not-Found.html
netdiag output looks fine exept this line:
[WARNING] Failed to query SPN registration on DC 'testserver.SBHS.local'.
This is not nesessarily an error though. Check this MSKB article:
Netdiag.exe Does Not Query SPN Registration When Down-Level Name Is Different:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;297384
Is testserver another DC in your domain? If so, does it have same problems or working fine?
Don't forget to fix and run dcdiag.
Check this PAQ to get dcdiag working.
dcdiag.exe - Entry Point Not Found:
https://www.experts-exchange.com/questions/20585683/dcdiag-exe-Entry-Point-Not-Found.html
netdiag output looks fine exept this line:
[WARNING] Failed to query SPN registration on DC 'testserver.SBHS.local'.
This is not nesessarily an error though. Check this MSKB article:
Netdiag.exe Does Not Query SPN Registration When Down-Level Name Is Different:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;297384
Is testserver another DC in your domain? If so, does it have same problems or working fine?
Don't forget to fix and run dcdiag.
also check here http://x220.win2ktest.com/forum/topic.asp?TOPIC_ID=7091
ASKER
I went to the experts PAQ suggested and tried to reinstall the adminpak. That did not make dcdiag work. I got the same error as earlier.
I also downloaded the Windows 2000 SP4 Support tools and installed them. No change, dcdiag still did not work and I received the same error as listed earlier.
Testserver was a literally a test server to help me learn more about groupwsie and how to manage a server. I removed it a couple weeks ago. It is not connected to the server.
Any suggestions on the dcdiag problem.
I will up the points if thats what it takes.
jon
I also downloaded the Windows 2000 SP4 Support tools and installed them. No change, dcdiag still did not work and I received the same error as listed earlier.
Testserver was a literally a test server to help me learn more about groupwsie and how to manage a server. I removed it a couple weeks ago. It is not connected to the server.
Any suggestions on the dcdiag problem.
I will up the points if thats what it takes.
jon
How about copying or even checking version number of the dll on all your servers, if it differs then well we ahold be able to copy it over and re-register it I hope.
ASKER
1stITMAN,
Sorry but I am not sure what you are asking. Which DLL would you like me to check? I have only one server currently working here.
Jon
Sorry but I am not sure what you are asking. Which DLL would you like me to check? I have only one server currently working here.
Jon
Sorry the dll NTDSAPI.dll check version etc.. against other servers
ASKER
ok. what happened???? I guess what I did worked but I did not check it from the c:\. I navigated to the folder the dcdiag was under to run it.
dcdiag works now and it works from the c:\..........
here are the results
C:\>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER
Starting test: Replications
[Replications Check,SERVER] A recent replication attempt failed:
From TESTSERVER to SERVER
Naming Context: CN=Schema,CN=Configuration ,DC=XXXX,D C=local
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-03-03 16:45.20.
The last success occurred at 2004-01-28 20:45.13.
844 failures have occurred since the last success.
The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23 a242691ca0 ._msdcs.XX XX.local
is not registered on one or more DNS servers.
[TESTSERVER] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,SERVER] A recent replication attempt failed:
From TESTSERVER to SERVER
Naming Context: CN=Configuration,DC=XXXX,D C=local
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-03-03 16:45.20.
The last success occurred at 2004-01-28 21:26.58.
844 failures have occurred since the last success.
The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23 a242691ca0 ._msdcs.XX XX.local
is not registered on one or more DNS servers.
[Replications Check,SERVER] A recent replication attempt failed:
From TESTSERVER to SERVER
Naming Context: DC=XXXX,DC=local
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-03-03 16:45.20.
The last success occurred at 2004-01-28 21:34.42.
844 failures have occurred since the last success.
The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23 a242691ca0 ._msdcs.
XXXX.local
is not registered on one or more DNS servers.
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
SMTPSVC Service is stopped on [SERVER]
......................... SERVER failed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER passed test frssysvol
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000041B
Time Generated: 03/03/2004 17:10:59
Event String: The DHCP/BINL service has determined that it is
......................... SERVER failed test systemlog
Running enterprise tests on : XXXX.local
Starting test: Intersite
......................... XXXX.local passed test Intersite
Starting test: FsmoCheck
......................... XXXX.local passed test FsmoCheck
dcdiag works now and it works from the c:\..........
here are the results
C:\>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER
Starting test: Replications
[Replications Check,SERVER] A recent replication attempt failed:
From TESTSERVER to SERVER
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-03-03 16:45.20.
The last success occurred at 2004-01-28 20:45.13.
844 failures have occurred since the last success.
The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23
is not registered on one or more DNS servers.
[TESTSERVER] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,SERVER] A recent replication attempt failed:
From TESTSERVER to SERVER
Naming Context: CN=Configuration,DC=XXXX,D
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-03-03 16:45.20.
The last success occurred at 2004-01-28 21:26.58.
844 failures have occurred since the last success.
The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23
is not registered on one or more DNS servers.
[Replications Check,SERVER] A recent replication attempt failed:
From TESTSERVER to SERVER
Naming Context: DC=XXXX,DC=local
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-03-03 16:45.20.
The last success occurred at 2004-01-28 21:34.42.
844 failures have occurred since the last success.
The guid-based DNS name ad5177d8-5d87-4f92-bb0b-23
XXXX.local
is not registered on one or more DNS servers.
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
SMTPSVC Service is stopped on [SERVER]
......................... SERVER failed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER passed test frssysvol
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000041B
Time Generated: 03/03/2004 17:10:59
Event String: The DHCP/BINL service has determined that it is
......................... SERVER failed test systemlog
Running enterprise tests on : XXXX.local
Starting test: Intersite
......................... XXXX.local passed test Intersite
Starting test: FsmoCheck
......................... XXXX.local passed test FsmoCheck
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
4auHuk
Thanks for the analysis.
Yes I just unplugged testserver from the network and took it home. I can plug it back in and try dcpromo. I have never had to promote or demote a server so this should be fun.
Here are some errors in the FRS event log:
The first one I am listing showed up after the last time I rebooted. Seems like rebooting helps restore the sysvol?
The second error is from today and refers to what you wrote about with testserver
Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date: 2/26/2004
Time: 10:01:39 PM
User: N/A
Computer: SERVER
Description:
The File Replication Service is no longer preventing the computer SERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -------
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/5/2004
Time: 8:57:54 AM
User: N/A
Computer: SERVER
Description:
The File Replication Service is having trouble enabling replication from TESTSERVER to SERVER for c:\winnt\sysvol\domain using the DNS name testserver.XXXX.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name testserver.XXXX.local from this computer.
[2] FRS is not running on testserver.XXX.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
What do I do next??????
Thanks for the analysis.
Yes I just unplugged testserver from the network and took it home. I can plug it back in and try dcpromo. I have never had to promote or demote a server so this should be fun.
Here are some errors in the FRS event log:
The first one I am listing showed up after the last time I rebooted. Seems like rebooting helps restore the sysvol?
The second error is from today and refers to what you wrote about with testserver
Event Type: Information
Event Source: NtFrs
Event Category: None
Event ID: 13516
Date: 2/26/2004
Time: 10:01:39 PM
User: N/A
Computer: SERVER
Description:
The File Replication Service is no longer preventing the computer SERVER from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share.
--------------------------
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 3/5/2004
Time: 8:57:54 AM
User: N/A
Computer: SERVER
Description:
The File Replication Service is having trouble enabling replication from TESTSERVER to SERVER for c:\winnt\sysvol\domain using the DNS name testserver.XXXX.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name testserver.XXXX.local from this computer.
[2] FRS is not running on testserver.XXX.local.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
What do I do next??????
Let's fix FRS issues first and see if it fixes other.
HOW TO: Promote and Demote Domain Controllers in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;238369#6
HOW TO: Promote and Demote Domain Controllers in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;238369#6
Here we are more info on ur errors
Event ID: 13516
Source NtFrs
Type Information
Description The File Replication Service is no longer preventing the computer DESCARTES from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share.
Things to understand
Comments Ionut Marin (Last update 12/29/2003):
Q315457 gives information on how to rebuild SYSVOL and its content in a Domain. This event also appears in the contents of this article.
Adrian Grigorof
This event is generated when a Windows 2000 domain controller boots or the FRS (File Replication Service) is restarted. This behavior is by design - the event is just informational. The events 13502, 13503, and 13501 are usually generated before 13516
Event ID: 13516
Source NtFrs
Type Information
Description The File Replication Service is no longer preventing the computer DESCARTES from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
Type "net share" to check for the SYSVOL share.
Things to understand
Comments Ionut Marin (Last update 12/29/2003):
Q315457 gives information on how to rebuild SYSVOL and its content in a Domain. This event also appears in the contents of this article.
Adrian Grigorof
This event is generated when a Windows 2000 domain controller boots or the FRS (File Replication Service) is restarted. This behavior is by design - the event is just informational. The events 13502, 13503, and 13501 are usually generated before 13516
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1stITMAN,
You just love to copy-paste from eventid.net as i can see from many posts, eh? :)
No offence, mate...
You just love to copy-paste from eventid.net as i can see from many posts, eh? :)
No offence, mate...
Well if they help why not?
ASKER
thanks gentlemen. this is good info and I will read over this and take the necessary steps tommorrow at work.
jon
jon
ASKER
Ok. I demoted the testserver and it was successfull, or so it said it was but the event log on the DC Server does not indiacte it yet.
My sysvol seems to be ok. It is being shared correctly.
I have had time server problems in the past. We have one server and it acts as the authoritative server for the whole network. I have the Server SNTP set to get its time from one of the listed time servers I could find on Microsofts web site.
Lat thing, our server is in Mixed Mode and not Native Mode. Would this be causing any problems???? I have done my homework and understand the difference. I thought I would ask?????
Jon
My sysvol seems to be ok. It is being shared correctly.
I have had time server problems in the past. We have one server and it acts as the authoritative server for the whole network. I have the Server SNTP set to get its time from one of the listed time servers I could find on Microsofts web site.
Lat thing, our server is in Mixed Mode and not Native Mode. Would this be causing any problems???? I have done my homework and understand the difference. I thought I would ask?????
Jon
>I have had time server problems in the past
So you fixed this problem earlier? And what exactly was the problem? If you mean that PDC emulator complains that it is upper server in hierarchy and should be configured to acguire time from external source - this is not a real problem. It should be a problem only if you *need* your domain time to be syncronized with external time for some reason which is not always nesessary.
>our server is in Mixed Mode and not Native Mode
This should not be a problem either. However, if you don't have any legacy OS on servers/workstations in your domain or in trusted domains, i don't see a reason for your AD to operate in mixed mode.
So you seem to fix FRS issues. You might want to check this by dcdiag again.
How about main issue, do events 4000, 4004 and 408 still appear?
Best,
4auHuk
So you fixed this problem earlier? And what exactly was the problem? If you mean that PDC emulator complains that it is upper server in hierarchy and should be configured to acguire time from external source - this is not a real problem. It should be a problem only if you *need* your domain time to be syncronized with external time for some reason which is not always nesessary.
>our server is in Mixed Mode and not Native Mode
This should not be a problem either. However, if you don't have any legacy OS on servers/workstations in your domain or in trusted domains, i don't see a reason for your AD to operate in mixed mode.
So you seem to fix FRS issues. You might want to check this by dcdiag again.
How about main issue, do events 4000, 4004 and 408 still appear?
Best,
4auHuk
ASKER
4auHuk,
The time problem is that the Server does not get an answering from the remote SNTP server.
Would you recommend changing the server to Native mode?
No DNS errors since 2/27/04. I have no 4000, 4004, 408, or 9999 errors in the event viewer.
Here are the latest dcdiag results.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
SMTPSVC Service is stopped on [SERVER]
......................... SERVER failed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER passed test frssysvol
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000041B
Time Generated: 03/10/2004 13:22:58
Event String: The DHCP/BINL service has determined that it is
......................... SERVER failed test systemlog
Running enterprise tests on : SBHS.local
Starting test: Intersite
......................... SBHS.local passed test Intersite
Starting test: FsmoCheck
......................... SBHS.local passed test FsmoCheck
What do you think?
Jon
The time problem is that the Server does not get an answering from the remote SNTP server.
Would you recommend changing the server to Native mode?
No DNS errors since 2/27/04. I have no 4000, 4004, 408, or 9999 errors in the event viewer.
Here are the latest dcdiag results.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
SMTPSVC Service is stopped on [SERVER]
......................... SERVER failed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER passed test frssysvol
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x0000041B
Time Generated: 03/10/2004 13:22:58
Event String: The DHCP/BINL service has determined that it is
......................... SERVER failed test systemlog
Running enterprise tests on : SBHS.local
Starting test: Intersite
......................... SBHS.local passed test Intersite
Starting test: FsmoCheck
......................... SBHS.local passed test FsmoCheck
What do you think?
Jon
>What do you think?
Looks good.
This part
>>Starting test: frssysvol
>> There are errors after the SYSVOL has been shared.
>> The SYSVOL can prevent the AD from starting.
>> ......................... SERVER passed test frssysvol
may be because of old event log entries but you might want to check if there's any recent events related to FRS failures.
This part:
Starting test: systemlog
>> An Error Event occured. EventID: 0x0000041B
>> Time Generated: 03/10/2004 13:22:58
>> Event String: The DHCP/BINL service has determined that it is
>> ......................... SERVER failed test systemlog
is because you have unautorized(not configured yet?) DHCP or RIS service. But this is not a problem.
>Would you recommend changing the server to Native mode?
This is up to your setup. If you have pure win2k environment, you can take advantage of advanced options available in native mode. You said that you understand differences between native and mixed mode, but extra reading newer hurts so i will refer you to this article on topic:
Mixed Mode vs. Native Mode:
http://www.win2000mag.com/Articles/Print.cfm?Action=Print&ArticleID=7156
4auHuk
Looks good.
This part
>>Starting test: frssysvol
>> There are errors after the SYSVOL has been shared.
>> The SYSVOL can prevent the AD from starting.
>> ......................... SERVER passed test frssysvol
may be because of old event log entries but you might want to check if there's any recent events related to FRS failures.
This part:
Starting test: systemlog
>> An Error Event occured. EventID: 0x0000041B
>> Time Generated: 03/10/2004 13:22:58
>> Event String: The DHCP/BINL service has determined that it is
>> ......................... SERVER failed test systemlog
is because you have unautorized(not configured yet?) DHCP or RIS service. But this is not a problem.
>Would you recommend changing the server to Native mode?
This is up to your setup. If you have pure win2k environment, you can take advantage of advanced options available in native mode. You said that you understand differences between native and mixed mode, but extra reading newer hurts so i will refer you to this article on topic:
Mixed Mode vs. Native Mode:
http://www.win2000mag.com/Articles/Print.cfm?Action=Print&ArticleID=7156
4auHuk
Thanks :)
ASKER
4auKuk,
Thank you for your time and patience.
Jon
Thank you for your time and patience.
Jon
Well done sorted at last..
Need help
I have 5 windows 2000 server out of which one of them is master domain controller which holds AD database, PDC, RID, Infrastructure Master and GC along with local DNS and rest of the servers are additional domain controller. Unfortunately my master domain controller was crashed due to severe power fluctuation and I did not have ERD and backup.
4 Additional domain controllers now service the network clients and working fine.
I tried to upgrade the OS on my domain controller but failed so had nothing but to newly installed the OS on the domain controller with same forest name DNS and AD information. Now I am facing the real problem it does not replicate with existing additional domain controller but additional domain controllers replicates each other except the new domain controller.
I demote one of the additional domain controllers successfully. Whenever I try to promote this demoted server with new master domain controller it gives me error regarding DNS. The error message is (The domain “example.microst.com” cannot be connected. Ensure that the DNS domain name is typed correctly. This condition may be caused by DNS lookup problem). We have checked the DNS lookup by nslookup command and return the expected result.
The additional domain controller does not get access to the domain controller but domain controller can access all additional domain controllers but does not replicate with additional domain controller.
If have answer for the please let me know. I would be enormous held for me.
Shahed Kamal
skamal@cegisbd.com
I have 5 windows 2000 server out of which one of them is master domain controller which holds AD database, PDC, RID, Infrastructure Master and GC along with local DNS and rest of the servers are additional domain controller. Unfortunately my master domain controller was crashed due to severe power fluctuation and I did not have ERD and backup.
4 Additional domain controllers now service the network clients and working fine.
I tried to upgrade the OS on my domain controller but failed so had nothing but to newly installed the OS on the domain controller with same forest name DNS and AD information. Now I am facing the real problem it does not replicate with existing additional domain controller but additional domain controllers replicates each other except the new domain controller.
I demote one of the additional domain controllers successfully. Whenever I try to promote this demoted server with new master domain controller it gives me error regarding DNS. The error message is (The domain “example.microst.com” cannot be connected. Ensure that the DNS domain name is typed correctly. This condition may be caused by DNS lookup problem). We have checked the DNS lookup by nslookup command and return the expected result.
The additional domain controller does not get access to the domain controller but domain controller can access all additional domain controllers but does not replicate with additional domain controller.
If have answer for the please let me know. I would be enormous held for me.
Shahed Kamal
skamal@cegisbd.com
Plz post event log errors that correspond to the problems you are having..
Hi shahed,
Would you like to setup a new post and specify some points please??...;)
Dont worry I'll give you some pointers regardless!
Please see my posts in this section..I had a very similar problem though my backups where okay so I had something to start from....
Using the tools (nltest, netdiag, dcdiag etc etc) from Windows 2000 CD support folder (install them first) check for:
1). disjoint namespace....
http://support.microsoft.com/default.aspx?kbid=257623&product=win2000
2). Check the location of the sysvol folder on both the working DC's and your re-installed DC (NOT restored DC - note) - see my post at this site....
https://www.experts-exchange.com/questions/20951901/Event-ID-5721-Net-Logon-issue-for-restored-DC.html
3). Check the machine accounts on the DC's via article 260575 - How To: Use Netdom.exe to reset Machine Account Passwords of Windows 2000 Domain Controllers....
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
- if you see the following...
"When I run netdiag it fails for the trust relationship test....
Trust relationship test.......failed
[Fatal] Secure channel to domain 'ourdomain' is broken.
[Error_No_Trust_SAM_Accoun t]"
- hope this helps! - good luck...
supag33k
Would you like to setup a new post and specify some points please??...;)
Dont worry I'll give you some pointers regardless!
Please see my posts in this section..I had a very similar problem though my backups where okay so I had something to start from....
Using the tools (nltest, netdiag, dcdiag etc etc) from Windows 2000 CD support folder (install them first) check for:
1). disjoint namespace....
http://support.microsoft.com/default.aspx?kbid=257623&product=win2000
2). Check the location of the sysvol folder on both the working DC's and your re-installed DC (NOT restored DC - note) - see my post at this site....
https://www.experts-exchange.com/questions/20951901/Event-ID-5721-Net-Logon-issue-for-restored-DC.html
3). Check the machine accounts on the DC's via article 260575 - How To: Use Netdom.exe to reset Machine Account Passwords of Windows 2000 Domain Controllers....
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
- if you see the following...
"When I run netdiag it fails for the trust relationship test....
Trust relationship test.......failed
[Fatal] Secure channel to domain 'ourdomain' is broken.
[Error_No_Trust_SAM_Accoun
- hope this helps! - good luck...
supag33k
Source DNS
Type Error
Description The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.
Things to understand What is the role of a DNS server?
Comments Anonymous (Last update 2/17/2004):
In my case, this error appeared after I changed the network and I forgot to change the reverse-lookupzone.
Ionut Marin (Last update 2/17/2004):
From a newsgroup post: "If you have 2 DC/DNS servers, to avoid this error, make sure you have the following under IP properties:
DC1:
First DNS address points to DC2.
Second DNS address points to itself.
DC2:
First DNS address points to DC1.
Second DNS address points to itself".
From a newsgroup post: "This can be caused if you have a single DC or two DCs and they point to themselves as the first entry in the DNS list in IP properties and the zone is AD Integrated. Reason could be that the DC has many services running on it (SQL, Exchange, etc.) or is a slower machine, and when the Netlogon service tries to register into the zone at boot time, AD is not quite initialized yet and so you get the error. You can either ignore it or change the zone to a Primary, or if you have multiple DCs, change the first entry to the partner and the second to itself".
Dennis Mueller
The error may occure if the "RootDNSServers"-entry was deleted and the DNS-job not restarted.
Adrian Grigorof
It is likely that DC either is not configured to use a DNS server that has as valid copy of the DNS zone, or the zone does not have the needed SRV records. Running DCDiag (from the Windows 2000 Resource Kit) may provide some information about the source of the errors. Also, NETDiag can be run for additional information.
Benjamin Scott
MS PSS reports this error may occur in a single-server environment, during server startup, for AD-integrated DNS zones. Apparently, DNS is starting before AD is ready to answer queries, and DNS cannot wait for AD to start since AD needs DNS. PSS reports the error can be ignored, as the DNS zones will load as soon as AD is ready. PSS said that switching to a standard (not AD-integrated) zone would work around the problem.