Solved

Win2K3 DC in existing Win2K domain-SYSVOL and NETLOGON shares never appear! LDAP and FRS problems :-(  WHYYYYY?????

Posted on 2003-11-01
9
1,294 Views
Last Modified: 2010-05-18
HAVE THE REST OF MY POINTS AND LEARN SOMETHING NEW!

We have a Win2K forest with only one Domain and only 2 Win2K DC's. Our aprox. 140 clients are either Win2K or Win XP Pro.

We are using a BIND 9.2 UNIX based DDNS which accepts dynamic update requests from all DC's.

This installation functions properly over the last 2-3 years.

I am repeatedly trying to add a Win2K3 DC to our enviroment without full success. After successfull ADPREP and AD
replication, the SYSVOL and NETLOGON shares never appear on the new Win2K3 DC, obviously because of LDAP unavailability.

All DNS-records in c:\windows\system32\config\netlogon.dns of the Win2K3 DC (14 records) are dynamically registered in the BIND 9.2 DDNS.

When I install Win2K on the same machine, I get no problems at all, when adding it as a DC to our enviroment.

The following errors and warnings are observed on the Win2K3 DC:

Can anyone help me out of this situation, or shall I forget all about Win2K3 and continue with the good old Win2K?


ERRORS AND WARNINGS OBSERVED ON THE WIN2K3 DC:


DCDIAG.EXE returns:

Domain Controller Diagnosis

Performing initial setup:
   [ringsted] LDAP search failed with error 55,
   The specified network resource or device is no longer available..


LDP.EXE -> CONNECT returns:

ld = ldap_open("ringsted", 389);
Established connection to ringsted.
Retrieving base DSA information...
Server error: <empty>
Error<94>: ldap_parse_result failed: No result present in message
Getting 0 entries:
-----------


EVENT VIEWER in chronological order:


DIRECTORY SERVICE 20:34:00

Event Type:      Error
Event Source:      NTDS Inter-site Messaging
Event Category:      Intersite Messaging
Event ID:      1824
Date:            01-11-2003
Time:            20:34:00
User:            N/A
Computer:      RINGSTED
Description:
The Intersite Messaging Service requested to perform an LDAP bind operation.  The operation was unsuccessful.
 The error message is as follows:
 
The specified server cannot perform the requested operation.
 
Additional data
Error value:
58

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


DIRECTORY SERVICE 20:34:00

Event Type:      Warning
Event Source:      NTDS Inter-site Messaging
Event Category:      Intersite Messaging
Event ID:      1473
Date:            01-11-2003
Time:            20:34:00
User:            N/A
Computer:      RINGSTED
Description:
The Intersite Messaging service could not read the intersite transport objects from Active Directory.
 
As a result, the Intersite Messaging service has stopped. The Knowledge Consistency Checker (KCC) will be unable to

calculate intersite topology without this service.
 
User Action
Verify that LDAP queries function properly on this machine.
 
Restart the Intersite Messaging service to continue intersite communication.
 
Additional Data
Error value:
58 The specified server cannot perform the requested operation.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.


FILE REPLICATION SERVICE 20:34:00

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13565
Date:            01-11-2003
Time:            20:34:00
User:            N/A
Computer:      RINGSTED
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer RINGSTED

cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
 
To check for the SYSVOL share, at the command prompt, type:
net share
 
When File Replication Service completes the initialization process, the SYSVOL share will appear.
 
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system

volume, the availability of other domain controllers, and the replication interval between domain controllers.

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


SECURITY 20:34:04

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            01-11-2003
Time:            20:34:04
User:            NT AUTHORITY\SYSTEM
Computer:      RINGSTED
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC00002F5
       Substatus code:      0x0
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


APPLICATION 20:34:04

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1097
Date:            01-11-2003
Time:            20:34:04
User:            NT AUTHORITY\SYSTEM
Computer:      RINGSTED
Description:
Windows cannot find the machine account, The Local Security Authority cannot be contacted .

For more information, see Help

and Support Center at http://go.microsoft.com/fwlink/events.asp.


APPLICATION 20:34:04

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1030
Date:            01-11-2003
Time:            20:34:04
User:            NT AUTHORITY\SYSTEM
Computer:      RINGSTED
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by

the policy engine that describes the reason for this.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.


SYSTEM 20:35:15:

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7023
Date:            01-11-2003
Time:            20:35:15
User:            N/A
Computer:      RINGSTED
Description:
The Intersite Messaging service terminated with the following error:
The specified server cannot perform the requested operation.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.


SECURITY 20:35:29

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      673
Date:            01-11-2003
Time:            20:35:29
User:            NT AUTHORITY\SYSTEM
Computer:      RINGSTED
Description:
Service Ticket Request:
       User Name:            
       User Domain:            MIP.SDU.DK
       Service Name:            host/ringsted.mip.sdu.dk
       Service ID:            -
       Ticket Options:            0x40830000
       Ticket Encryption Type:      -
       Client Address:            127.0.0.1
       Failure Code:            0xD
       Logon GUID:            -
       Transited Services:      -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


FILE REPLICATION SERVICE 20:37:30

Event Type:      Warning
Event Source:      NtFrs
Event Category:      None
Event ID:      13562
Date:            01-11-2003
Time:            20:37:30
User:            N/A
Computer:      RINGSTED
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller

ringsted.mip.sdu.dk for FRS replica set configuration information.
 
 Could not bind to a Domain Controller. Will try again at next polling cycle.

 


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


DIRECTORY SERVICE 20:38:54

Event Type:      Warning
Event Source:      NTDS LDAP
Event Category:      LDAP Interface
Event ID:      2046
Date:            01-11-2003
Time:            20:38:54
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      RINGSTED
Description:
All of Active Directory's LDAP send queues are full.  This can be caused by clients that continue to send requests faster

than they are processing the results.  In order to prevent the server from becoming unresponsive as a result of this

condition Active Directory has closed 8 connections that are not bound as Administrators.  Active Directory will continue to

close connections until enough send queue space has been recovered to operate normally.

For more information, see Help and

Support Center at http://go.microsoft.com/fwlink/events.asp.


END OF QUESTION - END OF QUESTION - END OF QUESTION - END OF QUESTION
0
Comment
Question by:cyprusas1st8
  • 5
9 Comments
 

Author Comment

by:cyprusas1st8
ID: 9850694
Dear PashaMod,

the problem is now referred to MS in Redmond. No mortal persons on this earth can solve it. I know of at least one more person having the same problem. The person found me on your site!

I will return with the very prescious answer, if and when Redmond replies, as long as you do not delete the question.

The choice is yours.

Thank you very much for your service.

Kind regards,

Andreas Stephanou
ast@mip.sdu.dk

0
 

Author Comment

by:cyprusas1st8
ID: 9940775
Dear all,

some more information on the problem of introducing Win2K3 DC's in Win2K domains:

I have until now found two more persons having the same unsolved problem. They both use Win2K AD-integrated DDNS! One of them is a Microdoft Active Directory Consultant!

I worked with a Microsoft Senior Technology Specialist on our installations without being able to solve the problem. The problem is in the hands of Redmond now and is registered by another user with a MS Suport Case number.

Here are some interesting observations we made in our environment:

1. I cannot introduce a Win2K3 DC in my existing Win2K domain
(consisting of two Win2K DC's and about 140 Win2K/XP pc's in a forest
with only one domain).
      
2. I have the same problem, when I try to introduce a Win2K3 DC in a
child domain to my existing domain.
      
3. I have the same problem, when I try to introduce a Win2K3 DC in a
parallel domain to my existing domain, in the same forest.
      
4. I have no problems at all, introducing a Win2K3 DC in a Win2K domain
in a NEW forest.
      
5. The results are the same both with a BIND 9.2 DDNS and Microsoft
Win2K DDNS.
      
KONKLUSION: The problem cannot be related to the existing domain
(security settings, policies etc, DNS), since it appears in new domains
in same forest, too. The problem must be related to some forest-wide
information like the Schema, since it disappears when I test in a new
forest.
0
 

Author Comment

by:cyprusas1st8
ID: 10094052
Dear PashaMod,

the Microsoft Senior Technology Specialist who ltakes care of this problem and reported it to Redmond, tells me that Redmond is looking into the problem and I will hear from him when Redmond has something new.

This Microsoft Senior Technology Specialist was not in a position to solve the problem, inspite 2 days work, therefore we are here talking of a real problem, possibly a bug in Win2K3.

Thanks for your patience.

Regards
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:cyprusas1st8
ID: 10371978
....I am still waiting news from Microsoft :-(((
0
 

Author Comment

by:cyprusas1st8
ID: 10390975
AND HERE COMES THE SOLUTION, RECEIVED FROM A WEB-ACQUAINTANCE ( an Active Directory Consultant located in Seattle, Washington, USA):

"We found the fix to the issue, and a KB Article will be put on the Microsoft site sometime soon.  It will be KB Article number 834317. Unfortunately, it is not there yet, but I have attached the hotfix for you.

The problem is that your LdapMaxReceiveBuffer is set to a value greater than 10737418 which is causing the LDAP server service to fail.  We are not sure how our value got changed, but after changing it back to the default, it solved the problem.  This hotfix also solves the problem if you need to keep that value set high".

I will mail the fix to anybody needing it. Just ask for it at: <removed by PashaMod for users privacy>

From a happy WIN2K3 DC Systems Administrator

0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 10978622
PAQed, with points refunded (330)

CetusMOD
Community Support Moderator
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A Short Story about the Best File Recovery Software – Acronis True Image 2017
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now