cyprusas1st8
asked on
Win2K3 DC in existing Win2K domain-SYSVOL and NETLOGON shares never appear! LDAP and FRS problems :-( WHYYYYY?????
HAVE THE REST OF MY POINTS AND LEARN SOMETHING NEW!
We have a Win2K forest with only one Domain and only 2 Win2K DC's. Our aprox. 140 clients are either Win2K or Win XP Pro.
We are using a BIND 9.2 UNIX based DDNS which accepts dynamic update requests from all DC's.
This installation functions properly over the last 2-3 years.
I am repeatedly trying to add a Win2K3 DC to our enviroment without full success. After successfull ADPREP and AD
replication, the SYSVOL and NETLOGON shares never appear on the new Win2K3 DC, obviously because of LDAP unavailability.
All DNS-records in c:\windows\system32\config
When I install Win2K on the same machine, I get no problems at all, when adding it as a DC to our enviroment.
The following errors and warnings are observed on the Win2K3 DC:
Can anyone help me out of this situation, or shall I forget all about Win2K3 and continue with the good old Win2K?
ERRORS AND WARNINGS OBSERVED ON THE WIN2K3 DC:
DCDIAG.EXE returns:
Domain Controller Diagnosis
Performing initial setup:
[ringsted] LDAP search failed with error 55,
The specified network resource or device is no longer available..
LDP.EXE -> CONNECT returns:
ld = ldap_open("ringsted", 389);
Established connection to ringsted.
Retrieving base DSA information...
Server error: <empty>
Error<94>: ldap_parse_result failed: No result present in message
Getting 0 entries:
-----------
EVENT VIEWER in chronological order:
DIRECTORY SERVICE 20:34:00
Event Type: Error
Event Source: NTDS Inter-site Messaging
Event Category: Intersite Messaging
Event ID: 1824
Date: 01-11-2003
Time: 20:34:00
User: N/A
Computer: RINGSTED
Description:
The Intersite Messaging Service requested to perform an LDAP bind operation. The operation was unsuccessful.
The error message is as follows:
The specified server cannot perform the requested operation.
Additional data
Error value:
58
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
DIRECTORY SERVICE 20:34:00
Event Type: Warning
Event Source: NTDS Inter-site Messaging
Event Category: Intersite Messaging
Event ID: 1473
Date: 01-11-2003
Time: 20:34:00
User: N/A
Computer: RINGSTED
Description:
The Intersite Messaging service could not read the intersite transport objects from Active Directory.
As a result, the Intersite Messaging service has stopped. The Knowledge Consistency Checker (KCC) will be unable to
calculate intersite topology without this service.
User Action
Verify that LDAP queries function properly on this machine.
Restart the Intersite Messaging service to continue intersite communication.
Additional Data
Error value:
58 The specified server cannot perform the requested operation.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
FILE REPLICATION SERVICE 20:34:00
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13565
Date: 01-11-2003
Time: 20:34:00
User: N/A
Computer: RINGSTED
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer RINGSTED
cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system
volume, the availability of other domain controllers, and the replication interval between domain controllers.
For more
information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
SECURITY 20:34:04
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 01-11-2003
Time: 20:34:04
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC00002F5
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
APPLICATION 20:34:04
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: 01-11-2003
Time: 20:34:04
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Windows cannot find the machine account, The Local Security Authority cannot be contacted .
For more information, see Help
and Support Center at http://go.microsoft.com/fwlink/events.asp.
APPLICATION 20:34:04
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 01-11-2003
Time: 20:34:04
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by
the policy engine that describes the reason for this.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
SYSTEM 20:35:15:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 01-11-2003
Time: 20:35:15
User: N/A
Computer: RINGSTED
Description:
The Intersite Messaging service terminated with the following error:
The specified server cannot perform the requested operation.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
SECURITY 20:35:29
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 673
Date: 01-11-2003
Time: 20:35:29
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Service Ticket Request:
User Name:
User Domain: MIP.SDU.DK
Service Name: host/ringsted.mip.sdu.dk
Service ID: -
Ticket Options: 0x40830000
Ticket Encryption Type: -
Client Address: 127.0.0.1
Failure Code: 0xD
Logon GUID: -
Transited Services: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
FILE REPLICATION SERVICE 20:37:30
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 01-11-2003
Time: 20:37:30
User: N/A
Computer: RINGSTED
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller
ringsted.mip.sdu.dk for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
DIRECTORY SERVICE 20:38:54
Event Type: Warning
Event Source: NTDS LDAP
Event Category: LDAP Interface
Event ID: 2046
Date: 01-11-2003
Time: 20:38:54
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: RINGSTED
Description:
All of Active Directory's LDAP send queues are full. This can be caused by clients that continue to send requests faster
than they are processing the results. In order to prevent the server from becoming unresponsive as a result of this
condition Active Directory has closed 8 connections that are not bound as Administrators. Active Directory will continue to
close connections until enough send queue space has been recovered to operate normally.
For more information, see Help and
Support Center at http://go.microsoft.com/fwlink/events.asp.
END OF QUESTION - END OF QUESTION - END OF QUESTION - END OF QUESTION
We have a Win2K forest with only one Domain and only 2 Win2K DC's. Our aprox. 140 clients are either Win2K or Win XP Pro.
We are using a BIND 9.2 UNIX based DDNS which accepts dynamic update requests from all DC's.
This installation functions properly over the last 2-3 years.
I am repeatedly trying to add a Win2K3 DC to our enviroment without full success. After successfull ADPREP and AD
replication, the SYSVOL and NETLOGON shares never appear on the new Win2K3 DC, obviously because of LDAP unavailability.
All DNS-records in c:\windows\system32\config
When I install Win2K on the same machine, I get no problems at all, when adding it as a DC to our enviroment.
The following errors and warnings are observed on the Win2K3 DC:
Can anyone help me out of this situation, or shall I forget all about Win2K3 and continue with the good old Win2K?
ERRORS AND WARNINGS OBSERVED ON THE WIN2K3 DC:
DCDIAG.EXE returns:
Domain Controller Diagnosis
Performing initial setup:
[ringsted] LDAP search failed with error 55,
The specified network resource or device is no longer available..
LDP.EXE -> CONNECT returns:
ld = ldap_open("ringsted", 389);
Established connection to ringsted.
Retrieving base DSA information...
Server error: <empty>
Error<94>: ldap_parse_result failed: No result present in message
Getting 0 entries:
-----------
EVENT VIEWER in chronological order:
DIRECTORY SERVICE 20:34:00
Event Type: Error
Event Source: NTDS Inter-site Messaging
Event Category: Intersite Messaging
Event ID: 1824
Date: 01-11-2003
Time: 20:34:00
User: N/A
Computer: RINGSTED
Description:
The Intersite Messaging Service requested to perform an LDAP bind operation. The operation was unsuccessful.
The error message is as follows:
The specified server cannot perform the requested operation.
Additional data
Error value:
58
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
DIRECTORY SERVICE 20:34:00
Event Type: Warning
Event Source: NTDS Inter-site Messaging
Event Category: Intersite Messaging
Event ID: 1473
Date: 01-11-2003
Time: 20:34:00
User: N/A
Computer: RINGSTED
Description:
The Intersite Messaging service could not read the intersite transport objects from Active Directory.
As a result, the Intersite Messaging service has stopped. The Knowledge Consistency Checker (KCC) will be unable to
calculate intersite topology without this service.
User Action
Verify that LDAP queries function properly on this machine.
Restart the Intersite Messaging service to continue intersite communication.
Additional Data
Error value:
58 The specified server cannot perform the requested operation.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
FILE REPLICATION SERVICE 20:34:00
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13565
Date: 01-11-2003
Time: 20:34:00
User: N/A
Computer: RINGSTED
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer RINGSTED
cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system
volume, the availability of other domain controllers, and the replication interval between domain controllers.
For more
information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
SECURITY 20:34:04
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 01-11-2003
Time: 20:34:04
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC00002F5
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
APPLICATION 20:34:04
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1097
Date: 01-11-2003
Time: 20:34:04
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Windows cannot find the machine account, The Local Security Authority cannot be contacted .
For more information, see Help
and Support Center at http://go.microsoft.com/fwlink/events.asp.
APPLICATION 20:34:04
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 01-11-2003
Time: 20:34:04
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by
the policy engine that describes the reason for this.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
SYSTEM 20:35:15:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 01-11-2003
Time: 20:35:15
User: N/A
Computer: RINGSTED
Description:
The Intersite Messaging service terminated with the following error:
The specified server cannot perform the requested operation.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
SECURITY 20:35:29
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 673
Date: 01-11-2003
Time: 20:35:29
User: NT AUTHORITY\SYSTEM
Computer: RINGSTED
Description:
Service Ticket Request:
User Name:
User Domain: MIP.SDU.DK
Service Name: host/ringsted.mip.sdu.dk
Service ID: -
Ticket Options: 0x40830000
Ticket Encryption Type: -
Client Address: 127.0.0.1
Failure Code: 0xD
Logon GUID: -
Transited Services: -
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
FILE REPLICATION SERVICE 20:37:30
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13562
Date: 01-11-2003
Time: 20:37:30
User: N/A
Computer: RINGSTED
Description:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller
ringsted.mip.sdu.dk for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
DIRECTORY SERVICE 20:38:54
Event Type: Warning
Event Source: NTDS LDAP
Event Category: LDAP Interface
Event ID: 2046
Date: 01-11-2003
Time: 20:38:54
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: RINGSTED
Description:
All of Active Directory's LDAP send queues are full. This can be caused by clients that continue to send requests faster
than they are processing the results. In order to prevent the server from becoming unresponsive as a result of this
condition Active Directory has closed 8 connections that are not bound as Administrators. Active Directory will continue to
close connections until enough send queue space has been recovered to operate normally.
For more information, see Help and
Support Center at http://go.microsoft.com/fwlink/events.asp.
END OF QUESTION - END OF QUESTION - END OF QUESTION - END OF QUESTION
ASKER
Dear all,
some more information on the problem of introducing Win2K3 DC's in Win2K domains:
I have until now found two more persons having the same unsolved problem. They both use Win2K AD-integrated DDNS! One of them is a Microdoft Active Directory Consultant!
I worked with a Microsoft Senior Technology Specialist on our installations without being able to solve the problem. The problem is in the hands of Redmond now and is registered by another user with a MS Suport Case number.
Here are some interesting observations we made in our environment:
1. I cannot introduce a Win2K3 DC in my existing Win2K domain
(consisting of two Win2K DC's and about 140 Win2K/XP pc's in a forest
with only one domain).
2. I have the same problem, when I try to introduce a Win2K3 DC in a
child domain to my existing domain.
3. I have the same problem, when I try to introduce a Win2K3 DC in a
parallel domain to my existing domain, in the same forest.
4. I have no problems at all, introducing a Win2K3 DC in a Win2K domain
in a NEW forest.
5. The results are the same both with a BIND 9.2 DDNS and Microsoft
Win2K DDNS.
KONKLUSION: The problem cannot be related to the existing domain
(security settings, policies etc, DNS), since it appears in new domains
in same forest, too. The problem must be related to some forest-wide
information like the Schema, since it disappears when I test in a new
forest.
some more information on the problem of introducing Win2K3 DC's in Win2K domains:
I have until now found two more persons having the same unsolved problem. They both use Win2K AD-integrated DDNS! One of them is a Microdoft Active Directory Consultant!
I worked with a Microsoft Senior Technology Specialist on our installations without being able to solve the problem. The problem is in the hands of Redmond now and is registered by another user with a MS Suport Case number.
Here are some interesting observations we made in our environment:
1. I cannot introduce a Win2K3 DC in my existing Win2K domain
(consisting of two Win2K DC's and about 140 Win2K/XP pc's in a forest
with only one domain).
2. I have the same problem, when I try to introduce a Win2K3 DC in a
child domain to my existing domain.
3. I have the same problem, when I try to introduce a Win2K3 DC in a
parallel domain to my existing domain, in the same forest.
4. I have no problems at all, introducing a Win2K3 DC in a Win2K domain
in a NEW forest.
5. The results are the same both with a BIND 9.2 DDNS and Microsoft
Win2K DDNS.
KONKLUSION: The problem cannot be related to the existing domain
(security settings, policies etc, DNS), since it appears in new domains
in same forest, too. The problem must be related to some forest-wide
information like the Schema, since it disappears when I test in a new
forest.
ASKER
Dear PashaMod,
the Microsoft Senior Technology Specialist who ltakes care of this problem and reported it to Redmond, tells me that Redmond is looking into the problem and I will hear from him when Redmond has something new.
This Microsoft Senior Technology Specialist was not in a position to solve the problem, inspite 2 days work, therefore we are here talking of a real problem, possibly a bug in Win2K3.
Thanks for your patience.
Regards
the Microsoft Senior Technology Specialist who ltakes care of this problem and reported it to Redmond, tells me that Redmond is looking into the problem and I will hear from him when Redmond has something new.
This Microsoft Senior Technology Specialist was not in a position to solve the problem, inspite 2 days work, therefore we are here talking of a real problem, possibly a bug in Win2K3.
Thanks for your patience.
Regards
ASKER
....I am still waiting news from Microsoft :-(((
ASKER
AND HERE COMES THE SOLUTION, RECEIVED FROM A WEB-ACQUAINTANCE ( an Active Directory Consultant located in Seattle, Washington, USA):
"We found the fix to the issue, and a KB Article will be put on the Microsoft site sometime soon. It will be KB Article number 834317. Unfortunately, it is not there yet, but I have attached the hotfix for you.
The problem is that your LdapMaxReceiveBuffer is set to a value greater than 10737418 which is causing the LDAP server service to fail. We are not sure how our value got changed, but after changing it back to the default, it solved the problem. This hotfix also solves the problem if you need to keep that value set high".
I will mail the fix to anybody needing it. Just ask for it at: <removed by PashaMod for users privacy>
From a happy WIN2K3 DC Systems Administrator
"We found the fix to the issue, and a KB Article will be put on the Microsoft site sometime soon. It will be KB Article number 834317. Unfortunately, it is not there yet, but I have attached the hotfix for you.
The problem is that your LdapMaxReceiveBuffer is set to a value greater than 10737418 which is causing the LDAP server service to fail. We are not sure how our value got changed, but after changing it back to the default, it solved the problem. This hotfix also solves the problem if you need to keep that value set high".
I will mail the fix to anybody needing it. Just ask for it at: <removed by PashaMod for users privacy>
From a happy WIN2K3 DC Systems Administrator
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the problem is now referred to MS in Redmond. No mortal persons on this earth can solve it. I know of at least one more person having the same problem. The person found me on your site!
I will return with the very prescious answer, if and when Redmond replies, as long as you do not delete the question.
The choice is yours.
Thank you very much for your service.
Kind regards,
Andreas Stephanou
ast@mip.sdu.dk