Solved

DCDiag errors on server - frsevent, kccevent, and verityreferences

Posted on 2004-09-24
10
8,550 Views
Last Modified: 2012-06-21
Here's a little background..

originally we had one win2k server on the domain.  i just installed a new win2k3 server, took out the old one (without demoting it first because i wanted to keep it on the side) and raised the domain mode to win2k3 native.  to clean out the active directory of the references to the old win2k box, i followed the procedures from microsoft.

How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q216/4/98.ASP&NoWebContent=1

my next plan was to use rendom to rename the domain.. but when i get this error when i do a rendom /list.

The Behavior version of the Forest has not been set to 2 or greater:  The server is unwilling to process the request. :8245

There is only one DC on the domain and its a Win2k3 server.  The domain functionality has already been raised to Win2k3 native so im not sure what is causing the problems.

Anyways, after running a DCDiag, I get these errors.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ATLAS
      Starting test: Connectivity
         ......................... ATLAS passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ATLAS
      Starting test: Replications
         ......................... ATLAS passed test Replications
      Starting test: NCSecDesc
         ......................... ATLAS passed test NCSecDesc
      Starting test: NetLogons
         ......................... ATLAS passed test NetLogons
      Starting test: Advertising
         ......................... ATLAS passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ATLAS passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ATLAS passed test RidManager
      Starting test: MachineAccount
         ......................... ATLAS passed test MachineAccount
      Starting test: Services
         ......................... ATLAS passed test Services
      Starting test: ObjectsReplicated
         ......................... ATLAS passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ATLAS passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... ATLAS failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:26:36
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:26:58
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:27:40
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:29:06
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:29:34
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:29:49
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:30:10
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:31:33
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:35:30
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:36:13
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:36:34
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:36:53
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:37:17
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:37:38
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:39:01
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:39:46
            Event String: Internal event: Active Directory could not notify
         ......................... ATLAS failed test kccevent
      Starting test: systemlog
         ......................... ATLAS passed test systemlog
      Starting test: VerifyReferences
         Some objects relating to the DC ATLAS have problems:
            [1] Problem: Missing Expected Value
             Base Object: CN=ATLAS,OU=Domain Controllers,DC=tipg
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            [1] Problem: Missing Expected Value
             Base Object:
            CN=NTDS Settings,CN=ATLAS,CN=Servers,CN=Default-First-Site-Name,CN=S
ites,CN=Configuration,DC=tipg
             Base Object Description: "DSA Object"
             Value Object Attribute Name: serverReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... ATLAS failed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : tipg
      Starting test: CrossRefValidation
         ......................... tipg passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... tipg passed test CheckSDRefDom

   Running enterprise tests on : tipg
      Starting test: Intersite
         ......................... tipg passed test Intersite
      Starting test: FsmoCheck
         ......................... tipg passed test FsmoCheck

C:\Documents and Settings\Administrator.TIPG>
0
Comment
Question by:tipg
  • 5
  • 5
10 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 12148858
This is because AD still knows there is a Windows 2000 server in the domain.

Since you raised the domain mode this is going to be interesting.

The proper way to have done this is like this:

1)  Run adprep /forestprep and adprep /domainprep on your single W2K DC to prepare it for the W2k3 server to be added to AD as a DC.
2)  DCPROMO the 2003 server into the domain as an additional DC to the domain.
3) Transfer all the FSMO roles to the 2003 server and also make it a Global Catalog.
4) DCPROMO the 2000 server OUT of the domain.
5) Raise the Forest functional level to 2003.
6) Raise the Domain functional level to 2003.

This will clean up all the loose ends.  Keep in mind, ny raising the functional levels to 2003 you can no longer use 2000 domain controllers in your domain.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 12148865
Please determine where the FSMO roles are held now.

See this article to determine:

http://support.microsoft.com/default.aspx?scid=kb;en-us;324801&Product=winsvr2003

You will need to seize any roles that are not there - since the first DC is gone you will not be able to transfer them.

http://support.microsoft.com/default.aspx?scid=kb;en-us;255504&Product=winsvr2003

If you have not already done so, make the 2003 server a Global Catalog.

http://support.microsoft.com/default.aspx?scid=kb;en-us;816105&Product=winsvr2003
0
 

Author Comment

by:tipg
ID: 12148869
i did all those steps except for number 4.  i left the win2k server as is because i wanted to keep it on the side for a backup just in case.

now that everything is already done, what can i do to clear all remnants of the old win2k server?  (besides what ive already done)

0
 

Author Comment

by:tipg
ID: 12148908
netman - thanks for the links, but i transferred all the roles before i took down the old DC.  i also seized them manually using ntdsutil as described in one of your links.  i also made sure to make the win2k3 box a global catalog before i took the win2k box out of the picture.  using adsiutil, i deleted all the references to the old server too.
0
 

Author Comment

by:tipg
ID: 12149001
oh man.. i feel like such a jackass.  i thought i raised the forest functionality level but i guess i didnt.  but for future reference.. if anyone wants to keep their old DC without demoting it, they can do what i did and pull the server out and manually deleting the references with the procedures on teh above links.

netman - thanks for the help anyways!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 51

Expert Comment

by:Netman66
ID: 12149003
Good, glad to see someone that actually takes time to do things correctly!

You really should have removed the 2000 server - it does nothing for you since you raised the function levels beyond 2000.

What you will likely need to do is a meta-data cleanup again - try following your article one more time - sometimes things creep back given some time and need to be caught in round two.

After this you might want to D4 your new server:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315457&Product=winsvr2003

Read this VERY carefully and follow it closely - the basic idea with this procedure is to make you new server's SYSVOL the authoritative source and reset the domain containers to use it as the source.

Advise.


0
 

Author Comment

by:tipg
ID: 12149007
any ideas about the kccevents and the other errors though?  are those normal?  i did a dcdiag on another networks DC and came up with similiar errors.

netman - i'll give you some points as soon as this thread closes for all the help.  thanks.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12149014
Ahh...it didn't let you raise it since it knew about the 2000 DC.  Now that it's gone you should be able to raise it and proceed with the rename.

Excellent.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12149024
KCC events are likely based on the absence of the other DC that it still knows about.

1) Clear the event logs.
2) run through your cleanup again.
3) run through my article on fixing SYSVOL.

Wait for a period for AD to settle down then check things out.

I have helped a lot of people with issues that simply take some time to work themselves out.  Changes to AD are pretty intensive and normally take a bit of time to complete - especially with more than one site involved.  Since you have a single DC it should be fairly fast - but it does take some time - it's not all that immediate.

0
 

Author Comment

by:tipg
ID: 12165501
Thanks for the help netman.

This thread is the continuation of my problems.

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21147199.html
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now