Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DCDiag errors on server - frsevent, kccevent, and verityreferences

Posted on 2004-09-24
10
Medium Priority
?
8,618 Views
Last Modified: 2012-06-21
Here's a little background..

originally we had one win2k server on the domain.  i just installed a new win2k3 server, took out the old one (without demoting it first because i wanted to keep it on the side) and raised the domain mode to win2k3 native.  to clean out the active directory of the references to the old win2k box, i followed the procedures from microsoft.

How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q216/4/98.ASP&NoWebContent=1

my next plan was to use rendom to rename the domain.. but when i get this error when i do a rendom /list.

The Behavior version of the Forest has not been set to 2 or greater:  The server is unwilling to process the request. :8245

There is only one DC on the domain and its a Win2k3 server.  The domain functionality has already been raised to Win2k3 native so im not sure what is causing the problems.

Anyways, after running a DCDiag, I get these errors.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\ATLAS
      Starting test: Connectivity
         ......................... ATLAS passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\ATLAS
      Starting test: Replications
         ......................... ATLAS passed test Replications
      Starting test: NCSecDesc
         ......................... ATLAS passed test NCSecDesc
      Starting test: NetLogons
         ......................... ATLAS passed test NetLogons
      Starting test: Advertising
         ......................... ATLAS passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... ATLAS passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... ATLAS passed test RidManager
      Starting test: MachineAccount
         ......................... ATLAS passed test MachineAccount
      Starting test: Services
         ......................... ATLAS passed test Services
      Starting test: ObjectsReplicated
         ......................... ATLAS passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... ATLAS passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... ATLAS failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:26:36
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:26:58
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:27:40
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:29:06
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:29:34
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:29:49
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:30:10
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:31:33
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:35:30
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:36:13
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:36:34
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:36:53
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:37:17
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:37:38
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:39:01
            Event String: Internal event: Active Directory could not notify
         An Warning Event occured.  EventID: 0x80000438
            Time Generated: 09/24/2004   14:39:46
            Event String: Internal event: Active Directory could not notify
         ......................... ATLAS failed test kccevent
      Starting test: systemlog
         ......................... ATLAS passed test systemlog
      Starting test: VerifyReferences
         Some objects relating to the DC ATLAS have problems:
            [1] Problem: Missing Expected Value
             Base Object: CN=ATLAS,OU=Domain Controllers,DC=tipg
             Base Object Description: "DC Account Object"
             Value Object Attribute Name: frsComputerReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

            [1] Problem: Missing Expected Value
             Base Object:
            CN=NTDS Settings,CN=ATLAS,CN=Servers,CN=Default-First-Site-Name,CN=S
ites,CN=Configuration,DC=tipg
             Base Object Description: "DSA Object"
             Value Object Attribute Name: serverReferenceBL
             Value Object Description: "SYSVOL FRS Member Object"
             Recommended Action: See Knowledge Base Article: Q312862

         ......................... ATLAS failed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : tipg
      Starting test: CrossRefValidation
         ......................... tipg passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... tipg passed test CheckSDRefDom

   Running enterprise tests on : tipg
      Starting test: Intersite
         ......................... tipg passed test Intersite
      Starting test: FsmoCheck
         ......................... tipg passed test FsmoCheck

C:\Documents and Settings\Administrator.TIPG>
0
Comment
Question by:tipg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 12148858
This is because AD still knows there is a Windows 2000 server in the domain.

Since you raised the domain mode this is going to be interesting.

The proper way to have done this is like this:

1)  Run adprep /forestprep and adprep /domainprep on your single W2K DC to prepare it for the W2k3 server to be added to AD as a DC.
2)  DCPROMO the 2003 server into the domain as an additional DC to the domain.
3) Transfer all the FSMO roles to the 2003 server and also make it a Global Catalog.
4) DCPROMO the 2000 server OUT of the domain.
5) Raise the Forest functional level to 2003.
6) Raise the Domain functional level to 2003.

This will clean up all the loose ends.  Keep in mind, ny raising the functional levels to 2003 you can no longer use 2000 domain controllers in your domain.

0
 
LVL 51

Expert Comment

by:Netman66
ID: 12148865
Please determine where the FSMO roles are held now.

See this article to determine:

http://support.microsoft.com/default.aspx?scid=kb;en-us;324801&Product=winsvr2003

You will need to seize any roles that are not there - since the first DC is gone you will not be able to transfer them.

http://support.microsoft.com/default.aspx?scid=kb;en-us;255504&Product=winsvr2003

If you have not already done so, make the 2003 server a Global Catalog.

http://support.microsoft.com/default.aspx?scid=kb;en-us;816105&Product=winsvr2003
0
 

Author Comment

by:tipg
ID: 12148869
i did all those steps except for number 4.  i left the win2k server as is because i wanted to keep it on the side for a backup just in case.

now that everything is already done, what can i do to clear all remnants of the old win2k server?  (besides what ive already done)

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:tipg
ID: 12148908
netman - thanks for the links, but i transferred all the roles before i took down the old DC.  i also seized them manually using ntdsutil as described in one of your links.  i also made sure to make the win2k3 box a global catalog before i took the win2k box out of the picture.  using adsiutil, i deleted all the references to the old server too.
0
 

Author Comment

by:tipg
ID: 12149001
oh man.. i feel like such a jackass.  i thought i raised the forest functionality level but i guess i didnt.  but for future reference.. if anyone wants to keep their old DC without demoting it, they can do what i did and pull the server out and manually deleting the references with the procedures on teh above links.

netman - thanks for the help anyways!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12149003
Good, glad to see someone that actually takes time to do things correctly!

You really should have removed the 2000 server - it does nothing for you since you raised the function levels beyond 2000.

What you will likely need to do is a meta-data cleanup again - try following your article one more time - sometimes things creep back given some time and need to be caught in round two.

After this you might want to D4 your new server:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315457&Product=winsvr2003

Read this VERY carefully and follow it closely - the basic idea with this procedure is to make you new server's SYSVOL the authoritative source and reset the domain containers to use it as the source.

Advise.


0
 

Author Comment

by:tipg
ID: 12149007
any ideas about the kccevents and the other errors though?  are those normal?  i did a dcdiag on another networks DC and came up with similiar errors.

netman - i'll give you some points as soon as this thread closes for all the help.  thanks.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12149014
Ahh...it didn't let you raise it since it knew about the 2000 DC.  Now that it's gone you should be able to raise it and proceed with the rename.

Excellent.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 12149024
KCC events are likely based on the absence of the other DC that it still knows about.

1) Clear the event logs.
2) run through your cleanup again.
3) run through my article on fixing SYSVOL.

Wait for a period for AD to settle down then check things out.

I have helped a lot of people with issues that simply take some time to work themselves out.  Changes to AD are pretty intensive and normally take a bit of time to complete - especially with more than one site involved.  Since you have a single DC it should be fairly fast - but it does take some time - it's not all that immediate.

0
 

Author Comment

by:tipg
ID: 12165501
Thanks for the help netman.

This thread is the continuation of my problems.

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21147199.html
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question