fratomb
asked on
KCC EVENTS 1371 & 1168 - NTDS Inter-Site Messaging.
Hello there,
I have the following problem and I need help from anyone who has deal with the same problem.
I manually remove data from Active Directory -after an unsuccessful domain controller demotion- using Ntdsutil utility.
Although the whole procedure was successful (no error messages or warnings during the metadata cleanup),
since then the following event messages are record every 15 min:
Source: NTDS Inter-site
Category: Inter-Site Messaging
EventID: 1371
Type: Warning
The attempt to send 4076 bytes to service NTDS Replication
at address 3d19f55b-ae91-4e26-bedd-21 f3b01818b3 ._msdcs.my Domain.com
via transport CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Con figuration ,
DC=myDomain,DC=com failed with the following status:
The parameter is incorrect.
The record data is the status code.
...and
Source: NTDS Inter-site
Category: Internal Processing
EventID: 1168
Type: Error
Error -2147024809(80070057) has occurred (Internal ID 11070503).
Please contact Microsoft Product Support Services for assistance.
Any suggestions from anyone?
I have the following problem and I need help from anyone who has deal with the same problem.
I manually remove data from Active Directory -after an unsuccessful domain controller demotion- using Ntdsutil utility.
Although the whole procedure was successful (no error messages or warnings during the metadata cleanup),
since then the following event messages are record every 15 min:
Source: NTDS Inter-site
Category: Inter-Site Messaging
EventID: 1371
Type: Warning
The attempt to send 4076 bytes to service NTDS Replication
at address 3d19f55b-ae91-4e26-bedd-21
via transport CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Con
DC=myDomain,DC=com failed with the following status:
The parameter is incorrect.
The record data is the status code.
...and
Source: NTDS Inter-site
Category: Internal Processing
EventID: 1168
Type: Error
Error -2147024809(80070057) has occurred (Internal ID 11070503).
Please contact Microsoft Product Support Services for assistance.
Any suggestions from anyone?
Did you clean up sites and services make sure that the dc is gone and all connectors
If you ping the GUID 3d19f55b-ae91-4e26-bedd-21 f3b01818b3 ._msdcs.my Domain.com it will tell you which DC it's trying to talk to, which is probably the one that was demoted. If so, you need to run adsiedit.msc and delete the DC and site if it is no longer used.
Event id 1168: Looks like you have orphaned objects in active directory. One recomandation is to restart the server in directory service restore mode and to use ntdsutil to do semantic check. Microsoft said that you must increase the server's memory, but I don't think it is aplicable here.
ASKER
Hello guys and thanks for your response. My answers to your comments are:
To etracsupport:
Yes I've already clean up sites and services and connectors. There are no more references to the demoted DC.
To cfairley:
Yes I do know that this GUID belongs to the demoted DC and I've already run ADSIEdit to clean up all the references to the demoted DC.
To crissand:
Yes this is the problem, some remains of orphaned objects are still in Active Directory. Regarding the Microsoft's suggestion, I agree with you it's not applicable here because, fisrt of all, the server has already 1.5GB of RAM, and second, i don't see any relation of server's memory to my problem. Now about your recommendation to restart the server in directory service restore mode and to use ntdsutil to do semantic check, this a thing I didn't do until now but I will.
Anyway some things I also did until now are DCDiag and NetDiag with the following results:
DCDiag:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: MySite\MYSERVER
Starting test: Connectivity
......................... MYSERVER passed test Connectivity
Doing primary tests
Testing server: MySite\MYSERVER
Starting test: Replications
......................... MYSERVER passed test Replications
Starting test: NCSecDesc
......................... MYSERVER passed test NCSecDesc
Starting test: NetLogons
......................... MYSERVER passed test NetLogons
Starting test: Advertising
......................... MYSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MYSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MYSERVER passed test RidManager
Starting test: MachineAccount
......................... MYSERVER passed test MachineAccount
Starting test: Services
Could not open SMTPSVC Service on [MYSERVER]:failed with 1060: Win32 Error 1060
......................... MYSERVER failed test Services
Starting test: ObjectsReplicated
......................... MYSERVER passed test ObjectsReplicated
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... MYSERVER passed test frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000490
Time Generated: 10/06/2004 13:08:35
Event String: Error -2147024809(80070057) has occurred
An Warning Event occured. EventID: 0x8000055B
Time Generated: 10/06/2004 13:08:35
Event String: The attempt to send 4052 bytes to service
An Error Event occured. EventID: 0xC0000490
Time Generated: 10/06/2004 13:08:35
Event String: Error -2147024809(80070057) has occurred
An Warning Event occured. EventID: 0x8000055B
Time Generated: 10/06/2004 13:08:35
Event String: The attempt to send 4076 bytes to service
......................... MYSERVER failed test kccevent
Starting test: systemlog
......................... MYSERVER passed test systemlog
Running enterprise tests on : MyDomain.com
Starting test: Intersite
......................... MyDomain.com passed test Intersite
Starting test: FsmoCheck
......................... MyDomain.com passed test FsmoCheck
...and
NETDiag:
Computer Name: MYSERVER
DNS Host Name: MYSERVER.MyDomain
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828028
KB828035
KB828741
KB828749
KB829558
KB835732
KB837001
KB837272
KB839643-DirectX9
KB839645
KB840315
KB841872
KB841873
KB842526
KB842933
Q147222
Q816093
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MYSERVER
IP Address . . . . . . . . : 192.168.2.6
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.2.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 192.168.2.6
192.168.1.6
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.2.6' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.6' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
Thanks again.
Waiting for your, or anyone's else, responce.
To etracsupport:
Yes I've already clean up sites and services and connectors. There are no more references to the demoted DC.
To cfairley:
Yes I do know that this GUID belongs to the demoted DC and I've already run ADSIEdit to clean up all the references to the demoted DC.
To crissand:
Yes this is the problem, some remains of orphaned objects are still in Active Directory. Regarding the Microsoft's suggestion, I agree with you it's not applicable here because, fisrt of all, the server has already 1.5GB of RAM, and second, i don't see any relation of server's memory to my problem. Now about your recommendation to restart the server in directory service restore mode and to use ntdsutil to do semantic check, this a thing I didn't do until now but I will.
Anyway some things I also did until now are DCDiag and NetDiag with the following results:
DCDiag:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: MySite\MYSERVER
Starting test: Connectivity
......................... MYSERVER passed test Connectivity
Doing primary tests
Testing server: MySite\MYSERVER
Starting test: Replications
......................... MYSERVER passed test Replications
Starting test: NCSecDesc
......................... MYSERVER passed test NCSecDesc
Starting test: NetLogons
......................... MYSERVER passed test NetLogons
Starting test: Advertising
......................... MYSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... MYSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MYSERVER passed test RidManager
Starting test: MachineAccount
......................... MYSERVER passed test MachineAccount
Starting test: Services
Could not open SMTPSVC Service on [MYSERVER]:failed with 1060: Win32 Error 1060
......................... MYSERVER failed test Services
Starting test: ObjectsReplicated
......................... MYSERVER passed test ObjectsReplicated
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started.
The Active Directory may be prevented from starting.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
......................... MYSERVER passed test frssysvol
Starting test: kccevent
An Error Event occured. EventID: 0xC0000490
Time Generated: 10/06/2004 13:08:35
Event String: Error -2147024809(80070057) has occurred
An Warning Event occured. EventID: 0x8000055B
Time Generated: 10/06/2004 13:08:35
Event String: The attempt to send 4052 bytes to service
An Error Event occured. EventID: 0xC0000490
Time Generated: 10/06/2004 13:08:35
Event String: Error -2147024809(80070057) has occurred
An Warning Event occured. EventID: 0x8000055B
Time Generated: 10/06/2004 13:08:35
Event String: The attempt to send 4076 bytes to service
......................... MYSERVER failed test kccevent
Starting test: systemlog
......................... MYSERVER passed test systemlog
Running enterprise tests on : MyDomain.com
Starting test: Intersite
......................... MyDomain.com passed test Intersite
Starting test: FsmoCheck
......................... MyDomain.com passed test FsmoCheck
...and
NETDiag:
Computer Name: MYSERVER
DNS Host Name: MYSERVER.MyDomain
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
List of installed hotfixes :
KB329115
KB820888
KB822831
KB823182
KB823559
KB823980
KB824105
KB824141
KB824146
KB825119
KB826232
KB828028
KB828035
KB828741
KB828749
KB829558
KB835732
KB837001
KB837272
KB839643-DirectX9
KB839645
KB840315
KB841872
KB841873
KB842526
KB842933
Q147222
Q816093
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MYSERVER
IP Address . . . . . . . . : 192.168.2.6
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.2.1
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 192.168.2.6
192.168.1.6
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.2.6' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.6' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Skipped
There are no interfaces that have NetBT enabled. [Test skipped]
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
Thanks again.
Waiting for your, or anyone's else, responce.
The ntdsutil in directory service restore mode will fix the errors.
ASKER
Hello there again.
This morning I tried to run the ntdsutil in directory service restore mode, which according to crissand will solve the problem.
The following represends what i did:
C:\>ntdsutil
ntdsutil: files
file maintenance: repair
Opening database [Current].
Executing Command: C:\WINNT\system32\esentutl .exe /p "C:\WINNT\NTDS\ntds.dit" /!10240 /8 /v /x /o
Initiating REPAIR mode...
Database: C:\WINNT\NTDS\ntds.dit
Temp. Database: REPAIR.EDB
got 149217 buffers
checking database header
forcing database to consistent state
checking database integrity
Scanning Status ( % complete )
0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----| ----|----| ----|----| ----|
checking SystemRoot
SystemRoot (OE)
SystemRoot (AE)
checking system table
MSysObjectsShadow
MSysObjects
Name
RootObjects
rebuilding and comparing indexes
checking table "datatable" (6)
checking data
......................... checking long value tree (48)
......... checking index "PhantomIndex" (117)
checking index "INDEX_000906B6" (116)
checking index "INDEX_000905A3" (115)
checking index "INDEX_00090656" (114)
checking index "INDEX_000905A2" (113)
checking index "LCL_ABVIEW_index00000408" (112)
checking index "INDEX_00150002" (109)
checking index "INDEX_00020107" (108)
checking index "INDEX_74D4827B" (107)
checking index "INDEX_27F8005A" (106)
checking index "INDEX_27F80030" (105)
checking index "INDEX_00020160" (104)
checking index "INDEX_27F8005D" (103)
checking index "INDEX_27F80051" (102)
checking index "INDEX_27F82B32" (101)
checking index "INDEX_27F81B7D" (100)
checking index "INDEX_27F81B7C" (99)
checking index "INDEX_27F81B7B" (98)
checking index "INDEX_27F81B7E" (97)
checking index "INDEX_27F82711" (96)
checking index "INDEX_0002018A" (95)
checking index "INDEX_27F8003F" (94)
checking index "INDEX_27F80065" (93)
checking index "INDEX_000201BF" (92)
checking index "INDEX_27F81B70" (91)
checking index "INDEX_27F82329" (90)
checking index "DNT_IsDeleted_Index" (88)
. checking index "INDEX_000901FD" (87)
checking index "INDEX_000901F6" (86)
checking index "INDEX_000900DE" (85)
checking index "INDEX_000201D5" (84)
checking index "INDEX_000902BB" (83)
checking index "INDEX_000903B4" (82)
checking index "INDEX_000200A9" (81)
checking index "INDEX_0009039D" (80)
checking index "INDEX_0009039A" (79)
checking index "INDEX_00090098" (78)
checking index "INDEX_00090395" (77)
checking index "INDEX_00090089" (76)
checking index "INDEX_00090587" (75)
checking index "INDEX_00090586" (74)
checking index "INDEX_00090582" (73)
checking index "INDEX_00090573" (72)
checking index "INDEX_00090073" (71)
checking index "INDEX_00090571" (70)
checking index "INDEX_0009056C" (69)
checking index "INDEX_00090167" (68)
checking index "INDEX_00090553" (67)
checking index "INDEX_0009014E" (66)
checking index "INDEX_0009014D" (65)
checking index "INDEX_0009014C" (64)
checking index "INDEX_00090147" (63)
checking index "INDEX_00090141" (62)
checking index "INDEX_00090140" (61)
checking index "INDEX_0009013A" (60)
checking index "INDEX_00090138" (59)
checking index "INDEX_00090330" (58)
. checking index "INDEX_00090030" (57)
checking index "INDEX_00020013" (56)
checking index "INDEX_00090013" (55)
checking index "INDEX_00000013" (54)
checking index "INDEX_0000000B" (53)
checking index "INDEX_00000007" (52)
checking index "INDEX_00000003" (51)
.. checking index "INDEX_00150003" (50)
checking index "INDEX_00090202" (49)
checking index "INDEX_000904E1" (46)
checking index "INDEX_00090363" (45)
checking index "INDEX_0009030E" (44)
checking index "INDEX_00090303" (43)
checking index "INDEX_000902EE" (42)
checking index "INDEX_00090290" (41)
. checking index "INDEX_0009028F" (40)
checking index "INDEX_00090261" (39)
checking index "INDEX_000901FF" (38)
checking index "INDEX_00090171" (37)
checking index "INDEX_0009012E" (36)
checking index "INDEX_000900DD" (35)
checking index "INDEX_00090085" (34)
checking index "INDEX_00090062" (33)
checking index "INDEX_00090057" (32)
checking index "INDEX_0009001C" (31)
checking index "INDEX_00090008" (30)
checking index "INDEX_000201CC" (29)
checking index "INDEX_000200D2" (28)
checking index "INDEX_00020078" (27)
. checking index "INDEX_00020073" (26)
checking index "INDEX_0002000D" (25)
checking index "INDEX_0000002A" (24)
checking index "INDEX_00000004" (23)
checking index "NC_Acc_Type_Name" (22)
checking index "PDNT_index" (21)
.. checking index "INDEX_00090001" (20)
. checking index "Ancestors_index" (13)
. checking index "DRA_USN_CREATED_index" (12)
checking index "DRA_USN_index" (11)
. checking index "del_index" (10)
checking index "INDEX_00090002" (9)
. checking index "NC_Acc_Type_Sid" (8)
checking index "INDEX_00090092" (7)
rebuilding and comparing indexes
checking table "hiddentable" (16)
checking data
rebuilding and comparing indexes
checking table "link_table" (14)
checking data
checking index "backlink_index" (15)
rebuilding and comparing indexes
checking table "MSysDefrag1" (110)
checking data
checking index "TablesToDefrag" (111)
rebuilding and comparing indexes
checking table "sdproptable" (17)
checking data
checking index "clientid_index" (19)
checking index "trim_index" (18)
rebuilding and comparing indexes
.....
integrity check completed.
Warning:
You MUST delete the logfiles for this database
Note:
It is recommended that you immediately perform a full backup
of this database. If you restore a backup made before the
repair, the database will be rolled back to the state
it was in at the time of that backup.
Operation completed successfully in 23.844 seconds.
Spawned Process Exit code 0x0(0)
Check repair.txt and event log for repair info.
If repair was successful, it is recommended
you run semantic database analysis to insure
semantic database consistency as well.
file maintenance: quit
ntdsutil: semantic database analysis
semantic checker: go
Fixup mode is turned off
Opening database [Current].....Done.
Getting record count...10109 records
Writing summary into log file dsdit.dmp.0
Records scanned: 10100
Processing records..
Error: Missing subrefs detected.
Done.
semantic checker: go fixup
Fixup mode is turned on
Opening DIT database... Done.
Done.
Opening database [Current].....Done.
Getting record count...10109 records
Writing summary into log file dsdit.dmp.1
Records scanned: 10100
Processing records..
Error: Missing subrefs detected.
Error: Inconsistent refcounts detected.
Done.
semantic checker: go
Fixup mode is turned off
Opening database [Current].....Done.
Getting record count...10109 records
Writing summary into log file dsdit.dmp.2
Records scanned: 10100
Processing records..Done.
semantic checker: quit
file maintenance: quit
ntdsutil: quit
C:\>
The repair.txt file was empty and the there were no events.
The following are the log files:
dsdit.dmp.0
Missing subref entry for 17138 on 1161.
Summary:
Active Objects 9411
Phantoms 73
Deleted 625
dsdit.dmp.1
Missing subref entry for 17138 on 1161.
Added subref 17138 to object 1161.
Summary:
Active Objects 9411
Phantoms 73
Deleted 625
RefCount mismatch for DNT 17138 [RefCount 13 References 14] [Fixed]
...and
dsdit.dmp.2
Summary:
Active Objects 9411
Phantoms 73
Deleted 625
Unfortunately the problem still exists.
Any other suggestions? Anyone?
This morning I tried to run the ntdsutil in directory service restore mode, which according to crissand will solve the problem.
The following represends what i did:
C:\>ntdsutil
ntdsutil: files
file maintenance: repair
Opening database [Current].
Executing Command: C:\WINNT\system32\esentutl
Initiating REPAIR mode...
Database: C:\WINNT\NTDS\ntds.dit
Temp. Database: REPAIR.EDB
got 149217 buffers
checking database header
forcing database to consistent state
checking database integrity
Scanning Status ( % complete )
0 10 20 30 40 50 60 70 80 90 100
|----|----|----|----|----|
checking SystemRoot
SystemRoot (OE)
SystemRoot (AE)
checking system table
MSysObjectsShadow
MSysObjects
Name
RootObjects
rebuilding and comparing indexes
checking table "datatable" (6)
checking data
......................... checking long value tree (48)
......... checking index "PhantomIndex" (117)
checking index "INDEX_000906B6" (116)
checking index "INDEX_000905A3" (115)
checking index "INDEX_00090656" (114)
checking index "INDEX_000905A2" (113)
checking index "LCL_ABVIEW_index00000408"
checking index "INDEX_00150002" (109)
checking index "INDEX_00020107" (108)
checking index "INDEX_74D4827B" (107)
checking index "INDEX_27F8005A" (106)
checking index "INDEX_27F80030" (105)
checking index "INDEX_00020160" (104)
checking index "INDEX_27F8005D" (103)
checking index "INDEX_27F80051" (102)
checking index "INDEX_27F82B32" (101)
checking index "INDEX_27F81B7D" (100)
checking index "INDEX_27F81B7C" (99)
checking index "INDEX_27F81B7B" (98)
checking index "INDEX_27F81B7E" (97)
checking index "INDEX_27F82711" (96)
checking index "INDEX_0002018A" (95)
checking index "INDEX_27F8003F" (94)
checking index "INDEX_27F80065" (93)
checking index "INDEX_000201BF" (92)
checking index "INDEX_27F81B70" (91)
checking index "INDEX_27F82329" (90)
checking index "DNT_IsDeleted_Index" (88)
. checking index "INDEX_000901FD" (87)
checking index "INDEX_000901F6" (86)
checking index "INDEX_000900DE" (85)
checking index "INDEX_000201D5" (84)
checking index "INDEX_000902BB" (83)
checking index "INDEX_000903B4" (82)
checking index "INDEX_000200A9" (81)
checking index "INDEX_0009039D" (80)
checking index "INDEX_0009039A" (79)
checking index "INDEX_00090098" (78)
checking index "INDEX_00090395" (77)
checking index "INDEX_00090089" (76)
checking index "INDEX_00090587" (75)
checking index "INDEX_00090586" (74)
checking index "INDEX_00090582" (73)
checking index "INDEX_00090573" (72)
checking index "INDEX_00090073" (71)
checking index "INDEX_00090571" (70)
checking index "INDEX_0009056C" (69)
checking index "INDEX_00090167" (68)
checking index "INDEX_00090553" (67)
checking index "INDEX_0009014E" (66)
checking index "INDEX_0009014D" (65)
checking index "INDEX_0009014C" (64)
checking index "INDEX_00090147" (63)
checking index "INDEX_00090141" (62)
checking index "INDEX_00090140" (61)
checking index "INDEX_0009013A" (60)
checking index "INDEX_00090138" (59)
checking index "INDEX_00090330" (58)
. checking index "INDEX_00090030" (57)
checking index "INDEX_00020013" (56)
checking index "INDEX_00090013" (55)
checking index "INDEX_00000013" (54)
checking index "INDEX_0000000B" (53)
checking index "INDEX_00000007" (52)
checking index "INDEX_00000003" (51)
.. checking index "INDEX_00150003" (50)
checking index "INDEX_00090202" (49)
checking index "INDEX_000904E1" (46)
checking index "INDEX_00090363" (45)
checking index "INDEX_0009030E" (44)
checking index "INDEX_00090303" (43)
checking index "INDEX_000902EE" (42)
checking index "INDEX_00090290" (41)
. checking index "INDEX_0009028F" (40)
checking index "INDEX_00090261" (39)
checking index "INDEX_000901FF" (38)
checking index "INDEX_00090171" (37)
checking index "INDEX_0009012E" (36)
checking index "INDEX_000900DD" (35)
checking index "INDEX_00090085" (34)
checking index "INDEX_00090062" (33)
checking index "INDEX_00090057" (32)
checking index "INDEX_0009001C" (31)
checking index "INDEX_00090008" (30)
checking index "INDEX_000201CC" (29)
checking index "INDEX_000200D2" (28)
checking index "INDEX_00020078" (27)
. checking index "INDEX_00020073" (26)
checking index "INDEX_0002000D" (25)
checking index "INDEX_0000002A" (24)
checking index "INDEX_00000004" (23)
checking index "NC_Acc_Type_Name" (22)
checking index "PDNT_index" (21)
.. checking index "INDEX_00090001" (20)
. checking index "Ancestors_index" (13)
. checking index "DRA_USN_CREATED_index" (12)
checking index "DRA_USN_index" (11)
. checking index "del_index" (10)
checking index "INDEX_00090002" (9)
. checking index "NC_Acc_Type_Sid" (8)
checking index "INDEX_00090092" (7)
rebuilding and comparing indexes
checking table "hiddentable" (16)
checking data
rebuilding and comparing indexes
checking table "link_table" (14)
checking data
checking index "backlink_index" (15)
rebuilding and comparing indexes
checking table "MSysDefrag1" (110)
checking data
checking index "TablesToDefrag" (111)
rebuilding and comparing indexes
checking table "sdproptable" (17)
checking data
checking index "clientid_index" (19)
checking index "trim_index" (18)
rebuilding and comparing indexes
.....
integrity check completed.
Warning:
You MUST delete the logfiles for this database
Note:
It is recommended that you immediately perform a full backup
of this database. If you restore a backup made before the
repair, the database will be rolled back to the state
it was in at the time of that backup.
Operation completed successfully in 23.844 seconds.
Spawned Process Exit code 0x0(0)
Check repair.txt and event log for repair info.
If repair was successful, it is recommended
you run semantic database analysis to insure
semantic database consistency as well.
file maintenance: quit
ntdsutil: semantic database analysis
semantic checker: go
Fixup mode is turned off
Opening database [Current].....Done.
Getting record count...10109 records
Writing summary into log file dsdit.dmp.0
Records scanned: 10100
Processing records..
Error: Missing subrefs detected.
Done.
semantic checker: go fixup
Fixup mode is turned on
Opening DIT database... Done.
Done.
Opening database [Current].....Done.
Getting record count...10109 records
Writing summary into log file dsdit.dmp.1
Records scanned: 10100
Processing records..
Error: Missing subrefs detected.
Error: Inconsistent refcounts detected.
Done.
semantic checker: go
Fixup mode is turned off
Opening database [Current].....Done.
Getting record count...10109 records
Writing summary into log file dsdit.dmp.2
Records scanned: 10100
Processing records..Done.
semantic checker: quit
file maintenance: quit
ntdsutil: quit
C:\>
The repair.txt file was empty and the there were no events.
The following are the log files:
dsdit.dmp.0
Missing subref entry for 17138 on 1161.
Summary:
Active Objects 9411
Phantoms 73
Deleted 625
dsdit.dmp.1
Missing subref entry for 17138 on 1161.
Added subref 17138 to object 1161.
Summary:
Active Objects 9411
Phantoms 73
Deleted 625
RefCount mismatch for DNT 17138 [RefCount 13 References 14] [Fixed]
...and
dsdit.dmp.2
Summary:
Active Objects 9411
Phantoms 73
Deleted 625
Unfortunately the problem still exists.
Any other suggestions? Anyone?
Run only semantic check and fixup. While in directory restore mode:
type:
ntdsutil semantic database analysis
if errors reported, type:
ntdsutil go fixup
type:
ntdsutil semantic database analysis
if errors reported, type:
ntdsutil go fixup
ASKER
I did the semantic check and fixup for a second time with no errors report.
The following is the dsdit.dmp file:
Summary:
Active Objects 9380
Phantoms 81
Deleted 636
As you can see nothing changed from the last ntdsutil and also the problem still exists.
What's next?
The following is the dsdit.dmp file:
Summary:
Active Objects 9380
Phantoms 81
Deleted 636
As you can see nothing changed from the last ntdsutil and also the problem still exists.
What's next?
Have you installed the last service pack?
Microsoft consider this can be related to controlling the 389 port. The suggestion is to use lpd from support tools to see how the dc is connecting to AD.
I know there are viruses that tries to use port 389, but I guess the server is protected.
Try a forced replication.
Microsoft consider this can be related to controlling the 389 port. The suggestion is to use lpd from support tools to see how the dc is connecting to AD.
I know there are viruses that tries to use port 389, but I guess the server is protected.
Try a forced replication.
ASKER
Yes the DC has installed the SP4, and sure is virus protected.
The server is using the port 389 to connect to AD and seems to connect without problems as you can see...
ld = ldap_open("MyServer", 389);
Established connection to MyServer.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: 10/12/2004 8:40:53 GTB Standard Time GTB Daylight Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN= Configurat ion,DC=MyD omain,DC=c om;
1> dsServiceName: CN=NTDS Settings,CN=MyServer,CN=Se rvers,CN=M ySite,CN=S ites,CN=Co nfiguratio n,DC=MyDom ain,DC=com ;
3> namingContexts: CN=Schema,CN=Configuration ,DC=MyDoma in,DC=com; CN=Configuration,DC=MyDoma in,DC=com; DC=MyDomain,DC=com;
1> defaultNamingContext: DC=MyDomain,DC=com;
1> schemaNamingContext: CN=Schema,CN=Configuration ,DC=MyDoma in,DC=com;
1> configurationNamingContext : CN=Configuration,DC=MyDoma in,DC=com;
1> rootDomainNamingContext: DC=MyDomain,DC=com;
16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn;
1> highestCommittedUSN: 2130148;
2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO;
1> dnsHostName: MyServer.MyDomain.com;
1> ldapServiceName: MyDomain.com:MyServer$@MyD omain.com;
1> serverName: CN=MyServer,CN=Servers,CN= MySite,CN= Sites,CN=C onfigurati on,DC=MyDo main,DC=co m;
2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
-----------
Regarding the replication, please take a look at the following log files:
"MyServer-CN=Configuration ,DC=MyDoma in,DC=com- -NO DATA-.log" which includes the following info:
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","254069"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","14611"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","340118"
"DateTime","12/10/2004 8:00:48 πμ"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Proper ty Update USN: 340117"
"DirectPartnerFailure","Ch anges have not been successfully replicated from **DELETED SERVER #3 for 1187 attempt(s)."
"DirectPartnerFailure","Th e reason is: The parameter is incorrect."
"DirectPartnerFailure","Th e last replication attempt was: 10/12/2004 7:56:00 AM (local)"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","12523"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","307941"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","11353"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","143393"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","4064"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","215426"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","204380"
...and
"MyServer-CN=Schema,CN=Con figuration ,DC=MyDoma in,DC=com- -NO DATA-.log" which includes the following info:
"DateTime","12/10/2004 8:00:47 πμ"
"USNData","254041"
"DateTime","12/10/2004 8:00:47 πμ"
"USNData","14611"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","340118"
"DateTime","12/10/2004 8:00:48 πμ"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Proper ty Update USN: 338138"
"DirectPartnerFailure","Ch anges have not been successfully replicated from **DELETED SERVER #3 for 1198 attempt(s)."
"DirectPartnerFailure","Th e reason is: The parameter is incorrect."
"DirectPartnerFailure","Th e last replication attempt was: 10/12/2004 7:56:01 AM (local)"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","12523"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","307941"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","11353"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","143393"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","4064"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","215426"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","204380"
Any conclusions?
The server is using the port 389 to connect to AD and seems to connect without problems as you can see...
ld = ldap_open("MyServer", 389);
Established connection to MyServer.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
1> currentTime: 10/12/2004 8:40:53 GTB Standard Time GTB Daylight Time;
1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=
1> dsServiceName: CN=NTDS Settings,CN=MyServer,CN=Se
3> namingContexts: CN=Schema,CN=Configuration
1> defaultNamingContext: DC=MyDomain,DC=com;
1> schemaNamingContext: CN=Schema,CN=Configuration
1> configurationNamingContext
1> rootDomainNamingContext: DC=MyDomain,DC=com;
16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413;
2> supportedLDAPVersion: 3; 2;
12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn;
1> highestCommittedUSN: 2130148;
2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO;
1> dnsHostName: MyServer.MyDomain.com;
1> ldapServiceName: MyDomain.com:MyServer$@MyD
1> serverName: CN=MyServer,CN=Servers,CN=
2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791;
1> isSynchronized: TRUE;
1> isGlobalCatalogReady: TRUE;
-----------
Regarding the replication, please take a look at the following log files:
"MyServer-CN=Configuration
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","254069"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","14611"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","340118"
"DateTime","12/10/2004 8:00:48 πμ"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Proper
"DirectPartnerFailure","Ch
"DirectPartnerFailure","Th
"DirectPartnerFailure","Th
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","12523"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","307941"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","11353"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","143393"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","4064"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","215426"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","204380"
...and
"MyServer-CN=Schema,CN=Con
"DateTime","12/10/2004 8:00:47 πμ"
"USNData","254041"
"DateTime","12/10/2004 8:00:47 πμ"
"USNData","14611"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","340118"
"DateTime","12/10/2004 8:00:48 πμ"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Proper
"DirectPartnerFailure","Ch
"DirectPartnerFailure","Th
"DirectPartnerFailure","Th
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","12523"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","307941"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","11353"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","143393"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","4064"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","215426"
"DateTime","12/10/2004 8:00:48 πμ"
"USNData","204380"
Any conclusions?
It seems you lost one of the dc's that has a fsmo roles. You can use dumpfsmos.cmd from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/dumpfsmos-o.asp
to see what dc's have those roles.
to see what dc's have those roles.
ASKER
All the five FSMO roles are assigned to 2 different DC's.
One of these is actually the server which has the problem we are trying to solve.
This server holds up the 3/5 of the roles ie: Schema, PDC, Rid.
The other one holds the Infrastructure and the Domain Tree Operations.
All the 5 roles are assigned to alive DC's.
What else?
One of these is actually the server which has the problem we are trying to solve.
This server holds up the 3/5 of the roles ie: Schema, PDC, Rid.
The other one holds the Infrastructure and the Domain Tree Operations.
All the 5 roles are assigned to alive DC's.
What else?
Maybe there is not enough free space on the new server's disk? Or is a difference in date and time between the new server and the pdc emulator? Do you have warnings about time in event log?
There is a posibility that the sysvol share on the new dc is missing, or the followind users doesn't have access to that share: full access for Administrators, Creator/Owner and system, read for server operators and authenticated users. Also see who is the owner of that share: must be reset to Administrators.
The time difference error create a lot of problems with replication, and dcpromo can fail.
There is a posibility that the sysvol share on the new dc is missing, or the followind users doesn't have access to that share: full access for Administrators, Creator/Owner and system, read for server operators and authenticated users. Also see who is the owner of that share: must be reset to Administrators.
The time difference error create a lot of problems with replication, and dcpromo can fail.
ASKER
Hello again.
The DC we are talking about is not new. It is running since 2000.
It is the Schema, PDC and Rid, of the domain and has about 1.5GB free disk space.
The sysvol share exists on it and the permissions to that share are according to your suggestion.
Although the time and date are synchronized on all DC's in the domain, I do have w32time EventID:54 and EventID:64 warnings on that DC.
Is this rings any bells to you?
Thanks in advance.
The DC we are talking about is not new. It is running since 2000.
It is the Schema, PDC and Rid, of the domain and has about 1.5GB free disk space.
The sysvol share exists on it and the permissions to that share are according to your suggestion.
Although the time and date are synchronized on all DC's in the domain, I do have w32time EventID:54 and EventID:64 warnings on that DC.
Is this rings any bells to you?
Thanks in advance.
There is a posibility that this domain controller to have a name already existing. Plese, verify.
Verify the tcp/ip properties to have: <Append primary and connection specific DNS suffixes> enabled.
Move the PDC role to another computer. If this computer is the PDC emulator, then it is the source fo time for every other dc's.
The time cannot be synchronized if:
Norton autoprotect is on.
The server cannot find a dns. Run
netdiag /v
if ok run
“w32tm /resync /nowait
Verify the tcp/ip properties to have: <Append primary and connection specific DNS suffixes> enabled.
Move the PDC role to another computer. If this computer is the PDC emulator, then it is the source fo time for every other dc's.
The time cannot be synchronized if:
Norton autoprotect is on.
The server cannot find a dns. Run
netdiag /v
if ok run
“w32tm /resync /nowait
ASKER
"There is a posibility that this domain controller to have a name already existing." What do you mean by that?
The tcp/ip is ok.
The netdiag runs without errors.
When tried to transfer the PDC role to another DC, (in other site because I don't have another DC in mine), netlogon errors occured. These, are the following:
Source: NETLOGON
EventID: 5705
Type: Error
The change log cache maintained by the Netlogon service for database changes is corrupted.
The Netlogon service is resetting the change log.
Source: NETLOGON
EventID: 3096
Type: Error
The Windows NT domain controller for this domain could not be located.
Source: NETLOGON
EventID: 5719
Type: Error
No Windows NT or Windows 2000 Domain Controller is available for
domain MYDOMAIN.
The following error occurred:
There are currently no logon servers available to service the logon request.
The "w32tm /resync /nowait" it doesn't run.
W32tm does not recognise switches "/resync" or "/nowait" or both.
See "w32tm/?".
Any ideas?
The tcp/ip is ok.
The netdiag runs without errors.
When tried to transfer the PDC role to another DC, (in other site because I don't have another DC in mine), netlogon errors occured. These, are the following:
Source: NETLOGON
EventID: 5705
Type: Error
The change log cache maintained by the Netlogon service for database changes is corrupted.
The Netlogon service is resetting the change log.
Source: NETLOGON
EventID: 3096
Type: Error
The Windows NT domain controller for this domain could not be located.
Source: NETLOGON
EventID: 5719
Type: Error
No Windows NT or Windows 2000 Domain Controller is available for
domain MYDOMAIN.
The following error occurred:
There are currently no logon servers available to service the logon request.
The "w32tm /resync /nowait" it doesn't run.
W32tm does not recognise switches "/resync" or "/nowait" or both.
See "w32tm/?".
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.