Solved

KCC EVENTS 1371 & 1168 - NTDS Inter-Site Messaging.

Posted on 2004-10-06
17
3,134 Views
Last Modified: 2008-02-20
Hello there,
I have  the following problem and I need help from anyone who has deal with the same problem.
I manually remove data from Active Directory -after an unsuccessful domain controller demotion- using Ntdsutil utility.
Although the whole procedure was successful (no error messages or warnings during the metadata cleanup),
since then the following event messages are record every 15 min:


Source: NTDS Inter-site
Category: Inter-Site Messaging
EventID: 1371
Type: Warning

The attempt to send 4076 bytes to service NTDS Replication
at address 3d19f55b-ae91-4e26-bedd-21f3b01818b3._msdcs.myDomain.com
via transport CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,
DC=myDomain,DC=com failed with the following status:
 
 The parameter is incorrect.
 
 The record data is the status code.

...and

Source: NTDS Inter-site
Category: Internal Processing
EventID: 1168
Type: Error

Error -2147024809(80070057) has occurred (Internal ID 11070503).  
Please contact Microsoft Product Support Services for assistance.

Any suggestions from anyone?
0
Comment
Question by:fratomb
17 Comments
 
LVL 2

Expert Comment

by:etracsupport
Comment Utility
Did you clean up sites and services make sure that the dc is gone and all connectors
0
 
LVL 11

Expert Comment

by:cfairley
Comment Utility
If you ping the GUID 3d19f55b-ae91-4e26-bedd-21f3b01818b3._msdcs.myDomain.com it will tell you which DC it's trying to talk to, which is probably the one that was demoted.  If so, you need to run adsiedit.msc and delete the DC and site if it is no longer used.
0
 
LVL 18

Expert Comment

by:crissand
Comment Utility
Event id 1168: Looks like you have orphaned objects in active directory. One recomandation is to restart the server in directory service restore mode and to use ntdsutil to do semantic check. Microsoft said that you must increase the server's memory, but I don't think it is aplicable here.
0
 

Author Comment

by:fratomb
Comment Utility
Hello guys and thanks for your response. My answers to your comments are:

To etracsupport:
Yes I've already clean up sites and services and connectors. There are no more references to the demoted DC.

To cfairley:
Yes I do know that this GUID belongs to the demoted DC and I've already run ADSIEdit to clean up all the references to the demoted DC.

To crissand:
Yes this is the problem, some remains of orphaned objects are still in Active Directory. Regarding the Microsoft's suggestion, I agree with you it's not applicable here because, fisrt of all, the server has already 1.5GB of RAM, and second, i don't see any relation of server's memory to my problem. Now about your recommendation to restart the server in directory service restore mode and to use ntdsutil to do semantic check, this a thing I didn't do until now but I will.

Anyway some things I also did until now are DCDiag and NetDiag with the following results:

DCDiag:
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: MySite\MYSERVER
      Starting test: Connectivity
         ......................... MYSERVER passed test Connectivity

Doing primary tests
   
   Testing server: MySite\MYSERVER
      Starting test: Replications
         ......................... MYSERVER passed test Replications
      Starting test: NCSecDesc
         ......................... MYSERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... MYSERVER passed test NetLogons
      Starting test: Advertising
         ......................... MYSERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... MYSERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MYSERVER passed test RidManager
      Starting test: MachineAccount
         ......................... MYSERVER passed test MachineAccount
      Starting test: Services
            Could not open SMTPSVC Service on [MYSERVER]:failed with 1060: Win32 Error 1060
         ......................... MYSERVER failed test Services
      Starting test: ObjectsReplicated
         ......................... MYSERVER passed test ObjectsReplicated
      Starting test: frssysvol
         Error: No record of File Replication System, SYSVOL started.
         The Active Directory may be prevented from starting.
         There are errors after the SYSVOL has been shared.
         The SYSVOL can prevent the AD from starting.
         ......................... MYSERVER passed test frssysvol
      Starting test: kccevent
         An Error Event occured.  EventID: 0xC0000490
            Time Generated: 10/06/2004   13:08:35
            Event String: Error -2147024809(80070057) has occurred

         An Warning Event occured.  EventID: 0x8000055B
            Time Generated: 10/06/2004   13:08:35
            Event String: The attempt to send 4052 bytes to service

         An Error Event occured.  EventID: 0xC0000490
            Time Generated: 10/06/2004   13:08:35
            Event String: Error -2147024809(80070057) has occurred

         An Warning Event occured.  EventID: 0x8000055B
            Time Generated: 10/06/2004   13:08:35
            Event String: The attempt to send 4076 bytes to service

         ......................... MYSERVER failed test kccevent
      Starting test: systemlog
         ......................... MYSERVER passed test systemlog
   
   Running enterprise tests on : MyDomain.com
      Starting test: Intersite
         ......................... MyDomain.com passed test Intersite
      Starting test: FsmoCheck
         ......................... MyDomain.com passed test FsmoCheck

...and

NETDiag:



    Computer Name: MYSERVER
    DNS Host Name: MYSERVER.MyDomain
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
    List of installed hotfixes :
        KB329115
        KB820888
        KB822831
        KB823182
        KB823559
        KB823980
        KB824105
        KB824141
        KB824146
        KB825119
        KB826232
        KB828028
        KB828035
        KB828741
        KB828749
        KB829558
        KB835732
        KB837001
        KB837272
        KB839643-DirectX9
        KB839645
        KB840315
        KB841872
        KB841873
        KB842526
        KB842933
        Q147222
        Q816093
        Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : MYSERVER
        IP Address . . . . . . . . : 192.168.2.6
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.2.1
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : 192.168.2.6
                                     192.168.1.6


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed


        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.2.6' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.6' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Skipped
    There are no interfaces that have NetBT enabled. [Test skipped]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully

Thanks again.
Waiting for your, or anyone's else, responce.
0
 
LVL 18

Expert Comment

by:crissand
Comment Utility
The ntdsutil in directory service restore mode will fix the errors.
0
 

Author Comment

by:fratomb
Comment Utility
Hello there again.
This morning I tried to run the ntdsutil in directory service restore mode, which according to crissand will solve the problem.
The following represends what i did:

C:\>ntdsutil
ntdsutil: files
file maintenance: repair
Opening database [Current].
Executing Command: C:\WINNT\system32\esentutl.exe /p "C:\WINNT\NTDS\ntds.dit" /!10240 /8 /v /x /o


Initiating REPAIR mode...
        Database: C:\WINNT\NTDS\ntds.dit
  Temp. Database: REPAIR.EDB
got 149217 buffers
checking database header
forcing database to consistent state

checking database integrity

                    Scanning Status  ( % complete )

          0    10   20   30   40   50   60   70   80   90  100
          |----|----|----|----|----|----|----|----|----|----|
                checking SystemRoot
                SystemRoot (OE)
                SystemRoot (AE)
        checking system table
                MSysObjectsShadow
                MSysObjects
                Name
                RootObjects
                rebuilding and comparing indexes
        checking table "datatable" (6)
                checking data
.........................               checking long value tree (48)
.........               checking index "PhantomIndex" (117)
                checking index "INDEX_000906B6" (116)
                checking index "INDEX_000905A3" (115)
                checking index "INDEX_00090656" (114)
                checking index "INDEX_000905A2" (113)
                checking index "LCL_ABVIEW_index00000408" (112)
                checking index "INDEX_00150002" (109)
                checking index "INDEX_00020107" (108)
                checking index "INDEX_74D4827B" (107)
                checking index "INDEX_27F8005A" (106)
                checking index "INDEX_27F80030" (105)
                checking index "INDEX_00020160" (104)
                checking index "INDEX_27F8005D" (103)
                checking index "INDEX_27F80051" (102)
                checking index "INDEX_27F82B32" (101)
                checking index "INDEX_27F81B7D" (100)
                checking index "INDEX_27F81B7C" (99)
                checking index "INDEX_27F81B7B" (98)
                checking index "INDEX_27F81B7E" (97)
                checking index "INDEX_27F82711" (96)
                checking index "INDEX_0002018A" (95)
                checking index "INDEX_27F8003F" (94)
                checking index "INDEX_27F80065" (93)
                checking index "INDEX_000201BF" (92)
                checking index "INDEX_27F81B70" (91)
                checking index "INDEX_27F82329" (90)
                checking index "DNT_IsDeleted_Index" (88)
.               checking index "INDEX_000901FD" (87)
                checking index "INDEX_000901F6" (86)
                checking index "INDEX_000900DE" (85)
                checking index "INDEX_000201D5" (84)
                checking index "INDEX_000902BB" (83)
                checking index "INDEX_000903B4" (82)
                checking index "INDEX_000200A9" (81)
                checking index "INDEX_0009039D" (80)
                checking index "INDEX_0009039A" (79)
                checking index "INDEX_00090098" (78)
                checking index "INDEX_00090395" (77)
                checking index "INDEX_00090089" (76)
                checking index "INDEX_00090587" (75)
                checking index "INDEX_00090586" (74)
                checking index "INDEX_00090582" (73)
                checking index "INDEX_00090573" (72)
                checking index "INDEX_00090073" (71)
                checking index "INDEX_00090571" (70)
                checking index "INDEX_0009056C" (69)
                checking index "INDEX_00090167" (68)
                checking index "INDEX_00090553" (67)
                checking index "INDEX_0009014E" (66)
                checking index "INDEX_0009014D" (65)
                checking index "INDEX_0009014C" (64)
                checking index "INDEX_00090147" (63)
                checking index "INDEX_00090141" (62)
                checking index "INDEX_00090140" (61)
                checking index "INDEX_0009013A" (60)
                checking index "INDEX_00090138" (59)
                checking index "INDEX_00090330" (58)
.               checking index "INDEX_00090030" (57)
                checking index "INDEX_00020013" (56)
                checking index "INDEX_00090013" (55)
                checking index "INDEX_00000013" (54)
                checking index "INDEX_0000000B" (53)
                checking index "INDEX_00000007" (52)
                checking index "INDEX_00000003" (51)
..              checking index "INDEX_00150003" (50)
                checking index "INDEX_00090202" (49)
                checking index "INDEX_000904E1" (46)
                checking index "INDEX_00090363" (45)
                checking index "INDEX_0009030E" (44)
                checking index "INDEX_00090303" (43)
                checking index "INDEX_000902EE" (42)
                checking index "INDEX_00090290" (41)
.               checking index "INDEX_0009028F" (40)
                checking index "INDEX_00090261" (39)
                checking index "INDEX_000901FF" (38)
                checking index "INDEX_00090171" (37)
                checking index "INDEX_0009012E" (36)
                checking index "INDEX_000900DD" (35)
                checking index "INDEX_00090085" (34)
                checking index "INDEX_00090062" (33)
                checking index "INDEX_00090057" (32)
                checking index "INDEX_0009001C" (31)
                checking index "INDEX_00090008" (30)
                checking index "INDEX_000201CC" (29)
                checking index "INDEX_000200D2" (28)
                checking index "INDEX_00020078" (27)
.               checking index "INDEX_00020073" (26)
                checking index "INDEX_0002000D" (25)
                checking index "INDEX_0000002A" (24)
                checking index "INDEX_00000004" (23)
                checking index "NC_Acc_Type_Name" (22)
                checking index "PDNT_index" (21)
..              checking index "INDEX_00090001" (20)
.               checking index "Ancestors_index" (13)
.               checking index "DRA_USN_CREATED_index" (12)
                checking index "DRA_USN_index" (11)
.               checking index "del_index" (10)
                checking index "INDEX_00090002" (9)
.               checking index "NC_Acc_Type_Sid" (8)
                checking index "INDEX_00090092" (7)
                rebuilding and comparing indexes
        checking table "hiddentable" (16)
                checking data
                rebuilding and comparing indexes
        checking table "link_table" (14)
                checking data
                checking index "backlink_index" (15)
                rebuilding and comparing indexes
        checking table "MSysDefrag1" (110)
                checking data
                checking index "TablesToDefrag" (111)
                rebuilding and comparing indexes
        checking table "sdproptable" (17)
                checking data
                checking index "clientid_index" (19)
                checking index "trim_index" (18)
                rebuilding and comparing indexes
.....


integrity check completed.
Warning:
  You MUST delete the logfiles for this database

Note:
  It is recommended that you immediately perform a full backup
  of this database. If you restore a backup made before the
  repair, the database will be rolled back to the state
  it was in at the time of that backup.

Operation completed successfully in 23.844 seconds.


Spawned Process Exit code 0x0(0)

Check repair.txt and event log for repair info.
 If repair was successful, it is recommended
 you run semantic database analysis to insure
 semantic database consistency as well.


file maintenance: quit
ntdsutil: semantic database analysis

semantic checker: go
Fixup mode is turned off
Opening database [Current].....Done.

Getting record count...10109 records
Writing summary into log file dsdit.dmp.0
Records scanned:      10100
Processing records..
Error: Missing subrefs detected.
Done.

semantic checker: go fixup
Fixup mode is turned on

Opening DIT database... Done.

Done.

Opening database [Current].....Done.

Getting record count...10109 records
Writing summary into log file dsdit.dmp.1
Records scanned:      10100
Processing records..
Error: Missing subrefs detected.

Error: Inconsistent refcounts detected.
Done.

semantic checker: go
Fixup mode is turned off
Opening database [Current].....Done.

Getting record count...10109 records
Writing summary into log file dsdit.dmp.2
Records scanned:      10100
Processing records..Done.

semantic checker: quit
file maintenance: quit
ntdsutil: quit

C:\>

The repair.txt file was empty and the there were no events.
 The following are the log files:

dsdit.dmp.0

Missing subref entry for 17138 on 1161.
Summary:
Active Objects           9411
Phantoms             73
Deleted            625

dsdit.dmp.1

Missing subref entry for 17138 on 1161.
Added subref 17138 to object 1161.
Summary:
Active Objects           9411
Phantoms             73
Deleted            625

RefCount mismatch for DNT 17138 [RefCount   13 References   14] [Fixed]

...and

dsdit.dmp.2

Summary:
Active Objects           9411
Phantoms             73
Deleted            625

Unfortunately the problem still exists.

Any other suggestions? Anyone?
0
 
LVL 18

Expert Comment

by:crissand
Comment Utility
Run only semantic check and fixup. While in directory restore mode:

type:

ntdsutil semantic database analysis

if errors reported, type:

ntdsutil go fixup
0
 

Author Comment

by:fratomb
Comment Utility
I did the semantic check and fixup for a second time with no errors report.

The following is the dsdit.dmp file:

Summary:
Active Objects  9380
Phantoms             81
Deleted            636

As you can see nothing changed from the last ntdsutil and also the problem still exists.

What's next?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 18

Expert Comment

by:crissand
Comment Utility
Have you installed the last service pack?

Microsoft consider this can be related to controlling the 389 port. The suggestion is to use lpd from support tools to see how the dc is connecting to AD.

I know there are viruses that tries to use port 389, but I guess the server is protected.

Try a forced replication.
0
 

Author Comment

by:fratomb
Comment Utility
Yes the DC has installed the SP4, and sure is virus protected.
The server is using the port 389 to connect to AD and seems to connect without problems as you can see...

ld = ldap_open("MyServer", 389);
Established connection to MyServer.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
      1> currentTime: 10/12/2004 8:40:53 GTB Standard Time GTB Daylight Time;
      1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MyDomain,DC=com;
      1> dsServiceName: CN=NTDS Settings,CN=MyServer,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=com;
      3> namingContexts: CN=Schema,CN=Configuration,DC=MyDomain,DC=com; CN=Configuration,DC=MyDomain,DC=com; DC=MyDomain,DC=com;
      1> defaultNamingContext: DC=MyDomain,DC=com;
      1> schemaNamingContext: CN=Schema,CN=Configuration,DC=MyDomain,DC=com;
      1> configurationNamingContext: CN=Configuration,DC=MyDomain,DC=com;
      1> rootDomainNamingContext: DC=MyDomain,DC=com;
      16> supportedControl: 1.2.840.113556.1.4.319; 1.2.840.113556.1.4.801; 1.2.840.113556.1.4.473; 1.2.840.113556.1.4.528; 1.2.840.113556.1.4.417; 1.2.840.113556.1.4.619; 1.2.840.113556.1.4.841; 1.2.840.113556.1.4.529; 1.2.840.113556.1.4.805; 1.2.840.113556.1.4.521; 1.2.840.113556.1.4.970; 1.2.840.113556.1.4.1338; 1.2.840.113556.1.4.474; 1.2.840.113556.1.4.1339; 1.2.840.113556.1.4.1340; 1.2.840.113556.1.4.1413;
      2> supportedLDAPVersion: 3; 2;
      12> supportedLDAPPolicies: MaxPoolThreads; MaxDatagramRecv; MaxReceiveBuffer; InitRecvTimeout; MaxConnections; MaxConnIdleTime; MaxActiveQueries; MaxPageSize; MaxQueryDuration; MaxTempTableSize; MaxResultSetSize; MaxNotificationPerConn;
      1> highestCommittedUSN: 2130148;
      2> supportedSASLMechanisms: GSSAPI; GSS-SPNEGO;
      1> dnsHostName: MyServer.MyDomain.com;
      1> ldapServiceName: MyDomain.com:MyServer$@MyDomain.com;
      1> serverName: CN=MyServer,CN=Servers,CN=MySite,CN=Sites,CN=Configuration,DC=MyDomain,DC=com;
      2> supportedCapabilities: 1.2.840.113556.1.4.800; 1.2.840.113556.1.4.1791;
      1> isSynchronized: TRUE;
      1> isGlobalCatalogReady: TRUE;
-----------


Regarding the replication, please take a look at the following log files:

"MyServer-CN=Configuration,DC=MyDomain,DC=com--NO DATA-.log" which includes the following info:

"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","254069"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","14611"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","340118"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Property Update USN: 340117"
"DirectPartnerFailure","Changes have not been successfully replicated from **DELETED SERVER #3 for 1187 attempt(s)."
"DirectPartnerFailure","The reason is: The parameter is incorrect."
"DirectPartnerFailure","The last replication attempt was:  10/12/2004 7:56:00 AM (local)"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","12523"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","307941"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","11353"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","143393"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","4064"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","215426"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","204380"


...and


"MyServer-CN=Schema,CN=Configuration,DC=MyDomain,DC=com--NO DATA-.log" which includes the following info:


"DateTime","12/10/2004 8:00:47 &#960;&#956;"
"USNData","254041"
"DateTime","12/10/2004 8:00:47 &#960;&#956;"
"USNData","14611"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","340118"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Property Update USN: 338138"
"DirectPartnerFailure","Changes have not been successfully replicated from **DELETED SERVER #3 for 1198 attempt(s)."
"DirectPartnerFailure","The reason is: The parameter is incorrect."
"DirectPartnerFailure","The last replication attempt was:  10/12/2004 7:56:01 AM (local)"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","12523"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","307941"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","11353"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","143393"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","4064"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","215426"
"DateTime","12/10/2004 8:00:48 &#960;&#956;"
"USNData","204380"


Any conclusions?
0
 
LVL 18

Expert Comment

by:crissand
Comment Utility
It seems you lost one of the dc's that has a fsmo roles. You can use dumpfsmos.cmd from http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/dumpfsmos-o.asp
to see what dc's have those roles.
0
 

Author Comment

by:fratomb
Comment Utility
All the five FSMO roles are assigned to 2 different DC's.
One of these is actually the server which has the problem we are trying to solve.
This server holds up the 3/5 of the roles ie: Schema, PDC, Rid.
The other one holds the Infrastructure and the Domain Tree Operations.
All the 5 roles are assigned to alive DC's.
What else?
0
 
LVL 18

Expert Comment

by:crissand
Comment Utility
Maybe there is not enough free space on the new server's disk? Or is a difference in date and time between the new server and the pdc emulator? Do you have warnings about time in event log?

There is a posibility that the sysvol share on the new dc is missing, or the followind users doesn't have access to that share: full access for Administrators, Creator/Owner and system, read for server operators and authenticated users. Also see who is the owner of that share: must be reset to Administrators.

The time difference error create a lot of problems with replication, and dcpromo can fail.
0
 

Author Comment

by:fratomb
Comment Utility
Hello again.
The DC we are talking about is not new. It is running since 2000.
It is the Schema, PDC and Rid, of the domain and has about 1.5GB free disk space.
The sysvol share exists on it and the permissions to that share are according to your suggestion.
Although the time and date are synchronized on all DC's in the domain, I do  have w32time EventID:54 and EventID:64 warnings on that DC.
Is this rings any bells to you?
Thanks in advance.
0
 
LVL 18

Expert Comment

by:crissand
Comment Utility
There is a posibility that this domain controller to have a name already existing. Plese, verify.

Verify the tcp/ip properties to have: <Append primary and connection specific DNS suffixes> enabled.

Move the PDC role to another computer. If this computer is the PDC emulator, then it is the source fo time for every other dc's.

The time cannot be synchronized if:

Norton autoprotect is on.
The server cannot find a dns. Run
netdiag /v

if ok run
“w32tm /resync /nowait

0
 

Author Comment

by:fratomb
Comment Utility
"There is a posibility that this domain controller to have a name already existing."  What do you mean by that?

The tcp/ip is ok.
The netdiag runs without errors.

When tried to transfer the PDC role to another DC, (in other site because I don't have another DC in mine), netlogon errors occured. These, are the following:

Source: NETLOGON
EventID: 5705
Type: Error

The change log cache maintained by the Netlogon service for database changes is corrupted.
The Netlogon service is resetting the change log.

Source: NETLOGON
EventID: 3096
Type: Error

The Windows NT domain controller for this domain could not be located.

Source: NETLOGON
EventID: 5719
Type: Error

No Windows NT or Windows 2000 Domain Controller is available for
domain MYDOMAIN.
The following error occurred:
There are currently no logon servers available to service the logon request.


The "w32tm /resync /nowait" it doesn't run.
W32tm does not recognise switches "/resync" or "/nowait" or both.
See "w32tm/?".

Any ideas?

0
 
LVL 18

Accepted Solution

by:
crissand earned 500 total points
Comment Utility
Not good. The windows time command will not work untill the pdc role will be moved. Actually, the pdc emulator is the master time provider for the domain.

See this on Microsoft site:

The following event log error may be generated:
Event ID: 5705
Source: NETLOGON
Type: Error
The change log cache maintained by the Netlogon Service for database changes is corrupted. The Netlogon service is resetting the change log.

These events can be caused when Windows NT fails to update the %SystemRoot%\Netlogon.chg file on the PDC. This may occur for any of the following reasons:
• The Read-Only attribute could be set.  
• The netlogon.chg file could be corrupted.  
• The permissions for the system account could be insufficient for that file; they should be at least RWXD.  

Open Windows Explorer, and then navigate to the %systemroot% folder.  
2. Right-click the Netlogon.chg file, and then click Properties.  
3. Click the Security tab.  
4. Click to clear the Allow inheritable permissions from parent to propagate to this object check box, and then click OK.  
5. In the Security dialog box, click Copy to copy the existing inheritable permissions to this object.  
6. Click the System account, click Deny - Full Control to change all of the permissions to Deny, and then click OK.  
7. Restart the computer. After you log on to the computer, delete the Netlogon.chg file.  
8. Restart the computer again. When you log on the computer, the Netlogon.chg file is rebuilt automatically.  
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now