2003 DC Errors (DFS
I have a small network with 2 DCs. On the primry DCI am getting a large number of errors. I recently cleared the logs and restarted the machine so I could track down the cause(s).
SystemEventLog:
Error: DFS could not contact any DC for Domain DFS operations. This operation will be retried periodically. (MS Help Center has no additional information on the error.)
Warning: DFS Root DFSRoot failed during initialization. The root will not be available.
Information: DFS has finished building all namespaces.
[This might look timing related]
Shortly thereafter:
Warning: The Security System detected an authentication error for the server LDAP/DENEB. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Warning: The Security System could not establish a secured connection with the server LDAP/DENEB. No authentication protocol was available.
Error: The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
And the application log has been showing errors such as:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
I must admit, I am at a loss to even begin trouble shooting this.
Any sage advice?
SystemEventLog:
Error: DFS could not contact any DC for Domain DFS operations. This operation will be retried periodically. (MS Help Center has no additional information on the error.)
Warning: DFS Root DFSRoot failed during initialization. The root will not be available.
Information: DFS has finished building all namespaces.
[This might look timing related]
Shortly thereafter:
Warning: The Security System detected an authentication error for the server LDAP/DENEB. The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Warning: The Security System could not establish a secured connection with the server LDAP/DENEB. No authentication protocol was available.
Error: The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
And the application log has been showing errors such as:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
I must admit, I am at a loss to even begin trouble shooting this.
Any sage advice?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
P.s. this:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
looks like there is an out of date SID (security Identifier for a user account) or computer account, try resetting the computer account for your DC, this would make sense as computer accounts are based on a hardware footprint, and you have recently changed your hardware.
What was the old name of your DC and what is the new name?
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945
looks like there is an out of date SID (security Identifier for a user account) or computer account, try resetting the computer account for your DC, this would make sense as computer accounts are based on a hardware footprint, and you have recently changed your hardware.
What was the old name of your DC and what is the new name?
ASKER
DC was Midgaard; now Deneb.
Domain is/was continuum (I had changed the listing above to "domainname" for anonymity/security, but I missed at least one).
Everything looks fine from the diagnostics (nltest, dcdiag, netdiag); my experience is that it can often be significantly more costly to fix something rather than just redo it; the only thing missing was the consensus of others (which I know have).
Last thing to do before I retire this instance of the OS installation is to plan out what is the best way to "recycle" the machine:
1. I want to make sure that the domain is correct. Deneb (server is question) is the PDC emulator, so what should I do to retire the DC from the domain?
1a. Should I move the PDC master to my secondary DC?
1b. Should I demote Deneb from the DC role and remove it from the authorized DNS and DHCP server lists?
1c. Is there anything else I should do?
2. When I re-install the OS, is it safe to use the same machine name?
3. Is there any way of preserving and/or automating network share creation?
4. Is there anything else I can do to speed up the process of getting back to where I was, functionally?
5. Can a save the DCHP resrvations so I don't need to re-enter them by hand?
In the mean time, I'll get out the brown-creek paddle and rubber gloves (that lazarus98, I had a good laugh on that one too - and very much needed, I might add).
As soon as I can get a good plan of action, I will get these points awarded; you have all been fantastically helpful in confirming my original suspicions.
Domain is/was continuum (I had changed the listing above to "domainname" for anonymity/security, but I missed at least one).
Everything looks fine from the diagnostics (nltest, dcdiag, netdiag); my experience is that it can often be significantly more costly to fix something rather than just redo it; the only thing missing was the consensus of others (which I know have).
Last thing to do before I retire this instance of the OS installation is to plan out what is the best way to "recycle" the machine:
1. I want to make sure that the domain is correct. Deneb (server is question) is the PDC emulator, so what should I do to retire the DC from the domain?
1a. Should I move the PDC master to my secondary DC?
1b. Should I demote Deneb from the DC role and remove it from the authorized DNS and DHCP server lists?
1c. Is there anything else I should do?
2. When I re-install the OS, is it safe to use the same machine name?
3. Is there any way of preserving and/or automating network share creation?
4. Is there anything else I can do to speed up the process of getting back to where I was, functionally?
5. Can a save the DCHP resrvations so I don't need to re-enter them by hand?
In the mean time, I'll get out the brown-creek paddle and rubber gloves (that lazarus98, I had a good laugh on that one too - and very much needed, I might add).
As soon as I can get a good plan of action, I will get these points awarded; you have all been fantastically helpful in confirming my original suspicions.
ASKER
Event ID 14523 [Error] DFS could not contact any DC for Domain DFS operations (Source = DFSSVC)
Event ID 14534 [Warning] DFS Root DFSRoot failed during initialization (Source = DFSSVC)
Event ID 14533 [Information] DFS has finished building all namespaces (Source = DFSSVC)
...
Event ID 40960 [Error] The Security System detected an authentication error (Source = LSASRV)
Event ID 40961 [Error] The Security System could not establish a secured connection (Source = LSASRV)
...
Event ID 33 [Error] The PrintQueue Container could not be found because the DNS Domain name could not be retrieved (Source = Print)
ApplicationLog:
Event ID 1058 [Error] Windows cannot access the file gpt.ini for GPO ... (Source=Userenv)
nltest seemed to indicate that everything is fine: All of the names and addresses were correct.
I have two suspicions about the cause of these errors:
1. The DC was renamed; I followed the MS KB article, but I don't trust coincidences...
2. I added USB 2.0 PCI controller that is NOT on the WHC list (couldn't find or afford the WHC ones). The card is working correctly, but it did blue screen on my first attempt to install drivers.
It may be time to re-sys the machine... (I don't really have the time right now though).
Thanks