Domain Controller Issues at boot up however network is operating correct after boot

I have two domain controller svr-01 and svr-03 and I am having various error occuring on reboot of svr-01. Once the machine are running there does not seem to be any problems. Below are some of the errors:

Event Type: Error
Event Source: DfsSvc
Event Category: None
Event ID: 14523
Date:  13/04/2006
Time:  7:33:48 a.m.
User:  N/A
Computer: SVR-01
Description:
DFS could not contact any DC for Domain DFS operations. This operation will be retried periodically.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------------------------------------------------------------------------------------------------------------------------
Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4321
Date:  13/04/2006
Time:  7:33:52 a.m.
User:  N/A
Computer: SVR-01
Description:
The name "KEYLOGIX       :1d" could not be registered on the Interface with IP address 10.1.1.1. The machine with the IP address 10.1.1.3 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00   ......V.
0008: 00 00 00 00 e1 10 00 c0   ....á..À
0010: 01 01 00 00 01 00 00 c0   .......À
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........
--------------------------------------------------------------------------------------------------------------------------------------------
Event Type: Error
Event Source: CertSvc
Event Category: None
Event ID: 44
Date:  13/04/2006
Time:  7:34:18 a.m.
User:  N/A
Computer: SVR-01
Description:
The "Windows default" Policy Module "Initialize" method returned an error. The specified domain either does not exist or could not be contacted. The returned status code is 0x8007054b (1355).  The Active Directory containing the Certification Authority could not be contacted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------------------------------------------------------------------------------------------------------------------------
Event Type: Warning
Event Source: NTDS Replication
Event Category: DS RPC Client
Event ID: 2088
Date:  13/04/2006
Time:  7:34:54 a.m.
User:  NT AUTHORITY\ANONYMOUS LOGON
Computer: SVR-01
Description:
Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.

Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources.

You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.

Alternate server name:
 svr-03
Failing DNS host name:
 8a6a6d58-8dfc-4940-90ba-51f8f2cb2467._msdcs.keylogix.local

NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:

Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client

User Action:

 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.

 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".

 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns

  dcdiag /test:dns

 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:

  dcdiag /test:dns

 5) For further analysis of DNS error failures see KB 824449:   http://support.microsoft.com/?kbid=824449

Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------------------------------------------------------------------------------------------------------------------------Event
Type: Error
Event Source: DhcpServer
Event Category: None
Event ID: 1059
Date:  13/04/2006
Time:  7:35:00 a.m.
User:  N/A
Computer: SVR-01
Description:
The DHCP service failed to see a directory server for authorization.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 3a 20 00 00               : ..

I have tried a number of microsft suggestions etc and nothing seem to match the exact problem. I have run dcdiag /test:dns /dnsall

My svr-01 came back with no errors. This is the machine that the errors are
appearing in the event log
My svr-03 has no errors in its log however came back with
------------------------------------------------------------------------------------------------------------------
Domain Controller Diagnosis

Performing initial setup:
   [svr-03] Directory Binding Error -2146892976:
   Win32 Error -2146892976
   This may limit some of the tests that can be performed.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SVR-03
      Starting test: Connectivity
         [SVR-03] DsBindWithSpnEx() failed with error -2146892976,
         Win32 Error -2146892976.
         ......................... SVR-03 failed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SVR-03

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : keylogix

   Running enterprise tests on : keylogix.local
      Starting test: DNS
         Test results for domain controllers:

            DC: svr-03.keylogix.local
            Domain: keylogix.local


               TEST: Basic (Basc)
                  Error: No DS RPC connectivity

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg
Ext
               ________________________________________________________________
            Domain: keylogix.local
               svr-03                       PASS FAIL PASS PASS PASS PASS
PASS

         ......................... keylogix.local failed test DNS


Could anyone please assist


GlennCameronAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netman66Commented:
It looks like network problems are preventing some communication.

Are these servers on the same LAN?

If so, then point server 01 at server 03 for DNS only - in the interim until we troubleshoot.  It appears DNS isn't initializing fast enough for the other services during boot.

It also appears that you are using WINS and there is already a machine registered with the same name as the server - so it's being denied registration.

If this server has 2 NICs then make sure the LAN-side NIC is at the top of the binding order.  If you correct this reboot the server before troubleshooting further.

Advise.
0
GlennCameronAuthor Commented:
Hi Netman

The servers are on the same lan and both only have a single NIC. Change the DNS to point at svr-03 and got a pretty cleanup boot. Only errors :

Event Type:      Error
Event Source:      DhcpServer
Event Category:      None
Event ID:      1001
Date:            14/04/2006
Time:            1:23:49 p.m.
User:            N/A
Computer:      SVR-01
Description:
The DHCP service failed to register with Service Controller.  The following error occurred:
The operation completed successfully. .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

---------------------

Event Type:      Error
Event Source:      W3SVC
Event Category:      None
Event ID:      1007
Date:            14/04/2006
Time:            1:24:05 p.m.
User:            N/A
Computer:      SVR-01
Description:
Cannot register the URL prefix 'http://*:80/' for site '1'. The necessary network binding may already be in use. The site has been deactivated.  The data field contains the error number.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: b7 00 07 80               ·..&#128;    

-----------

Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7000
Date:            14/04/2006
Time:            1:25:41 p.m.
User:            N/A
Computer:      SVR-01
Description:
The Network Load Balancing service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Re the WINS issue, I am pretty sure the I dont have any other machines of the same name the closest name is tst-svr-01.

G
0
Netman66Commented:
Ok, good so far.

Open up WINS and delete all records for the servername and the IP address the server holds.
If you are not using Network Load Balancing, uninstall it.
The DHCP error is kind of hilarious - it's not an error at all.
I'm not sure what the WWW Service is complaining about - I've never seen that error before.  It appears some other application may be using or trying to use port 80.  You may have a case of malware if you don't have anything you're aware of.

As for the local DNS instance - if pointing it to the other server cured as much as it looks like, then uninstall DNS from this server and reboot.  Re-install it and restart the Netlogon Service.  DO NOT create any zones - replication will populate this new installation if the primary DNS has AD Integrated Zones.  If it doesn't, then make them AD Integrated before you re-install DNS on this server.

Let me know.


0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

GlennCameronAuthor Commented:
DNS uninstalled, reboot and reinstalled. It has replicated from svr-03 so that is all good.

Guess next step is to change the dns back and reboot?
0
GlennCameronAuthor Commented:
After change the DNS server back to 10.1.1.1 only i get

Event Type:      Error
Event Source:      CertSvc
Event Category:      None
Event ID:      91
Date:            14/04/2006
Time:            2:43:54 p.m.
User:            N/A
Computer:      SVR-01
Description:
Could not connect to the Active Directory.  Certificate Services will retry when processing requires Active Directory access.  

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Warning
Event Source:      CertSvc
Event Category:      None
Event ID:      94
Date:            14/04/2006
Time:            2:44:00 p.m.
User:            N/A
Computer:      SVR-01
Description:
Certificate Services Keylogix Root Authority can not open the certificate store at CN=NTAuthCertificates,CN=Public Key Services,CN=Services in the Active Directory's configuration container.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Error
Event Source:      CertSvc
Event Category:      None
Event ID:      44
Date:            14/04/2006
Time:            2:44:01 p.m.
User:            N/A
Computer:      SVR-01
Description:
The "Windows default" Policy Module "Initialize" method returned an error. The specified domain either does not exist or could not be contacted. The returned status code is 0x8007054b (1355).  The Active Directory containing the Certification Authority could not be contacted.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      DS RPC Client
Event ID:      2088
Date:            14/04/2006
Time:            2:44:40 p.m.
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      SVR-01
Description:
Active Directory could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
 
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory forest, including logon authentication or access to network resources.
 
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
 
Alternate server name:
 svr-03
Failing DNS host name:
 8a6a6d58-8dfc-4940-90ba-51f8f2cb2467._msdcs.keylogix.local
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns 
 
  dcdiag /test:dns
 
 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11004 The requested name is valid, but no data of the requested type was found.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Any ideas
0
Netman66Commented:
Can you ping this?

8a6a6d58-8dfc-4940-90ba-51f8f2cb2467._msdcs.keylogix.local

You also want to try this (ENTER after each line):

nslookup
set q=srv
8a6a6d58-8dfc-4940-90ba-51f8f2cb2467._msdcs.keylogix.local

It sounds as if srv03 is holding some (if not all) of the FSMO roles and they are not properly registered in DNS.

From srv03, check the following:

1)  NIC settings for DNS should only point to itself and srv01.
2)  Box checked to register in DNS.
3)  DNS suffix for this connection should be empty.  The suffix should be checked in properties of My Computer.
4)  All Zones set to AD Integrated, and allow Dynamic updates.  (I think you checked this, but just confirm).
5)  Zones on both DNS servers should be consistent.

If everything looks good can you expand all the nodes in _msdcs and take a screen shot and send it to me?  Email is my alias at gmail.

0
GlennCameronAuthor Commented:
The ping resolves to svr-03 on both servers. The nslookup step has the following results on both servers:

nslookup
*** Can't find server name for address 10.1.1.3: Non-existent domain
Default Server: Unknown
Address: 10.1.1.3

> Set q=srv
> 8a6a6d58-8dfc-4940-90ba-51f8f2cb2467._msdcs.keylogix.local
> Server: Unknown
> Address: 10.1.1.3

8a6a6d58-8dfc-4940-90ba-51f8f2cb2467._msdcs.keylogix.local      canonical name = svr-03.keylogix.local

All the Nic settings on svr-03 is as you suggested. The forward Lookup zones in DNS and both set yo Active Directory-Intergrated Primary. Zones look the same between the servers.

Just sending a screenshot now
0
Netman66Commented:
Create a Reverse Lookup Zone for your subnet.  That much is missing.

The rest looks good.  I can't tell what's in the containers in _msdcs, but they're all present.

What's the serial number on server 3?  To find out, double-click the entry in _msdcs for the SOA.
Srv-01 has a serial of 467 - which is unusually high.  Mines been running for 3 years and is only at 11.


0
GlennCameronAuthor Commented:
Its 467 for both.

Just no make sure i does stuff anything else up, when i create the reverse lookup i select zonetype of primary zone, to all dns server in ad domain keylogix.local, network id (10.1.1)??, all only secure updates?

Thanks
0
GlennCameronAuthor Commented:
I have static ip for my servers of 10.1.1.x and dhcp clients of 10.1.4.x
0
Netman66Commented:
Yes, that would be correct.

What subnet mask are you using?  10.1.1.x and 10.1.4.x could conceivably be on different networks depending on your mask.
0
GlennCameronAuthor Commented:
subnet is 255.255.0.0 for both static and dhcp computers. in DHCP it says
Scope [10.1.0.0] Keylogix

so would my reverse lookup be 10.1.1 or 10.1.0?

Thanks
0
Netman66Commented:
10.1.0.x as entered in the interface, but it's actually in-addr.arpa.0.1.10.





0
GlennCameronAuthor Commented:
Added the lookup zone. Latest reboot gives

Event Type:      Error
Event Source:      DfsSvc
Event Category:      None
Event ID:      14523
Date:            18/04/2006
Time:            6:39:02 a.m.
User:            N/A
Computer:      SVR-01
Description:
DFS could not contact any DC for Domain DFS operations. This operation will be retried periodically.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Error
Event Source:      CertSvc
Event Category:      None
Event ID:      44
Date:            18/04/2006
Time:            6:39:31 a.m.
User:            N/A
Computer:      SVR-01
Description:
The "Windows default" Policy Module "Initialize" method returned an error. The specified domain either does not exist or could not be contacted. The returned status code is 0x8007054b (1355).  The Active Directory containing the Certification Authority could not be contacted.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type:      Error
Event Source:      DhcpServer
Event Category:      None
Event ID:      1059
Date:            18/04/2006
Time:            6:40:16 a.m.
User:            N/A
Computer:      SVR-01
Description:
The DHCP service failed to see a directory server for authorization.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 3a 20 00 00               : ..    

0
GlennCameronAuthor Commented:
Started getting

Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            18/04/2006
Time:            6:50:18 a.m.
User:            NT AUTHORITY\SYSTEM
Computer:      SVR-01
Description:
Windows cannot access the file gpt.ini for GPO cn={D563778B-B7B3-4662-A070-1DDC19CD860C},cn=policies,cn=system,DC=keylogix,DC=local. The file must be present at the location <\\keylogix.local\SysVol\keylogix.local\Policies\{D563778B-B7B3-4662-A070-1DDC19CD860C}\gpt.ini>. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Netman66Commented:
Are you running DFS?
Are you running a Certificate server?

Can you access the path above from Srv-01?

0
GlennCameronAuthor Commented:
I can access \\keylogix.local\SysVol\keylogix.local\Policies\{D563778B-B7B3-4662-A070-1DDC19CD860C}\gpt.ini from SVR-01 no problem
We are running DFS and certificate server. Certificate server is SVR-01. DFS is working from svr-01 and client machines.
SVR-01 is still only pointing at svr-01 as it dns server is it worth put it back to svr-03?


0
Netman66Commented:
Give it a shot.  I think what's happening is that the DNS service on SRV-01 takes too long to start during the reboot so those other services cannot locate the AD.  Pointing that server to SRV-03 as a primary and itself as a secondary might solve the startup issues.

Also, point SRV-03 to 01 as primary and itself as a secondary - this way everything is covered.

Let me know.
0
GlennCameronAuthor Commented:
Latest errors after the dns changes:

Event Type:      Error
Event Source:      KDC
Event Category:      None
Event ID:      7
Date:            19/04/2006
Time:            5:14:49 a.m.
User:            N/A
Computer:      SVR-01
Description:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was Admin@KEYLOGIX.LOCAL and lookup type 0x28.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 00 c0               ...À    

Event Type:      Error
Event Source:      KDC
Event Category:      None
Event ID:      7
Date:            19/04/2006
Time:            5:14:49 a.m.
User:            N/A
Computer:      SVR-01
Description:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was Admin and lookup type 0x8.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 00 c0               ...À    

Event Type:      Error
Event Source:      DhcpServer
Event Category:      None
Event ID:      1001
Date:            19/04/2006
Time:            5:18:48 a.m.
User:            N/A
Computer:      SVR-01
Description:
The DHCP service failed to register with Service Controller.  The following error occurred:
The operation completed successfully. .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

0
GlennCameronAuthor Commented:
Decide to reboot again and only got

Event Type:      Error
Event Source:      DhcpServer
Event Category:      None
Event ID:      1001
Date:            19/04/2006
Time:            6:21:21 a.m.
User:            N/A
Computer:      SVR-01
Description:
The DHCP service failed to register with Service Controller.  The following error occurred:
The operation completed successfully. .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    
0
GlennCameronAuthor Commented:
And a third reboot gave me:

Event Type:      Error
Event Source:      KDC
Event Category:      None
Event ID:      7
Date:            19/04/2006
Time:            6:30:34 a.m.
User:            N/A
Computer:      SVR-01
Description:
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was krbtgt and lookup type 0x8.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 00 c0               ...À    

Event Type:      Error
Event Source:      DhcpServer
Event Category:      None
Event ID:      1001
Date:            19/04/2006
Time:            6:34:59 a.m.
User:            N/A
Computer:      SVR-01
Description:
The DHCP service failed to register with Service Controller.  The following error occurred:
The operation completed successfully. .

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....    

0
Netman66Commented:
Wow...this is a timing issue - I'm almost certain.  Since multiple reboots yield different results it makes sense that something in the timing of the services are causing some problems.

Was this server an upgrade from Windows 2000?

0
GlennCameronAuthor Commented:
Nope, they entire server environment where fresh installs in Jan 2005. I installed a few windows updates this morning, I think I will leave it running for today and reboot it a few times tonight and see what happens. Its a live server so its a bit hard to reboot during the day.
0
Netman66Commented:
I understand.

The DHCP error is not an error at all - so you can ignore that.

The KDC error is normally fixed by the installation of KB812499, but that's for 2000 and thus why I asked if this was an upgrade.  If that key is available, you may want to test the value out.

If domain functionality is good, then monitor it for awhile to see what else may show itself during normal use.  Perhaps, save the logs (if you need them) and clear them out so you can watch things better.  Do this after the reboot and things settle down.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.