Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 800
  • Last Modified:

Windows Server 2003 - Domain Controller Diagnosis problems!

I am a programmer turned network guy, so I am a bit of a novice at Windows 2003 server administration, but I'm learning.

Previously, we had a Windows 2000 server (afodell) as our domain controller. Since, I bought a new server (you know, faster, better) installed Windows 2000 server on it, ran dcpromo and replicated AD. Then, I upgraded the new server (afo-pdc) to Windows 2003 server. Once I had afo-pdc stable I demoted afodell from a DC and removed it from the domain.

I ran DCDiag. Here is the log:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Connectivity
         ......................... AFO-PDC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Replications
         ......................... AFO-PDC passed test Replications
      Starting test: NCSecDesc
         ......................... AFO-PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... AFO-PDC passed test NetLogons
      Starting test: Advertising
         ......................... AFO-PDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... AFO-PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... AFO-PDC passed test RidManager
      Starting test: MachineAccount
         ......................... AFO-PDC passed test MachineAccount
      Starting test: Services
         ......................... AFO-PDC passed test Services
      Starting test: ObjectsReplicated
         ......................... AFO-PDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... AFO-PDC passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... AFO-PDC failed test frsevent
      Starting test: kccevent
         ......................... AFO-PDC passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   13:27:56
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   13:27:56
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   13:27:57
            (Event String could not be retrieved)
         ......................... AFO-PDC failed test systemlog
      Starting test: VerifyReferences
         ......................... AFO-PDC passed test VerifyReferences
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : afo
      Starting test: CrossRefValidation
         ......................... afo passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... afo passed test CheckSDRefDom
   
   Running enterprise tests on : afo.com
      Starting test: Intersite
         ......................... afo.com passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         ......................... afo.com failed test FsmoCheck


Could someone explain why afo.com is failing the three above tests? The one that concerns me the most is it not finding the GC.

BTW.. This is step 3 for Exchange Server 2003 installation I am doing on a member server.

I have already ran netdom /query all 5 roles came back: afo-pdc.afo.com which is the current and only PDC.

Thanks!
0
afoedit
Asked:
afoedit
  • 12
  • 8
  • 6
  • +1
1 Solution
 
Debsyl99Commented:
Hi,
Did you set as a GC? May sound daft but you didn't say.....

Deb :))
0
 
afoeditAuthor Commented:
Hmm.. This is gonna sound dumb, but, how do I check to see if I have a GC set?

Or, how do I set it?
0
 
Debsyl99Commented:
No - not dumb!! - AD sites and services - expand your site to the server object - you'll see ntds settings object. Right click it - select properties. Put a check in the global catalog box.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Debsyl99Commented:
afoedit,
Here you go - applies to 2003 also
How to create or move a Global Catalog in Windows 2000
http://support.microsoft.com/?kbid=313994
0
 
afoeditAuthor Commented:
Ok.. I am getting this now..



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Connectivity
         ......................... AFO-PDC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Replications
         ......................... AFO-PDC passed test Replications
      Starting test: NCSecDesc
         ......................... AFO-PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... AFO-PDC passed test NetLogons
      Starting test: Advertising
         ......................... AFO-PDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... AFO-PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... AFO-PDC passed test RidManager
      Starting test: MachineAccount
         ......................... AFO-PDC passed test MachineAccount
      Starting test: Services
         ......................... AFO-PDC passed test Services
      Starting test: ObjectsReplicated
         ......................... AFO-PDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... AFO-PDC passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... AFO-PDC failed test frsevent
      Starting test: kccevent
         An Information Event occured.  EventID: 0x40000456
            Time Generated: 05/26/2006   14:51:44
            (Event String could not be retrieved)
         ......................... AFO-PDC failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   14:49:39
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   14:49:40
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   14:49:40
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   14:56:05
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   14:56:05
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/26/2006   14:56:06
            (Event String could not be retrieved)
         ......................... AFO-PDC failed test systemlog
      Starting test: VerifyReferences
         ......................... AFO-PDC passed test VerifyReferences
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : afo
      Starting test: CrossRefValidation
         ......................... afo passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... afo passed test CheckSDRefDom
   
   Running enterprise tests on : afo.com
      Starting test: Intersite
         ......................... afo.com passed test Intersite
      Starting test: FsmoCheck
         ......................... afo.com passed test FsmoCheck


I guess I have 3 errors remaining. Is these a big deal, also? Or, is it alright to move forward to Step 4 in Installing Exchange server?

0
 
Debsyl99Commented:
Ok - try this - clear all your event logs in event viewer (right click on the log - clear events )- save them if you like. Then reboot your server and run it again. I think it's just complaining that there are errors in your logs as there will be from before you made it a gc.
0
 
GinEricCommented:
"SYSVOL has been shared.  Failing SYSVOL replication problems may cause" is the cause.  Most likely, you put SYSVOL in the default location which does not match your current location for SYSVOL.

Which is pretty much why we always pick where the installed SYSVOL and other choseable stuff goes, rather than just accepting the default because once we've defined where it all goes Windows will go along with it and check for it there first, before setting up the PDC, AD, and other stuff, including replication.

Microsoft seems to have nothing on "An Error Event occured.  EventID: 0x00000457" nor "0x00000457"  Perhaps the debugger could better locate what's going wrong.

There are thousands such errors when googling, and nothing about it at Microsoft.

But I sent them a message, and, I think it's in the problem with default locating SYSVOL on existing Windows Server systems.
0
 
GinEricCommented:
P.S.: as a programmer, you might want to see this:

http://msdn2.microsoft.com/zh-tw/library/microsoft.sqlserver.replication.mergepublication.aspx

which explains that merge is having problems with replication, in the RMO Class Library.

You might know more than you think, programmer!
0
 
Debsyl99Commented:
GinEric - Am surprised at your post and am worried that it will cause confusion - please can you explain your reasoning on the following?

"SYSVOL has been shared.  Failing SYSVOL replication problems may cause" is the cause.  
Most likely, you put SYSVOL in the default location which does not match your current location for SYSVOL."

In the mean-time afoedit follow my suggestion first. There are going to be errors in the event logs - there was a lone dc and no global cat server on the domain. The errors referenced were logged in your event logs between 14.48pm and 14.57 pm. All the following test do ie
frsevent
systemlog
kccevent
Is check what's in your event logs. Everything else has passed which is good news. If we clear them and reboot - we'll know from the logs if there's anything else going on or if it's clean. If the event logs are clean - dcdiag will pass the tests I just listed.
Deb :)


0
 
GinEricCommented:
If the system says SYSVOL is the problem, is the system lying?

First, SYSVOL is shared:  So what can go wrong when it is a share being replicated by the old system?  Is it possible that the new server does not have sufficient priviliegs to override the settings laid by the old server?  And where is this network share when afodell goes away?

Here is where we have a problem.  The path to the sysvol referenced above is not the path to SYSVOL, or at least it is confusing as to which case they are speaking of.  The actual path to SYSVOL and to sysvol on a running production server, with tree:

<Database drive>:\XPS\SYSVOL\
--------------------------------------\+ domain
--------------------------------------\+ staging
--------------------------------------\+ staging areas
--------------------------------------\+ sysvol

The last is shared, sysvol.  The first is not shared!  So, it would seem if Windows can now distinguish case [capital letters vs small case letters], then SYSVOL being shared is wrong.

In know, instinctively, that if I now bring the next PDC online [because I have more than one domain], then under sysvol, if I replicate across domains, then everybody had better know where both SYSVOL and sysvol are.  And the first, as the error message says, should not be shared [not replicated per se as the single definitive for all Windows Servers].  Why?  Because below SYSVOL there will now be not just a single domain, but many domains [forests?].  So, during install, I purposefully placed SYSVOL where I can find it and then Windows should be able to find it and work on it properly.

From your link Debsyl:

"In a Windows 2000 domain with only one domain controller, you typically assign the roles of the global catalog and of the operations master (also known as flexible single-master operations or FSMO) to the same domain controller; however, in domains with multiple domain controllers, particularly in forests with multiple domains, it is important to consider the placement of these roles before you assign them. For more information, click the following article number to view the article in the Microsoft Knowledge Base: "

Reiteration and emphasis: "it is important to consider the placement of these roles before you assign them"

Which is what I said, put them where everyone can find them first, the default location during install of Windows Server may not have be the same place from Windows 2000 to Windows 2003.  If, during install, you are given the option to place SYSVOL where you want [which you are given, I know from experience with installing Windows Server 2003], then the opportunity is presented to put SYSVOL in a place where you and the software will always find it.

Same for the NTDS.  I have them in a place dedicated to Databases only.  This also keeps them off of production Operating System drives and partitions, and off of User & Applications drives and partitions.  Should either a user or application crash something, or should a Windows Operating System component crash the server, then SYSVOL remains intact.

"Event string could not be retrieved" either it couldn't be found or it was corrupt.  Couldn't be found would be "we don't have the same path" and corrupt would be "somehow this got written wrong and now I can't read it."

Noting the case problems in previous versions of Windows, SYSVOL and sysvol are confusing.  This could, if carried further, lead to an endless tree, among other problems, from a programmer's perspective.  Suppose now that SYSVOL is shared and Windows 2000 can't tell SYSVOL from sysvol; where does it replicate?  It is possible that it replicates to the outer trunk, or outer forest if you prefer, and not to the proper branch at sysvol.

Hence, later lookups can't find the information, the string.  If \\domainname\SYSVOL is the replacement for \\domainname\sysvol, or Windows 2000 doesn't have case sensitivity, it is possible for it to access the wrong one when using the NetBIOS schema for shares.

Does that make sense?
0
 
Debsyl99Commented:
Well GinEric I think we're going to have to agree to disagree for now - I still think you're jumping the gun:
The SYSVOL\sysvol folder is always shared as SYSVOL unless you change it - DCDIAG refers to SYSVOL as the folder share name not the folder name - I don't think we can conclude anything from this yet without more info.
I've seen (Event String could not be retrieved) many times on here yet the eventid hex is being pulled. I've still not seen it as conclusive evidence on it's own that there's a problem with the sysvol path.
Microsoft won't have anything on EventID: 0x00000457 - DCDIAG reports event log errors as hex - if you convert the last four digits (three in this case) to decimal you can invariably find the corresponding error on eventid.net - for example the event logged above An Information Event occured.  EventID: 0x40000456 - if you convert 456 to decimal would lead to eventid 1110 - http://www.eventid.net/display.asp?eventid=1110 - I wouldn't be surprised to see this logged given that the dc's just been made a gc.
The frs log errors that are definitely there aren't reported by dcdiag. How can we know what they are yet or if they're still current? That there have been problems are undeniable but there could be many reasons for event errors and warnings showing up here - not just a problem with a sysvol share path - I'd definitely wait for more info from afoedit.
We can't yet conclude that this a multiple domain forest - can we? We've not been told and we haven't yet asked.

I don't think we can conclude the problem yet from the albeit limited info that we have - but if I'm wrong I'll happily admit it and I'll have learned something. I guess it's up to how afodedit wishes to proceed. I don't want to get into a sparring match on this.

When I'm dealing with issues at work I can ensure I have all the information I need to hand. When I'm helping on EE I like to work with the author to take it a step at a time and this is the approach I've adopted here.

I still advocate clearing the event log and rebooting. Then running dcdiag - getting the exact errors if any are still presenting in the logs at the same time as determining the domain setup and taking it from there. If sysvol path is an issue we'll soon enough know it along with any others. Over to you afoedit - it's your call,
Deb :))









0
 
GinEricCommented:
I agree, clear the event log, but after saving off a copy of it if possible.

If he gets the same errors on retry, then the eventlog should have a narrower list from which to identify the problem.

He could also get the debugger installed and running somewhere, I'm not sure where when adding and promoting dc's, but if something caught the errorlog, it should catch the debugged code, if proper debug mode is enabled; perhaps a bit much at this level.

"Convert 456 to decimal" well there's a silly oversight at the Microsoft site.  It's like reporting the error in hieroglyphics and leaving the search engine in Aramaic or Sanskrit, as I see it.

How hard would it be to have the search engine check in both hex and decimal?

In any case, http://www.eventid.net/display.asp?eventid=1111 shows little relation to the problem above, except that there are problems with other log files that are known to exist, such as the Microsoft Exchange Information Store, but in this case it appears that the eventlog itself was not able to be written with the error string which would have identified the cause of the error.

"The SYSVOL\sysvol folder is always shared as SYSVOL unless you change it" that is the most confusing misuse of case I have probably ever seen.  So, which is the real SYSVOL if Windows 2000 does not recognise case?

A perfect example of the pitfall of case insensivity.

Here's the best I can find on it:

http://support.microsoft.com/kb/839499/EN-US/

The solution should be there.
0
 
Netman66Commented:
If SYSVOL has been shared then the server is now a DC - which means there is no issue with SYSVOL.

The issue is with replication.

All errors above point to KCC not being able to figure out a replication topology.

Does this DC have 2 NICs?
Are all the DCs correctly registered in your DNS?
Do you have the ISP on any NIC inside your LAN?  You should NOT have it listed anywhere but on the Forwarder tab of your DNS server.

Let us know.
0
 
GinEricCommented:
"All errors above point to KCC not being able to figure out a replication topology."  Didn't I explain that the "path" might be the problem?  Can we agree that "path" and "replication topology" mean the same thing?  The case insensitivity of two shares may result in the same share name!

SYSVOL [<drive>:\SYSVOL]: shared as SYSVOL
sysvol [<drive>:\SYSVOL\<domainname>\sysvol]: shared as SYSVOL

means that if the outer directory "SYSVOL" and the subdirectory "sysvol" are shared with the same share name, "SYSVOL," the path to one or the other will not be found, not even by the replicator, and in such case SYSVOL and its share is the "problem."

"I guess I have 3 errors remaining. Is these a big deal, also? Or, is it alright to move forward to Step 4 in Installing Exchange server?"  You have to read http://support.microsoft.com/kb/839499/EN-US/ to understand why I suggested its reading.

Second problem: per http://support.microsoft.com/kb/839499/EN-US/ and 12 thereof:  "Note The Group Policy Update utility does not exist in Windows 2000 Server. In Windows 2000, the equivalent command is secedit /refreshpolicy machine_policy /enforce."

What else doesn't exist between Server 2000 and Server 2003?  Could this be a problem?  Everytime you give a newspeak name to a past function!  This happens all the time with Windows which obsoletes your education at that point and you have to relearn the language just to understand what you already know.  How many such dialects are there in Windows?  As many as there are releases.

A third faux pas, even on the tutorial and suggested fix to the problem page [http://support.microsoft.com/kb/839499/EN-US/]:

"9.      Open the domain controller’s Sysvol share. To do this, click Start, click Run, type \\Server_Name\Sysvol, and then press ENTER. If the Sysvol share does not open, repeat steps 1 through 8."

Obviously, case insensitivity is a real problem here.  SYSVOL does not equal sysvol nor Sysvol.

I have watched Windows not write and not read a file of type "ThisCase" because there exists a file of type "thiscase" ever since Windows 95 because Windows 95 through Windows 2000 think this is the same filename, which it is not, and worse, for Network File Systems, it may overwrite the wrong file in misinterpreting the filename owing to case, which, of course, breaks the system.

You can repeat the problem right now by opening a Notepad instance and typing anything to it and then save it first as "TestCase" then type something else in a Notepad file and try to save it as "testcase" which will overwrite "TestCase" because Windows still can't tell the difference between a capital letter and a small letter.

And that is simply ridiculous, the cause of confusion, and I don't think it's going to fly so well in the much touted Vista that is soon to come out.  I'm not confused at all.  What I say should not be confusing.  And if someone were to say that case is not an issue, I would reply "Maybe not, but it's certainly a real problem."
0
 
Netman66Commented:
Gin,

What on earth are you ranting about?

Windows could care less about case.  *nix is a different story, but \\servername\sysvol and \\servername\SYSVOL are identical to Windows.

When DCDIAG says SYSVOL is shared it is referring to the sysvol folder C:\Windows\SYSVOL\sysvol - and it is shared using capital letters.

This issue is either DNS or a lack of Sites and associated subnets within AD Sites and Services if there are more than one non-local site containing a DC.

0
 
Netman66Commented:
Was this DC renamed at some point?

If so, have a read:

http://support.microsoft.com/kb/316826/en-us

0
 
Debsyl99Commented:
Maybe we should wait for the author - he may have already run off in confused terror by now though.....
0
 
GinEricCommented:
Netman66,

If you don't understand what I'm saying, just say so, there's no need to start saying someone is ranting, implying by default that this is something bad, and you are therefore a better person because you are not "ranting."  You did not read and understand what I said about case.

SYSVOL [<drive>:\SYSVOL]: shared as SYSVOL
sysvol [<drive>:\SYSVOL\<domainname>\sysvol]: shared as SYSVOL

is two shares with the same name and this is an illegal condition.

Were I to set C:\Windows\SYSVOL as a share and C:\Windows\SYSVOL\<domainname>\sysvol as a share, they would both come out as \\Server_Name\Sysvol and the Operating System would not find one of them.

I also posted the Microsoft solution for the Exchange Server and Windows 2000 and Windows 2003.

Why are you still confused about this and on what basis have you called this a rant?

By the way, in proper English, the saying is "Windows could 'not' care less about case" because if you think about it, if you take the time to read the saying and think about it, Windows already "cares less" about case.  "Could not care less" is an infinitive, meaning, there is nothing beyond that point, hence, no one can go there, it is not possible to care less when you say "could not care less."  When the 'not' is removed from the saying, it makes little sense.

He may have run off in terror, or, he may have an IQ sufficient to understand and appreciate an higher level of intelligent discussion, being a programmer and obviously being a very smart person.  In which case, neither I nor afoedit are confused at all.  And while others may be somewhat confused by the discussion, whose fault is that, really?  Using epithets, such as "ranting," and disassociating the discussion by throwing in current buzzwords, such as "terror," are the real confusion, since they are entirely tangential to the discussion, that is, they are a bait to throw the discussion off track.  As such, they are uselss to the questioner and the participants.  You should avoid such usages.

Is that clear enough for you two, Debsyl99 and Netman66 to understand?
0
 
Netman66Commented:
I challenge you to share something on the server with the same sharename.

If a share with name SYSVOL existed before DCPROMO, you would get an error and be forced to either change it or the promotion process will take over the SYSVOL share as it is reserved for domain controller operations.

I stated you were ranting because you're debating something that would be an impossibility - so ranting would be appropriate.  You've spent an enormous amount of effort and words explaining something that would never exist and does not assist in the context of the problems posted in this question - so what would you call it?

I suppose Deb and I should simply leave you with this question until it's resolved.  You'd be wise not to abandon the poster after your assertions.

0
 
Debsyl99Commented:
I agree with Netman66 - my post was a vent of frustration and probably unhelpful as such - but I was definitely not casting any doubts on Afoedit's intelligence. This is becoming increasingly unhelpful as a thread to assist with the resolution if the issues stated so far.
0
 
afoeditAuthor Commented:
Debsyl99, GinEric and Netman66,

Thank you all for you posts! I have really enjoyed all the comments and I apologize for the delay. I will be clearing the Event Viewer, saving the logs and rebooting afo-pdc (the new pdc server) after hours, tonight. I will run DCDiag, again and post the results.

Also, to answer some questions from previous posts:

- Actively, I only have one DC online and that is afo-pdc
- Only 1 domain (afo.com)

Basically, we had an old DC called afodell that ran Windows 2000 server. At the time, I felt the easiest way to upgrade to 2003 was to add the new server (afo-pdc, running Windows 2000 server) to the domain as a DC. Then, after AD was replicated to afo-pdc, remove afodell from the domain and upgrade afo-pdc to Windows 2003 server. Since, I have never brought afodell back online.
0
 
Netman66Commented:
I guess that might do it - it can't replicate with itself.  If you didn't demote the old server and/or transfer all the FSMO roles over then this needs to be addressed.

1)  Do a metadata cleanup and remove "afodell" from the Directory:  http://support.microsoft.com/kb/216498/en-us
2)  Seize any roles that do not exist on this server (follow the Seize Roles section):  http://support.microsoft.com/kb/255504/en-us  
2)  Remove all traces of "afodell" from DNS.
3)  Remove all traces of "afodell" from Ad Sites and Services (if present).

Clear logs and wait to see if anything returns.

0
 
afoeditAuthor Commented:
After clearing out the logs and the rebooting afo-pdc, I ran DCDiag. Here is what was logged:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Connectivity
         ......................... AFO-PDC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Replications
         ......................... AFO-PDC passed test Replications
      Starting test: NCSecDesc
         ......................... AFO-PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... AFO-PDC passed test NetLogons
      Starting test: Advertising
         ......................... AFO-PDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... AFO-PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... AFO-PDC passed test RidManager
      Starting test: MachineAccount
         ......................... AFO-PDC passed test MachineAccount
      Starting test: Services
         ......................... AFO-PDC passed test Services
      Starting test: ObjectsReplicated
         ......................... AFO-PDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... AFO-PDC passed test frssysvol
      Starting test: frsevent
         ......................... AFO-PDC passed test frsevent
      Starting test: kccevent
         ......................... AFO-PDC passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/30/2006   17:09:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/30/2006   17:09:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/30/2006   17:09:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/30/2006   17:09:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/30/2006   17:09:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 05/30/2006   17:09:54
            (Event String could not be retrieved)
         ......................... AFO-PDC failed test systemlog
      Starting test: VerifyReferences
         ......................... AFO-PDC passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : afo
      Starting test: CrossRefValidation
         ......................... afo passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... afo passed test CheckSDRefDom
   
   Running enterprise tests on : afo.com
      Starting test: Intersite
         ......................... afo.com passed test Intersite
      Starting test: FsmoCheck
         ......................... afo.com passed test FsmoCheck


I received multiple systemlogs errors. So, I decided to wait until this morning and ran DCDiag, again. This is what was logged:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Connectivity
         ......................... AFO-PDC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\AFO-PDC
      Starting test: Replications
         ......................... AFO-PDC passed test Replications
      Starting test: NCSecDesc
         ......................... AFO-PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... AFO-PDC passed test NetLogons
      Starting test: Advertising
         ......................... AFO-PDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... AFO-PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... AFO-PDC passed test RidManager
      Starting test: MachineAccount
         ......................... AFO-PDC passed test MachineAccount
      Starting test: Services
         ......................... AFO-PDC passed test Services
      Starting test: ObjectsReplicated
         ......................... AFO-PDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... AFO-PDC passed test frssysvol
      Starting test: frsevent
         ......................... AFO-PDC passed test frsevent
      Starting test: kccevent
         ......................... AFO-PDC passed test kccevent
      Starting test: systemlog
         ......................... AFO-PDC passed test systemlog
      Starting test: VerifyReferences
         ......................... AFO-PDC passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : afo
      Starting test: CrossRefValidation
         ......................... afo passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... afo passed test CheckSDRefDom
   
   Running enterprise tests on : afo.com
      Starting test: Intersite
         ......................... afo.com passed test Intersite
      Starting test: FsmoCheck
         ......................... afo.com passed test FsmoCheck

No errors this time. Obviously, I will be testing this again and again. But, does everyone feel this problem has now been corrected?

0
 
Debsyl99Commented:
Hi
It definitely appears happier in relation to the file replication service but I'd keep an eye on it for a bit. However the system logs may need further investigation - what are the errors exactly? Could you post event id's and the text as it appears from the system log?
Deb:)
0
 
afoeditAuthor Commented:
Hi Deb,

I am getting an error and a warning. But it is from yesterday. And it relates to my personal PC on the network. For some reason, my printer connections were erroring out on the print server. But, I just tested all of them and I have not seen any errors in the systemlog since last night right after I rebooted the PDC.

I think it might be fixed! Thank you Deb!

- afoedit
0
 
Debsyl99Commented:
You're welcome :)
0
 
GinEricCommented:
Debsyl got the answer and that's fine.  But you two really need to refrain from picking on other posters; it's not how you win, it really is how you play the game, and the namecalling on this site is already out of control.

Take it with a grain of salt.
0
 
Netman66Commented:
Who's picking on you?  And what names were being called?  I see nothing of the sort in this thread.  And who is trying to "win"?  We're here to help, not for the glory.

If you're here as an Expert giving out expert assistance, then make sure you are correct with the information you are offering.  You fought hard about your belief - which is fine providing you are technically correct - but when you're not then you shouldn't be quick to criticize those offering corrections.  A true professional will admit to being wrong rather than fight about something that can be proven incorrect.

You won't find Deb or myself calling anyone down, but we also won't back down about information that we know is wrong - it's all about providing proper assistance.

If you felt picked on then I apologize.  We only challenged you to something we knew to be incorrect.


0
 
Debsyl99Commented:
GinEric - No-one picked on you - you were challenged for insisting a problem existed that couldn't possibly exist given the information that was given. You were further challenged for refusing to accept that on this occasion, you could be  mistaken. Both myself and Netman66, not to mention most other experts on here, would expect to be challenged if we were wrong and would accept what two other experienced experts in the topic area were saying (Netman66 is a genius in this area!). At the very least we'd research the issue further.  When someone is asking for help they deserve not to be given the wrong info. When we do get it wrong then we should admit it.

I didn't challenge Netman66 because he made an entirely valid suggestion - and that's what EE's about. I made a frustrated comment because you seized on Netman's contribution to continue your own line of reasoning even though I'd (very) tactfully disproved it.

Fortunately I get the impression that Afoedit has read all this and has had a good smile about it.
Not everyone reacts that way.

Now as I think you said yourself earlier - Is that clear enough for you GinEric? (:-))

If it's not then please re-read this entire thread because I'm going now.

Cheers everyone,
May all your SYVOLS be shared ;-)
Best wishes to all of you,
Deb :))
0
 
Debsyl99Commented:
Damn - I meant SYSVOL's - do you think Windows is as sensitive to spelling as much as it is to case?
(sorry - couldn't resist - I am an evil bully :-))
0
 
GinEricCommented:
First, Debsyl99, re-read again what I posted; I never said he had such a problem, I said it was possible, and it is, since I've seen it happen.  I did not seize on anyone's copntribution.  After speaking with programmers in Redmund, there remained a concensus that this was a possible root cause, regardless of the method of fixing any such problem because often reapplying something, executing a series of fixes that removes and reinstalls something, or simply deleting some things and then re-applying them will fix the problem by taking the cause with it, as in many access permissions, pagefile system motions,  the New Technology Directory Services which control the installation of the Primary Domain Controller as well as other roles.  There was a further consideration and concensus that it had to do with permisssions of the old domain not ported to the new domain by any break in the promotion process.  It was lastly agreed that it would be nice if "we could comply with proper case" at Microsoft.

Further, choosing up sides, naming one among you as a genius, telling me I'm wrong when I don't believe you actually know what I'm talking about, is not fair play at all; it all lends itself toward a stance that there now exists a hen pecking order here proscribed by committee and you happen to be on the committee with others against any newcomers that may participate in the Windows Server 2003 forum, a relatively new forum.

You cannot find anything in what I said to be incorrect, yet you labelled it as such with a waive of the sceptre.  What alarms me is this two on one thing that is not in the best interests of participation here because this seems to be spreading rapidly among people who earn points enough here to be given a little race flag emblazoning their persona with "Expert" and even some moderators.

Here is the development of the discussion:

afoedit asks the question: http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html

Debsyl99's first reply:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16771243

afoedit's first response to that:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16771343

Debsyl99's second response and the accepted answer:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16771372

But before acceptance, the discussion continued with a second contiguous response from Debsyl99 further suggesting a reading on how to create or move a global catalog: http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16771413

Was the accepted answer the solution?  It would appear not because the discussion continued with a report of the error still being present by afoedit:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16771559

Followed by another response from Debsyl99 which offered further evaluation as the problem was not solved yet:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16771634

It was at this point that I made two comments, based on the fact that afoedit had not yet solved the problem:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16772802

And this is the first place where replication problems was mentioned, by me:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16772802

Debsyl99 replied to me:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16773054

suggesting that I was confusing the discussion by mentioning replication, the actual cause of the problem if you read the entire post again you will find that Netman66 says "I guess that might do it - it can't replicate with itself."  Many, many comments after I have suggested a replication problem:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16793672

But going back to Debsyl99's response to me, rather than to the questioner, http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16773054, whereafter I observed that the system was trying to tell us something about SYSVOL and its placement, which, by the way, includes its network share name composed of both the Server_Name and the sharename; now, if the Server_Name is now "afo-pdc" and the old Server_Name was "afodell" then the "path" is not the same, and, afo-pdc does not have permissions to access the share leftover from afo-pdc.

And that is a path problem because the path \\afodell\SYSVOL is not accessible as \\afo-pdc\SYSVOL simply because the path \\afodell\SYSVOL no longer exists with the proper credentials for the replicator to access it.

So far, so good, even if I stated the general case, wrong default location, the special case also applies when \\afo-pdc\SYSVOL is the wrong default location for accessing the new \\afodell\SYSVOL and again it is a path and permissions problem.  I explained how and why I change the default location for Windows materials, and Microsoft has agreed with its new approach of ASLR [Address Space Layout Randomization].  Just one of my concepts adopted by Microsoft.  In any case, it is the path and permissions that the new server is having a problem with.  Further evidenced by Netman66's first reference to replication here :
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16781120

Although I wasn't thinking of the Server_Name, rather I was thinking along the lines of why there existed a bad path, I would have eventually come to realise that the bad path was the Server_Name and not the case of the name, however, that does not invalidate the possiblity that that too could cause such a problem.  I admint that I was following a false fork in my own line of reasoning, that's all.  And there was nothing wrong with this troubleshooting technice because it is the basis of troubleshooting, eliminating each possibility to arrive at the remaining solution, as Sherlock Holmes would have put it, "When all other possibilites are eliminated, whatever remains, however unprobable, is the truth."

So that for merely thinking I have been already criticised by Debsyl99 and thereafter this criticism escalated by Netman66 with :
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16784216

And the concurrence of Debsyl99 and more escalation against my point of view, and me, with :
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16786257

Two against one.

Started by Debsyl99, joined by Netman66, against GinEric, publicly in front of the questioner; these were extremely subtle means of steering me into the trap of defending myself against unwarranted accusations and innuendo, nonetheless, they were the discussion toward anti-GinEric sentiment, suggesting he was "confusing," "ranting," and was causing the questioner to have moments of "terror" which it was suggested caused him to "run off in confused terror."

To put it quite bluntly, a very seductive weapon of feline choice, however, it will not stand.

I've been baited and switched again, and I am not going to let it stand, it's that simple.

I don't know quite what's going on behind the scenes at Experts Exchange, but I am not going to submit myself to such abuse without complaint.

In fact, I'm going to rectify for the benefit of all, including other experts and the average everyday questioner, who also did not deserve the side issue between the difference of opinion of the experts here.  Debsyl99, you just couldnt' let go of it, you just couldn't stop clawing at me, and I'm fully aware of the scratch marks you've flayed, but I'm not your bird or mouse to toy with as you please.  And I am not going to be the object of your humour either.  It was Netman66 who seized upon your denigration of my valid opinions that digressed into feeding frenzy on someone's character, but it was you that started it.  I don't really care if you admit it or not, nor do I care who takes your side, I said nothing wrong and was trying to help.  On the other hand, you and Netman66 turned to calling me names and generally trying to convince the questioner and others that I was not worthy of being listened to.  However, the path was the problem, even if it was in the method of replication, and who used the word "replication" first?  That is what you need to re-read and set into chronological order by forming a "time line."

01.)  GinEric suggests replication : http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16772811
02.)  Debsyl99 calls GinEric confused : http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16773054
03.)  Debsyl99  accuses GinEric "jumping the gun" : http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16773054
04.)  Netman66 supports replication errors : http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16781120

Even though Netman66 says there is no problem with SYSVOL, there clearly is, Microsoft confirms that with their original error report and all of the articles stated in hyperlinks in this post.  The new server could not access properly the old share, a network path problem because of path and permissions, and that includes the path \\afodell\SYSVOL\sysvol which is not present on the new server's network, or at least it shouldn't be if the old server afodell no longer exists.  But the Operating System is confused by the default location for SYSVOL which has the old credentials of afodell, thus, it cannot access it properly because the default location contains the share for afodell and not that for afo-pdc.  It's just a very tricky business of leftovers from the last Server_Name, that's all.

frsevent, kccevent, and systemlog were all referred to by me at http://support.microsoft.com/kb/839499/EN-US/%5D as well as the suggestion there to run the DcDiag.exe  I clearly suggested this reading : http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21865446.html#16783714

And it was Microsoft that was saying it, I was merely repeating what I found in various articles.  Yet I was said to be "confused" and "ranting."  If I was, then so was Microsoft.  I may have suspected something other than a mere bad demotion as a root cause from a programmer's point of view, but we engineers consider all possibilities, not just the ones we select.

Even if I were an idiot, and not a design engineer, the chronology shows that everyone was progressing along the lines of a replication problem, even if you still think I jumped the gun, because I was the first to suggest it, and, the "accepted answer" did not work, at least not at first, and not until the replication problem, which was, indeed, a path problem, was fixed.

And the root cause was replication of SYSVOL because the network path was not found, since \\afodell\SYSVOL\sysvol was not found on \\afo-pdc\

Regardless of the suggestion that there might be a case problem, I was still proceeding along the lines of a solution and giving all of the valid links pointing to that eventual solution authored by Microsoft, not by me.

Which, again, would reiterate that if I'm confused, it is at the hands of the Microsoft official documentation that I referred to and used in troubleshooting the questioner's problem.

And I've taken the time to address your accusations because I am simply unwilling to let denigration of me and my participation stand.  It is not right.  And, owing to my thorough research skills, I have the last word on this, as proven, explicitly, by all that I have taken such valuable time to author.

Again, I will not tolerate being abused on Experts Exchange and I fully intend to make this sort of event never happen again by policy changes at Experts Exchange, a Limited Legal Corporation which limit does not bar responsibility for libel, slander, and defamation of character.  The owner of this site knows full well that such limited legal corporation laws do not cover this liability and the corporation is responsible for ensuring that it does not libel, slander, or defame any person, and that includes its repsonsibility to inform its employees and staff, and all experts who participate, that such liability exists and therefore they are to refrain for doing so.

What is incorrect is the accepted answer and there is nothing wrong with what I said or suggested, again, you've offered condemnation by your opinion alone with nothing factual to back it up.  Therefore, I have provided everything that backs up what I said, as well as those facts which refute a lot of what you have said, but the refutation of namecalling stands on its own as evidence against you because they are facts, you pick on me, as a twosome, and you did call me names.  It's right here in black and white and it cannot be denied.

And now I'm off because I have various businesses to run and corporations to advise.  Consider that you do not know who you are talking to, what knowledge they possess, and how discretion is the better part of valor in refraining from name calling when you do not fully understand what is being said.  And do not take your frustrations out on other particpants.  As my grandmother would say, "If you don't have something good to say, then say nothing at all."

What bothers me the most is that because of one comment Debsyl99 forced me to defend myself in order to protect my reputation; that alone is unfair.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 12
  • 8
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now