AD goes down everytime i try to add a user
hi
this problem is driving me crazy !
OS=sbs2003 single DC with about 10 clients
everytime i try to add a user in AD i get a popup at the final stage which says
windows can not create the object ("username") becuase :
the directory service has exhausted the pool of relative identifiers.
an event is then logged id=1054 source=userenv
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
and also id=16645 source=SAM
The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.
The whole netwrok will then slow down and if i try to access AD again i get another popup which says
naming information cannot be located because:
the specified domain either does not exist or could not be contacted
contact your system administrator to veryify that the domain is properly configured and is currently online.
i click ok it then takes me into AD but i have to select connect to doamain controller before i can get it back online.
but if i try to add a user the same thing happens again.
if i restart the server the slowness goes away and i can get into AD without having to choose connect to domain controller but i still cant add a user.
we used to have a second DC called progress1 but it died and we no longer use it. i ran a dcdiag results below which show references to progress1 is this causing the problem ? i doubt it as it has been gone for over a year now.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PR
Starting test: Connectivity
......................... PROGRESS-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PR
Starting test: Replications
[Replications Check,PROGRESS-SERVER] A recent replication attempt faile
d:
From PROGRESS1 to PROGRESS-SERVER
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2006-11-09 12:59:49.
The last success occurred at 2005-10-24 08:54:01.
9143 failures have occurred since the last success.
The guid-based DNS name 3f1a570e-fdf9-4759-82b9-88
progress.local
is not registered on one or more DNS servers.
[PROGRESS1] DsBindWithSpnEx() failed with error 1722,
Win32 Error 1722.
[Replications Check,PROGRESS-SERVER] A recent replication attempt faile
d:
From PROGRESS1 to PROGRESS-SERVER
Naming Context: CN=Configuration,DC=progre
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2006-11-09 12:59:47.
The last success occurred at 2005-10-24 08:54:01.
9143 failures have occurred since the last success.
The guid-based DNS name 3f1a570e-fdf9-4759-82b9-88
progress.local
is not registered on one or more DNS servers.
[Replications Check,PROGRESS-SERVER] A recent replication attempt faile
d:
From PROGRESS1 to PROGRESS-SERVER
Naming Context: DC=progress,DC=local
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2006-11-09 12:59:44.
The last success occurred at 2005-10-24 08:54:01.
9143 failures have occurred since the last success.
The guid-based DNS name 3f1a570e-fdf9-4759-82b9-88
progress.local
is not registered on one or more DNS servers.
REPLICATION-RECEIVED LATENCY WARNING
PROGRESS-SERVER: Current time is 2006-11-09 13:03:47.
CN=Schema,CN=Configuration
Last replication recieved from PROGRESS1 at 2005-10-24 08:54:01.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=progre
Last replication recieved from PROGRESS1 at 2005-10-24 08:54:01.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=progress,DC=local
Last replication recieved from PROGRESS1 at 2005-10-24 08:54:01.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... PROGRESS-SERVER passed test Replications
Starting test: NCSecDesc
......................... PROGRESS-SERVER passed test NCSecDesc
Starting test: NetLogons
......................... PROGRESS-SERVER passed test NetLogons
Starting test: Advertising
......................... PROGRESS-SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... PROGRESS-SERVER passed test KnowsOfRoleHolder
s
Starting test: RidManager
......................... PROGRESS-SERVER passed test RidManager
Starting test: MachineAccount
......................... PROGRESS-SERVER passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [PROGRESS-SERVER]
......................... PROGRESS-SERVER failed test Services
Starting test: ObjectsReplicated
......................... PROGRESS-SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... PROGRESS-SERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PROGRESS-SERVER failed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC0250827
Time Generated: 11/09/2006 12:59:44
(Event String could not be retrieved)
......................... PROGRESS-SERVER failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00004105
Time Generated: 11/09/2006 12:33:30
Event String: The maximum account identifier allocated to this
An Error Event occured. EventID: 0x0000410B
Time Generated: 11/09/2006 12:33:31
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0x00004105
Time Generated: 11/09/2006 12:33:52
Event String: The maximum account identifier allocated to this
......................... PROGRESS-SERVER failed test systemlog
Starting test: VerifyReferences
......................... PROGRESS-SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : progress
Starting test: CrossRefValidation
......................... progress passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... progress passed test CheckSDRefDom
Running enterprise tests on : progress.local
Starting test: Intersite
......................... progress.local passed test Intersite
Starting test: FsmoCheck
......................... progress.local passed test FsmoCheck
please can someone shed some light on this.
Thanx
this problem is driving me crazy !
OS=sbs2003 single DC with about 10 clients
everytime i try to add a user in AD i get a popup at the final stage which says
windows can not create the object ("username") becuase :
the directory service has exhausted the pool of relative identifiers.
an event is then logged id=1054 source=userenv
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
and also id=16645 source=SAM
The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.
The whole netwrok will then slow down and if i try to access AD again i get another popup which says
naming information cannot be located because:
the specified domain either does not exist or could not be contacted
contact your system administrator to veryify that the domain is properly configured and is currently online.
i click ok it then takes me into AD but i have to select connect to doamain controller before i can get it back online.
but if i try to add a user the same thing happens again.
if i restart the server the slowness goes away and i can get into AD without having to choose connect to domain controller but i still cant add a user.
we used to have a second DC called progress1 but it died and we no longer use it. i ran a dcdiag results below which show references to progress1 is this causing the problem ? i doubt it as it has been gone for over a year now.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PR
Starting test: Connectivity
......................... PROGRESS-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PR
Starting test: Replications
[Replications Check,PROGRESS-SERVER] A recent replication attempt faile
d:
From PROGRESS1 to PROGRESS-SERVER
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2006-11-09 12:59:49.
The last success occurred at 2005-10-24 08:54:01.
9143 failures have occurred since the last success.
The guid-based DNS name 3f1a570e-fdf9-4759-82b9-88
progress.local
is not registered on one or more DNS servers.
[PROGRESS1] DsBindWithSpnEx() failed with error 1722,
Win32 Error 1722.
[Replications Check,PROGRESS-SERVER] A recent replication attempt faile
d:
From PROGRESS1 to PROGRESS-SERVER
Naming Context: CN=Configuration,DC=progre
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2006-11-09 12:59:47.
The last success occurred at 2005-10-24 08:54:01.
9143 failures have occurred since the last success.
The guid-based DNS name 3f1a570e-fdf9-4759-82b9-88
progress.local
is not registered on one or more DNS servers.
[Replications Check,PROGRESS-SERVER] A recent replication attempt faile
d:
From PROGRESS1 to PROGRESS-SERVER
Naming Context: DC=progress,DC=local
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2006-11-09 12:59:44.
The last success occurred at 2005-10-24 08:54:01.
9143 failures have occurred since the last success.
The guid-based DNS name 3f1a570e-fdf9-4759-82b9-88
progress.local
is not registered on one or more DNS servers.
REPLICATION-RECEIVED LATENCY WARNING
PROGRESS-SERVER: Current time is 2006-11-09 13:03:47.
CN=Schema,CN=Configuration
Last replication recieved from PROGRESS1 at 2005-10-24 08:54:01.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=progre
Last replication recieved from PROGRESS1 at 2005-10-24 08:54:01.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=progress,DC=local
Last replication recieved from PROGRESS1 at 2005-10-24 08:54:01.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... PROGRESS-SERVER passed test Replications
Starting test: NCSecDesc
......................... PROGRESS-SERVER passed test NCSecDesc
Starting test: NetLogons
......................... PROGRESS-SERVER passed test NetLogons
Starting test: Advertising
......................... PROGRESS-SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... PROGRESS-SERVER passed test KnowsOfRoleHolder
s
Starting test: RidManager
......................... PROGRESS-SERVER passed test RidManager
Starting test: MachineAccount
......................... PROGRESS-SERVER passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [PROGRESS-SERVER]
......................... PROGRESS-SERVER failed test Services
Starting test: ObjectsReplicated
......................... PROGRESS-SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... PROGRESS-SERVER passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PROGRESS-SERVER failed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC0250827
Time Generated: 11/09/2006 12:59:44
(Event String could not be retrieved)
......................... PROGRESS-SERVER failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00004105
Time Generated: 11/09/2006 12:33:30
Event String: The maximum account identifier allocated to this
An Error Event occured. EventID: 0x0000410B
Time Generated: 11/09/2006 12:33:31
Event String: The request for a new account-identifier pool
An Error Event occured. EventID: 0x00004105
Time Generated: 11/09/2006 12:33:52
Event String: The maximum account identifier allocated to this
......................... PROGRESS-SERVER failed test systemlog
Starting test: VerifyReferences
......................... PROGRESS-SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : progress
Starting test: CrossRefValidation
......................... progress passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... progress passed test CheckSDRefDom
Running enterprise tests on : progress.local
Starting test: Intersite
......................... progress.local passed test Intersite
Starting test: FsmoCheck
......................... progress.local passed test FsmoCheck
please can someone shed some light on this.
Thanx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it worked !!!
thank you
thank you
ASKER