SBS 2003 Cannot connect to OEMdomain xxxx
Environment:
SBS 2003 R2 basic, new server
One NIC
company.local domain on inside / company.com domain on outside.
Upon setup one of our techs accidently plugged in the "old win 2000 domain controller" with THE SAME domain (netBIOS) wise anyway, not .local :)
After that it kinda "took control" of the domain as some weird error logs were appearing on the SBS 2003 box. I don't know if its related to that, or after browsing the web... if its cuz we didn't "blow out" and reinstall fresh a Dell OEM pre-install of SBS 2003???
But anyhow we are getting Event ID errors regarding to group policy cannot connect to OEM_SBS_domain with some numbers appended.
I've read that you can use ADSI to edit but its risky... just trying to decide if we should blow out the install and start over. Client wouldn't be all that happy, but we want to make it right, and stable ;)
Other little errors are happening with may be related to this like other PC's showing up in the event log on the server as losing their SID etc... we were just re-joining them using \\server\connectcomputer.
Are OEM pre-installs really that bad??? Our guys seem to do like 50/50. Clean install some and others just open the box and follow prompts. Out of literally hundreds of installs... never had this issue before... but by browsing I see we are not totally alone!
SBS 2003 R2 basic, new server
One NIC
company.local domain on inside / company.com domain on outside.
Upon setup one of our techs accidently plugged in the "old win 2000 domain controller" with THE SAME domain (netBIOS) wise anyway, not .local :)
After that it kinda "took control" of the domain as some weird error logs were appearing on the SBS 2003 box. I don't know if its related to that, or after browsing the web... if its cuz we didn't "blow out" and reinstall fresh a Dell OEM pre-install of SBS 2003???
But anyhow we are getting Event ID errors regarding to group policy cannot connect to OEM_SBS_domain with some numbers appended.
I've read that you can use ADSI to edit but its risky... just trying to decide if we should blow out the install and start over. Client wouldn't be all that happy, but we want to make it right, and stable ;)
Other little errors are happening with may be related to this like other PC's showing up in the event log on the server as losing their SID etc... we were just re-joining them using \\server\connectcomputer.
Are OEM pre-installs really that bad??? Our guys seem to do like 50/50. Clean install some and others just open the box and follow prompts. Out of literally hundreds of installs... never had this issue before... but by browsing I see we are not totally alone!
ASKER
Here are the actual App / event log errors.. they are constant every 4-5 minutes.
Also cant open Group Policy Snap In. It points to that domain.. OEM one... which is NOT our domain by the way. This is the error upon trying to open group policy snap-in:
"The specified domain either does not exist or could not be contacted"
The DNS event log also makes reference to this "other domain" here is one of the error logs from DNS:
The DNS server encountered a packet addressed to itself on IP address 192.168.0.1. The packet is for the DNS name "OEMSBSDN-3935.local.". The packet will be discarded. This condition usually indicates a configuration error
--------------------------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/30/2007
Time: 11:35:00 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
--------------------------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1005
Date: 11/30/2007
Time: 11:40:25 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot connect to OEMSBSDN-3935.local domain. (Server Down). Group Policy processing aborted.
--------------------------
Also cant open Group Policy Snap In. It points to that domain.. OEM one... which is NOT our domain by the way. This is the error upon trying to open group policy snap-in:
"The specified domain either does not exist or could not be contacted"
The DNS event log also makes reference to this "other domain" here is one of the error logs from DNS:
The DNS server encountered a packet addressed to itself on IP address 192.168.0.1. The packet is for the DNS name "OEMSBSDN-3935.local.". The packet will be discarded. This condition usually indicates a configuration error
--------------------------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 11/30/2007
Time: 11:35:00 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
--------------------------
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1005
Date: 11/30/2007
Time: 11:40:25 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Windows cannot connect to OEMSBSDN-3935.local domain. (Server Down). Group Policy processing aborted.
--------------------------
The steps outlined in http://support.microsoft.com/kb/888943 should resolve this for you. But FWIW, I always flatten out an OEM Pre-install and start fresh.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Hey Jeff,
I did the above and it still gives me the error. maybe I should search for all instances of the OEMSBSDN-3935 and change them.. is there a find feature in ADSIedit??? The only part is in the steps of that article it says (step 6) change to proper "domain name"..... it doesn't specifically mention it, but there is a lot of other "stuff" in that line... so....
Do you change entire line to just domain name??? or just the first part which is the wrong domain name?
I did the above and it still gives me the error. maybe I should search for all instances of the OEMSBSDN-3935 and change them.. is there a find feature in ADSIedit??? The only part is in the steps of that article it says (step 6) change to proper "domain name"..... it doesn't specifically mention it, but there is a lot of other "stuff" in that line... so....
Do you change entire line to just domain name??? or just the first part which is the wrong domain name?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I did follow the KB Article mentioned above.. .however that article references Events 1030 and 1058.
Our Event ID's are 1030 and 1005 as posted above. I have searched the registry and replaced all instances of OEMSBSDN-3936 with "my domain". Then rebooted.
Then followed the article above which says to change the CN={31B2F340-016D-11D2-945
There are about 10 of such folders listed and I checked all of them and sure enough the wrong domain was in all of them. So I changed them all. I looked in other folders but did not see anything.
Rebooted multiple times.
If I clear the event app log and do a cmd > gpupdate, they will reappear.
They also show up by themselves every 4-5 minutes.
I might put in a call to Dell's gold support since it seems to be an OEM install thing... Microsoft would want a couple hundred bucks so... dont know about that just yet.
Does anyone know of a way to "search" using ADSIedit.msc? I haven't seen a "find" feature yet. Are there any 3rd party but "free" :) tools which would give this feature? Manually trying to look in 10,000 places sucks.
Our Event ID's are 1030 and 1005 as posted above. I have searched the registry and replaced all instances of OEMSBSDN-3936 with "my domain". Then rebooted.
Then followed the article above which says to change the CN={31B2F340-016D-11D2-945
There are about 10 of such folders listed and I checked all of them and sure enough the wrong domain was in all of them. So I changed them all. I looked in other folders but did not see anything.
Rebooted multiple times.
If I clear the event app log and do a cmd > gpupdate, they will reappear.
They also show up by themselves every 4-5 minutes.
I might put in a call to Dell's gold support since it seems to be an OEM install thing... Microsoft would want a couple hundred bucks so... dont know about that just yet.
Does anyone know of a way to "search" using ADSIedit.msc? I haven't seen a "find" feature yet. Are there any 3rd party but "free" :) tools which would give this feature? Manually trying to look in 10,000 places sucks.
Let's make sure that your SYSVOL sub-folders are actually named correctly. Because searching ADSIEdit is not the solution... if it came to that, you should reinstall the server.
So, go to C:\WINDOWS\SYSVOL
In that folder is another folder called sysvol which should have a folder in that named yourdomain.local
There is also a folder called staging areas which should contain a folder named yourdomain.local
Are those correct?
Jeff
TechSoEasy
So, go to C:\WINDOWS\SYSVOL
In that folder is another folder called sysvol which should have a folder in that named yourdomain.local
There is also a folder called staging areas which should contain a folder named yourdomain.local
Are those correct?
Jeff
TechSoEasy
ASKER
FINALLY!!!
Actually is running good now. Did have to find ALL instances of the rogue domain and replace. I thought about a re-install... client would definately not be happy with that, since we set up their special vendor software which takes a whole day.
Too bad in ADSIedit you cannot do a "find and replace" :) I know most people do not and prob should not mess with this area... it would have been a HUGE time saver tonight! Anyhow... lesson learned... wipe out ALL OEM pre-installs... which kinda sucks... but can't be as bad as this was! It seems pretty "clean" as far as SBS goes since all we really did was rename LDAP objects. I guess if I was a VB Script God I would have wrote a quick script which hooked into the directory and replaced them for me... but since I'm not....
Thanks for the tips Jeff... your a great SBS resource on the web! Keep up the good work!
Actually is running good now. Did have to find ALL instances of the rogue domain and replace. I thought about a re-install... client would definately not be happy with that, since we set up their special vendor software which takes a whole day.
Too bad in ADSIedit you cannot do a "find and replace" :) I know most people do not and prob should not mess with this area... it would have been a HUGE time saver tonight! Anyhow... lesson learned... wipe out ALL OEM pre-installs... which kinda sucks... but can't be as bad as this was! It seems pretty "clean" as far as SBS goes since all we really did was rename LDAP objects. I guess if I was a VB Script God I would have wrote a quick script which hooked into the directory and replaced them for me... but since I'm not....
Thanks for the tips Jeff... your a great SBS resource on the web! Keep up the good work!
Just to make sure... go ahead and run the SBS Best Practices analyzer, http://sbsurl.com/bpa
Glad you got it worked out though.
Jeff
TechSoEasy
Glad you got it worked out though.
Jeff
TechSoEasy
ASKER
Ran bpa.... all good xcept for a few minor things that it always finds...Thx again
hi tmoon,
I am kindda having the same issue, and i have replaced all the path with mydomain.local as according to http://support.microsoft.com/kb/888943 but still no luck.
could you explain bit more how you resolved the issue.
Thanks in advance.
I am kindda having the same issue, and i have replaced all the path with mydomain.local as according to http://support.microsoft.com/kb/888943 but still no luck.
could you explain bit more how you resolved the issue.
Thanks in advance.
ASKER