Improve company productivity with a Business Account.Sign Up

x
?
Solved

Netlogon Paused error

Posted on 2008-10-10
8
Medium Priority
?
3,182 Views
Last Modified: 2012-06-21
We have two Windows 2003 Servers running ADS. On the additional domain controller the Netlogon service is Paused when restarted.  
0
Comment
Question by:mnraghu
  • 4
  • 3
8 Comments
 
LVL 18

Expert Comment

by:kjanicke
ID: 22685250
Are you having any space issues on that server?  Do you have at elast half a gb of free space?
0
 

Author Comment

by:mnraghu
ID: 22685304
There  is lot of free space around 10 GB of disk space.
0
 

Author Comment

by:mnraghu
ID: 22685863
I am posting the Events logs that could help you understand my problem

Source: NTDS General
Category: Replication
Event ID: 1113

Description: Inbound replication has been disabled by the user.

------------------------------------------------------------------------

Source: NTDS General
Category: Replication
Event ID: 1115

Description: Outbound replication has been disabled by the user.

------------------------------------------------------------------------

Source: NTDS General
Category: Service Control
Event ID:2103

Description: The Active Directory database has been restored using an unsupported restoration procedure.
 
Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.
------------------------------------------------------------------------


Source: NTDS KCC
Category: Knowledge Consistency
Event ID:1308

Description: The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
 
Attempts:
25475
Domain controller:
CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sis,DC=com
Period of time (minutes):
47720
 
The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.
 
Additional Data
Error value:
8457 The destination server is currently rejecting replication requests.
------------------------------------------------------------------------


Source: NTDS Replication
Category: Replication
Event ID:1586

Description: The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful.
 
A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint.
 
The checkpoint process will be tried again in four hours.
 
Additional Data
Error value:
8457 The destination server is currently rejecting replication requests.
------------------------------------------------------------------------

Source: NTDS ISAM
Category: Online Defragmentation
Event ID: 700

Description: NTDS (440) NTDSA: Online defragmentation is beginning a full pass on database 'C:\WINDOWS\NTDS\ntds.dit'.

------------------------------------------------------------------------

Source: NTDS ISAM
Category: Online Defragmentation
Event ID: 701

Description: NTDS (440) NTDSA: Online defragmentation has completed a full pass on database 'C:\WINDOWS\NTDS\ntds.dit'.
------------------------------------------------------------------------

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22686610
0
 

Author Comment

by:mnraghu
ID: 22692648
Thanks for the links dariusg!
According to the information in the support .microsoft link, what I understand is, to resolve the issue it is better to remove the ADS from the additional Domain and clean the meta data from the main domain controller, and then reinstall the ADS to make it an additional domain controller.

Is there any method that I can enable the inbound replication on the additional domain controller? or is there any method I can repair the replication?


0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 22701854
Do you have the hotfixed installed? If you demote the DC then you can repromote to the second DC. This will allow you to make sure you don't have issues later on with this same problem. Doing a metadat cleanup is important so you can get rid of any lingering objects that might cause another issue.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 

Author Comment

by:mnraghu
ID: 22706376
Thanks a lot dariusg! I very much appreciate your solution!
I removed the ADS on the additional domain controller using force removal method as suggested in the following link
http://support.microsoft.com/kb/875495
And later I cleaned the metadata as suggested in the following link: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Had you not sent the above link how to clean the metadata, I think it would have been difficult for me. The above link is so excellent, it was like a spoon feeding for a beginner like me.

The wonderful part is the the File Server is intact, the file Sharing and Security is restored perfectly. The most thrilling part is my profile is restored with all my desktop files and settings.

I think this is the best solution one can expect for this problem.



0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22710756
I'm glad it's fix.

Cheers
0

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question