Solved

Netlogon Paused error

Posted on 2008-10-10
8
3,100 Views
Last Modified: 2012-06-21
We have two Windows 2003 Servers running ADS. On the additional domain controller the Netlogon service is Paused when restarted.  
0
Comment
Question by:mnraghu
  • 4
  • 3
8 Comments
 
LVL 18

Expert Comment

by:kjanicke
ID: 22685250
Are you having any space issues on that server?  Do you have at elast half a gb of free space?
0
 

Author Comment

by:mnraghu
ID: 22685304
There  is lot of free space around 10 GB of disk space.
0
 

Author Comment

by:mnraghu
ID: 22685863
I am posting the Events logs that could help you understand my problem

Source: NTDS General
Category: Replication
Event ID: 1113

Description: Inbound replication has been disabled by the user.

------------------------------------------------------------------------

Source: NTDS General
Category: Replication
Event ID: 1115

Description: Outbound replication has been disabled by the user.

------------------------------------------------------------------------

Source: NTDS General
Category: Service Control
Event ID:2103

Description: The Active Directory database has been restored using an unsupported restoration procedure.
 
Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused.
------------------------------------------------------------------------


Source: NTDS KCC
Category: Knowledge Consistency
Event ID:1308

Description: The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.
 
Attempts:
25475
Domain controller:
CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sis,DC=com
Period of time (minutes):
47720
 
The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.
 
Additional Data
Error value:
8457 The destination server is currently rejecting replication requests.
------------------------------------------------------------------------


Source: NTDS Replication
Category: Replication
Event ID:1586

Description: The Windows NT 4.0 or earlier replication checkpoint with the PDC emulator master was unsuccessful.
 
A full synchronization of the security accounts manager (SAM) database to domain controllers running Windows NT 4.0 and earlier might take place if the PDC emulator master role is transferred to the local domain controller before the next successful checkpoint.
 
The checkpoint process will be tried again in four hours.
 
Additional Data
Error value:
8457 The destination server is currently rejecting replication requests.
------------------------------------------------------------------------

Source: NTDS ISAM
Category: Online Defragmentation
Event ID: 700

Description: NTDS (440) NTDSA: Online defragmentation is beginning a full pass on database 'C:\WINDOWS\NTDS\ntds.dit'.

------------------------------------------------------------------------

Source: NTDS ISAM
Category: Online Defragmentation
Event ID: 701

Description: NTDS (440) NTDSA: Online defragmentation has completed a full pass on database 'C:\WINDOWS\NTDS\ntds.dit'.
------------------------------------------------------------------------

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22686610
0
 

Author Comment

by:mnraghu
ID: 22692648
Thanks for the links dariusg!
According to the information in the support .microsoft link, what I understand is, to resolve the issue it is better to remove the ADS from the additional Domain and clean the meta data from the main domain controller, and then reinstall the ADS to make it an additional domain controller.

Is there any method that I can enable the inbound replication on the additional domain controller? or is there any method I can repair the replication?


0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 125 total points
ID: 22701854
Do you have the hotfixed installed? If you demote the DC then you can repromote to the second DC. This will allow you to make sure you don't have issues later on with this same problem. Doing a metadat cleanup is important so you can get rid of any lingering objects that might cause another issue.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 

Author Comment

by:mnraghu
ID: 22706376
Thanks a lot dariusg! I very much appreciate your solution!
I removed the ADS on the additional domain controller using force removal method as suggested in the following link
http://support.microsoft.com/kb/875495
And later I cleaned the metadata as suggested in the following link: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Had you not sent the above link how to clean the metadata, I think it would have been difficult for me. The above link is so excellent, it was like a spoon feeding for a beginner like me.

The wonderful part is the the File Server is intact, the file Sharing and Security is restored perfectly. The most thrilling part is my profile is restored with all my desktop files and settings.

I think this is the best solution one can expect for this problem.



0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22710756
I'm glad it's fix.

Cheers
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question