[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1523
  • Last Modified:

DC replication, authentication, time sync issues - active directory

Getting the error below constantly on one of our DCs.  This is the PDC emulator in the domain.   We're finding what may be replication issues, and machines are syncing time with a different server that does not hold any domain roles.  Any idea?

Event Type:      Warning
Event Source:      Health Service Script
Event Category:      None
Event ID:      1000
Date:            2/20/2009
Time:            11:41:20 AM
User:            N/A
Computer:      DOMAINCONTROLLER03
Description:
AD Replication Monitoring : encountered a runtime error.
Failed to obtain the InfrastructureMaster using a well known GUID.
The error returned was: 'Failed to get the 'fSMORoleOwner' attribute from the object 'LDAP://DOMAINCONTROLLER03.ourdomain.net/<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,DC=ForestDnsZones,DC=martekbio,DC=net>'.
The error returned was: 'There is no such object on the server.' (0x80072030)' (0x80072030)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
artthegeek
Asked:
artthegeek
  • 4
  • 2
2 Solutions
 
cantorisCommented:
Since you're using System Center Operation Manager, here's someone with the same problem in its forerunner, MOM:
http://www.winserverkb.com/Uwe/Forum.aspx/mom-packs/381/AD-Management-pack-help
0
 
artthegeekAuthor Commented:
We're investigating based on your comment, stay tuned...
0
 
artthegeekAuthor Commented:
Two other symptoms to toss in - maybe related, maybe not:  

Domain Workstations and servers are time syncing to a server in a different site.  It does not hold a domain master role, does hold the GC for that site.

Another DC error as well:

Alert: The system clock has not been synchronized for some time
Source: servername
Path: servername
Last modified by: System
Last modified time: 3/2/2009 9:19:24 AM
Alert description: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. Monitor the system events displayed in the Event  Viewer to make sure that a more serious problem does not exist.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
cantorisCommented:
Hi!

Domain members will sync to the DC that authenticated them.  The DCs should then sync to the PDC emulator in their domain.  Has the PDC role been moved at all?
On the DC with the odd error, what does
w32tm /monitor
show?
On the same one, you could try
w32tm /resync /rediscover
followed by another
w32tm /monitor
any change in the output?
Any new time errors in the event log after this?

NB - Use W32Tm.exe rather than net.exe for time source management if you have XP or Server 2003 or newer.
0
 
artthegeekAuthor Commented:
Thanks - we'll be doing some testing this week - stay tuned.
0
 
artthegeekAuthor Commented:
Both of you were right on.  The time sync issue I knew, and had fixed once after some nasty telco issues.  Human error stepped in next - time server settings were put in manually on DCs at one site after the first fix, this is what threw much of it out of whack.  Once I removed the settings & resync'd, that was fine.  
It did need the ADHO to stop the ID1000 error.

Thank you both.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now