?
Solved

Active Directory error

Posted on 2009-04-21
9
Medium Priority
?
361 Views
Last Modified: 2013-12-27
I have an SBS 2003 domain controller and have added a 2003 std server r2.  The SBS server was the first in the domain and the 2003 std was added as a member server and AD services were added to the 2003 std server.  After doing this I get an error when trying to add a new user to the domain - "The directory service was unable to allocate a relative identifier."  I am able to add a user on the 2003 std server but it is not replicating to the SBS server which is where the exchange services are running so I cannot set up a mailbox.  
0
Comment
Question by:jrb0099
  • 5
  • 4
9 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24196361
Where is your RID master FSMO role? In an SBS domain, you shouldn't move any of the FSMOs from the SBS server - it doesn't like it.
You can check for the RID master in ADUC - right click on your domain and select 'Operations Master'. It should be showing the SBS server as the role holder.
The RID master is what hands out relative IDs, which are required to add new objects such as users. Is the DC you are creating the object on in contact with the designated RID master (which should be your SBS server)?
Also run a DCDIAG test on both DCs - see what these yield and post any errors.
Tony
0
 

Author Comment

by:jrb0099
ID: 24197001
I looked at the Operations Master's roles and they are assigned to the SBS server. (RID, PDC and Infrastructure.  The following is the results from the dcdiag on the SBS server.  I know it is long but I see a couple of issues at the beginning - a replication failure.  Is the name of the domain incorrect on the second server?


C:\Documents and Settings\Administrator>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SRV01
      Starting test: Connectivity
         ......................... SRV01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SRV01
      Starting test: Replications
         [Replications Check,SRV01] A recent replication attempt failed:
            From SRV02 to SRV01
            Naming Context: CN=Schema,CN=Configuration,DC=dill,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2009-04-21 12:54:25.
            The last success occurred at 2009-04-05 20:59:10.
            380 failures have occurred since the last success.
            [SRV02] DsBindWithSpnEx() failed with error 1722,
            The RPC server is unavailable..
            The source remains down. Please check the machine.
         [Replications Check,SRV01] A recent replication attempt failed:
            From SRV02 to SRV01
            Naming Context: CN=Configuration,DC=dill,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2009-04-21 13:31:20.
            The last success occurred at 2009-04-17 03:14:04.
            269 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,SRV01] A recent replication attempt failed:
            From SRV02 to SRV01
            Naming Context: DC=dill,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2009-04-21 12:53:42.
            The last success occurred at 2009-04-05 21:33:58.
            505 failures have occurred since the last success.
            The source remains down. Please check the machine.
         REPLICATION-RECEIVED LATENCY WARNING
         SRV01:  Current time is 2009-04-21 13:37:49.
            CN=Schema,CN=Configuration,DC=dill,DC=local
               Last replication recieved from SRV02 at 2009-04-05 20:59:10.

            CN=Configuration,DC=dill,DC=local
               Last replication recieved from SRV02 at 2009-04-17 03:14:03.

            DC=dill,DC=local
               Last replication recieved from SRV02 at 2009-04-05 21:33:58.

         ......................... SRV01 passed test Replications
      Starting test: NCSecDesc
         ......................... SRV01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SRV01 passed test NetLogons
      Starting test: Advertising
         ......................... SRV01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SRV01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         The DS has corrupt data: rIDPreviousAllocationPool value is not valid
         No rids allocated -- please check eventlog.
         ......................... SRV01 failed test RidManager
      Starting test: MachineAccount
         ......................... SRV01 passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [CSEEDSRV01]
         ......................... SRV01 failed test Services
      Starting test: ObjectsReplicated
         ......................... SRV01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SRV01 passed test frssysvol
      Starting test: frsevent
         ......................... SRV01 passed test frsevent
      Starting test: kccevent
         ......................... SRV01 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/21/2009   12:43:54
            Event String: The kerberos client received a
         ......................... SRV01 failed test systemlog
      Starting test: VerifyReferences
         ......................... SRV01 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : dill
      Starting test: CrossRefValidation
         ......................... dill passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... dill passed test CheckSDRefDom

   Running enterprise tests on : dill.local
      Starting test: Intersite
         ......................... dill.local passed test Intersite
      Starting test: FsmoCheck
         ......................... dill.local passed test FsmoCheck

C:\Documents and Settings\Administrator>
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24204043
OK, I would check these in this order:
1. From the other server, can you ping the SBS server by IP address?
2. If so, can you ping it by DNS name? Does the ping command resolve to the correct IP address?
3. If all is OK. On the SBS server, first check it is looking to itself for DNS, then run the following commands:
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon
Have you changed the IP address of either of the servers? Do they point to each other for DNS, or point to themselves?
I would also check windows firewall on the SBS server. Disable windows firewall and then see if you create a user on the other server.
Let us know how you get on...
0
Eye-catchers on the conference table

Challenge: The i-unit group was not satisfied with the audio quality during remote meetings. They were looking for a portable solution with excellent audio quality for use in their conference room but also at their client’s offices.

 

Author Comment

by:jrb0099
ID: 24215363
The answers are:
1 - yes
2 - yes
3 - It is pointed to itself for DNS

I have not changed the IP addresses of either server. DNS service is only running on the SBS server.

I will disable the firewall and test new user creation.

If i use the "net stop netlogon" will it disconnect the users that are currently logged in?
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24216819
Could you also post a DCDIAG of SRV02?
Thanks,
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24216828
No you should be able to restart netlogon without any errors, as long as you start it straight away.
0
 

Author Comment

by:jrb0099
ID: 24218036

The following is the dcdiag results on SRV02.  I have checked the firewall service and it is not running.  I tried to set up a new user and received the same results.


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\SRV02
      Starting test: Connectivity
         ......................... SRV02 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\SRV02
      Starting test: Replications
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source SRV01
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         ......................... SRV02 passed test Replications
      Starting test: NCSecDesc
         ......................... SRV02 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SRV02 passed test NetLogons
      Starting test: Advertising
         ......................... SRV02 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SRV02 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SRV02 passed test RidManager
      Starting test: MachineAccount
         ......................... SRV02 passed test MachineAccount
      Starting test: Services
         ......................... SRV02 passed test Services
      Starting test: ObjectsReplicated
         ......................... SRV02 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SRV02 passed test frssysvol
      Starting test: frsevent
         ......................... SRV02 passed test frsevent
      Starting test: kccevent
         ......................... SRV02 passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:32
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 04/23/2009   14:01:36
            (Event String could not be retrieved)
         ......................... SRV02 failed test systemlog
      Starting test: VerifyReferences
         ......................... SRV02 passed test VerifyReferences
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : dill
      Starting test: CrossRefValidation
         ......................... dill passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ill passed test CheckSDRefDom
   
   Running enterprise tests on : dill.local
      Starting test: Intersite
         ......................... dill.local passed test Intersite
      Starting test: FsmoCheck
         ......................... dill.local passed test FsmoCheck
0
 
LVL 27

Accepted Solution

by:
bluntTony earned 2000 total points
ID: 24232398
What are the system log errors the this DCDIAG is referring to? Can you also confirm that DNS is correct for the second server, i.e. host and SRV records. Ensure it's using the SBS for DNS and run the four commands I posted earlier.
I would also disable the firewall on this server as well.
0
 

Author Closing Comment

by:jrb0099
ID: 31572786
The problem was the firewall on the SRV02.  I disabled it and replication took place afterward.
Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Backups and Disaster RecoveryIn this post, we’ll look at strategies for backups and disaster recovery.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question