?
Solved

Windows Server 2003 Net Logon Error

Posted on 2009-12-28
25
Medium Priority
?
1,252 Views
Last Modified: 2012-05-08
I have a Server 2003 DC that i am unable to start the Net Logon Service. If I try to start it will say "Could not start Net Logon service on Local Computer Error 0xc0000064:0xc0000064." Any Ideas?
0
Comment
Question by:usshellmh
  • 11
  • 11
  • 2
  • +1
25 Comments
 
LVL 17

Expert Comment

by:Mike_Carroll
ID: 26133871
Scan for just using MBAM which you can get here http://www.malwarebytes.org/mbam.php

Also, scan for viruses.

Sounds like you have a passenger.
0
 
LVL 3

Expert Comment

by:McClane
ID: 26133897
Install the support tools from the windows server setup cd if you don't have already and run dcdiag and netdiag

-> DCDIAG /V /C /D /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log
0
 

Author Comment

by:usshellmh
ID: 26133947
As far as virus/malware doubt it 100%. Building lost power over weekend and the outage lasted more than the battery life of my apc backups. Servers restarted when power came back, but this one server is giving me this headache, will run diagnostic tools.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:usshellmh
ID: 26134000
This is what I got with dcdiag, I do not know much about this and sorry about the longgggg post. On a side note, server name USSHELL4, I took it off as a backup DC,DNS and DHCP.
C:\Program Files\Support Tools>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\USSHELL
      Starting test: Connectivity
         ......................... USSHELL passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\USSHELL
      Starting test: Replications
         [Replications Check,USSHELL] A recent replication attempt failed:
            From USSHELL4 to USSHELL
            Naming Context: DC=ForestDnsZones,DC=US_SHELL
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
            The failure occurred at 2009-12-28 14:33:43.
            The last success occurred at 2009-12-16 17:27:16.
            1137 failures have occurred since the last success.
         [USSHELL4] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         [Replications Check,USSHELL] A recent replication attempt failed:
            From USSHELL4 to USSHELL
            Naming Context: DC=DomainDnsZones,DC=US_SHELL
            The replication generated an error (1256):
            The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
            The failure occurred at 2009-12-28 14:33:43.
            The last success occurred at 2009-12-16 17:27:16.
            1137 failures have occurred since the last success.
         [Replications Check,USSHELL] A recent replication attempt failed:
            From USSHELL4 to USSHELL
            Naming Context: CN=Schema,CN=Configuration,DC=US_SHELL
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2009-12-28 14:33:43.
            The last success occurred at 2009-12-16 17:27:16.
            1137 failures have occurred since the last success.
         [Replications Check,USSHELL] A recent replication attempt failed:
            From USSHELL4 to USSHELL
            Naming Context: CN=Configuration,DC=US_SHELL
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2009-12-28 14:33:43.
            The last success occurred at 2009-12-16 17:27:16.
            1137 failures have occurred since the last success.
         [Replications Check,USSHELL] A recent replication attempt failed:
            From USSHELL4 to USSHELL
            Naming Context: DC=US_SHELL
            The replication generated an error (5):
            Access is denied.
            The failure occurred at 2009-12-28 14:33:43.
            The last success occurred at 2009-12-16 17:27:16.
            1137 failures have occurred since the last success.
         REPLICATION-RECEIVED LATENCY WARNING
         USSHELL:  Current time is 2009-12-28 14:39:58.
            DC=ForestDnsZones,DC=US_SHELL
               Last replication recieved from USSHELL4 at 2009-12-16 17:27:16.
            DC=DomainDnsZones,DC=US_SHELL
               Last replication recieved from USSHELL4 at 2009-12-16 17:27:16.
            CN=Schema,CN=Configuration,DC=US_SHELL
               Last replication recieved from USSHELL4 at 2009-12-16 17:27:16.
            CN=Configuration,DC=US_SHELL
               Last replication recieved from USSHELL4 at 2009-12-16 17:27:16.
            DC=US_SHELL
               Last replication recieved from USSHELL4 at 2009-12-16 17:27:16.
         ......................... USSHELL passed test Replications
      Starting test: NCSecDesc
         ......................... USSHELL passed test NCSecDesc
      Starting test: NetLogons
         ......................... USSHELL passed test NetLogons
      Starting test: Advertising
         Fatal Error:DsGetDcName (USSHELL) call failed, error 1355
         The Locator could not find the server.
         ......................... USSHELL failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... USSHELL passed test KnowsOfRoleHolders
      Starting test: RidManager
         Failed with 8481: The search failed to retrieve attributes from the dat
abase.
         Could not get Rid set Reference :failed with 8481: The search failed to
 retrieve attributes from the database.
         ......................... USSHELL failed test RidManager
      Starting test: MachineAccount
         ***Error: The server USSHELL is missing its machine account.  Try
         running with the /repairmachineaccount option.
         * The current DC is not in the domain controller's OU
         * Missing SPN :LDAP/USSHELL
         * Missing SPN :HOST/USSHELL
         ......................... USSHELL failed test MachineAccount
      Starting test: Services
            w32time Service is stopped on [USSHELL]
            NETLOGON Service is stopped on [USSHELL]
         ......................... USSHELL failed test Services
      Starting test: ObjectsReplicated
         ......................... USSHELL passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... USSHELL passed test frssysvol
      Starting test: frsevent
         ......................... USSHELL passed test frsevent
      Starting test: kccevent
         An Error Event occured.  EventID: 0xC0000466
            Time Generated: 12/28/2009   14:33:43
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x800004C8
            Time Generated: 12/28/2009   14:37:28
            (Event String could not be retrieved)
         ......................... USSHELL failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x000015E2
            Time Generated: 12/28/2009   13:56:22
            Event String: An internal error occurred while accessing the
         An Error Event occured.  EventID: 0xC0001B6F
            Time Generated: 12/28/2009   13:56:22
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000423
            Time Generated: 12/28/2009   14:23:13
            Event String: The DHCP service failed to see a directory server
         An Error Event occured.  EventID: 0x000015E2
            Time Generated: 12/28/2009   14:38:38
            Event String: An internal error occurred while accessing the
         An Error Event occured.  EventID: 0xC0001B6F
            Time Generated: 12/28/2009   14:38:39
            (Event String could not be retrieved)
         ......................... USSHELL failed test systemlog
      Starting test: VerifyReferences
         ......................... USSHELL passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : US_SHELL
      Starting test: CrossRefValidation
         ......................... US_SHELL passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... US_SHELL passed test CheckSDRefDom

   Running enterprise tests on : US_SHELL
      Starting test: Intersite
         ......................... US_SHELL passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135
5
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... US_SHELL failed test FsmoCheck

C:\Program Files\Support Tools>
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26134058
0xc0000064-This error means that an unauthorized or unknown account it trying to logon.

Well, with the netlogon service disabled, I can see why.

Can you ping anything? and look in event logs  to see what you can come up with.

It appears that Windows firewall has been re-enabled.  
0
 

Author Comment

by:usshellmh
ID: 26134085
Well I am actually making things worst for me, by getting rid of my backup DC,dns and dhcp I am getting a domain not found or available. I have checked the windows firewall and it is disabled.  Do you know how I can promote this computer to be the primary domain controller?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26134120
Yes, but you may not have to.

Go to the problem child DC and look in the DNS snapin for greyed out MSDCS file folders. Let me know if any folders are greyed out in DNS.
0
 

Author Comment

by:usshellmh
ID: 26134176
OK, I went there, the MSDCS folder was greyed out, went into the _msdcs recordsd and hit properties , I saw that the ip add was blank so I threw in the ip for the usshell computer which is the one that should be the main dc and somehting worked. Now i have under the Foward Lookup Zone a _msdcs.US_Shell folder. The DC seems to be back to the right one and i also opened up ad and it asked about using the msdcs.US_Shell and i said yes and my accounts are there!!. Now i am left with my original problem.

screen.JPG
0
 
LVL 17

Expert Comment

by:Mike_Carroll
ID: 26134235
Ok, wasn't aware of the power issue.

Try a quick test... from the control panel, click on system and the computer name tab. Check that your full computer name is correct... i.e. fully qualified. I saw a situation about a month ago where it had changed on a PDC following a power outage and it was causing the netlogon service to fail.
0
 

Author Comment

by:usshellmh
ID: 26134275
USSHELL.US_SHELL it is correct.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26134298
Ok, it's as I thought:

Your DNS delegation records are expired. While the server was running this wasn't an issue:

This is exactly what it looks like and what happens:
http://www.experts-exchange.com/Networking/Protocols/DNS/Q_24349599.html

After deleting the MSDCS file folders of both DCs, then you want to go to the command prompt and type:
Net Stop Netlogon
Net Start Netlogon

To reregister the SRV records on the server.

A better alternative is to shut down both DC1 and DC2. Then,bring DC1 back on line first. Then, bring up DC2 second.

This goes along with what Mike Caroll was saying:
0
 

Author Comment

by:usshellmh
ID: 26134320
This is the log for the net diad app. I am not liking the failed dns test part of it.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.USSHELL1>net diag
The syntax of this command is:


NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
      HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION |
      SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]


C:\Documents and Settings\Administrator.USSHELL1>netdiag

......................................

    Computer Name: USSHELL
    DNS Host Name: USSHELL.US_SHELL
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
    List of installed hotfixes :
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB927891
        KB929123
        KB930178
        KB931784
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB938464
        KB941202
        KB941568
        KB941569
        KB941644
        KB941672
        KB941693
        KB942763
        KB942830
        KB942840
        KB943055
        KB943460
        KB943484
        KB943485
        KB944338
        KB944533
        KB944653
        KB945553
        KB946026
        KB947864
        KB948496
        KB948590
        KB948881
        KB949014
        KB950759
        KB950760
        KB950762
        KB950974
        KB951066
        KB951072-v2
        KB951698
        KB951746
        KB951748
        KB952069
        KB952954
        KB953838
        KB953839
        KB954211
        KB954600
        KB955069
        KB955839
        KB956390
        KB956391
        KB956802
        KB956803
        KB956841
        KB957095
        KB957097
        KB958215
        KB958644
        KB958687
        KB960714
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : USSHELL

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : USSHELL
        IP Address . . . . . . . . : 192.168.0.10
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.200
        Dns Servers. . . . . . . . : 192.168.0.10


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{31924BAE-5D11-482B-B82F-DF95BBA51CB5}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS host name 'USSHELL.US_SHELL' valid only on Windows DNS Ser
vers. [DNS_ERROR_NON_RFC_NAME]
       [FATAL] File \config\netlogon.dns contains invalid DNS entries.    [FATAL
] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{31924BAE-5D11-482B-B82F-DF95BBA51CB5}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{31924BAE-5D11-482B-B82F-DF95BBA51CB5}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Failed
        [FATAL] Cannot find DC in domain 'US_SHELL'. [ERROR_NO_SUCH_DOMAIN]


DC list test . . . . . . . . . . . : Failed
        'US_SHELL': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped
        'US_SHELL': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: The specified d
omain either does not exist or could not be contacted.

        [WARNING] Cannot find DC in domain 'US_SHELL'. [ERROR_NO_SUCH_DOMAIN]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.USSHELL1>
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26134344
That failed DNS is because of the expired MSDCS delegation records:

It is the bain of your existance right now. Follow Chris Dent's and Dariusq's advice on the above article and I think you will be golden. don't forget to delete the MSDCS file folders on BOTH DCs in BOTH locations, (meaning under your forward lookup zone and as its OWN forward lookup zone). Then, restart the netlogon service or drop down both DCs and bring them up one at a time.
0
 

Author Comment

by:usshellmh
ID: 26134419
OK, deleted both folder on the main dc, the other dc2 i had already uninstall the the dns role. So i go to restart the net logon and it gives me this error.
NET-LOGON2.JPG
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26134500
I have never seen that:

But, here is what microsoft says about it:
http://support.microsoft.com/kb/900960
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26134505
Do not reboot until this error is fixed.
0
 

Author Comment

by:usshellmh
ID: 26134536
My networked computers are not seeing my domain now and thus are not letting users log in. I dont see the relationship between the Microsoft issue and mine, I might be missing something. Also my Terminal Server is not seeing the Licensing server, it is also the USSHELL server.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26134585
A semaphore is like a bouncer at a bar. It lets a certain amount of people in, then when one leave another can come in. It controls the TCP/IP stack. The idea that another semaphore can't be created, means that you have a tcp/IP stack overflow. You could try to restart the netlogon service again and see if the stack is not less populated.

Removing the MSDCS file folders will temporarily stop domain authentication. If all else fails, we can restart, knocking communications down, to restart the netlogon service and register the SRV records.

The SRV records are defined as the DNS records within the MSDCS file folders.



0
 

Author Comment

by:usshellmh
ID: 26134798
I restarted the system and tried to start the Net Logon service and it gave me the same error.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26135242
I realize we need to get this up. You have a TCP/IP stack overflow. To correct this problem log on to safe mode with network support. Go to the command prompt and type:

SFC /scannow

It appears like your TCPIP.sys driver is corrupt or is having problems.

With SFC /scannow, that stands for system file checker. It may ask you for an install disk. If you do not have one then please advise.

SFC will verify important OS files to make sure they are on the same version and also to make sure they are not corrupt.
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 2000 total points
ID: 26135557
I am doing a little research, and found this article:

http://serverfault.com/questions/34354/how-do-you-repair-active-directory-after-a-partially-renamed-domain-controller

Did you try to rename DC1?

If not, we have metadata to clean up. If so, we have metadata to clean up.

Your VERY best bet is to bring DC2 back on line, install the  DNS role, Make it a Global catalog server and seize the roles. See if you can replicate DNS zones from DC1.

After you get DC2 back in order, then perform an AD metadata clean up of DC1.

 Perform DCdiag /v to make sure it's all good.

Now take DC1, force Demote it to a member server, then promote it to a DC.

If you can restore from backup, now is the time. Upon renaming the server, there is a lot of metadata to clean up in AD, FRS and DNS. I don't know if we can do this easily.  

0
 

Author Comment

by:usshellmh
ID: 26135570
I called it a day about an hour ago. First thing tom morning i will install the dns role on the other server. I am not sure how to bring it as a Global catalog server and do the metadata clean up. As far as renaming not sure about that one. Before i go to bed, thanks for all your help!!!
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26136007
metadata cleanup is best done by following this article:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Global catalog:
http://support.microsoft.com/kb/313994
0
 

Author Closing Comment

by:usshellmh
ID: 31670547
Thanks Alot, brought up my dc2 configured, seized roles, promoted dc2 to global catalog, uninstalled dns on dc1, reinstalled dns on dc1, promoted it, and it is all up and running. Thank You very much for your help!!! This one question is worth the paid membership price.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 26141901
Thank you much for the good comments.

You might want to run DCdiag /v on both DCs to make sure they are fat and happy.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question