Unable to connect to the NETLOGON share! An net use or LsaPolicy operation failed with error 1203,

Hi,

I am seeing this issue come up when I try to do a dcdiag /fix command

      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\RHA-DC-1600\netlogon)
         [RHA-DC-1600] An net use or LsaPolicy operation failed with error 1203,
 No network provider accepted the given network path..
         ......................... RHA-DC-1600 failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\rha-dc-370.rha-dc.mtl.r
ha.ca, when we were trying to reach RHA-DC-1600.
         Server is not responding or is not considered suitable.

I have noticed when I do a shutdown of the rha-dc-370 server, no servers are available for authentication. Although I do have rha-dc-1600.

There is an issue with some kind of replication because all other dcdiag tests pass

Thanks for any help
rha_mtlAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IntegrityOfficeCommented:
If you boot the server up on its own without the other DC there does it think it is a DC or does it still not function correctly?
0
bluntTonyHead of ICTCommented:
HI there,

It looks like RHA-DC-1600 is not sharing out SYSVOL for some reason. Check the event logs on this server, particularly the FRS and Directory Services logs. Let us know what error messages you are getting.

It may be that you need to kickstart FRS on this server using a non-authoritative restore (BURFLAGS D2) : http://support.microsoft.com/kb/290762

However this is speculation at the moment! Let us know what errors you have in event logs.

Tony
0
rha_mtlAuthor Commented:
For the FRS log here is an entry

The File Replication Service is having trouble enabling replication from RHA-DC-370 to RHA-DC-1600 for c:\winnt\sysvol\domain using the DNS name rha-dc-370.rha-dc.mtl.rha.ca. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name rha-dc-370.rha-dc.mtl.rha.ca from this computer.
 [2] FRS is not running on rha-dc-370.rha-dc.mtl.rha.ca.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at


For Directory Services Log here is an entry
This directory partition has not been backed up since at least the following number of days.
 
Directory partition:
DC=ForestDnsZones,DC=rha-dc,DC=mtl,DC=rha,DC=ca
 
'Backup latency interval' (days):
30
 
It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.
 
By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.
 
'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

rha_mtlAuthor Commented:
response to Integrity office

It is difficult for me to test this because our Exchange 2007 server will only work with rha-dc-370 So I cannot shut it down and bring up rha-dc-1600 alone for testing. I tried adding a third dc but this did not help at all.
0
bluntTonyHead of ICTCommented:
So a DCDIAG and NETDIAG on RHA-DC-370 come back clean right?

And you have no issues with FRS on RHA-DC-370 (no event log errors, NETLOGON/SYSVOL are being shared)?

If AD replication is also functioning correctly (which clean DCDIAGs would suggest), then it looks like you may want to perform a D2 restore of the FRS replica which is having troubles.

Are there no other event log errors on either DC referring to FRS?

You may also want to use repadmin to verify AD replication is functioning between the two servers before doing this.

Tony
0
rha_mtlAuthor Commented:
on rha-dc-370 i ran dcdiag /fix here is what i get


Doing primary tests

   Testing server: Default-First-Site-Name\RHA-DC-370
      Starting test: Replications
         ......................... RHA-DC-370 passed test Replications
      Starting test: NCSecDesc
         ......................... RHA-DC-370 passed test NCSecDesc
      Starting test: NetLogons
         ......................... RHA-DC-370 passed test NetLogons
      Starting test: Advertising
         ......................... RHA-DC-370 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... RHA-DC-370 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... RHA-DC-370 passed test RidManager
      Starting test: MachineAccount
         ......................... RHA-DC-370 passed test MachineAccount
      Starting test: Services
         ......................... RHA-DC-370 passed test Services
      Starting test: ObjectsReplicated
         ......................... RHA-DC-370 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... RHA-DC-370 passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... RHA-DC-370 failed test frsevent
      Starting test: kccevent
         ......................... RHA-DC-370 passed test kccevent
      Starting test: systemlog
         ......................... RHA-DC-370 passed test systemlog
      Starting test: VerifyReferences
         ......................... RHA-DC-370 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : rha-dc
      Starting test: CrossRefValidation
         ......................... rha-dc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... rha-dc passed test CheckSDRefDom

   Running enterprise tests on : rha-dc.mtl.rha.ca
      Starting test: Intersite
         ......................... rha-dc.mtl.rha.ca passed test Intersite
      Starting test: FsmoCheck
         ......................... rha-dc.mtl.rha.ca passed test FsmoCheck
0
rha_mtlAuthor Commented:
Here is the event id for frs on rha-dc-370

The File Replication Service has detected that the replica root path has changed from "c:\windows\sysvol\domain" to "c:\windows\sysvol\domain". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path.
This was detected for the following replica set:
    "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
 
Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.
 
 [1] At the first poll which will occur in 60 minutes this computer will be deleted from the replica set.
 [2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

0
rha_mtlAuthor Commented:
netdiag for rha-dc-370
    Computer Name: RHA-DC-370
    DNS Host Name: rha-dc-370.rha-dc.mtl.rha.ca
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB923561
        KB924667-v2
        KB925398_WMP64
        KB925902
        KB927891
        KB929123
        KB930178
        KB931784
        KB931836
        KB932168
        KB933729
        KB933854
        KB935839
        KB935840
        KB936021
        KB936357
        KB936782
        KB938127
        KB941569
        KB941693
        KB942763
        KB943055
        KB943460
        KB943485
        KB944338
        KB944653
        KB945553
        KB946026
        KB948496
        KB948590
        KB949014
        KB950759
        KB950760
        KB950762
        KB950974
        KB951066
        KB951698
        KB951746
        KB951748
        KB952004
        KB952069
        KB952954
        KB953298
        KB954155
        KB954550-v5
        KB955069
        KB955759
        KB956572
        KB956802
        KB956803
        KB956844
        KB957097
        KB958469
        KB958644
        KB958687
        KB958869
        KB959426
        KB960225
        KB960803
        KB960859
        KB961063
        KB961118
        KB961371-v2
        KB961501
        KB967715
        KB967723
        KB968389
        KB968816
        KB969059
        KB969947
        KB970238
        KB971032
        KB971468
        KB971486
        KB971557
        KB971633
        KB971657
        KB971961-IE8
        KB972270
        KB973037
        KB973354
        KB973507
        KB973540
        KB973687
        KB973815
        KB973825
        KB973869
        KB973904
        KB974112
        KB974318
        KB974392
        KB974571
        KB975025
        KB975364-IE8
        KB975467
        KB975560
        KB975713
        KB976098-v2
        KB976325-IE8
        KB977290
        KB977914
        KB978037
        KB978207-IE8
        KB978251
        KB978262
        KB978506-IE8
        KB978706
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : rha-dc-370
        IP Address . . . . . . . . : 192.168.1.7
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.9
        Primary WINS Server. . . . : 192.168.1.5
        Secondary WINS Server. . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.5
                                     192.168.1.7

        IpConfig results . . . . . : Failed
            Pinging the Secondary WINS server 192.168.1.1 - not reachable

        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed

        Ipx configration
            Network Number . . . . : 00000100
            Node . . . . . . . . . : 00508bdcad17
            Frame type . . . . . . : 802.2



    Adapter : IPX Internal Interface

        Netcard queries test . . . : Passed

        Ipx configration
            Network Number . . . . : 00000000
            Node . . . . . . . . . : 000000000001
            Frame type . . . . . . : Ethernet II



    Adapter : IpxLoopbackAdapter

        Netcard queries test . . . : Passed

        Ipx configration
            Network Number . . . . : 00000100
            Node . . . . . . . . . : 00508bdcad17
            Frame type . . . . . . : 802.2



    Adapter : NDISWANIPX

        Netcard queries test . . . : Passed

        Ipx configration
            Network Number . . . . : 00000000
            Node . . . . . . . . . : 622120524153
            Frame type . . . . . . : Ethernet II




Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{75E69A25-82B6-4A90-83D9-0023F7E67FE2}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.5'
 and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.7'
 and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{75E69A25-82B6-4A90-83D9-0023F7E67FE2}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{75E69A25-82B6-4A90-83D9-0023F7E67FE2}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
    Secure channel for domain 'RHA-DC' is to '\\RHA-DC-1600'.


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Failed
    [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).


Netware configuration
    You are not logged in to your preferred server .
    Netware User Name. . . . . . . :
    Netware Server Name. . . . . . :
    Netware Tree Name. . . . . . . :
    Netware Workstation Context. . :

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

0
ARK-DSCommented:
Hi,

I think you pasted 13508 in your post. was it followed by a 13509?
Do you have multiple NICs on the servers? If yes, make sure that the internal and appropriate NIC is on top priority in "Advanced Properties" in ncpa.cpl (network connections).

regards,

Arun.
0
bluntTonyHead of ICTCommented:
Stab in the dark, but is RHA-DC-370 a P2V by any chance (converted from physical to virtual)?

On RHA-DC-370, try creating the file 'NTFRS_CMD_FILE_MOVE_ROOT' in 'c:\windows\sysvol\domain' and restart the FRS service as detailed in the event log message. This usually fixes this error.

Let us know how you get on.

Tony
0
bluntTonyHead of ICTCommented:
(the file has no extension either)
0
bluntTonyHead of ICTCommented:
MS article detailing steps: http://support.microsoft.com/?id=887440

This usually can happen if SYSVOL has been restored from a backup, or a P2V or image etc.
0
rha_mtlAuthor Commented:
I did as suggested on rha-dc-370 here is the event viewer for this

The File Replication Service is having trouble enabling replication from RHA-DC-1600 to RHA-DC-370 for c:\windows\sysvol\domain using the DNS name rha-dc-1600.rha-dc.mtl.rha.ca. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name rha-dc-1600.rha-dc.mtl.rha.ca from this computer.
 [2] FRS is not running on rha-dc-1600.rha-dc.mtl.rha.ca.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

For more information, see Help and Support Center at
0
rha_mtlAuthor Commented:
Neither one of these servers are image servers. They are stand alone servers. The mtl-dc2 is a new server that is on an image server.

But both rha-dc-370 and rha-dc-1600 are stand alone servers both gc's and they both only have one nic card.

Also, I have just started at this company several months ago and inherited these 2 systems and the network. I would assume that these issues have been persisting for a while. The first clue something was wrong was that when rha-dc-370 was rebooted no one could log on to the network although we had another dc rha-dc-1600.

Also, last night I tried to run a dcpromo on rha-dc-370 and it told me that when the it asks to select is this the last domain controller I made sure it was not seelcted and a message came back telling me that it is the last domain controller and could not communicate with any other dc on the network so therefore if I wanted to continue that it might lose some information. So I canceled it.

0
rha_mtlAuthor Commented:
Thanks bluntTony its finally working

I added the NTFRS_CMD_FILE_MOVE_ROOT to both servers rha-dc-1600 and rha-dc-370 and they are now replicating. No error messages on either system. Now I will shut the system down and see if all is working.

Question. The file NTFRS_CMD_FILE_MOVE_ROOT is still in the sysvol\domain can I remove this now or should I leave it?
0
bluntTonyHead of ICTCommented:
Once FRS is all working again and you have confirmed replication is OK, then you can remove this file.

The creation of the file triggers the process which fixes things. Once this process is complete it is not needed.

Tony
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rha_mtlAuthor Commented:
Great thanks.

It all works now. I did a dcpromo on rha-dc-370 and then removed it from the domain and all is working.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.