Solved

Errors after upgrading AD to 2008 R2

Posted on 2010-11-16
9
1,041 Views
Last Modified: 2012-06-27
Yesterday I upgraded our schema and domain from 2003 to 2008 R2.  Both /forestprep and /domainprep completed without any errors, and everything appears to be working fine. However, I do have some new errors in the System log and Directory service log that I've never seen before that I'd like to resolve.

In the System log, it starts with four error events logged at the exact same time:

Service Control Manger ( Event ID 7022 ):
The Kerberos Key Distribution Center service hung on starting.

Service Control Manger ( Event ID 7001 ):
The HTTP SSL service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The World Wide Web Publishing Service service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Then about two minutes thereafter, the Directory Service logs this error:

NTDS Inter-site Messaging ( Event ID 1832 ):
The SMTP domain administrative namespace is not available at this time. Mail-based replication cannot be configured until this condition is corrected.
 
As a result, intersite replication using the SMTP transport between the local domain controller and all domain controllers in other sites will fail.
 
Replication using SMTP will be tried again later.
 
Additional Data
Error value:
80070422 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

I believe the errors are related due to timing proximity, but I can't find anything on them (particularly the last one).  We are a small business with only two domain controllers... we are not doing any inter-site replication.

Generally everything seems to be working, but I would like to resolve these errors rather than just ignore them just in case.

Thanks for your insight.

0
Comment
Question by:bllarson
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147598
What do you mean timing proximity?  Are the DCs within 5 minutes.  Do the erros appear on both DCs?

Is the IIS service starting

How does dcdiag look?

Thanks

Mike
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147733
The first four errors seem to be a result of IIS not running. When you installed the OS, what role did you setup the server to perform?  Also what are you using this sever for?
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147766
Also you might find the following article helpful:
http://technet.microsoft.com/en-us/library/cc431377.aspx
0
 

Author Comment

by:bllarson
ID: 34147787
By timing proximity I mean that both times I have seen these errors, the four Service Control Manager errors in the System log occur shortly before the Directory Service error. (Just over 2 minutes and 30 seconds).  
Another important piece of information...  both times these errors occurred was just after the server was rebooted. (Sorry for leaving that out.)

The IIS service is *not* starting.  It is disabled. The server generating these errors is a DC (FSMO master), and a print server.  It has been running for several years in these roles. (Should IIS be enabled?)

The errors *are not* occurring on the other DC.

DCDIAG on both domain controllers results in %100 'passed test'.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Accepted Solution

by:
cranakis earned 500 total points
ID: 34147824
No you dont need IIS running on a print server.  Probably during setup Windows got the idea that the box would be doing more than just print serving.  You can just ignore the errors, they wont affect you.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147903
DCDIAG on both domain controllers results in %100 'passed test'.

...that is very good to hear :)
0
 

Author Comment

by:bllarson
ID: 34147990
Yea... as I said, everything *looks* OK operationally.  I just don't like new errors I've never seen before; particularly after a schema upgrade. I like nice clean logs.

So (just rephrasing to make sure I'm understanding cranakis), you're asserting that if I turned on IIS these errors would go away? And that given I don't need IIS on this sever, I can write these off as idiot-lights?  
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34148125
That is correct.  You do not need IIS for print serving.
0
 

Author Closing Comment

by:bllarson
ID: 34148253
I guess that good enough.

Ideally, I would have liked to make an adjustment so the errors don't occur at all.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now