Solved

Errors after upgrading AD to 2008 R2

Posted on 2010-11-16
9
1,044 Views
Last Modified: 2012-06-27
Yesterday I upgraded our schema and domain from 2003 to 2008 R2.  Both /forestprep and /domainprep completed without any errors, and everything appears to be working fine. However, I do have some new errors in the System log and Directory service log that I've never seen before that I'd like to resolve.

In the System log, it starts with four error events logged at the exact same time:

Service Control Manger ( Event ID 7022 ):
The Kerberos Key Distribution Center service hung on starting.

Service Control Manger ( Event ID 7001 ):
The HTTP SSL service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The World Wide Web Publishing Service service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Then about two minutes thereafter, the Directory Service logs this error:

NTDS Inter-site Messaging ( Event ID 1832 ):
The SMTP domain administrative namespace is not available at this time. Mail-based replication cannot be configured until this condition is corrected.
 
As a result, intersite replication using the SMTP transport between the local domain controller and all domain controllers in other sites will fail.
 
Replication using SMTP will be tried again later.
 
Additional Data
Error value:
80070422 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

I believe the errors are related due to timing proximity, but I can't find anything on them (particularly the last one).  We are a small business with only two domain controllers... we are not doing any inter-site replication.

Generally everything seems to be working, but I would like to resolve these errors rather than just ignore them just in case.

Thanks for your insight.

0
Comment
Question by:bllarson
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147598
What do you mean timing proximity?  Are the DCs within 5 minutes.  Do the erros appear on both DCs?

Is the IIS service starting

How does dcdiag look?

Thanks

Mike
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147733
The first four errors seem to be a result of IIS not running. When you installed the OS, what role did you setup the server to perform?  Also what are you using this sever for?
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147766
Also you might find the following article helpful:
http://technet.microsoft.com/en-us/library/cc431377.aspx
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:bllarson
ID: 34147787
By timing proximity I mean that both times I have seen these errors, the four Service Control Manager errors in the System log occur shortly before the Directory Service error. (Just over 2 minutes and 30 seconds).  
Another important piece of information...  both times these errors occurred was just after the server was rebooted. (Sorry for leaving that out.)

The IIS service is *not* starting.  It is disabled. The server generating these errors is a DC (FSMO master), and a print server.  It has been running for several years in these roles. (Should IIS be enabled?)

The errors *are not* occurring on the other DC.

DCDIAG on both domain controllers results in %100 'passed test'.
0
 
LVL 2

Accepted Solution

by:
cranakis earned 500 total points
ID: 34147824
No you dont need IIS running on a print server.  Probably during setup Windows got the idea that the box would be doing more than just print serving.  You can just ignore the errors, they wont affect you.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147903
DCDIAG on both domain controllers results in %100 'passed test'.

...that is very good to hear :)
0
 

Author Comment

by:bllarson
ID: 34147990
Yea... as I said, everything *looks* OK operationally.  I just don't like new errors I've never seen before; particularly after a schema upgrade. I like nice clean logs.

So (just rephrasing to make sure I'm understanding cranakis), you're asserting that if I turned on IIS these errors would go away? And that given I don't need IIS on this sever, I can write these off as idiot-lights?  
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34148125
That is correct.  You do not need IIS for print serving.
0
 

Author Closing Comment

by:bllarson
ID: 34148253
I guess that good enough.

Ideally, I would have liked to make an adjustment so the errors don't occur at all.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

827 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question