?
Solved

Errors after upgrading AD to 2008 R2

Posted on 2010-11-16
9
Medium Priority
?
1,056 Views
Last Modified: 2012-06-27
Yesterday I upgraded our schema and domain from 2003 to 2008 R2.  Both /forestprep and /domainprep completed without any errors, and everything appears to be working fine. However, I do have some new errors in the System log and Directory service log that I've never seen before that I'd like to resolve.

In the System log, it starts with four error events logged at the exact same time:

Service Control Manger ( Event ID 7022 ):
The Kerberos Key Distribution Center service hung on starting.

Service Control Manger ( Event ID 7001 ):
The HTTP SSL service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The World Wide Web Publishing Service service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Then about two minutes thereafter, the Directory Service logs this error:

NTDS Inter-site Messaging ( Event ID 1832 ):
The SMTP domain administrative namespace is not available at this time. Mail-based replication cannot be configured until this condition is corrected.
 
As a result, intersite replication using the SMTP transport between the local domain controller and all domain controllers in other sites will fail.
 
Replication using SMTP will be tried again later.
 
Additional Data
Error value:
80070422 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

I believe the errors are related due to timing proximity, but I can't find anything on them (particularly the last one).  We are a small business with only two domain controllers... we are not doing any inter-site replication.

Generally everything seems to be working, but I would like to resolve these errors rather than just ignore them just in case.

Thanks for your insight.

0
Comment
Question by:bllarson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147598
What do you mean timing proximity?  Are the DCs within 5 minutes.  Do the erros appear on both DCs?

Is the IIS service starting

How does dcdiag look?

Thanks

Mike
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147733
The first four errors seem to be a result of IIS not running. When you installed the OS, what role did you setup the server to perform?  Also what are you using this sever for?
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147766
Also you might find the following article helpful:
http://technet.microsoft.com/en-us/library/cc431377.aspx
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:bllarson
ID: 34147787
By timing proximity I mean that both times I have seen these errors, the four Service Control Manager errors in the System log occur shortly before the Directory Service error. (Just over 2 minutes and 30 seconds).  
Another important piece of information...  both times these errors occurred was just after the server was rebooted. (Sorry for leaving that out.)

The IIS service is *not* starting.  It is disabled. The server generating these errors is a DC (FSMO master), and a print server.  It has been running for several years in these roles. (Should IIS be enabled?)

The errors *are not* occurring on the other DC.

DCDIAG on both domain controllers results in %100 'passed test'.
0
 
LVL 2

Accepted Solution

by:
cranakis earned 1500 total points
ID: 34147824
No you dont need IIS running on a print server.  Probably during setup Windows got the idea that the box would be doing more than just print serving.  You can just ignore the errors, they wont affect you.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147903
DCDIAG on both domain controllers results in %100 'passed test'.

...that is very good to hear :)
0
 

Author Comment

by:bllarson
ID: 34147990
Yea... as I said, everything *looks* OK operationally.  I just don't like new errors I've never seen before; particularly after a schema upgrade. I like nice clean logs.

So (just rephrasing to make sure I'm understanding cranakis), you're asserting that if I turned on IIS these errors would go away? And that given I don't need IIS on this sever, I can write these off as idiot-lights?  
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34148125
That is correct.  You do not need IIS for print serving.
0
 

Author Closing Comment

by:bllarson
ID: 34148253
I guess that good enough.

Ideally, I would have liked to make an adjustment so the errors don't occur at all.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question