Solved

Errors after upgrading AD to 2008 R2

Posted on 2010-11-16
9
1,052 Views
Last Modified: 2012-06-27
Yesterday I upgraded our schema and domain from 2003 to 2008 R2.  Both /forestprep and /domainprep completed without any errors, and everything appears to be working fine. However, I do have some new errors in the System log and Directory service log that I've never seen before that I'd like to resolve.

In the System log, it starts with four error events logged at the exact same time:

Service Control Manger ( Event ID 7022 ):
The Kerberos Key Distribution Center service hung on starting.

Service Control Manger ( Event ID 7001 ):
The HTTP SSL service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Service Control Manger ( Event ID 7001 ):
The World Wide Web Publishing Service service depends on the IIS Admin Service service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Then about two minutes thereafter, the Directory Service logs this error:

NTDS Inter-site Messaging ( Event ID 1832 ):
The SMTP domain administrative namespace is not available at this time. Mail-based replication cannot be configured until this condition is corrected.
 
As a result, intersite replication using the SMTP transport between the local domain controller and all domain controllers in other sites will fail.
 
Replication using SMTP will be tried again later.
 
Additional Data
Error value:
80070422 The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

I believe the errors are related due to timing proximity, but I can't find anything on them (particularly the last one).  We are a small business with only two domain controllers... we are not doing any inter-site replication.

Generally everything seems to be working, but I would like to resolve these errors rather than just ignore them just in case.

Thanks for your insight.

0
Comment
Question by:bllarson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147598
What do you mean timing proximity?  Are the DCs within 5 minutes.  Do the erros appear on both DCs?

Is the IIS service starting

How does dcdiag look?

Thanks

Mike
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147733
The first four errors seem to be a result of IIS not running. When you installed the OS, what role did you setup the server to perform?  Also what are you using this sever for?
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34147766
Also you might find the following article helpful:
http://technet.microsoft.com/en-us/library/cc431377.aspx
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:bllarson
ID: 34147787
By timing proximity I mean that both times I have seen these errors, the four Service Control Manager errors in the System log occur shortly before the Directory Service error. (Just over 2 minutes and 30 seconds).  
Another important piece of information...  both times these errors occurred was just after the server was rebooted. (Sorry for leaving that out.)

The IIS service is *not* starting.  It is disabled. The server generating these errors is a DC (FSMO master), and a print server.  It has been running for several years in these roles. (Should IIS be enabled?)

The errors *are not* occurring on the other DC.

DCDIAG on both domain controllers results in %100 'passed test'.
0
 
LVL 2

Accepted Solution

by:
cranakis earned 500 total points
ID: 34147824
No you dont need IIS running on a print server.  Probably during setup Windows got the idea that the box would be doing more than just print serving.  You can just ignore the errors, they wont affect you.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34147903
DCDIAG on both domain controllers results in %100 'passed test'.

...that is very good to hear :)
0
 

Author Comment

by:bllarson
ID: 34147990
Yea... as I said, everything *looks* OK operationally.  I just don't like new errors I've never seen before; particularly after a schema upgrade. I like nice clean logs.

So (just rephrasing to make sure I'm understanding cranakis), you're asserting that if I turned on IIS these errors would go away? And that given I don't need IIS on this sever, I can write these off as idiot-lights?  
0
 
LVL 2

Expert Comment

by:cranakis
ID: 34148125
That is correct.  You do not need IIS for print serving.
0
 

Author Closing Comment

by:bllarson
ID: 34148253
I guess that good enough.

Ideally, I would have liked to make an adjustment so the errors don't occur at all.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question