Solved

Active directory

Posted on 2010-11-22
6
1,765 Views
Last Modified: 2012-05-10
Hi!

I have 3 domain controlers
2x 2008
1x 2003 server

When i use the nltest /server:dcN.domain.local /sc_verify:domain.local
i get: on the 2 of them OK status
on one of them i get
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

i did some tests and when i moved the role "Domain Role Owner" from the server i had the error to another DC the error moved also

is there any connection with the Domain role owner role? and the 1355 error?

0
Comment
Question by:virtualjim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 2

Author Comment

by:virtualjim
ID: 34188336
To be more clear about:

1. dc1 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

2. dc2 server
no FMSO role
testing nltest /sc_verify:domain.local
success

now i move fmso domain owner rule to server DC2

1. dc1 server
FMSO none
testing nltest /sc_verify:domain.local
sucess

2. dc2 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

?!?!?
0
 
LVL 3

Expert Comment

by:elmagoal
ID: 34188914
0
 
LVL 2

Author Comment

by:virtualjim
ID: 34188976
Elmagoal:

the KB you send says about netbios and dns name resolutions, which if you read my comment shows that i do use dns to do resolve...
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 21

Expert Comment

by:snusgubben
ID: 34190020
What you're seeing is normal as "nltest /sc_query" is not reliable. It reports the status of the secure channel the last time it was used and by which DC that used the SC. It don't report the current SC status.

If DC1 authenticated towards DC2, both DC1 and DC2 will report back that the SC on DC1 was ok.

You will get the 1355 error on DC2 (nltest /server:dc2 /sc_query:domain.com)
0
 
LVL 2

Author Comment

by:virtualjim
ID: 34191430
snusgubben:

i guess i understand what you are saying, but i dont know hat has the role domain owner has to do with it?

so the nltest /sc_verify:domain.local is not reliable as a test?

0
 
LVL 21

Accepted Solution

by:
snusgubben earned 500 total points
ID: 34192131
It has nothing to do with the Domain Naming Master, that I'm aware of. Why should it?!

I guess if you transfered i.e. the PDC, you'd get the same result.

"nltest /sc_verify:domain.com" is not a reliable test to check the current secure channel status because it reports the last known state.

If the SC is broken you'll get replication errors and access denied in ie. dcdiag logs.

If replication is good, then the SC is good. Verify with ie. "repadmin /replsum"

 
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question