Solved

Active directory

Posted on 2010-11-22
6
1,731 Views
Last Modified: 2012-05-10
Hi!

I have 3 domain controlers
2x 2008
1x 2003 server

When i use the nltest /server:dcN.domain.local /sc_verify:domain.local
i get: on the 2 of them OK status
on one of them i get
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

i did some tests and when i moved the role "Domain Role Owner" from the server i had the error to another DC the error moved also

is there any connection with the Domain role owner role? and the 1355 error?

0
Comment
Question by:virtualjim
  • 3
  • 2
6 Comments
 
LVL 2

Author Comment

by:virtualjim
Comment Utility
To be more clear about:

1. dc1 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

2. dc2 server
no FMSO role
testing nltest /sc_verify:domain.local
success

now i move fmso domain owner rule to server DC2

1. dc1 server
FMSO none
testing nltest /sc_verify:domain.local
sucess

2. dc2 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

?!?!?
0
 
LVL 3

Expert Comment

by:elmagoal
Comment Utility
0
 
LVL 2

Author Comment

by:virtualjim
Comment Utility
Elmagoal:

the KB you send says about netbios and dns name resolutions, which if you read my comment shows that i do use dns to do resolve...
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 21

Expert Comment

by:snusgubben
Comment Utility
What you're seeing is normal as "nltest /sc_query" is not reliable. It reports the status of the secure channel the last time it was used and by which DC that used the SC. It don't report the current SC status.

If DC1 authenticated towards DC2, both DC1 and DC2 will report back that the SC on DC1 was ok.

You will get the 1355 error on DC2 (nltest /server:dc2 /sc_query:domain.com)
0
 
LVL 2

Author Comment

by:virtualjim
Comment Utility
snusgubben:

i guess i understand what you are saying, but i dont know hat has the role domain owner has to do with it?

so the nltest /sc_verify:domain.local is not reliable as a test?

0
 
LVL 21

Accepted Solution

by:
snusgubben earned 500 total points
Comment Utility
It has nothing to do with the Domain Naming Master, that I'm aware of. Why should it?!

I guess if you transfered i.e. the PDC, you'd get the same result.

"nltest /sc_verify:domain.com" is not a reliable test to check the current secure channel status because it reports the last known state.

If the SC is broken you'll get replication errors and access denied in ie. dcdiag logs.

If replication is good, then the SC is good. Verify with ie. "repadmin /replsum"

 
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now