Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1818
  • Last Modified:

Active directory

Hi!

I have 3 domain controlers
2x 2008
1x 2003 server

When i use the nltest /server:dcN.domain.local /sc_verify:domain.local
i get: on the 2 of them OK status
on one of them i get
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

i did some tests and when i moved the role "Domain Role Owner" from the server i had the error to another DC the error moved also

is there any connection with the Domain role owner role? and the 1355 error?

0
virtualjim
Asked:
virtualjim
  • 3
  • 2
1 Solution
 
virtualjimAuthor Commented:
To be more clear about:

1. dc1 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

2. dc2 server
no FMSO role
testing nltest /sc_verify:domain.local
success

now i move fmso domain owner rule to server DC2

1. dc1 server
FMSO none
testing nltest /sc_verify:domain.local
sucess

2. dc2 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

?!?!?
0
 
elmagoalCommented:
0
 
virtualjimAuthor Commented:
Elmagoal:

the KB you send says about netbios and dns name resolutions, which if you read my comment shows that i do use dns to do resolve...
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
snusgubbenCommented:
What you're seeing is normal as "nltest /sc_query" is not reliable. It reports the status of the secure channel the last time it was used and by which DC that used the SC. It don't report the current SC status.

If DC1 authenticated towards DC2, both DC1 and DC2 will report back that the SC on DC1 was ok.

You will get the 1355 error on DC2 (nltest /server:dc2 /sc_query:domain.com)
0
 
virtualjimAuthor Commented:
snusgubben:

i guess i understand what you are saying, but i dont know hat has the role domain owner has to do with it?

so the nltest /sc_verify:domain.local is not reliable as a test?

0
 
snusgubbenCommented:
It has nothing to do with the Domain Naming Master, that I'm aware of. Why should it?!

I guess if you transfered i.e. the PDC, you'd get the same result.

"nltest /sc_verify:domain.com" is not a reliable test to check the current secure channel status because it reports the last known state.

If the SC is broken you'll get replication errors and access denied in ie. dcdiag logs.

If replication is good, then the SC is good. Verify with ie. "repadmin /replsum"

 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now