Solved

Active directory

Posted on 2010-11-22
6
1,746 Views
Last Modified: 2012-05-10
Hi!

I have 3 domain controlers
2x 2008
1x 2003 server

When i use the nltest /server:dcN.domain.local /sc_verify:domain.local
i get: on the 2 of them OK status
on one of them i get
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

i did some tests and when i moved the role "Domain Role Owner" from the server i had the error to another DC the error moved also

is there any connection with the Domain role owner role? and the 1355 error?

0
Comment
Question by:virtualjim
  • 3
  • 2
6 Comments
 
LVL 2

Author Comment

by:virtualjim
ID: 34188336
To be more clear about:

1. dc1 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

2. dc2 server
no FMSO role
testing nltest /sc_verify:domain.local
success

now i move fmso domain owner rule to server DC2

1. dc1 server
FMSO none
testing nltest /sc_verify:domain.local
sucess

2. dc2 server
FMSO role "domain owner role"
testing nltest /sc_verify:domain.local
error:  I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN

?!?!?
0
 
LVL 3

Expert Comment

by:elmagoal
ID: 34188914
0
 
LVL 2

Author Comment

by:virtualjim
ID: 34188976
Elmagoal:

the KB you send says about netbios and dns name resolutions, which if you read my comment shows that i do use dns to do resolve...
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 21

Expert Comment

by:snusgubben
ID: 34190020
What you're seeing is normal as "nltest /sc_query" is not reliable. It reports the status of the secure channel the last time it was used and by which DC that used the SC. It don't report the current SC status.

If DC1 authenticated towards DC2, both DC1 and DC2 will report back that the SC on DC1 was ok.

You will get the 1355 error on DC2 (nltest /server:dc2 /sc_query:domain.com)
0
 
LVL 2

Author Comment

by:virtualjim
ID: 34191430
snusgubben:

i guess i understand what you are saying, but i dont know hat has the role domain owner has to do with it?

so the nltest /sc_verify:domain.local is not reliable as a test?

0
 
LVL 21

Accepted Solution

by:
snusgubben earned 500 total points
ID: 34192131
It has nothing to do with the Domain Naming Master, that I'm aware of. Why should it?!

I guess if you transfered i.e. the PDC, you'd get the same result.

"nltest /sc_verify:domain.com" is not a reliable test to check the current secure channel status because it reports the last known state.

If the SC is broken you'll get replication errors and access denied in ie. dcdiag logs.

If replication is good, then the SC is good. Verify with ie. "repadmin /replsum"

 
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question