• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1715
  • Last Modified:

Errors 1030 and 1058 in event log every 5 minutes

Server 2003 SBS domain with 3 additional domain controllers and a stand alone server.
This one I have tried everything...
We had a Rootkit Virus a few months ago, we converted the server using ESXI. The server needed a repair install, and a lot of repair work, but it is back to normal,,,
Some time ago, on all of the S2003 servers,but NOT the SBS server, Errors 1030 and 1058 would show up every 5 minutes. On the DC that holds SBS, these errors are not present.
One S2003 server would freeze and have to be rebooted every few days (Although I do Not believe his is related)
I have checked and reset permissions on the sysvol folder, purged the MupCache.
I have added a new Server 2003 on Hyper-v it logs the errors also.
I have a feeling that this is a replication issue, but I have exhausted all options, and I feel Active directory is damaged.
Any help and suggestions will be appreciated, thanks for all your help.
0
chrismaksimik
Asked:
chrismaksimik
1 Solution
 
chkdsk01Commented:
Did you take a look at this KB article?
http://support.microsoft.com/kb/842804

It looks like a GP related error.  First I would check the path to the gpt.ini file (see kb article) and make sure it exists.

Also, per the kb article, I would either try to put the latest service pack on or reinstall the latest SP.

Lastly, perhaps try to open gpedit and look at the policy in question.  Drill down to it in gpedit and see if there is a yellow exclamation mark.  If so, this usually means the user or the computer configuratino got disabled.  Try toggling the setting to get the policy working again.
0
 
ChiefITCommented:
You do have a replication problem. FRS is the replication process for the sysvol and netlogon shares. FRS problems stem from discrepancies in DNS 99.99% of the time.

FIRTS OFF: Let's provide you with some ammo to understand what's going on.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/A_1073-Diagnosing-and-repairing-Events-1030-and-1058.html

Now, you can open up a 50 point question in DNS to perform DNS troubleshooting. Once done with fixing all DNS discrepancies, then we can reset your replication set, UNLESS we are looking at some tombstoned servers.
0
 
ChiefITCommented:
When posting a DNS troubleshooting question, MAKE SURE, you link this thread within your question.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
chrismaksimikAuthor Commented:
OK, I followed the Link, and I see that I have C:\WINDOWS\SYSVOL\sysvol\(Domain name)\scripts.
apparently this is not correct? Should I just cut/paste sysvol subfolder to the root of c:\windows?
0
 
chrismaksimikAuthor Commented:
I tried this:
 REPADMIN /SHOWREPS %UPSTREAMCOMPUTER%
REPADMIN /SHOWREPS %DOWNSTREAMCOMPUTER%

both times, I received this:
[d:\srv03rtm\ds\ds\src\util\repadmin\repbind.c, 154] LDAP error 81 (server Down) Win32 Err 58.
0
 
chrismaksimikAuthor Commented:
The server never goes into standby, I tried that first solution with the service pack reinstall, the errors are every 5 minutes., It didnt work....
0
 
ChiefITCommented:
You have DNS related issues. AD is not seeing the LDAP servers. This is an SRV record within DNS.

Please provide the output of going to the command prompt and typing:

DCdiag /test:DNS > DNS.txt
and
DCdiag /v > DCdiag.txt

You will need to do this on one DC showing problems. Let's get to the root of the problem.
0
 
chrismaksimikAuthor Commented:
Still working on the dns issues. I noticed that All of the DC's and PC's have this error. the Pcs are more sporadic in the event logs.
0
 
chrismaksimikAuthor Commented:
I transferred all FSMO roles to A new Server 2003 server. and all errors stopped. I demoted the old server using DCPromo, and all seemed to work OK,  Funny thing, The Server membership changed to a workgroup server. So I changed it back to domain membership as a member server, and the errors came back on the new DC.

i hope this sheds some light on the subject
0
 
ChiefITCommented:
If it's now a member server, your remaining DC has metadata on it to replicate the Syvol and Netlogon shares. You don't want that metadata.

Please follow this link for DNS, FRS, and AD metadata cleanup on the remaining DC.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
chrismaksimikAuthor Commented:
This is exactly the site that i went to when I transferred the roles. I will go through this again, to make sure no residual serverobjects are there. i will post my results
0
 
ChiefITCommented:
Any luck, boss?
0
 
chrismaksimikAuthor Commented:
I looked in the system properties of the computer name. it was servername.location.domain.local.
I renamed it to servername.domain.local, I did the same thing on network settings/tcpip/advanced/dns and the event errors went away.

Well, they are not happenning every 5 minutes anymore. its now like every 2 hours... So Were getting there!

And sorry for the Delay
0
 
chrismaksimikAuthor Commented:
its still happenning on the new server every 5 min. this is getting crazy. i thought i had it licked!
0
 
ChiefITCommented:
Oh, you renamed a server while it was an active server?

What roles does the SBS server play?

Were you considering retiring it?
0
 
chrismaksimikAuthor Commented:
Not the name, but the DNS suffix of the secondary DC. (Not the SBS Server)
I still have the errors On the New DC, NOT the SBS server. The Old Secondary DC has been reverted to a Member server.Now we have a SBS server and a second DC, both 2003.
The SBS server handles Exchange, Printing, Companyweb, and some file sharing.

Looking in the event logs, I see the server had a successful event, 2/28/2011, event ID 1704 Source: sceCli. The security Policy in GPO has been applied Successfully.
This is at 7:56 PM.
At 8:01 I get a warning: error 53258  MSDTC
MS DTC could not process a Promotion/demotion event. No Callstack.
At 8:01, I get the 1058 1030 errors every 5 minutes until 3/30/2011.
Out of the Blue, I get the Success again
SCECli 1704 Security Policy has been applied successfully.

No similar events as of yet. Nothing in the system log, FRS log, DNS log to indicate issue.(At least with this server)
I am going to look at the event Logs of the SBS server to see any clues.
0
 
chrismaksimikAuthor Commented:
Nothing in the event logs of the SBS server To shed light on This issue.
At 5:40 on the 30th(After the Successful replication event) There is  an event ID 106,
Source: EventForwarderOperation

Subsription Policy has changed

From 3/30/2011 5:18 PM until 8:13 there were no error events until:
error 1003
SceSrv
Notification of Policy change from LSA/SAM has been retried and Failed.Error 4312 to save Policy change for account s-1-5-21................
Again at 5:23 PM , and 1 day later at 5:24 PM on 4/1/2011.

I really hope this sheds some light on this.
0
 
ChiefITCommented:
Yes, it does. It appears you have metadata of an old server left on that server.

On your problem child server, go to the command prompt and type:

DCdiag /v

and DCdiag /Test:DNS

So, i can see the diagnostics.
0
 
chrismaksimikAuthor Commented:
I will post in2 different windows. I have also created a NEW SBS2003 R2 server, and am slowly going through the migration steps, after installing Active directory and transferring roles, the NEW server is also having these same issues, replicating to the 2nd domain controller. SBS setup on the New is not complete, This is just for information. It seems like AD is damaged in some way?
0
 
chrismaksimikAuthor Commented:
0
 
chrismaksimikAuthor Commented:
I see the old DNS server(No Longer a DNS server is still in there..... testdns.txt
0
 
chrismaksimikAuthor Commented:
I have set up a New 2003 SBS r2 Server on 2008 core  Hyper-v.

Still getting the errors. How does this happen? Could it just be that the domain is corrupt or something?
0
 
ChiefITCommented:
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.101.14
               Name resolution is not functional. _ldap._tcp.AmericanSale.local. failed on the DNS server 192.168.101.14

Remove the old DNS server from the list:

Also, remove reference to the loopback. On the remaining server, ensure that the NIC card properties doesn't have the old server listed there as an alternate server for DNS resolution. So, there are three DNS discrepancies plausible:
1) the old server DNS resides in SRV records as a server that it should replicate with.
2) the fwd lookup has a loopback address record referencing the server
3) the remaining server may have the NIC card configured to seek out the old server.
0
 
chrismaksimikAuthor Commented:
I removed the two Old DNS servers, although they are still serving a small purpose on the network, I will follow those actions in a day or so and get back to you. sorry for the delay there have been many projects and I have not been following this issue.
0
 
chrismaksimikAuthor Commented:
I found this, I deleted the bad policy, since the domain name was correct...
http://support.microsoft.com/kb/888943
0
 
chrismaksimikAuthor Commented:
The suggestions led me to the correct solution
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now