?
Solved

Event IDs 1645, 1655, and 1126 on 2008 R2 DC

Posted on 2011-03-15
7
Medium Priority
?
4,825 Views
Last Modified: 2013-01-24
I have 3 DCs in a domain (see related question for more info). On my DC that holds 4 of the 5 FSMO roles, I am getting the 3 errors below in the order listed. We had an old DC that has been removed from the domain but I have verified its removal in all aspects of DNS and AD.

Event ID 1645:
Active Directory Domain Services did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN.
 
Destination directory server:
\\Fileserv3.naaccr.local
SPN:
GC/Fileserv3.naaccr.local/naaccr.local@naaccr.local
 
User Action
Verify that the names of the destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server?s account data to replicate to the KDC before this directory server can be authenticated.

Event ID 1655:
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
 
Global catalog:
\\Fileserv3.naaccr.local
 
The operation in progress might be unable to continue. Active Directory Domain Services will use the domain controller locator to try to find an available global catalog server.
 
Additional Data
Error value:
1396 Logon Failure: The target account name is incorrect.

Event ID 1126:
Active Directory Domain Services was unable to establish a connection with the global catalog.
 
Additional Data
Error value:
8430 The directory service encountered an internal failure.
Internal ID:
3200db0
 
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

The error messages above appear once per hour starting 15 minutes after AD DS is restarted. When I force replication using the Sites & Services snap-in, everything looks fine and I get no error messages. repladmin shows all replication completed successfully. dcdiag shows everything is OK except for the errors listed above and Event ID 1055 saying that the processing of group policy failed and Event ID 40961 saying that the Security System could not establish a secured connection with the server <name of local server>. No authentication protocol was available.  The only odd thing I've encountered is that when I ping the server from itself, it returns the IPv6 address instead of the IPv4 address. I tried forcing it to return IPv4 by using the hosts file but I received the same errors after restarting AD DS.
0
Comment
Question by:Maximus5684
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35143128
Go to Network Connections change the binding order so IPv4 is listed first.

http://thebackroomtech.com/2009/01/15/howto-edit-network-card-bindings-in-windows-server-2008/
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35143153
Check over these as well.

http://technet.microsoft.com/en-us/library/cc756429(WS.10).aspx

http://support.microsoft.com/kb/305837

Make sure time is sync properly.

Is the server the event is stating it is having issues with working properly?
0
 
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35146298
pls share the result of dcdiag
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 3

Author Comment

by:Maximus5684
ID: 35148096
The binding order is correct (IPv4 first on both protocols). The SPNs are correct and replication is happening properly. Time sync also seems to be happening properly, but I'm really not sure on this one because I don't know how to properly check it.

Yes, these events are happening on the server that is having the problem. Other clients are also having trouble getting group policy from the server. I'm getting RSoP errors on my local machine and a few others. I'm also getting this error on my local machine: The Security System could not establish a secured connection with the server LDAP/mailserv2.naaccr.local/naaccr.local@NAACCR.LOCAL (different server than the one with the errors). No authentication protocol was available.

Here are the results of DCDiag:

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Fileserv3
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\FILESERV3
      Starting test: Connectivity
         ......................... FILESERV3 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\FILESERV3
      Starting test: Advertising
         ......................... FILESERV3 passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... FILESERV3 passed test FrsEvent
      Starting test: DFSREvent
         ......................... FILESERV3 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... FILESERV3 passed test SysVolCheck
      Starting test: KccEvent
         ......................... FILESERV3 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... FILESERV3 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... FILESERV3 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... FILESERV3 passed test NCSecDesc
      Starting test: NetLogons
         ......................... FILESERV3 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... FILESERV3 passed test ObjectsReplicated
      Starting test: Replications
         ......................... FILESERV3 passed test Replications
      Starting test: RidManager
         ......................... FILESERV3 passed test RidManager
      Starting test: Services
         ......................... FILESERV3 passed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:19:39
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:24:40
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:29:41
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:34:42
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:39:43
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:44:44
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         A warning event occurred.  EventID: 0x0000A001
            Time Generated: 03/16/2011   08:49:14
            Event String:
            The Security System could not establish a secured connection with th
e server LDAP/Fileserv3.naaccr.local/naaccr.local@NAACCR.LOCAL. No authenticatio
n protocol was available.
         A warning event occurred.  EventID: 0x0000A001
            Time Generated: 03/16/2011   08:49:44
            Event String:
            The Security System could not establish a secured connection with th
e server ldap/Fileserv3.naaccr.local/naaccr.local@NAACCR.LOCAL. No authenticatio
n protocol was available.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:49:45
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:54:46
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   08:59:47
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   09:04:48
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         An error event occurred.  EventID: 0x000003EE
            Time Generated: 03/16/2011   09:09:49
            Event String:
            The processing of Group Policy failed. Windows could not authenticat
e to the Active Directory service on a domain controller. (LDAP Bind function ca
ll failed). Look in the details tab for error code and description.
         ......................... FILESERV3 failed test SystemLog
      Starting test: VerifyReferences
         ......................... FILESERV3 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : naaccr
      Starting test: CheckSDRefDom
         ......................... naaccr passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... naaccr passed test CrossRefValidation

   Running enterprise tests on : naaccr.local
      Starting test: LocatorCheck
         ......................... naaccr.local passed test LocatorCheck
      Starting test: Intersite
         ......................... naaccr.local passed test Intersite
0
 
LVL 3

Accepted Solution

by:
Maximus5684 earned 0 total points
ID: 35148412
I think I'm seeing something that might be causing all of this. I have one domain controller that is also my Certification Authority for the domain (Mailserv2). From looking at the issued and revoked certificates in the Certification Authority snap-in on that machine, it looks like I might have accidentally revoked the wrong certificate when I took my old DC out of service. My other two DCs look to have valid, unexpired certificates but the root CA does not and there is a revoked certificate with that DC/CA's name on it with the reason of "Cease of Operation" (which is what I would have chosen when revoking the old DC's certificate [the old DC was a secondary CA]). Perhaps I chose the wrong DC when revoking the certificate and now the whole chain no longer trusts the root CA because it doesn't (and can't because of the revocation) have a valid certificate assigned to it. That seems like it would make sense with all the KDC and authentication errors. Please let me know if this sounds correct, and if so, how to fix it.

Thanks.
0
 
LVL 3

Author Closing Comment

by:Maximus5684
ID: 35321753
No one seemed to come to this conclusion and no one offered a solution after I made this comment. I uninstalled certificate services on our CA after revoking all certificates, then installed it on a new server and re-issued all certificates. This solved the problem.
0
 

Expert Comment

by:hugonieto
ID: 38815721
Hi guys!! I have a similar issue with Event ID 1126!! one of my servers can't communicate with the GC and can't replicate..... Here is the link of my post! Do you think you can give me a hand?


http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28007396.html#a38815319




Thanks!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question