Jaime Campos
asked on
Active Directory Errors - Certain users and new users cannot access Network Resources.
I am experiencing issues with our Network. Certain users and new users aren't able to map a network drive. As far as the existing users, I tried to join the user back to a work group and then back to domain. I successfully joined the domain, however whenever I try to map a network share it doesn't accept the username/password of that user. The screen just keeps coming backup asking for credentials. I verified permissions on share and I even added the user with full control and I still can't map a network drive.
About 4 months ago my primary DC was Fileserver (Win2k3 standard) and moved to my new Fileserver2 (Win2k8 Enterprise).
Old setup:
Fileserver Primary with DNS, DHCP and was a Fileserver.
New Setup:
Fileserver2 is now Primary DC, DHCP, DNS and fileserver is a separate server where users are mapped to.
All has been working and I didn't want to demote my old fileserver. About a week ago I had a HD crash on old Fileserver.
From what I can see in the event viewer is that since that happened I've been receiving a Event 1079 and Event 1030 repeatly.
Source Userenv - Event 1079: Windows cannot search for Group Policy objects. 9Operation error.) Group Policy processing aborted.
Source Userenv - Event 1030: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Not sure I would checked the logs?
I have four users that cannot get to their mapped drives/Network resources and I'm not sure why since permissions are set correctly, at least I think they are.
What I have done so far is try to join that PC in a workgroup and back to domain and still same results.
I have logged that user in at another PC and still same results. I created a new user and tried PC in question and still same issue. EVEN NEW USERS DON"T WORK.
I have tried the new user on new PC and still same issue.
echo %logonserver% point to FILESERVER2 when you logon to her desktop? YES
I also tried these steps:
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface.
I also tried this.....
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
Now....I have removed Fileserver as a Global catalog in Sites and services. I'm still getting the same issue. Sometimes I'm not even able to login with a user credentials period. I'd like to demote the Fileserver, however I really don't need anymore issues with AD and I'm not confident that would work. I ran some diagnostic cmds, please take a look at them as they all look like another language to me.
Diagnostic reports:
My new DC is Fileserver2, which seems to be ok when I run dcdiag.
C:\Users\nimda>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Fileserver2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FI LESERVER2
Starting test: Connectivity
......................... FILESERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FI LESERVER2
Starting test: Advertising
......................... FILESERVER2 passed test Advertising
Starting test: FrsEvent
......................... FILESERVER2 passed test FrsEvent
Starting test: DFSREvent
......................... FILESERVER2 passed test DFSREvent
Starting test: SysVolCheck
......................... FILESERVER2 passed test SysVolCheck
Starting test: KccEvent
......................... FILESERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... FILESERVER2 passed test KnowsOfRoleHolde
Starting test: MachineAccount
......................... FILESERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... FILESERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... FILESERVER2 passed test NetLogons
Starting test: ObjectsReplicated
......................... FILESERVER2 passed test ObjectsReplicate
Starting test: Replications
......................... FILESERVER2 passed test Replications
Starting test: RidManager
......................... FILESERVER2 passed test RidManager
Starting test: Services
......................... FILESERVER2 passed test Services
Starting test: SystemLog
......................... FILESERVER2 passed test SystemLog
Starting test: VerifyReferences
......................... FILESERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValida
Running partition tests on : RAPA
Starting test: CheckSDRefDom
......................... RAPA passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... RAPA passed test CrossRefValidation
Running enterprise tests on : RAPA.local
Starting test: LocatorCheck
......................... RAPA.local passed test LocatorCheck
Starting test: Intersite
......................... RAPA.local passed test Intersite
Event Viewer
Directory Services:
NTDS Replication Event ID: 2108
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.
Object:
CN=DBTF72G1,OU=BO Computers,OU=Business Office,DC=RAPA,DC=local
Object GUID:
bc7cd65c-88d5-4100-8cbc-2e 466d9fa71e
Source domain controller:
7b7ffb9e-cc90-4923-acd2-7a 54d62b980d ._msdcs.RA PA.local
User Action
Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the "ntdsutil files compact" function.
8. The "ntdsutil semantic database analysis" should also be performed. If errors are found, they may be corrected using the "go fixup" function. Note that this should not be confused with the database maintenance function called "ESE repair", which should not be used, since it causes data loss for Active Directory Databases.
If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.
Additional Data
Primary Error value:
1127 While accessing the hard disk, a disk operation failed even after retries.
Secondary Error value:
-1018 JET_errReadVerifyFailure, Checksum error on a database page
Event ID: 1084
Internal event: Active Directory could not update the following object with changes received from the following source domain controller. This is because an error occurred during the application of the changes to Active Directory on the domain controller.
Object:
CN=DBTF72G1,OU=BO Computers,OU=Business Office,DC=RAPA,DC=local
Object GUID:
bc7cd65c-88d5-4100-8cbc-2e 466d9fa71e
Source domain controller:
7b7ffb9e-cc90-4923-acd2-7a 54d62b980d ._msdcs.RA PA.local
Synchronization of the local domain controller with the source domain controller is blocked until this update problem is corrected.
This operation will be tried again at the next scheduled replication.
User Action
Restart the local domain controller if this condition appears to be related to low system resources (for example, low physical or virtual memory).
Additional Data
Error value:
1127 While accessing the hard disk, a disk operation failed even after retries.
Some more info.....
C:\Users\nimda>repadmin /replsummary
Replication Summary Start Time: 2011-09-19 13:40:20
Beginning data collection for replication summary, this may take awhile:
......
Source DSA largest delta fails/total %% error
FILESERVER 45m:18s 0 / 6 0
FILESERVER2 07d.04h:47m:22s 1 / 9 11 (1127) While accessing the h
ard disk, a disk operation failed even after retries.
VLS-D6DNY8C1 02h:45m:18s 0 / 3 0
Destination DSA largest delta fails/total %% error
FILESERVER 07d.04h:47m:22s 1 / 6 16 (1127) While accessing the h
ard disk, a disk operation failed even after retries.
FILESERVER2 02h:45m:18s 0 / 9 0
VLS-D6DNY8C1 02h:54m:05s 0 / 3 0
C:\Users\nimda>netdom query fsmo
Schema master Fileserver2.RAPA.local
Domain naming master Fileserver2.RAPA.local
PDC Fileserver2.RAPA.local
RID pool manager Fileserver2.RAPA.local
Infrastructure master Fileserver2.RAPA.local
The command completed successfully.
Fileserver which is not primary DC
dcdiag /v
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:44:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:44:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:44:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:44:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:44:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:45:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:45:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:45:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:45:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:45:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:45:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:46:33
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:46:33
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:46:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:46:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:47:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:47:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:47:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:47:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:47:59
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:47:59
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:48:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:48:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:48:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:48:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:48:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:48:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:49:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:49:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:49:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:49:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:51:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:51:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:51:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:51:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:51:49
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:51:49
(Event String could not be retrieved)
......................... FILESERVER failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/20/2011 08:52:19
Event String: The Security Account Manager failed a KDC request
in an unexpected way. The error is in the data
field. The account name was dbtf72g1$ and lookup
type 0x0.
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/20/2011 08:54:38
Event String: The session setup from the computer DBTF72G1
failed to authenticate. The following error
occurred:
%%5
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/20/2011 08:54:40
Event String: The Security Account Manager failed a KDC request
in an unexpected way. The error is in the data
field. The account name was
host/dbtf72g1.rapa.local and lookup type 0x48.
An Error Event occured. EventID: 0xC000001B
Time Generated: 09/20/2011 09:00:54
Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
nimda@RAPA.LOCAL did not have a suitable key for
generating a Kerberos ticket (the missing key has
an ID of 8). The requested etypes were 18. The
accounts available etypes were
23 -133 -128 3 1.
An Error Event occured. EventID: 0xC000001B
Time Generated: 09/20/2011 09:03:32
Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
D5SNVLN1$@RAPA.LOCAL did not have a suitable key
for generating a Kerberos ticket (the missing key
has an ID of 8). The requested etypes were 18.
The accounts available etypes were
23 -133 -128 3 1.
An Error Event occured. EventID: 0xC000001B
Time Generated: 09/20/2011 09:35:17
Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
NANCYWILSONW7$@RAPA.LOCAL did not have a suitable
key for generating a Kerberos ticket (the missing
key has an ID of 8). The requested etypes were
18. The accounts available etypes were
23 -133 -128 3 1.
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/20/2011 09:38:34
Event String: The session setup from computer 'J4R5KQ1' failed
because the security database does not contain a
trust account 'J4R5KQ1$' referenced by the
specified computer.
USER ACTION
If this is the first occurrence of this event for
the specified computer and account, this may be a
transient issue that doesn't require any action
at this time. Otherwise, the following steps may
be taken to resolve this problem:
If 'J4R5KQ1$' is a legitimate machine account for
the computer 'J4R5KQ1', then 'J4R5KQ1' should be
rejoined to the domain.
If 'J4R5KQ1$' is a legitimate interdomain trust
account, then the trust should be recreated.
Otherwise, assuming that 'J4R5KQ1$' is not a
legitimate account, the following action should
be taken on 'J4R5KQ1':
If 'J4R5KQ1' is a Domain Controller, then the
trust associated with 'J4R5KQ1$' should be
deleted.
If 'J4R5KQ1' is not a Domain Controller, it
should be disjoined from the domain.
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/20/2011 09:40:52
Event String: The session setup from the computer J4R5KQ1
failed to authenticate. The following error
occurred:
%%5
......................... FILESERVER failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=FILESERVER,OU=Domain Controllers,DC=RAPA,DC=loc al and backlink on
CN=FILESERVER,CN=Servers,C N=Default- First-Site -Name,CN=S ites,CN=Co nfigu
ration,DC=RAPA,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=RAPA, DC=local
and backlink on CN=FILESERVER,OU=Domain Controllers,DC=RAPA,DC=loc al
are correct.
The system object reference (serverReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=RAPA, DC=local
and backlink on
CN=NTDS Settings,CN=FILESERVER,CN= Servers,CN =Default-F irst-Site- Name,CN
=Sites,CN=Configuration,DC =RAPA,DC=l ocal
are correct.
......................... FILESERVER passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : RAPA
Starting test: CrossRefValidation
......................... RAPA passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... RAPA passed test CheckSDRefDom
Running enterprise tests on : RAPA.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site STARVASC-Site, this site is outside the scope provided
by the command line arguments provided.
......................... RAPA.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\fileserver.RAPA.local
Locator Flags: 0xe00001fc
PDC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
Time Server Name: \\fileserver.RAPA.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
KDC Name: \\fileserver.RAPA.local
Locator Flags: 0xe00001fc
......................... RAPA.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Same Test on new primary DC
dcdiag /v
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\nimda>dcdiag /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine Fileserver2, is a Directory Server.
Home Server = Fileserver2
* Connecting to directory service on server Fileserver2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=R APA,DC=loc al,
LDAP_SCOPE_SUBTREE,(object Category=n tDSSiteSet tings),... ....
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name
,CN=Sites,CN=Configuration ,DC=RAPA,D C=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=STARVASC-Site, CN=Sites,
CN=Configuration,DC=RAPA,D C=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=R APA,DC=loc al,
LDAP_SCOPE_SUBTREE,(object Class=ntDS Dsa),..... ..
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=FILESERVER,CN= Servers,
CN=Default-First-Site-Name ,CN=Sites, CN=Configu ration,DC= RAPA,DC=lo cal
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=VLS-D6DNY8C1,C N=Server
s,CN=STARVASC-Site,CN=Site s,CN=Confi guration,D C=RAPA,DC= local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=FILESERVER2,CN =Servers
,CN=Default-First-Site-Nam e,CN=Sites ,CN=Config uration,DC =RAPA,DC=l ocal
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FI LESERVER2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... FILESERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FI LESERVER2
Starting test: Advertising
The DC FILESERVER2 is advertising itself as a DC and having a DS.
The DC FILESERVER2 is advertising as an LDAP server
The DC FILESERVER2 is advertising as having a writeable directory
The DC FILESERVER2 is advertising as a Key Distribution Center
The DC FILESERVER2 is advertising as a time server
The DS FILESERVER2 is advertising as a GC.
......................... FILESERVER2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... FILESERVER2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... FILESERVER2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... FILESERVER2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
......................... FILESERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=FILESERVER2,CN =Servers,C N=Defau
lt-First-Site-Name,CN=Site s,CN=Confi guration,D C=RAPA,DC= local
Role Domain Owner = CN=NTDS Settings,CN=FILESERVER2,CN =Servers,C N=Defau
lt-First-Site-Name,CN=Site s,CN=Confi guration,D C=RAPA,DC= local
Role PDC Owner = CN=NTDS Settings,CN=FILESERVER2,CN =Servers,C N=Default-
First-Site-Name,CN=Sites,C N=Configur ation,DC=R APA,DC=loc al
Role Rid Owner = CN=NTDS Settings,CN=FILESERVER2,CN =Servers,C N=Default-
First-Site-Name,CN=Sites,C N=Configur ation,DC=R APA,DC=loc al
Role Infrastructure Update Owner = CN=NTDS Settings,CN=FILESERVER2,CN =S
ervers,CN=Default-First-Si te-Name,CN =Sites,CN= Configurat ion,DC=RAP A,DC=local
......................... FILESERVER2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC FILESERVER2 on DC FILESERVER2.
* SPN found :LDAP/Fileserver2.RAPA.loc al/RAPA.lo cal
* SPN found :LDAP/Fileserver2.RAPA.loc al
* SPN found :LDAP/FILESERVER2
* SPN found :LDAP/Fileserver2.RAPA.loc al/RAPA
* SPN found :LDAP/7b7ffb9e-cc90-4923-a cd2-7a54d6 2b980d._ms dcs.RAPA.l oca
l
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/7b7ffb9e -cc90-4923 -ac
d2-7a54d62b980d/RAPA.local
* SPN found :HOST/Fileserver2.RAPA.loc al/RAPA.lo cal
* SPN found :HOST/Fileserver2.RAPA.loc al
* SPN found :HOST/FILESERVER2
* SPN found :HOST/Fileserver2.RAPA.loc al/RAPA
* SPN found :GC/Fileserver2.RAPA.local /RAPA.loca l
......................... FILESERVER2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC FILESERVER2.
* Security Permissions Check for
DC=ForestDnsZones,DC=RAPA, DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=RAPA, DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=RAPA,D C=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=RAPA,D C=local
(Configuration,Version 3)
* Security Permissions Check for
DC=RAPA,DC=local
(Domain,Version 3)
* Security Permissions Check for
DC=STARVASC,DC=RAPA,DC=loc al
(Domain,Version 2)
......................... FILESERVER2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\FILESERVER2\netlogon
Verified share \\FILESERVER2\sysvol
......................... FILESERVER2 passed test NetLogons
Starting test: ObjectsReplicated
FILESERVER2 is in domain DC=RAPA,DC=local
Checking for CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=loc al in d
omain DC=RAPA,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=FILESERVER2,CN =Servers,C N=Default- Firs
t-Site-Name,CN=Sites,CN=Co nfiguratio n,DC=RAPA, DC=local in domain CN=Configuratio
n,DC=RAPA,DC=local on 1 servers
Object is up-to-date on all servers.
......................... FILESERVER2 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration ,DC=RAPA,D C=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=RAPA,D C=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=RAPA,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=STARVASC,DC=RAPA,DC=loc al
Latency information for 1 entries in the vector were ignored.
0 were retired Invocations. 1 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
......................... FILESERVER2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4603 to 1073741823
* Fileserver2.RAPA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4103 to 4602
* rIDPreviousAllocationPool is 4103 to 4602
* rIDNextRID: 4152
......................... FILESERVER2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... FILESERVER2 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... FILESERVER2 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=loc al and backlink on
CN=FILESERVER2,CN=Servers, CN=Default -First-Sit e-Name,CN= Sites,CN=C onfig
uration,DC=RAPA,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=FILESERVER2,CN=Domain System Volume (SYSVOL share),CN=File Replicati
on Service,CN=System,DC=RAPA, DC=local
and backlink on
CN=NTDS Settings,CN=FILESERVER2,CN =Servers,C N=Default- First-Site -Name,C
N=Sites,CN=Configuration,D C=RAPA,DC= local
are correct.
The system object reference (frsComputerReferenceBL)
CN=FILESERVER2,CN=Domain System Volume (SYSVOL share),CN=File Replicati
on Service,CN=System,DC=RAPA, DC=local
and backlink on CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=loc al
are correct.
......................... FILESERVER2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : RAPA
Starting test: CheckSDRefDom
......................... RAPA passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... RAPA passed test CrossRefValidation
Running enterprise tests on : RAPA.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
PDC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
Time Server Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
KDC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
......................... RAPA.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site STARVASC-Site, this site is outside the scope provided
by the command line arguments provided.
......................... RAPA.local passed test Intersite
About 4 months ago my primary DC was Fileserver (Win2k3 standard) and moved to my new Fileserver2 (Win2k8 Enterprise).
Old setup:
Fileserver Primary with DNS, DHCP and was a Fileserver.
New Setup:
Fileserver2 is now Primary DC, DHCP, DNS and fileserver is a separate server where users are mapped to.
All has been working and I didn't want to demote my old fileserver. About a week ago I had a HD crash on old Fileserver.
From what I can see in the event viewer is that since that happened I've been receiving a Event 1079 and Event 1030 repeatly.
Source Userenv - Event 1079: Windows cannot search for Group Policy objects. 9Operation error.) Group Policy processing aborted.
Source Userenv - Event 1030: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
Not sure I would checked the logs?
I have four users that cannot get to their mapped drives/Network resources and I'm not sure why since permissions are set correctly, at least I think they are.
What I have done so far is try to join that PC in a workgroup and back to domain and still same results.
I have logged that user in at another PC and still same results. I created a new user and tried PC in question and still same issue. EVEN NEW USERS DON"T WORK.
I have tried the new user on new PC and still same issue.
echo %logonserver% point to FILESERVER2 when you logon to her desktop? YES
I also tried these steps:
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface.
I also tried this.....
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
Now....I have removed Fileserver as a Global catalog in Sites and services. I'm still getting the same issue. Sometimes I'm not even able to login with a user credentials period. I'd like to demote the Fileserver, however I really don't need anymore issues with AD and I'm not confident that would work. I ran some diagnostic cmds, please take a look at them as they all look like another language to me.
Diagnostic reports:
My new DC is Fileserver2, which seems to be ok when I run dcdiag.
C:\Users\nimda>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Fileserver2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FI
Starting test: Connectivity
......................... FILESERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FI
Starting test: Advertising
......................... FILESERVER2 passed test Advertising
Starting test: FrsEvent
......................... FILESERVER2 passed test FrsEvent
Starting test: DFSREvent
......................... FILESERVER2 passed test DFSREvent
Starting test: SysVolCheck
......................... FILESERVER2 passed test SysVolCheck
Starting test: KccEvent
......................... FILESERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... FILESERVER2 passed test KnowsOfRoleHolde
Starting test: MachineAccount
......................... FILESERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... FILESERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... FILESERVER2 passed test NetLogons
Starting test: ObjectsReplicated
......................... FILESERVER2 passed test ObjectsReplicate
Starting test: Replications
......................... FILESERVER2 passed test Replications
Starting test: RidManager
......................... FILESERVER2 passed test RidManager
Starting test: Services
......................... FILESERVER2 passed test Services
Starting test: SystemLog
......................... FILESERVER2 passed test SystemLog
Starting test: VerifyReferences
......................... FILESERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValida
Running partition tests on : RAPA
Starting test: CheckSDRefDom
......................... RAPA passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... RAPA passed test CrossRefValidation
Running enterprise tests on : RAPA.local
Starting test: LocatorCheck
......................... RAPA.local passed test LocatorCheck
Starting test: Intersite
......................... RAPA.local passed test Intersite
Event Viewer
Directory Services:
NTDS Replication Event ID: 2108
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.
Object:
CN=DBTF72G1,OU=BO Computers,OU=Business Office,DC=RAPA,DC=local
Object GUID:
bc7cd65c-88d5-4100-8cbc-2e
Source domain controller:
7b7ffb9e-cc90-4923-acd2-7a
User Action
Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface. If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
7. Perform an offline defragmentation using the "ntdsutil files compact" function.
8. The "ntdsutil semantic database analysis" should also be performed. If errors are found, they may be corrected using the "go fixup" function. Note that this should not be confused with the database maintenance function called "ESE repair", which should not be used, since it causes data loss for Active Directory Databases.
If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.
Additional Data
Primary Error value:
1127 While accessing the hard disk, a disk operation failed even after retries.
Secondary Error value:
-1018 JET_errReadVerifyFailure, Checksum error on a database page
Event ID: 1084
Internal event: Active Directory could not update the following object with changes received from the following source domain controller. This is because an error occurred during the application of the changes to Active Directory on the domain controller.
Object:
CN=DBTF72G1,OU=BO Computers,OU=Business Office,DC=RAPA,DC=local
Object GUID:
bc7cd65c-88d5-4100-8cbc-2e
Source domain controller:
7b7ffb9e-cc90-4923-acd2-7a
Synchronization of the local domain controller with the source domain controller is blocked until this update problem is corrected.
This operation will be tried again at the next scheduled replication.
User Action
Restart the local domain controller if this condition appears to be related to low system resources (for example, low physical or virtual memory).
Additional Data
Error value:
1127 While accessing the hard disk, a disk operation failed even after retries.
Some more info.....
C:\Users\nimda>repadmin /replsummary
Replication Summary Start Time: 2011-09-19 13:40:20
Beginning data collection for replication summary, this may take awhile:
......
Source DSA largest delta fails/total %% error
FILESERVER 45m:18s 0 / 6 0
FILESERVER2 07d.04h:47m:22s 1 / 9 11 (1127) While accessing the h
ard disk, a disk operation failed even after retries.
VLS-D6DNY8C1 02h:45m:18s 0 / 3 0
Destination DSA largest delta fails/total %% error
FILESERVER 07d.04h:47m:22s 1 / 6 16 (1127) While accessing the h
ard disk, a disk operation failed even after retries.
FILESERVER2 02h:45m:18s 0 / 9 0
VLS-D6DNY8C1 02h:54m:05s 0 / 3 0
C:\Users\nimda>netdom query fsmo
Schema master Fileserver2.RAPA.local
Domain naming master Fileserver2.RAPA.local
PDC Fileserver2.RAPA.local
RID pool manager Fileserver2.RAPA.local
Infrastructure master Fileserver2.RAPA.local
The command completed successfully.
Fileserver which is not primary DC
dcdiag /v
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:44:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:44:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:44:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:44:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:44:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:45:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:45:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:45:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:45:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:45:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:45:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:46:33
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:46:33
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:46:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:46:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:47:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:47:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:47:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:47:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:47:59
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:47:59
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:48:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:48:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:48:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:48:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:48:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:48:58
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:49:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:49:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:49:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:49:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:38
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:50:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:50:54
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:51:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:51:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:51:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:51:32
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 09/20/2011 09:51:49
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 09/20/2011 09:51:49
(Event String could not be retrieved)
......................... FILESERVER failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/20/2011 08:52:19
Event String: The Security Account Manager failed a KDC request
in an unexpected way. The error is in the data
field. The account name was dbtf72g1$ and lookup
type 0x0.
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/20/2011 08:54:38
Event String: The session setup from the computer DBTF72G1
failed to authenticate. The following error
occurred:
%%5
An Error Event occured. EventID: 0xC0000007
Time Generated: 09/20/2011 08:54:40
Event String: The Security Account Manager failed a KDC request
in an unexpected way. The error is in the data
field. The account name was
host/dbtf72g1.rapa.local and lookup type 0x48.
An Error Event occured. EventID: 0xC000001B
Time Generated: 09/20/2011 09:00:54
Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
nimda@RAPA.LOCAL did not have a suitable key for
generating a Kerberos ticket (the missing key has
an ID of 8). The requested etypes were 18. The
accounts available etypes were
23 -133 -128 3 1.
An Error Event occured. EventID: 0xC000001B
Time Generated: 09/20/2011 09:03:32
Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
D5SNVLN1$@RAPA.LOCAL did not have a suitable key
for generating a Kerberos ticket (the missing key
has an ID of 8). The requested etypes were 18.
The accounts available etypes were
23 -133 -128 3 1.
An Error Event occured. EventID: 0xC000001B
Time Generated: 09/20/2011 09:35:17
Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
NANCYWILSONW7$@RAPA.LOCAL did not have a suitable
key for generating a Kerberos ticket (the missing
key has an ID of 8). The requested etypes were
18. The accounts available etypes were
23 -133 -128 3 1.
An Error Event occured. EventID: 0x0000165B
Time Generated: 09/20/2011 09:38:34
Event String: The session setup from computer 'J4R5KQ1' failed
because the security database does not contain a
trust account 'J4R5KQ1$' referenced by the
specified computer.
USER ACTION
If this is the first occurrence of this event for
the specified computer and account, this may be a
transient issue that doesn't require any action
at this time. Otherwise, the following steps may
be taken to resolve this problem:
If 'J4R5KQ1$' is a legitimate machine account for
the computer 'J4R5KQ1', then 'J4R5KQ1' should be
rejoined to the domain.
If 'J4R5KQ1$' is a legitimate interdomain trust
account, then the trust should be recreated.
Otherwise, assuming that 'J4R5KQ1$' is not a
legitimate account, the following action should
be taken on 'J4R5KQ1':
If 'J4R5KQ1' is a Domain Controller, then the
trust associated with 'J4R5KQ1$' should be
deleted.
If 'J4R5KQ1' is not a Domain Controller, it
should be disjoined from the domain.
An Error Event occured. EventID: 0x000016AD
Time Generated: 09/20/2011 09:40:52
Event String: The session setup from the computer J4R5KQ1
failed to authenticate. The following error
occurred:
%%5
......................... FILESERVER failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=FILESERVER,OU=Domain Controllers,DC=RAPA,DC=loc
CN=FILESERVER,CN=Servers,C
ration,DC=RAPA,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=RAPA,
and backlink on CN=FILESERVER,OU=Domain Controllers,DC=RAPA,DC=loc
are correct.
The system object reference (serverReferenceBL)
CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=RAPA,
and backlink on
CN=NTDS Settings,CN=FILESERVER,CN=
=Sites,CN=Configuration,DC
are correct.
......................... FILESERVER passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : RAPA
Starting test: CrossRefValidation
......................... RAPA passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... RAPA passed test CheckSDRefDom
Running enterprise tests on : RAPA.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site STARVASC-Site, this site is outside the scope provided
by the command line arguments provided.
......................... RAPA.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\fileserver.RAPA.local
Locator Flags: 0xe00001fc
PDC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
Time Server Name: \\fileserver.RAPA.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
KDC Name: \\fileserver.RAPA.local
Locator Flags: 0xe00001fc
......................... RAPA.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Same Test on new primary DC
dcdiag /v
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\nimda>dcdiag /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine Fileserver2, is a Directory Server.
Home Server = Fileserver2
* Connecting to directory service on server Fileserver2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
LDAP_SCOPE_SUBTREE,(object
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
,CN=Sites,CN=Configuration
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=STARVASC-Site,
CN=Configuration,DC=RAPA,D
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
LDAP_SCOPE_SUBTREE,(object
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=FILESERVER,CN=
CN=Default-First-Site-Name
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=VLS-D6DNY8C1,C
s,CN=STARVASC-Site,CN=Site
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=FILESERVER2,CN
,CN=Default-First-Site-Nam
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FI
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... FILESERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FI
Starting test: Advertising
The DC FILESERVER2 is advertising itself as a DC and having a DS.
The DC FILESERVER2 is advertising as an LDAP server
The DC FILESERVER2 is advertising as having a writeable directory
The DC FILESERVER2 is advertising as a Key Distribution Center
The DC FILESERVER2 is advertising as a time server
The DS FILESERVER2 is advertising as a GC.
......................... FILESERVER2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... FILESERVER2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... FILESERVER2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... FILESERVER2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
......................... FILESERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=FILESERVER2,CN
lt-First-Site-Name,CN=Site
Role Domain Owner = CN=NTDS Settings,CN=FILESERVER2,CN
lt-First-Site-Name,CN=Site
Role PDC Owner = CN=NTDS Settings,CN=FILESERVER2,CN
First-Site-Name,CN=Sites,C
Role Rid Owner = CN=NTDS Settings,CN=FILESERVER2,CN
First-Site-Name,CN=Sites,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=FILESERVER2,CN
ervers,CN=Default-First-Si
......................... FILESERVER2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC FILESERVER2 on DC FILESERVER2.
* SPN found :LDAP/Fileserver2.RAPA.loc
* SPN found :LDAP/Fileserver2.RAPA.loc
* SPN found :LDAP/FILESERVER2
* SPN found :LDAP/Fileserver2.RAPA.loc
* SPN found :LDAP/7b7ffb9e-cc90-4923-a
l
* SPN found :E3514235-4B06-11D1-AB04-0
d2-7a54d62b980d/RAPA.local
* SPN found :HOST/Fileserver2.RAPA.loc
* SPN found :HOST/Fileserver2.RAPA.loc
* SPN found :HOST/FILESERVER2
* SPN found :HOST/Fileserver2.RAPA.loc
* SPN found :GC/Fileserver2.RAPA.local
......................... FILESERVER2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC FILESERVER2.
* Security Permissions Check for
DC=ForestDnsZones,DC=RAPA,
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=RAPA,
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=RAPA,D
(Configuration,Version 3)
* Security Permissions Check for
DC=RAPA,DC=local
(Domain,Version 3)
* Security Permissions Check for
DC=STARVASC,DC=RAPA,DC=loc
(Domain,Version 2)
......................... FILESERVER2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\FILESERVER2\netlogon
Verified share \\FILESERVER2\sysvol
......................... FILESERVER2 passed test NetLogons
Starting test: ObjectsReplicated
FILESERVER2 is in domain DC=RAPA,DC=local
Checking for CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=loc
omain DC=RAPA,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=FILESERVER2,CN
t-Site-Name,CN=Sites,CN=Co
n,DC=RAPA,DC=local on 1 servers
Object is up-to-date on all servers.
......................... FILESERVER2 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=RAPA,D
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=RAPA,DC=local
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=STARVASC,DC=RAPA,DC=loc
Latency information for 1 entries in the vector were ignored.
0 were retired Invocations. 1 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
......................... FILESERVER2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4603 to 1073741823
* Fileserver2.RAPA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4103 to 4602
* rIDPreviousAllocationPool is 4103 to 4602
* rIDNextRID: 4152
......................... FILESERVER2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... FILESERVER2 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... FILESERVER2 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=loc
CN=FILESERVER2,CN=Servers,
uration,DC=RAPA,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=FILESERVER2,CN=Domain System Volume (SYSVOL share),CN=File Replicati
on Service,CN=System,DC=RAPA,
and backlink on
CN=NTDS Settings,CN=FILESERVER2,CN
N=Sites,CN=Configuration,D
are correct.
The system object reference (frsComputerReferenceBL)
CN=FILESERVER2,CN=Domain System Volume (SYSVOL share),CN=File Replicati
on Service,CN=System,DC=RAPA,
and backlink on CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=loc
are correct.
......................... FILESERVER2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : RAPA
Starting test: CheckSDRefDom
......................... RAPA passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... RAPA passed test CrossRefValidation
Running enterprise tests on : RAPA.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
PDC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
Time Server Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
KDC Name: \\Fileserver2.RAPA.local
Locator Flags: 0xe00033fd
......................... RAPA.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
Skipping site STARVASC-Site, this site is outside the scope provided
by the command line arguments provided.
......................... RAPA.local passed test Intersite
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forgive me if this seems a stupid question, but I don't see it explained above. When you added Fileserver2, did you add and promote it to the existing domain and then migrate roles? Or did you just add it as a new domain controller using the same name and that sort of thing? Are you saying the only problem you are having is users accessing shared drives on Fileserver1? If so, then try to demote or follow dariusq's suggestion and perhaps recreate your data shares if necessary. This may depend on how far gone your fileserver1 is as to whether you can demote or must just fail it, clean metadata, and rebuild new.
ASKER
I promoted new DC and all FSMO are pointing to new Fileserver2. I then Created all roles on new DC. All is working, except any new or a few existing users cannot map a network drive. I'd like to find out how to stop AD services on server 2003/Fileserver?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER