Solved

Active Directory Errors - Certain users and new users cannot access Network Resources.

Posted on 2011-09-20
6
1,093 Views
Last Modified: 2012-05-12
I am experiencing issues with our Network. Certain users and new users aren't able to map a network drive. As far as the existing users, I tried to join the user back to a work group and then back to domain. I successfully joined the domain, however whenever I try to map a network share it doesn't accept the username/password of that user. The screen just keeps coming backup asking for credentials. I verified permissions on share and I even added the user with full control and I still can't map a network drive.

About 4 months ago my primary DC was Fileserver (Win2k3 standard) and moved to my new Fileserver2 (Win2k8 Enterprise).

Old setup:

Fileserver Primary with DNS, DHCP and was a Fileserver.

New Setup:

Fileserver2 is now Primary DC, DHCP, DNS and fileserver is a separate server where users are mapped to.

All has been working and I didn't want to demote my old fileserver. About a week ago I had a HD crash on old Fileserver.

From what I can see in the event viewer is that since that happened I've been receiving a Event 1079 and Event 1030 repeatly.

Source Userenv - Event 1079: Windows cannot search for Group Policy objects. 9Operation error.) Group Policy processing aborted.
Source Userenv - Event 1030: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.

Not sure I would checked the logs?

I have four users that cannot get to their mapped drives/Network resources and I'm not sure why since permissions are set correctly, at least I think they are.

What I have done so far is try to join that PC in a workgroup and back to domain and still same results.

I have logged that user in at another PC and still same results. I created a new user and tried PC in question and still same issue. EVEN NEW USERS DON"T WORK.

I have tried the new user on new PC and still same issue.

echo %logonserver% point to FILESERVER2 when you logon to her desktop? YES

I also tried these steps:
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
 2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
 3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
 4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface.

I also tried this.....
1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
 2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.

Now....I have removed Fileserver as a Global catalog in Sites and services. I'm still getting the same issue. Sometimes I'm not even able to login with a user credentials period. I'd like to demote the Fileserver, however I really don't need anymore issues with AD and I'm not confident that would work. I ran some diagnostic cmds, please take a look at them as they all look like another language to me.

Diagnostic reports:

My new DC is Fileserver2, which seems to be ok when I run dcdiag.

C:\Users\nimda>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Fileserver2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\FILESERVER2
      Starting test: Connectivity
         ......................... FILESERVER2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\FILESERVER2
      Starting test: Advertising
         ......................... FILESERVER2 passed test Advertising
      Starting test: FrsEvent
         ......................... FILESERVER2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... FILESERVER2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... FILESERVER2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... FILESERVER2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... FILESERVER2 passed test KnowsOfRoleHolde
      Starting test: MachineAccount
         ......................... FILESERVER2 passed test MachineAccount
      Starting test: NCSecDesc
         ......................... FILESERVER2 passed test NCSecDesc
      Starting test: NetLogons
         ......................... FILESERVER2 passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... FILESERVER2 passed test ObjectsReplicate
      Starting test: Replications
         ......................... FILESERVER2 passed test Replications
      Starting test: RidManager
         ......................... FILESERVER2 passed test RidManager
      Starting test: Services
         ......................... FILESERVER2 passed test Services
      Starting test: SystemLog
         ......................... FILESERVER2 passed test SystemLog
      Starting test: VerifyReferences
         ......................... FILESERVER2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValida

   Running partition tests on : RAPA
      Starting test: CheckSDRefDom
         ......................... RAPA passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... RAPA passed test CrossRefValidation

   Running enterprise tests on : RAPA.local
      Starting test: LocatorCheck
         ......................... RAPA.local passed test LocatorCheck
      Starting test: Intersite
         ......................... RAPA.local passed test Intersite

Event Viewer
Directory Services:
NTDS Replication Event ID: 2108
This event contains REPAIR PROCEDURES for the 1084 event which has previously been logged. This message indicates a specific issue with the consistency of the Active Directory database on this replication destination. A database error occurred while applying replicated changes to the following object. The database had unexpected contents, preventing the change from being made.
 
Object:
CN=DBTF72G1,OU=BO Computers,OU=Business Office,DC=RAPA,DC=local
Object GUID:
bc7cd65c-88d5-4100-8cbc-2e466d9fa71e
Source domain controller:
7b7ffb9e-cc90-4923-acd2-7a54d62b980d._msdcs.RAPA.local

User Action
 
 Please consult KB article 837932, http://support.microsoft.com/?id=837932. A subset of its repair procedures are listed here.
 1. Confirm that sufficient free disk space resides on the volumes hosting the Active Directory database then retry the operation. Confirm that the physical drives hosting the NTDS.DIT and log files do not reside on drives where NTFS compression is enabled. Also check for anti-virus software accessing these volumes.
 2. It may be of benefit to force the Security Descriptor Propagator to rebuild the object container ancestry in the database. This may be done by following the instructions in KB article 251343, http://support.microsoft.com/?id=251343.
 3. The problem may be related to the object's parent on this domain controller. On the source domain controller, move the object to have a different parent.
 4. If this machine is a global catalog and the error occurs in one of the read-only partitions, you should demote the machine as a global catalog using the Global Catalog checkbox in the Sites & Services user interface.   If the error is occurring in an application partition, you can stop the application partition from being hosted on this replica. This may be changed using the ntdsutil.exe command.
 5. Obtain the most recent ntdsutil.exe by installing the latest service pack for your operating system. Prior to booting into Directory Services Restore Mode (DSRM), verify that the DSRM password is known. Otherwise reset it prior to restarting the system.
 6. In DSRM, run the NT CMD prompt, run "ntdsutil files integrity". If corruption is found and other replicas exist, then demote replica and check your hardware. If no replicas are present, restore a system state backup and repeat this verification.
 7. Perform an offline defragmentation using the "ntdsutil files compact" function.
 8. The "ntdsutil semantic database analysis" should also be performed. If errors are found, they may be corrected using the "go fixup" function.  Note that this should not be confused with the database maintenance function called "ESE repair", which should not be used, since it causes data loss for Active Directory Databases.
 
 If none of these actions succeed and the replication error continues, you should demote this domain controller and promote it again.
 
Additional Data
Primary Error value:
1127 While accessing the hard disk, a disk operation failed even after retries.
Secondary Error value:
-1018 JET_errReadVerifyFailure, Checksum error on a database page

Event ID: 1084
Internal event: Active Directory could not update the following object with changes received from the following source domain controller. This is because an error occurred during the application of the changes to Active Directory on the domain controller.
 
Object:
CN=DBTF72G1,OU=BO Computers,OU=Business Office,DC=RAPA,DC=local
Object GUID:
bc7cd65c-88d5-4100-8cbc-2e466d9fa71e
Source domain controller:
7b7ffb9e-cc90-4923-acd2-7a54d62b980d._msdcs.RAPA.local
 
Synchronization of the local domain controller with the source domain controller is blocked until this update problem is corrected.
 
This operation will be tried again at the next scheduled replication.
 
User Action
Restart the local domain controller if this condition appears to be related to low system resources (for example, low physical or virtual memory).
 
Additional Data
Error value:
1127 While accessing the hard disk, a disk operation failed even after retries.

Some more info.....

C:\Users\nimda>repadmin /replsummary
Replication Summary Start Time: 2011-09-19 13:40:20

Beginning data collection for replication summary, this may take awhile:
  ......


Source DSA          largest delta    fails/total %%   error
 FILESERVER                45m:18s    0 /   6    0
 FILESERVER2       07d.04h:47m:22s    1 /   9   11  (1127) While accessing the h
ard disk, a disk operation failed even after retries.
 VLS-D6DNY8C1          02h:45m:18s    0 /   3    0


Destination DSA     largest delta    fails/total %%   error
 FILESERVER        07d.04h:47m:22s    1 /   6   16  (1127) While accessing the h
ard disk, a disk operation failed even after retries.
 FILESERVER2           02h:45m:18s    0 /   9    0
 VLS-D6DNY8C1          02h:54m:05s    0 /   3    0

C:\Users\nimda>netdom query fsmo
Schema master               Fileserver2.RAPA.local
Domain naming master        Fileserver2.RAPA.local
PDC                         Fileserver2.RAPA.local
RID pool manager            Fileserver2.RAPA.local
Infrastructure master       Fileserver2.RAPA.local
The command completed successfully.

Fileserver which is not primary DC

dcdiag /v          

 (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:44:23
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:44:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:44:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:44:58
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:44:58
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:45:13
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:45:13
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:45:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:45:42
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:45:58
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:45:58
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:46:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:46:33
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:46:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:46:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:47:18
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:47:18
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:47:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:47:35
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:47:59
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:47:59
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:48:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:48:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:48:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:48:34
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:48:58
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:48:58
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:49:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:49:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:49:36
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:49:36
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:50:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:50:23
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:50:23
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:50:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:50:38
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:50:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:50:54
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:51:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:51:14
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:51:32
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:51:32
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC000043C
            Time Generated: 09/20/2011   09:51:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC025083C
            Time Generated: 09/20/2011   09:51:49
            (Event String could not be retrieved)
         ......................... FILESERVER failed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC0000007
            Time Generated: 09/20/2011   08:52:19
            Event String: The Security Account Manager failed a KDC request
in an unexpected way. The error is in the data
field. The account name was dbtf72g1$ and lookup
type 0x0.
         An Error Event occured.  EventID: 0x000016AD
            Time Generated: 09/20/2011   08:54:38
            Event String: The session setup from the computer DBTF72G1
failed to authenticate. The following error
occurred:
%%5
         An Error Event occured.  EventID: 0xC0000007
            Time Generated: 09/20/2011   08:54:40
            Event String: The Security Account Manager failed a KDC request
in an unexpected way. The error is in the data
field. The account name was
host/dbtf72g1.rapa.local and lookup type 0x48.
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/20/2011   09:00:54
            Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
nimda@RAPA.LOCAL did not have a suitable key for
generating a Kerberos ticket (the missing key has
an ID of 8). The requested etypes were 18.  The
accounts available etypes were
23  -133  -128  3  1.
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/20/2011   09:03:32
            Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
D5SNVLN1$@RAPA.LOCAL did not have a suitable key
for generating a Kerberos ticket (the missing key
has an ID of 8). The requested etypes were 18.
The accounts available etypes were
23  -133  -128  3  1.
         An Error Event occured.  EventID: 0xC000001B
            Time Generated: 09/20/2011   09:35:17
            Event String: While processing a TGS request for the target
server krbtgt/RAPA.LOCAL, the account
NANCYWILSONW7$@RAPA.LOCAL did not have a suitable
key for generating a Kerberos ticket (the missing
key has an ID of 8). The requested etypes were
18.  The accounts available etypes were
23  -133  -128  3  1.
         An Error Event occured.  EventID: 0x0000165B
            Time Generated: 09/20/2011   09:38:34
            Event String: The session setup from computer 'J4R5KQ1' failed
because the security database does not contain a
trust account 'J4R5KQ1$' referenced by the
specified computer.

USER ACTION
If this is the first occurrence of this event for
the specified computer and account, this may be a
transient issue that doesn't require any action
at this time. Otherwise, the following steps may
be taken to resolve this problem:

If 'J4R5KQ1$' is a legitimate machine account for
the computer 'J4R5KQ1', then 'J4R5KQ1' should be
rejoined to the domain.

If 'J4R5KQ1$' is a legitimate interdomain trust
account, then the trust should be recreated.

Otherwise, assuming that 'J4R5KQ1$' is not a
legitimate account, the following action should
be taken on 'J4R5KQ1':

If 'J4R5KQ1' is a Domain Controller, then the
trust associated with 'J4R5KQ1$' should be
deleted.

If 'J4R5KQ1' is not a Domain Controller, it
should be disjoined from the domain.
         An Error Event occured.  EventID: 0x000016AD
            Time Generated: 09/20/2011   09:40:52
            Event String: The session setup from the computer J4R5KQ1
failed to authenticate. The following error
occurred:
%%5
         ......................... FILESERVER failed test systemlog
      Test omitted by user request: VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=FILESERVER,OU=Domain Controllers,DC=RAPA,DC=local and backlink on
         CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu
ration,DC=RAPA,DC=local
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=RAPA,DC=local
         and backlink on CN=FILESERVER,OU=Domain Controllers,DC=RAPA,DC=local
         are correct.
         The system object reference (serverReferenceBL)
         CN=FILESERVER,CN=Domain System Volume (SYSVOL share),CN=File Replicatio
n Service,CN=System,DC=RAPA,DC=local
         and backlink on
         CN=NTDS Settings,CN=FILESERVER,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=RAPA,DC=local
         are correct.
         ......................... FILESERVER passed test VerifyReferences
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: CheckSecurityError

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : RAPA
      Starting test: CrossRefValidation
         ......................... RAPA passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... RAPA passed test CheckSDRefDom

   Running enterprise tests on : RAPA.local
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site STARVASC-Site, this site is outside the scope provided
         by the command line arguments provided.
         ......................... RAPA.local passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\fileserver.RAPA.local
         Locator Flags: 0xe00001fc
         PDC Name: \\Fileserver2.RAPA.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\fileserver.RAPA.local
         Locator Flags: 0xe00001fc
         Preferred Time Server Name: \\Fileserver2.RAPA.local
         Locator Flags: 0xe00033fd
         KDC Name: \\fileserver.RAPA.local
         Locator Flags: 0xe00001fc
         ......................... RAPA.local passed test FsmoCheck
      Test omitted by user request: DNS
      Test omitted by user request: DNS

Same Test on new primary DC

dcdiag /v

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\nimda>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine Fileserver2, is a Directory Server.
   Home Server = Fileserver2
   * Connecting to directory service on server Fileserver2.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=RAPA,DC=local,
LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=RAPA,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=STARVASC-Site,CN=Sites,
CN=Configuration,DC=RAPA,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=RAPA,DC=local,
LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=FILESERVER,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=VLS-D6DNY8C1,CN=Server
s,CN=STARVASC-Site,CN=Sites,CN=Configuration,DC=RAPA,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=FILESERVER2,CN=Servers
,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 3 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\FILESERVER2
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... FILESERVER2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\FILESERVER2
      Starting test: Advertising
         The DC FILESERVER2 is advertising itself as a DC and having a DS.
         The DC FILESERVER2 is advertising as an LDAP server
         The DC FILESERVER2 is advertising as having a writeable directory
         The DC FILESERVER2 is advertising as a Key Distribution Center
         The DC FILESERVER2 is advertising as a time server
         The DS FILESERVER2 is advertising as a GC.
         ......................... FILESERVER2 passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test
         ......................... FILESERVER2 passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log.
         Skip the test because the server is running FRS.
         ......................... FILESERVER2 passed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... FILESERVER2 passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
         ......................... FILESERVER2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=FILESERVER2,CN=Servers,CN=Defau
lt-First-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=FILESERVER2,CN=Servers,CN=Defau
lt-First-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=FILESERVER2,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=FILESERVER2,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=FILESERVER2,CN=S
ervers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local
         ......................... FILESERVER2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC FILESERVER2 on DC FILESERVER2.
         * SPN found :LDAP/Fileserver2.RAPA.local/RAPA.local
         * SPN found :LDAP/Fileserver2.RAPA.local
         * SPN found :LDAP/FILESERVER2
         * SPN found :LDAP/Fileserver2.RAPA.local/RAPA
         * SPN found :LDAP/7b7ffb9e-cc90-4923-acd2-7a54d62b980d._msdcs.RAPA.loca
l
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7b7ffb9e-cc90-4923-ac
d2-7a54d62b980d/RAPA.local
         * SPN found :HOST/Fileserver2.RAPA.local/RAPA.local
         * SPN found :HOST/Fileserver2.RAPA.local
         * SPN found :HOST/FILESERVER2
         * SPN found :HOST/Fileserver2.RAPA.local/RAPA
         * SPN found :GC/Fileserver2.RAPA.local/RAPA.local
         ......................... FILESERVER2 passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC FILESERVER2.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=RAPA,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=RAPA,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=RAPA,DC=local
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=RAPA,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=RAPA,DC=local
            (Domain,Version 3)
         * Security Permissions Check for
           DC=STARVASC,DC=RAPA,DC=local
            (Domain,Version 2)
         ......................... FILESERVER2 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\FILESERVER2\netlogon
         Verified share \\FILESERVER2\sysvol
         ......................... FILESERVER2 passed test NetLogons
      Starting test: ObjectsReplicated
         FILESERVER2 is in domain DC=RAPA,DC=local
         Checking for CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=local in d
omain DC=RAPA,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=FILESERVER2,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=RAPA,DC=local in domain CN=Configuratio
n,DC=RAPA,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... FILESERVER2 passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            CN=Schema,CN=Configuration,DC=RAPA,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            CN=Configuration,DC=RAPA,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            DC=RAPA,DC=local
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
            DC=STARVASC,DC=RAPA,DC=local
               Latency information for 1 entries in the vector were ignored.
                  0 were retired Invocations.  1 were either: read-only replicas
 and are not verifiably latent, or dc's no longer replicating this nc.  0 had no
 latency information (Win2K DC).
         ......................... FILESERVER2 passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 4603 to 1073741823
         * Fileserver2.RAPA.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 4103 to 4602
         * rIDPreviousAllocationPool is 4103 to 4602
         * rIDNextRID: 4152
         ......................... FILESERVER2 passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... FILESERVER2 passed test Services
      Starting test: SystemLog
         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... FILESERVER2 passed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=local and backlink on
         CN=FILESERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Config
uration,DC=RAPA,DC=local
         are correct.
         The system object reference (serverReferenceBL)
         CN=FILESERVER2,CN=Domain System Volume (SYSVOL share),CN=File Replicati
on Service,CN=System,DC=RAPA,DC=local
         and backlink on
         CN=NTDS Settings,CN=FILESERVER2,CN=Servers,CN=Default-First-Site-Name,C
N=Sites,CN=Configuration,DC=RAPA,DC=local
         are correct.
         The system object reference (frsComputerReferenceBL)
         CN=FILESERVER2,CN=Domain System Volume (SYSVOL share),CN=File Replicati
on Service,CN=System,DC=RAPA,DC=local
         and backlink on CN=FILESERVER2,OU=Domain Controllers,DC=RAPA,DC=local
         are correct.
         ......................... FILESERVER2 passed test VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : RAPA
      Starting test: CheckSDRefDom
         ......................... RAPA passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... RAPA passed test CrossRefValidation

   Running enterprise tests on : RAPA.local
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\Fileserver2.RAPA.local
         Locator Flags: 0xe00033fd
         PDC Name: \\Fileserver2.RAPA.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\Fileserver2.RAPA.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\Fileserver2.RAPA.local
         Locator Flags: 0xe00033fd
         KDC Name: \\Fileserver2.RAPA.local
         Locator Flags: 0xe00033fd
         ......................... RAPA.local passed test LocatorCheck
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site STARVASC-Site, this site is outside the scope provided
         by the command line arguments provided.
         ......................... RAPA.local passed test Intersite
0
Comment
Question by:nimdatx
  • 2
  • 2
  • 2
6 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 334 total points
ID: 36569737
To remove the old DC that failed you should run a metadata cleanup.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
LVL 1

Author Comment

by:nimdatx
ID: 36569872
dariusq - Is there a way to turn off Active Directory services on Fileserver/DC (Win2k3 Standard), before I remove anything or demote? What do you think?
0
 
LVL 4

Expert Comment

by:duffme
ID: 36570006
Forgive me if this seems a stupid question, but I don't see it explained above.  When you added Fileserver2, did you add and promote it to the existing domain and then migrate roles?  Or did you just add it as a new domain controller using the same name and that sort of thing?  Are you saying the only problem you are having is users accessing shared drives on Fileserver1?  If so, then try to demote or follow dariusq's suggestion and perhaps recreate your data shares if necessary.  This may depend on how far gone your fileserver1 is as to whether you can demote or must just fail it, clean metadata, and rebuild new.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:nimdatx
ID: 36570192
I promoted new DC and all FSMO are pointing to new Fileserver2. I then Created all roles on new DC. All is working, except any new or a few existing users cannot map a network drive. I'd like to find out how to stop AD services on server 2003/Fileserver?
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 334 total points
ID: 36573620
You can demote the server by running dcpromo. If this doesn't work you need to go into AD run metadata cleanup to manually clean AD of the DC.
0
 
LVL 4

Assisted Solution

by:duffme
duffme earned 166 total points
ID: 36575219
Use DCPROMO to demote the server.  If it fails first try to resolve the problem (name resolution, etc.) and gracefully demote it, then force it (/forceremoval) if you must, then ensure there are no errors on either box, then use dariusq's link if you still have junk left over after you have removed the DC or couldn't successfully demote it.
http://support.microsoft.com/kb/332199
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
In this video tutorial I show you the main steps to install and configure  a VMware ESXi6.0 server. The video has my comments as text on the screen and you can pause anytime when needed. Hope this will be helpful. Verify that your hardware and BIO…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now