luddiemey
asked on
DC is not a DC account?
HI all
this morning i arrive at work with my dc reporting funny errors: event 1126, 1655, and 1869 and 1863.
It is a dc, gc and dns. It is the RID master and the PDC master.
when i try open DNS i get "access is denied".
when i run dcdiag /v i get millions of errors, but this ones worries me the most:
Starting test: MachineAccount
The account HPHS-VM1 is not a DC account. It cannot replicate.
Warning: Attribute userAccountControl of HPHS-VM1 is:
0x91000 = ( WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWD | TRUSTED_FOR_DELEGATION )
Typical setting for a DC is
0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
This may be affecting replication?
......................... HPHS-VM1 failed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=hphs,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=hphs,
......................... HPHS-VM1 failed test NCSecDesc
from this problematic machine i can \\servername and it will show me and give me access to the resources on that machine, however when i \\HPHS-VM1 from any other machine in the domain i get "\\hphs-vm1 is not accessible. you might not have permissions to use this network resource. Contact the administrator of this server to find out if you have access permissions. Logon Failure: The target account name is incorrect. however if i \\machine-ip it gives me acess to the resources.
My remaining two DC2 are running fine and handling logons etc.
any advice?
this morning i arrive at work with my dc reporting funny errors: event 1126, 1655, and 1869 and 1863.
It is a dc, gc and dns. It is the RID master and the PDC master.
when i try open DNS i get "access is denied".
when i run dcdiag /v i get millions of errors, but this ones worries me the most:
Starting test: MachineAccount
The account HPHS-VM1 is not a DC account. It cannot replicate.
Warning: Attribute userAccountControl of HPHS-VM1 is:
0x91000 = ( WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWD | TRUSTED_FOR_DELEGATION )
Typical setting for a DC is
0x82000 = ( SERVER_TRUST_ACCOUNT | TRUSTED_FOR_DELEGATION )
This may be affecting replication?
......................... HPHS-VM1 failed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=hphs,
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=hphs,
......................... HPHS-VM1 failed test NCSecDesc
from this problematic machine i can \\servername and it will show me and give me access to the resources on that machine, however when i \\HPHS-VM1 from any other machine in the domain i get "\\hphs-vm1 is not accessible. you might not have permissions to use this network resource. Contact the administrator of this server to find out if you have access permissions. Logon Failure: The target account name is incorrect. however if i \\machine-ip it gives me acess to the resources.
My remaining two DC2 are running fine and handling logons etc.
any advice?
Additionally, please check in ADUC colsone under Domain Controllers if this server is still DC (if it is, there should be its account there). Maybe someone decommissioned it?
Krzysztof
Krzysztof
ASKER
thanks for the reply.
First thing i did was reboot it. and no change. No changes have been made on the server (or network for that matter) in more than a month.
if i open ADUC on the offending machine, inside the Domain Controllers OU, it is listed along side the other 2 DC's but under DC Type it is listed as DC.
On the functional DC's under ADUC Domain Controller OU, it is listed as just a GC. does that matter?
First thing i did was reboot it. and no change. No changes have been made on the server (or network for that matter) in more than a month.
if i open ADUC on the offending machine, inside the Domain Controllers OU, it is listed along side the other 2 DC's but under DC Type it is listed as DC.
On the functional DC's under ADUC Domain Controller OU, it is listed as just a GC. does that matter?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i have a full server backup from friday night. would it not be easier to first try restore to previous date?
Yes, if you have recent system state backup, do non-authoritative restore for that :)
http://technet.microsoft.com/en-us/library/cc784922%28WS.10%29.aspx
Krzysztof
http://technet.microsoft.com/en-us/library/cc784922%28WS.10%29.aspx
Krzysztof
ASKER
worked fine untill i rebooted it just to make sure... then the same issues started creepying up. however i am now only receiving one error in from ADDS 1308. but dns is still not running. will continue to work at it.
ASKER
ok, restarted systemstate again, and i have left it running... not going to reboot it just yet. i can only see one problem... its not show a sysvol folder, so there is obviously still something not right somewhere. but i am tired, and will only care enough again in about 5 hours time.
OK, so try with this MS article about "How to rebuild SYSVOL"
http://support.microsoft.com/default.aspx?scid=kb;en-us;315457
Krzysztof
http://support.microsoft.com/default.aspx?scid=kb;en-us;315457
Krzysztof
ASKER
got it scheduled for tomorrow morning
ASKER
so i jumpd the gun and started early. following http://support.microsoft.com/default.aspx?scid=kb;en-us;315457 broken EVERYTHING! restored everything from backup and now i am just back to where i originally started, and VM1 is giving me a few more errors to work with.
system log:
security-kerberos - event ID 4
GroupPolicy - event ID 1097
NETLOGON - event ID 5781
DFS Replication:
DFSR even: 1204
DNS Server Log:
DNS-Service-Server - event ID: 4000 and 4001
File Replication Service Log:
ntfsr - event 13562 and 13508
i also have the following:
C:\Users\administrator.HPH
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
C:\Users\administrator.HPH
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\HPHS-VM1
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
C:\Users\administrator.HPH
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\HPHS-VM1
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
C:\Users\administrator.HPH
C:\Users\administrator.HPH
Current LogonId is 0:0x1f6ad6
Cached Tickets: (8)
#0> Client: administrator @ HPHS.AC.ZA
Server: krbtgt/HPHS.AC.ZA @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x60a00000 -> forwardable forwarded renewable pre_authent
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#1> Client: administrator @ HPHS.AC.ZA
Server: krbtgt/HPHS.AC.ZA @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#2> Client: administrator @ HPHS.AC.ZA
Server: HOST/HPHS-WSUS.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:25:55 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#3> Client: administrator @ HPHS.AC.ZA
Server: ldap/HPHS-WSUS.hphs.ac.za/
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:24:47 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#4> Client: administrator @ HPHS.AC.ZA
Server: cifs/HPHS-FS2.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:21 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#5> Client: administrator @ HPHS.AC.ZA
Server: ldap/HPHS-FS2.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:20 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#6> Client: administrator @ HPHS.AC.ZA
Server: ldap/HPHS-WSUS.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#7> Client: administrator @ HPHS.AC.ZA
Server: cifs/HPHS-WSUS.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
C:\Users\administrator.HPH
If i am starting to understand this problem correctly... could it be that this domain controller account hphs-vm1 has "reset" itself? and thats is why all this bad shit is happening to me?
if i dont come right soon i will follow the instructions from the first post Krysztof made
system log:
security-kerberos - event ID 4
GroupPolicy - event ID 1097
NETLOGON - event ID 5781
DFS Replication:
DFSR even: 1204
DNS Server Log:
DNS-Service-Server - event ID: 4000 and 4001
File Replication Service Log:
ntfsr - event 13562 and 13508
i also have the following:
C:\Users\administrator.HPH
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
C:\Users\administrator.HPH
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\HPHS-VM1
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
C:\Users\administrator.HPH
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \\HPHS-VM1
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
C:\Users\administrator.HPH
C:\Users\administrator.HPH
Current LogonId is 0:0x1f6ad6
Cached Tickets: (8)
#0> Client: administrator @ HPHS.AC.ZA
Server: krbtgt/HPHS.AC.ZA @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x60a00000 -> forwardable forwarded renewable pre_authent
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#1> Client: administrator @ HPHS.AC.ZA
Server: krbtgt/HPHS.AC.ZA @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#2> Client: administrator @ HPHS.AC.ZA
Server: HOST/HPHS-WSUS.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:25:55 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#3> Client: administrator @ HPHS.AC.ZA
Server: ldap/HPHS-WSUS.hphs.ac.za/
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:24:47 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#4> Client: administrator @ HPHS.AC.ZA
Server: cifs/HPHS-FS2.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:21 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#5> Client: administrator @ HPHS.AC.ZA
Server: ldap/HPHS-FS2.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:20 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#6> Client: administrator @ HPHS.AC.ZA
Server: ldap/HPHS-WSUS.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
#7> Client: administrator @ HPHS.AC.ZA
Server: cifs/HPHS-WSUS.hphs.ac.za @ HPHS.AC.ZA
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forwardable renewable pre_authent ok_as_deleg
ate
Start Time: 10/1/2011 17:06:13 (local)
End Time: 10/2/2011 3:06:13 (local)
Renew Time: 10/3/2011 20:42:42 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
C:\Users\administrator.HPH
If i am starting to understand this problem correctly... could it be that this domain controller account hphs-vm1 has "reset" itself? and thats is why all this bad shit is happening to me?
if i dont come right soon i will follow the instructions from the first post Krysztof made
After all, if teh problem still perists, did you make any changes on that VM server? Any DC restoration from snapshot or something similar?
Regards,
Krzysztof