Solved

Error when trying to "Detect Now" in Server 2012 Group Policy Management

Posted on 2013-01-15
4
2,073 Views
Last Modified: 2013-01-15
Dear Team,
 
I have Windows Server 2003 R2 holds all the FSMO roles as a Physical Domain Controller and I have a second DC running Windows Server 2012 as a VM.
 
It seems the policies are not synchronized.
 
If I changed the domain controller from the GPMC in Windows Server 2012 to the DC-2012, when I click on any Policy, I receive the error message "The Network name cannot be found".
 
When I click on TOP of my domain name in GPMC (2012), I receive the attached error.
 
Servers Name:
 
Domain = Windows 2003 R2 + FSMO Standard
 
PDC = Windows 2012 Standard
 
Please find below outputs of the following commands:
 
C:\repadmin /showrepl:
 
DC=AAAAA
     Default-First-Site-Name\DOMAIN via RPC
         DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
         Last attempt @ 2013-01-07 15:04:57 was successful.
 
CN=Configuration,DC=AAAAA
     Default-First-Site-Name\DOMAIN via RPC
         DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
         Last attempt @ 2013-01-07 14:46:40 was successful.
 
CN=Schema,CN=Configuration,DC=AAAAA
     Default-First-Site-Name\DOMAIN via RPC
         DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
         Last attempt @ 2013-01-07 14:46:40 was successful.
 
DC=ForestDnsZones,DC=AAAAA
     Default-First-Site-Name\DOMAIN via RPC
         DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
         Last attempt @ 2013-01-07 14:46:40 was successful.
 
DC=DomainDnsZones,DC=AAAAA
     Default-First-Site-Name\DOMAIN via RPC
         DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
         Last attempt @ 2013-01-07 14:46:40 was successful.
 

C:\Users\administrator.AAAAA>dsquery server -domain pdc:
 
"CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA"
 "CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA"
 

C:\dcdiag /v >dcdiag.txt:
 
Directory Server Diagnosis
 

Performing initial setup:
 
   Trying to find home server...
 
   * Verifying that the local machine PDC, is a Directory Server.
   Home Server = PDC
 
   * Connecting to directory service on server PDC.
 
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
 
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=AAAAA,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
    The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
    Getting ISTG and options for the site
    * Identifying all servers.
 
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=AAAAA,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
    The previous call succeeded....
    The previous call succeeded
    Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    Getting information for the server CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    * Identifying all NC cross-refs.
 
   * Found 2 DC(s). Testing 1 of them.
 
   Done gathering initial info.
 

Doing initial required tests
 
   
   Testing server: Default-First-Site-Name\PDC
 
      Starting test: Connectivity
 
         * Active Directory LDAP Services Check
          Determining IP4 connectivity
         * Active Directory RPC Services Check
          ......................... PDC passed test Connectivity
 
Doing primary tests
 
   
   Testing server: Default-First-Site-Name\PDC
 
      Starting test: Advertising
 
         Warning: DsGetDcName returned information for \\domain.AAAAA, when
 
         we were trying to reach PDC.
 
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
 
         ......................... PDC failed test Advertising
 
      Test omitted by user request: CheckSecurityError
 
      Test omitted by user request: CutoffServers
 
      Starting test: FrsEvent
 
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the
 
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
 
         Group Policy problems.
         A warning event occurred.  EventID: 0x800034C4
 
            Time Generated: 01/06/2013   21:14:52
 
            Event String:
 
            The File Replication Service is having trouble enabling replication from DOMAIN to PDC for c:\windows\sysvol\domain using the DNS name domain.AAAAA. FRS will keep retrying.
 
             Following are some of the reasons you would see this warning.

             

             [1] FRS can not correctly resolve the DNS name domain.AAAAA from this computer.
 
             [2] FRS is not running on domain.AAAAA.

             [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
             

             This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
 
         A warning event occurred.  EventID: 0x800034C4
 
            Time Generated: 01/06/2013   21:35:02
 
            Event String:
 
            The File Replication Service is having trouble enabling replication from domain.AAAAA to PDC for c:\windows\sysvol\domain using the DNS name domain.AAAAA. FRS will keep retrying.
 
             Following are some of the reasons you would see this warning.

             

             [1] FRS can not correctly resolve the DNS name domain.AAAAA from this computer.
 
             [2] FRS is not running on domain.AAAAA.

             [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
 
             

             This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
 
         ......................... PDC passed test FrsEvent
 
      Starting test: DFSREvent
 
         The DFS Replication Event Log.
         Skip the test because the server is running FRS.
 
         ......................... PDC passed test DFSREvent
 
      Starting test: SysVolCheck
 
         * The File Replication Service SYSVOL ready test
         The registry lookup failed to determine the state of the SYSVOL.  The
 
         error returned  was 0x0 "The operation completed successfully.".
 
         Check the FRS event log to see if the SYSVOL has successfully been
 
         shared.
         ......................... PDC passed test SysVolCheck
 
      Starting test: KccEvent
 
         * The KCC Event log test
          Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
          ......................... PDC passed test KccEvent
 
      Starting test: KnowsOfRoleHolders
 
         Role Schema Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
          Role Domain Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
          Role PDC Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
          Role Rid Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
          Role Infrastructure Update Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
          ......................... PDC passed test KnowsOfRoleHolders
 
      Starting test: MachineAccount
 
         Checking machine account for DC PDC on DC PDC.
          * SPN found :LDAP/PDC.AAAAA/AAAAA
          * SPN found :LDAP/PDC.AAAAA
          * SPN found :LDAP/PDC
          * SPN found :LDAP/PDC.AAAAA/AAAAA
          * SPN found :LDAP/a45cd349-0c7a-495b-b7da-ed808a7f19c4._msdcs.AAAAA
          * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a45cd349-0c7a-495b-b7da-ed808a7f19c4/AAAAA
          * SPN found :HOST/PDC.AAAAA/AAAAA
          * SPN found :HOST/PDC.AAAAA
          * SPN found :HOST/PDC
          * SPN found :HOST/PDC.AAAAA/AAAAA
          * SPN found :GC/PDC.AAAAA/AAAAA
          ......................... PDC passed test MachineAccount
 
      Starting test: NCSecDesc
 
         * Security Permissions check for all NC's on DC PDC.
          * Security Permissions Check for
 
           DC=DomainDnsZones,DC=AAAAA
             (NDNC,Version 3)
          * Security Permissions Check for
 
           DC=ForestDnsZones,DC=AAAAA
             (NDNC,Version 3)
          * Security Permissions Check for
 
           CN=Schema,CN=Configuration,DC=AAAAA
             (Schema,Version 3)
          * Security Permissions Check for
 
           CN=Configuration,DC=AAAAA
             (Configuration,Version 3)
          * Security Permissions Check for
 
           DC=AAAAA
             (Domain,Version 3)
          ......................... PDC passed test NCSecDesc
 
      Starting test: NetLogons
 
         * Network Logons Privileges Check
          Unable to connect to the NETLOGON share! (\\PDC\netlogon)
 
         [PDC] An net use or LsaPolicy operation failed with error 67,
 
         The network name cannot be found..
 
         ......................... PDC failed test NetLogons
 
      Starting test: ObjectsReplicated
 
         PDC is in domain DC=AAAAA
          Checking for CN=PDC,OU=Domain Controllers,DC=AAAAA in domain DC=AAAAA on 1 servers
             Object is up-to-date on all servers.
          Checking for CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA in domain CN=Configuration,DC=AAAAA on 1 servers
             Object is up-to-date on all servers.
          ......................... PDC passed test ObjectsReplicated
 
      Test omitted by user request: OutboundSecureChannels
 
      Starting test: Replications
 
         * Replications Check
          * Replication Latency Check
             DC=DomainDnsZones,DC=AAAAA
                Latency information for 2 entries in the vector were ignored.
                   2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=ForestDnsZones,DC=AAAAA
                Latency information for 2 entries in the vector were ignored.
                   2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=AAAAA
                Latency information for 2 entries in the vector were ignored.
                   2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=AAAAA
                Latency information for 2 entries in the vector were ignored.
                   2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=AAAAA
                Latency information for 2 entries in the vector were ignored.
                   2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... PDC passed test Replications
 
      Starting test: RidManager
 
         * Available RID Pool for the Domain is 3603 to 1073741823
          * domain.AAAAA is the RID Master
          * DsBind with RID Master was successful
          * rIDAllocationPool is 3103 to 3602
          * rIDPreviousAllocationPool is 3103 to 3602
          * rIDNextRID: 3103
          ......................... PDC passed test RidManager
 
      Starting test: Services
 
         * Checking Service: EventSystem
          * Checking Service: RpcSs
          * Checking Service: NTDS
          * Checking Service: DnsCache
          * Checking Service: NtFrs
          * Checking Service: IsmServ
          * Checking Service: kdc
          * Checking Service: SamSs
          * Checking Service: LanmanServer
          * Checking Service: LanmanWorkstation
          * Checking Service: w32time
          * Checking Service: NETLOGON
          ......................... PDC passed test Services
 
      Starting test: SystemLog
 
         * The System Event log test
          Found no errors in "System" Event log in the last 60 minutes.
          ......................... PDC passed test SystemLog
 
      Test omitted by user request: Topology
 
      Test omitted by user request: VerifyEnterpriseReferences
 
      Starting test: VerifyReferences
 
         The system object reference (serverReference)
 
         CN=PDC,OU=Domain Controllers,DC=AAAAA and backlink on
 
         CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
 
         are correct.
         The system object reference (serverReferenceBL)
 
         CN=PDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=AAAAA
 
         and backlink on
 
         CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
 
         are correct.
         The system object reference (frsComputerReferenceBL)
 
         CN=PDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=AAAAA
 
         and backlink on CN=PDC,OU=Domain Controllers,DC=AAAAA are correct.
         ......................... PDC passed test VerifyReferences
 
      Test omitted by user request: VerifyReplicas
 
   
      Test omitted by user request: DNS
 
      Test omitted by user request: DNS
 
   
   Running partition tests on : DomainDnsZones
 
      Starting test: CheckSDRefDom
 
         ......................... DomainDnsZones passed test CheckSDRefDom
 
      Starting test: CrossRefValidation
 
         ......................... DomainDnsZones passed test
 
         CrossRefValidation
 
   
   Running partition tests on : ForestDnsZones
 
      Starting test: CheckSDRefDom
 
         ......................... ForestDnsZones passed test CheckSDRefDom
 
      Starting test: CrossRefValidation
 
         ......................... ForestDnsZones passed test
 
         CrossRefValidation
 
   
   Running partition tests on : Schema
 
      Starting test: CheckSDRefDom
 
         ......................... Schema passed test CheckSDRefDom
 
      Starting test: CrossRefValidation
 
         ......................... Schema passed test CrossRefValidation
 
   
   Running partition tests on : Configuration
 
      Starting test: CheckSDRefDom
 
         ......................... Configuration passed test CheckSDRefDom
 
      Starting test: CrossRefValidation
 
         ......................... Configuration passed test CrossRefValidation
 
   
   Running partition tests on : AAAAA
 
      Starting test: CheckSDRefDom
 
         ......................... AAAAA passed test CheckSDRefDom
 
      Starting test: CrossRefValidation
 
         ......................... AAAAA passed test CrossRefValidation
 
   
   Running enterprise tests on : AAAAA
 
      Test omitted by user request: DNS
 
      Test omitted by user request: DNS
 
      Starting test: LocatorCheck
 
         GC Name: \\domain.AAAAA
 
         Locator Flags: 0xe00001fd
          PDC Name: \\domain.AAAAA
          Locator Flags: 0xe00001fd
          Time Server Name: \\domain.AAAAA
          Locator Flags: 0xe00001fd
          Preferred Time Server Name: \\domain.AAAAA
          Locator Flags: 0xe00001fd
          KDC Name: \\domain.AAAAA
          Locator Flags: 0xe00001fd
          ......................... AAAAA passed test LocatorCheck
 
      Starting test: Intersite
 
         Skipping site Default-First-Site-Name, this site is outside the scope
 
         provided by the command line arguments provided.
         ......................... AAAAA passed test Intersite
 

I run nltest /dclist on both DCs and the return is successfull:
 
C:\Users\administrator.AAAAA>nltest /dclist:AAAAA
 Get list of DCs in domain 'ISCADKC' from '\\domain.AAAAA'.
     domain.AAAAA [PDC] [DS] Site: Default-First-Site-Name
     PDC.AAAAA     [DS] Site: Default-First-Site-Name
 The command completed successfully


Please your help is highly appreciated.
 
I want to note that my domain was created without top level domain (*.net, *.com, etc...). Only AAAAA

Thamk you and regards,
Image.jpg
0
Comment
Question by:ISC-IT-Admin
  • 2
  • 2
4 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 38777436
Both the servers has same time and time zone ?
0
 
LVL 1

Author Comment

by:ISC-IT-Admin
ID: 38777468
Yes, both servers has the same time and time zone as well.

Why this issue?

Thanks.
0
 
LVL 14

Accepted Solution

by:
Ram Balachandran earned 500 total points
ID: 38777479
This link has similiar kind of issue troubleshooted - please have a look in case if ur case is relating anywhere

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/6713c55f-0bc5-4d74-a18b-b867ccc9d059/
0
 
LVL 1

Author Closing Comment

by:ISC-IT-Admin
ID: 38781577
Thank you.
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now