Link to home
Create AccountLog in
Avatar of thinktechsolutions
thinktechsolutionsFlag for United States of America

asked on

Windows SBS 2011 Errors

I need some help figuring out some error messages on 2 computer one is a windows xp workstation and the other is a windows 7 workstation. I've check the server and I have only this error message.

Volume Shadow Copy Service error: Failed resolving account spsearch with status 1376. Check connection to domain controller and VssAccessControl registry key.

Operation:
   Initializing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer

Error-specific details:

On both of the desktop these are the following error messages I'm getting and I'm not sure why.

Error Messages For Windows XP Desktop
The kerberos subsystem encountered a PAC verification failure.  This indicates that the PAC from the client SBSMonAcct in realm JRREALTY.LOCAL had a PAC which failed to verify or was modified.  Contact your system administrator.
	

No Domain Controller is available for domain JRREALTY due to the following:
The RPC server is unavailable. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

No Domain Controller is available for domain JRREALTY due to the following:
The RPC server is unavailable. .
Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

Windows saved user JRREALTY\crobertson registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Windows saved user JRREALTY\crobertson registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Windows saved user JRREALTY\crobertson registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Error messages for windows 7 desktop
This computer was not able to set up a secure session with a domain controller in domain JRREALTY due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

Any suggestions on the cause and reason I'm getting these error messages also what can i do to fix them. Thank you
Avatar of Shreedhar Ette
Shreedhar Ette
Flag of India image

- Are you able to logon to domain JRREALTY from mentioned two desktops? If yes, then you ignore these events.

- Make desktop NIC DNS is pointing to SBS2011 server.

- If issue still persist then disjoin the desktops from domain and add them using connectcomputer wizard.
Avatar of thinktechsolutions

ASKER

Yes I'm able to logon to the domain from the 2 desktops no problem. The desktop NICs pri dns are pointing to the server. When I added the computers I did the http://connect and then connected the computers to the domain.

We are using a program call WinTOTAL it is a realestate program that apprisers use. For the most part it works fine but there have been some issues this week where the program has locked up and everything on the pc locked up.

If you don't use certain functions are use key functions about SBS 2011 I wonder if there is an issue. We don't use the exchange on the server the only thing we use is just the server part of it. Not sure if thats an issue but I wanted to point that out.
Ok Still having major problems with the wintotal program and having issues with more users giving the same message as above not sure what those messages mean still trying to figure them out. Did a task manger on the server and keep in mind the server has not been restarted for about a week now but it shows almost 13.2 gb of memory being used. If anybody could help me figure out what is causing this issue I can figure out why I keep having so many problems. Thank you for any assistance it is greatly needed and apperciated.
Just wanted to add that I was checking the eventviewer and under application server and these are the messages I've been getting. This message everyday.

I recieved this message
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{61738644-F196-11D0-9953-00C04FD919C1}
 and APPID
{61738644-F196-11D0-9953-00C04FD919C1}
 to the user JRREALTY\spfarm SID (S-1-5-21-3794794637-3821774390-999197986-1157) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


Then I noticed I got this error message.
Possible Memory Leak.  Application ("C:\Windows\system32\mmc.exe" "C:\Windows\system32\dhcpmgmt.msc" ) (PID: 46404) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)].  [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked.  The call originated on the interface with UUID ({6bffd098-a112-3610-9833-46c3f874532d}), Method number (2).  User Action: Contact your application vendor for an updated version of the application.

This message comes up everyday.
Under DHCP Server
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.

I just went to fix my network
and could not configure router is still checked.
I followed these instructions.

http://www.handymanhowto.com/2011/08/19/how-to-configure-a-comcast-business-class-static-ip-address/
I'm thinking most of my issues is coming from there. Did I do everything correctly to bridge the comcast modem/router before I connect it to the server.
ASKER CERTIFIED SOLUTION
Avatar of Cris Hanna
Cris Hanna
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Thank you I will follow those links you posted and report back if there are any issues. I'm going to add a linksys router and bridge mode the comcast modem. When I first set everything up which was about 3 weeks ago the error message could not configure router never came up I'm starting to believe that is a huge reason why I'm having all of these problems all of a sudden. Thanx again.
99% of the routers out there SBS will not configure.
The important thing is that you forward the following ports
25
443
987 (if you want access to companyweb externally)
From the external IP to the internal NIC IP

Port 80 and Port 3389 should not be enabled.

Do you only have one NIC in the server?  What is it pointing to for DNS?
Server I Have 2 Nics But I'm Only Using One The One I'm Using Is Pointing To The Server
Is the second nic disconnected or disabled?   should be disabled
it is Disabled.
I'll be looking for your report after running everything I suggested
Hello CrisHanna I ran the BPA and it didn't come back with anything to fix. This is what it says Under Non complaint it doesn't say anything. If you go under all if says compliant then it says the server can ping the IP address of the default gateway. You are now running windows Server solutions BPA on a computer that is running windows small business server 2011 standard. If that's not the report you want please let me know where the report is located and I will respond back with it.

Also I did everything you listed above with the 2 links you requested me to go to.

I removed the comcast modem. Just an update for anybody that has the issue I had with the small business server. The comcast sbc modem cannot be fully bridged until you talk to comcast because there is a section on the modem that you cannot access only comcast can access it.

I bridged the modem and setup the linksys with the static ip put the server on the switch instead of on the router I don't think there should be any issues with that it is connected to a gigabyte switch so there shouldn't be any speed lost. I forwarded all the ports and disabled the DHCP on the router.

All computer can login to the domain and access the internet. I'm thinking of setting of DHCP reservations for all the computers I'm wondering if that will allow them to log in to the domain quicker. There are a few computers from the time the computer is restarted it takes about 2-3 minutes to load up windows from the sign on screen. It wasn't that way before so not sure what i did different. Also I had to go back in and reconnected the server by following the connect to internet wizard I don't know if that would cause any issues I don't think so but I'm not 100% sure.

Also i would like to when the computer connects to the network to automatically set its self up on the DHCP reservation instead of me having to do each and every computer.

I ran the fix network wizard and it says there are no problems. Is there anything else I can check out to make sure the server is in complaince are any tweaks I can add to make the computers login faster. Thank you again for all your help you have been a life saver today i really really apperciate it.
So are you indicating that DHCP was being provided the Comcast modem and not the SBS Server?  I probably should have ask but the default out of the box config is DHCP on the SBS server, so somewhere along the way, someone had to have changed that.

One suggestion for speeding up the logon would be to insure that the options in DHCP are set correctly now that it's been moved back to the SBS server
Check out this blog post from Susan Bradly on configuring DHCP scope options
http://msmvps.com/blogs/bradley/archive/2011/07/31/so-what-s-going-on-behind-the-scenes-in-dhcp.aspx  even though the article is for SBS 2008...its the same for SBS 2011

You shouldn't need reservations

Which version of SBS BPA were these results from?
The server I'm using is Small Business Server 2011 Standard.
Solutions Best Practice Analyzer 1.0 I believe I followed all the direction and downloaded the BPA along with the update. Did I do it right. Thank you.
you need to update to V1.1  http://support.microsoft.com/kb/2600333

Re-run the scan.  I suspect you'll find some things now

Are you using the SBS Console to update the Server and workstations?
What do you mean by update the server and workstations. I do use the SBS console. I've went to the website but i can't find anything on how to update it. I can't find anything to download to update the BPA
Here are the error messages.

This is under error


Category: Configuration

Source: 7

Issue: The DNS client is not configured to point only to the internal IP address of the server.

Impact: If the DNS client is not configured to point only to the internal IP address of the server, DNS name resolution can fail.

Resolution: Verify that DNS is configured properly. To configure DNS for the internal network adapter, click Start, and in the search box, type ncpa.cpl. In Network Connections, right-click the connection for your internal network adapter, and then click Properties. In the Connection Properties, select Internet Protocol Version 4 (TCP/IPv4) and then click Properties. In the TCP/IPV4 Properties, click Advanced, and then click the DNS tab. In the list of DNS server addresses, make sure that either the IPv4 address of the server is the only address in the list, or that it appears last in the list. More than one IP address can appear in list if your network has more than one DNS server or domain controller.

This is under warning
Category: Operation

Source: 121

Issue: The server is running the original release of Exchange Server 2010. However, Exchange Server 2010 Service Pack 2 (SP2) is now available.

Impact: Exchange Server 2010 Service SP2 offers improvements in server reliability and the user experience.

Resolution: You can download Exchange Server 2010 SP2 from the Microsoft Download Center at http://go.microsoft.com/fwlink/?LinkID=232843.

Category: Configuration

Source: 432

Issue: The certificate for the Remote Desktop Gateway service seems to be bound incorrectly.

Impact: If the certificate for the Remote Desktop Gateway service is not configured correctly, users cannot connect to Remote Web Workplace.

Resolution: At an administrator-level command prompt, type
REG ADD HKLM\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443  /v DefaultFlags /t REG_DWORD /d 1 /f
net stop tsgateway
net start tsgateway

Category: Configuration

Source: 58

Issue: The DNS parameter MaxCacheTTL is not set.

Impact: When name resolution is provided by root hints, Windows Server  2008 DNS Servers and Windows Server 2008 R2 DNS Servers may fail to resolve queries for the names of some top-level domains. If this occurs, the problem will continue until you clear the DNS Server cache or restart the DNS Server service. You may experience the problem with domains such as .co, .uk, .cn, and .br. However, the problem is not limited to those domains.

Resolution: For more information, see "Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains" at http://go.microsoft.com/fwlink/?LinkId=152402.

Category: Configuration

Source: 224

Issue: Windows Firewall is turned on in the default installation of Windows Small Business Server.

Impact: Depending on your firewall settings, Windows Firewall can help protect your server and network from malicious activity by blocking some information from passing through the server.

Resolution: There are two settings need to be checked : 1) Check whether the Windows Firewall service is running.  To turn on the Windows Firewall service, open Services.msc, located the Windows Firewall service, set the Startup Type to Automatic, and then start the service. 2) Check whether Windows Firewall is turned on: Go to Control panel->System and Security->Windows Firewall. Click "Turn Windows Firewall on or off" and turn on firewall in all profiles.

Category: Configuration

Source: 323

Issue: This server is running the original release of Windows Server 2008 R2. However, Service Pack 1 for Windows Server 2008 R2 is available.

Impact: Service Pack 1 for Windows Server 2008 R2 offers improvements in server reliability and the user experience.

Resolution: You can download the service pack from the Microsoft Download Center at  http://go.microsoft.com/fwlink/?LinkId=226222
Is this the correct update to download windows6.1-KB976932-X64.exe.

I will update everything restart the server and re run the tool and post if there are any errors are warning. Thank you for all your assistance.
Ok...so have you resolved the first and second item?

Regarding the Exchange Service Pack, skip SP2 and go for SP3  All Service Packs are cumulative
http://www.microsoft.com/en-us/download/details.aspx?id=36768

Skip the issue regarding Service Pack 1 for Server 2008 R2...it came with it...I'm pretty sure this was an issue with the BPA

last but not least...make sure that your server is using Microsoft Update....not Windows Update to get updates in WSUS.   If you go to the server > Control Panel > Windows Update
You should see this
User generated image
Ok I double checked the windows updates and it is coming from microsoft update not windows update. Also the other 2 error messages are gone. I do keep getting this error message and I've tried to fix it but following the instructions but its not working.
Category: Configuration

Source: 432

Issue: The certificate for the Remote Desktop Gateway service seems to be bound incorrectly.

Impact: If the certificate for the Remote Desktop Gateway service is not configured correctly, users cannot connect to Remote Web Workplace.


Resolution: At an administrator-level command prompt, type
REG ADD HKLM\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443  /v DefaultFlags /t REG_DWORD /d 1 /f
net stop tsgateway
net start tsgateway


As for the exchange sp3 update since we don't use SBS 2011 for email should I do the sp3 update are not worry about it.

Also surprising but the server did not come with sp1 installed it is installed now but it wasn't before.

Also I'm using a self issue certificate not an ssl trying to get an ssl for the remote desktop connection.

Is there anything else i need to look at thank you again for all your help.
You might try running the Fix My Network wizard again to see if it fixes the cert...or you perform the registry edit as described.

It's a shame that you're not using Exchange...very cool tool

I think at this point you should be in pretty good shape
I'm sorry to keep bothering you I ran the network wizard and it came back An internet port is mapping is missing. The server can't open port 80,443,987 there opened and pointed to the ip address of the server. Not sure what i'm doing wrong any suggestions.
Run the Connect to the Internet Wizard again and then run the Setup your internet address wizard again...

Is the issue that you can't connect to remote web access?
Thank you CrisHanna for helping me this past weekend I think i have got all issues figured out. I do however have one question about the server. Is there anyway to remove exchange server 2010 since nobody is using it and will probaly never use it. i was looking at the memory usage and it is around 13gb and I have 16gb of memory. Is there a way to reduce the amount of memory the server is using.
You can stop and then disable the Exchange services..do not uninstall
Ok thank you that helped a little bit I just can't believe it take almost 13gb of memory. thank you so much for your help.
Thank you so much again for all the help