?
Solved

ACTIVE DIRECTORY ISSUES AFTER RESTARTING EXCHANGE SERVER

Posted on 2014-04-10
6
Medium Priority
?
400 Views
Last Modified: 2014-04-21
AFTER RESTARTING SERVER FOR WINDOWS UPDATES....AD IS NOT FUNCTIONING LIKE IT SHOULD INTERMITTENT ERRORS FROM DCDIAG.....

HERE IS OUTPUT;

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\TMA-SERVICES
      Starting test: Connectivity
         ......................... TMA-SERVICES passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\TMA-SERVICES
      Starting test: Replications
         [Replications Check,TMA-SERVICES] A recent replication attempt failed:
            From NEWSERVICES to TMA-SERVICES
            Naming Context: DC=ForestDnsZones,DC=toomanyamps,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-04-10 11:58:32.
            The last success occurred at 2014-04-10 11:46:02.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,TMA-SERVICES] A recent replication attempt failed:
            From NEWSERVICES to TMA-SERVICES
            Naming Context: DC=DomainDnsZones,DC=toomanyamps,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-04-10 11:58:31.
            The last success occurred at 2014-04-10 11:46:02.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,TMA-SERVICES] A recent replication attempt failed:
            From NEWSERVICES to TMA-SERVICES
            Naming Context: CN=Schema,CN=Configuration,DC=toomanyamps,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-04-10 11:58:30.
            The last success occurred at 2014-04-10 11:46:02.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... TMA-SERVICES passed test Replications
      Starting test: NCSecDesc
         ......................... TMA-SERVICES passed test NCSecDesc
      Starting test: NetLogons
         ......................... TMA-SERVICES passed test NetLogons
      Starting test: Advertising
         ......................... TMA-SERVICES passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... TMA-SERVICES passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... TMA-SERVICES passed test RidManager
      Starting test: MachineAccount
         ......................... TMA-SERVICES passed test MachineAccount
      Starting test: Services
         ......................... TMA-SERVICES passed test Services
      Starting test: ObjectsReplicated
         ......................... TMA-SERVICES passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... TMA-SERVICES passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... TMA-SERVICES failed test frsevent
      Starting test: kccevent
         ......................... TMA-SERVICES passed test kccevent
      Starting test: systemlog
         ......................... TMA-SERVICES passed test systemlog
      Starting test: VerifyReferences
         ......................... TMA-SERVICES passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : toomanyamps
      Starting test: CrossRefValidation
         ......................... toomanyamps passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... toomanyamps passed test CheckSDRefDom

   Running enterprise tests on : toomanyamps.local
      Starting test: Intersite
         ......................... toomanyamps.local passed test Intersite
      Starting test: FsmoCheck
         ......................... toomanyamps.local passed test FsmoCheck
0
Comment
Question by:gleaver
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 

Author Comment

by:gleaver
ID: 39992629
FROM THE OTHER DC ALSO RUNS EXCHANGE;

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\TMA-SERVICES
      Starting test: Connectivity
         ......................... TMA-SERVICES passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\TMA-SERVICES
      Starting test: Replications
         [Replications Check,TMA-SERVICES] A recent replication attempt failed:
            From NEWSERVICES to TMA-SERVICES
            Naming Context: DC=ForestDnsZones,DC=toomanyamps,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-04-10 11:58:32.
            The last success occurred at 2014-04-10 11:46:02.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,TMA-SERVICES] A recent replication attempt failed:
            From NEWSERVICES to TMA-SERVICES
            Naming Context: DC=DomainDnsZones,DC=toomanyamps,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-04-10 11:58:31.
            The last success occurred at 2014-04-10 11:46:02.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [Replications Check,TMA-SERVICES] A recent replication attempt failed:
            From NEWSERVICES to TMA-SERVICES
            Naming Context: CN=Schema,CN=Configuration,DC=toomanyamps,DC=local
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2014-04-10 11:58:30.
            The last success occurred at 2014-04-10 11:46:02.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... TMA-SERVICES passed test Replications
      Starting test: NCSecDesc
         ......................... TMA-SERVICES passed test NCSecDesc
      Starting test: NetLogons
         ......................... TMA-SERVICES passed test NetLogons
      Starting test: Advertising
         ......................... TMA-SERVICES passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... TMA-SERVICES passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... TMA-SERVICES passed test RidManager
      Starting test: MachineAccount
         ......................... TMA-SERVICES passed test MachineAccount
      Starting test: Services
         ......................... TMA-SERVICES passed test Services
      Starting test: ObjectsReplicated
         ......................... TMA-SERVICES passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... TMA-SERVICES passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... TMA-SERVICES failed test frsevent
      Starting test: kccevent
         ......................... TMA-SERVICES passed test kccevent
      Starting test: systemlog
         ......................... TMA-SERVICES passed test systemlog
      Starting test: VerifyReferences
         ......................... TMA-SERVICES passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : toomanyamps
      Starting test: CrossRefValidation
         ......................... toomanyamps passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... toomanyamps passed test CheckSDRefDom

   Running enterprise tests on : toomanyamps.local
      Starting test: Intersite
         ......................... toomanyamps.local passed test Intersite
      Starting test: FsmoCheck
         ......................... toomanyamps.local passed test FsmoCheck
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39992757
What happens if you rollback the changes/updates?  Get rid of them and DCDIAG.
0
 
LVL 20

Assisted Solution

by:compdigit44
compdigit44 earned 1000 total points
ID: 40000474
Your Exchange server is running on a separate server correct?

Is this the first time you are getting these errors after restart your DC?

As a test run the following commands on your DC:
net stop netlogon && net start netlogon  && ipconfig /registerdns

The rung a DCDiag again
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Accepted Solution

by:
gleaver earned 0 total points
ID: 40004701
turned out to be a bug from barracuda spam and virus add-on for exchange locked up the entire exchange store and created many errors between replicating DC's....took hours to find the culprit since it was running as intended for such a long time.....uninstalled started working within seconds
0
 

Author Comment

by:gleaver
ID: 40004703
thanks for everyone's help!!!
0
 

Author Closing Comment

by:gleaver
ID: 40012212
got it worked out on my own
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question