Solved

Newly promoted domain controller showing many errors but dcpromo didn't complain?

Posted on 2014-10-27
11
363 Views
Last Modified: 2014-11-02
I have a domain separated into four sites. In one of my remote sites, I have promoted a new DC and will be decommissioning the existing DC in a few weeks. I didn't receive any errors when I did the dcpromo but I had to delay rebooting the server after the promotion for a few days.

After the reboot, it appears there are some serious problems on this new DC:

The directory service log is full of events 1864
This directory server has not recently received replication information from a number of directory servers.

Open in new window

2089
This directory partition has not been backed up since at least the following number of days.

Open in new window

2093
The remote server which is the owner of a FSMO role is not responding. This server has not replicated with the FSMO role owner recently.

Open in new window

The system log contains many events 1006
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Open in new window


Info from the details tab is as follows:

SupportInfo1 1
SupportInfo2 5012 
ProcessingMode 0 
ProcessingTimeInMilliseconds 2184 
ErrorCode 49 
ErrorDescription Invalid Credentials 
DCName

Open in new window


As well as error 4:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server kelethdc01$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/2ee10a9d-dcf0-4940-b2e5-25044f90869c/domain.com@domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DOMAIN.COM) is different from the client domain (DOMAIN.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.), and error 5782 (Dynamic registration or deregistration of one or more DNS records failed with the following error: TCP/IP network protocol not installed.

Can anyone suggest what might have happened here, and how to correct?
0
Comment
Question by:SR_Tech
  • 5
  • 3
  • 3
11 Comments
 
LVL 32

Expert Comment

by:it_saige
ID: 40406872
What results do you receive from running DCDIAG?

-saige-
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40406879
i would also look at any possible replication issues

the message about the directory partition not being backed up is separate; seems there has not been a DS backup for a while which you would want to take care of
0
 

Author Comment

by:SR_Tech
ID: 40406892
dcdiag result:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = new_dc

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: remote_site\new_dc

      Starting test: Connectivity

         ......................... new_dc passed test Connectivity



Doing primary tests

   
   Testing server: remote_site\new_dc

      Starting test: Advertising

         Warning: DsGetDcName returned information for \\anothersite_dc.domain.com,

         when we were trying to reach new_dc.

         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

         ......................... new_dc failed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... new_dc passed test FrsEvent

      Starting test: DFSREvent

         ......................... new_dc passed test DFSREvent

      Starting test: SysVolCheck

         ......................... new_dc passed test SysVolCheck

      Starting test: KccEvent

         ......................... new_dc passed test KccEvent

      Starting test: KnowsOfRoleHolders

         [fsmo_dc] DsBindWithSpnEx() failed with error -2146893022,

         The target principal name is incorrect..
         Warning: fsmo_dc is the Schema Owner, but is not responding to DS

         RPC Bind.

         [fsmo_dc] LDAP bind failed with error 8341,

         A directory service error has occurred..
         Warning: fsmo_dc is the Schema Owner, but is not responding to LDAP

         Bind.

         Warning: fsmo_dc is the Domain Owner, but is not responding to DS

         RPC Bind.

         Warning: fsmo_dc is the Domain Owner, but is not responding to LDAP

         Bind.

         Warning: fsmo_dc is the PDC Owner, but is not responding to DS RPC

         Bind.

         Warning: fsmo_dc is the PDC Owner, but is not responding to LDAP

         Bind.

         Warning: fsmo_dc is the Rid Owner, but is not responding to DS RPC

         Bind.

         Warning: fsmo_dc is the Rid Owner, but is not responding to LDAP

         Bind.

         Warning: fsmo_dc is the Infrastructure Update Owner, but is not

         responding to DS RPC Bind.

         Warning: fsmo_dc is the Infrastructure Update Owner, but is not

         responding to LDAP Bind.

         ......................... new_dc failed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... new_dc passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=domain,DC=com
         ......................... new_dc failed test NCSecDesc

      Starting test: NetLogons

         Unable to connect to the NETLOGON share! (\\new_dc\netlogon)

         [new_dc] An net use or LsaPolicy operation failed with error 67,

         The network name cannot be found..

         ......................... new_dc failed test NetLogons

      Starting test: ObjectsReplicated

         ......................... new_dc passed test ObjectsReplicated

      Starting test: Replications

         REPLICATION LATENCY WARNING

         new_dc: This replication path was preempted by higher priority

         work.

            from old_dc to new_dc

            Reason:

            While accessing the hard disk, a disk operation failed even after retries.

            The last success occurred at 2014-10-06 13:48:25.

            Replication of new changes along this path will be delayed.

         REPLICATION LATENCY WARNING

         ERROR: Expected notification link is missing.

         Source old_dc

         Replication of new changes along this path will be delayed.

         This problem should self-correct on the next periodic sync.

         REPLICATION LATENCY WARNING

         new_dc: This replication path was preempted by higher priority

         work.

            from old_dc to new_dc

            Reason:

            While accessing the hard disk, a disk operation failed even after retries.

            The last success occurred at 2014-10-06 13:48:25.

            Replication of new changes along this path will be delayed.

         REPLICATION LATENCY WARNING

         ERROR: Expected notification link is missing.

         Source old_dc

         Replication of new changes along this path will be delayed.

         This problem should self-correct on the next periodic sync.

         REPLICATION LATENCY WARNING

         new_dc: This replication path was preempted by higher priority

         work.

            from old_dc to new_dc

            Reason:

            While accessing the hard disk, a disk operation failed even after retries.

            The last success occurred at 2014-10-06 13:47:56.

            Replication of new changes along this path will be delayed.

         REPLICATION LATENCY WARNING

         ERROR: Expected notification link is missing.

         Source old_dc

         Replication of new changes along this path will be delayed.

         This problem should self-correct on the next periodic sync.

         REPLICATION LATENCY WARNING

         new_dc: This replication path was preempted by higher priority

         work.

            from old_dc to new_dc

            Reason:

            While accessing the hard disk, a disk operation failed even after retries.

            The last success occurred at 2014-10-06 13:48:04.

            Replication of new changes along this path will be delayed.

         REPLICATION LATENCY WARNING

         ERROR: Expected notification link is missing.

         Source old_dc

         Replication of new changes along this path will be delayed.

         This problem should self-correct on the next periodic sync.

         REPLICATION LATENCY WARNING

         new_dc: This replication path was preempted by higher priority

         work.

            from old_dc to new_dc

            Reason:

            While accessing the hard disk, a disk operation failed even after retries.

            The last success occurred at 2014-10-06 13:48:23.

            Replication of new changes along this path will be delayed.

         REPLICATION LATENCY WARNING

         ERROR: Expected notification link is missing.

         Source old_dc

         Replication of new changes along this path will be delayed.

         This problem should self-correct on the next periodic sync.

         REPLICATION-RECEIVED LATENCY WARNING

         new_dc:  Current time is 2014-10-27 13:58:13.

            DC=DomainDnsZones,DC=domain,DC=com
               Last replication received from fsmo_dc at 
          2014-10-06 13:40:09 
               Last replication received from old_dc at 
          2014-10-06 13:48:24 
               Last replication received from anothersite_dc at 
          2014-10-06 13:40:21 
               Last replication received from mainsite_dc at 
          2014-10-06 13:40:21 
               Last replication received from yetanothersite_dc at 
          2014-10-06 13:40:06 
               Last replication received from evenyetanothersite_dc at 
          2014-10-06 13:46:57 
            DC=ForestDnsZones,DC=domain,DC=com
               Last replication received from fsmo_dc at 
          2014-10-06 12:51:27 
               Last replication received from old_dc at 
          2014-10-06 13:48:25 
               Last replication received from anothersite_dc at 
          2014-10-06 13:40:20 
               Last replication received from mainsite_dc at 
          2014-10-06 13:40:21 
               Last replication received from yetanothersite_dc at 
          2014-10-06 12:51:27 
               Last replication received from evenyetanothersite_dc at 
          2014-10-06 13:46:57 
            CN=Schema,CN=Configuration,DC=domain,DC=com
               Last replication received from fsmo_dc at 
          2014-10-06 12:51:27 
               Last replication received from old_dc at 
          2014-10-06 13:47:54 
               Last replication received from anothersite_dc at 
          2014-10-06 13:40:18 
               Last replication received from mainsite_dc at 
          2014-10-06 13:40:18 
               Last replication received from yetanothersite_dc at 
          2014-10-06 12:51:27 
               Last replication received from evenyetanothersite_dc at 
          2014-10-06 13:46:56 
            CN=Configuration,DC=domain,DC=com
               Last replication received from fsmo_dc at 
          2014-10-06 13:27:20 
               Last replication received from old_dc at 
          2014-10-06 13:48:03 
               Last replication received from anothersite_dc at 
          2014-10-06 13:40:10 
               Last replication received from mainsite_dc at 
          2014-10-06 13:40:18 
               Last replication received from yetanothersite_dc at 
          2014-10-06 12:51:35 
               Last replication received from evenyetanothersite_dc at 
          2014-10-06 13:46:56 
            DC=domain,DC=com
               Last replication received from fsmo_dc at 
          2014-10-06 13:40:17 
               Last replication received from old_dc at 
          2014-10-06 13:48:22 
               Last replication received from anothersite_dc at 
          2014-10-06 13:40:09 
               Last replication received from mainsite_dc at 
          2014-10-06 13:40:19 
               Last replication received from yetanothersite_dc at 
          2014-10-06 13:40:03 
               Last replication received from evenyetanothersite_dc at 
          2014-10-06 13:46:55 
         ......................... new_dc passed test Replications

      Starting test: RidManager

         ......................... new_dc failed test RidManager

      Starting test: Services

         ......................... new_dc passed test Services

      Starting test: SystemLog

         A warning event occurred.  EventID: 0x0000A001

            Time Generated: 10/27/2014   13:00:58

            Event String:

            The Security System could not establish a secured connection with the server ldap/evenyetanothersite_dc/domain.com@domain.com. No authentication protocol was available.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:00:58

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:01:11

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fsmo_dc$. The target name used was LDAP/2ee10a9d-dcf0-4940-b2e5-25044f90869c._msdcs.domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 10/27/2014   13:03:13

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:06:01

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         A warning event occurred.  EventID: 0x0000008E

            Time Generated: 10/27/2014   13:11:00

            Event String:

            The time service has stopped advertising as a time source because the local clock is not synchronized.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:11:03

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:13:07

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fsmo_dc$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/2ee10a9d-dcf0-4940-b2e5-25044f90869c/domain.com@domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:16:05

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:18:09

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server evenyetanothersite_dc$. The target name used was cifs/evenyetanothersite_dc. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:18:10

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server evenyetanothersite_dc$. The target name used was LDAP/evenyetanothersite_dc.domain.com/domain.com@domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:21:07

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:22:21

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server backup_server$. The target name used was DOMAIN\backup_server$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:26:10

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:31:12

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:36:14

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         A warning event occurred.  EventID: 0x0000A001

            Time Generated: 10/27/2014   13:41:17

            Event String:

            The Security System could not establish a secured connection with the server ldap/anothersite_dc/domain.com@domain.com. No authentication protocol was available.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:41:17

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:46:19

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:51:21

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:56:08

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server evenyetanothersite_dc$. The target name used was ldap/evenyetanothersite_dc. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:56:11

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fsmo_dc$. The target name used was ldap/fsmo_dc.domain.com/domain.com@domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         An error event occurred.  EventID: 0x00000406

            Time Generated: 10/27/2014   13:56:11

            Event String:

            The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

         An error event occurred.  EventID: 0x000003EE

            Time Generated: 10/27/2014   13:56:23

            Event String:

            The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

         An error event occurred.  EventID: 0x40000004

            Time Generated: 10/27/2014   13:58:14

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server fsmo_dc$. The target name used was ldap/fsmo_dc.domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         ......................... new_dc failed test SystemLog

      Starting test: VerifyReferences

         ......................... new_dc passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : domain

      Starting test: CheckSDRefDom

         ......................... domain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... domain passed test CrossRefValidation

   
   Running enterprise tests on : domain.com

      Starting test: LocatorCheck

         [mainsite_dc] LDAP bind failed with error 8341,

         A directory service error has occurred..
         ......................... domain.com passed test LocatorCheck

      Starting test: Intersite

         ......................... domain.com passed test Intersite

Open in new window

0
 
LVL 32

Expert Comment

by:it_saige
ID: 40406902
Try this on the failed DC:

1.  Stop the KDC service and disable it.
2.  Reset the Secure channel using netdom tool
           Command: netdom resetpwd /server:PDC_Name /userd:domain\Administrator /password:*  
3.  Reboot the DC

-saige-
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40406922
the NCSecDesc you can ignore if you have no plans for RODC; that is because adprep /rodcprep was not executed

While accessing the hard disk, a disk operation failed even after retries.

that is suspicious.  any hardware issues?  any antivirus?

Replication error 1127 While accessing the hard disk, a disk operation failed even after retries
http://technet.microsoft.com/en-us/library/replication-error-1127-while-accessing-the-hard-disk-a-disk-operation-failed-even-after-retries(v=ws.10).aspx
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40406924
I noticed that too Seth but was more concerned with the bind error.

-saige-
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40406941
I noticed that too Seth.  I was more concerned about the bind authentication errors.  ;)

-saige-
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40406945
i know...there could be multiple issues here
also wondered if rebooting days after dcpromo was ran instead of immediately had anything to do with it
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40406971
You are right, there very well could be multiple issues here.  Although a couple of the common ones, DNS and FSMO holder do not appear to be an issue; Time Services and the Site and Services configuration could be.

-saige-
0
 

Accepted Solution

by:
SR_Tech earned 0 total points
ID: 40408791
I demoted the DC and repromoted it and this has corrected the issues.
0
 

Author Closing Comment

by:SR_Tech
ID: 40417986
Nobody else suggested this.
0

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now