Child Domain Problems

-

hi. have windows 2003 server (all sp2), based forest 1 parent , 1 child domain set up. there 2 dc servers global catalogs (gc) in parent domain, , 1 dc/gc in child domain. within ad sites , services can replicate on parent domain (between parent servers) via default-first-site-name/servers/ntds not child domain parent servers. these events, 40960 (lsasrv) logged periodically:
the security system detected authentication error server ldap/dc_server.child.domain.com/child.domain.com@child.domain.com. failure code authentication protocol kerberos "there no logon servers available service logon request.(0xc000005e)".

using 'netdiag' on dc in each domain, results marked 'passed'. using 'dcdiag', (everything after passes):

 testing server: default-first-site-name\dc_server
    starting test: connectivity
       ......................... dc_server passed test connectivity

ing primary tests

 testing server: default-first-site-name\dc_server
    starting test: replications
       [parent_dc] dsbindwithspnex() failed error -2146892976,
       system detected possible attempt compromise security.  please
sure can contact server authenticated you..
       [parent2_dc] dsbindwithspnex() failed error -2146892976,
       system detected possible attempt compromise security.  please
sure can contact server authenticated you..
       ......................... dc_server passed test replications
    starting test: ncsecdesc
       ......................... dc_server passed test ncsecdesc
    starting test: netlogons
       ......................... dc_server passed test netlogons
    starting test: advertising
       ......................... dc_server passed test advertising
    starting test: knowsofroleholders
       warning: parent_dc schema owner, not responding ds rpc bind
         [parent_dc] ldap bind failed error 8341,
         directory service error has occurred..
         warning: parent_dc schema owner, not responding ldap bind.

         warning: parent_dc domain owner, not responding ds rpc bin
d.
         warning: parent_dc domain owner, not responding ldap bind.

this article (http://support.microsoft.com/kb/824217) not offer resolution.
there no antivirus/firewall on servers. time on servers synchronized within 1 minute.
tia help,

dave

sf dave

 

hi,

 

based on research, problem might caused trust relationship between parent , child has been corrupted. please run following command on root domain controllers of parent domain , of child domain test result.

 

this command resets trust relationship between parent , child domain.

 

netdom trust trusting_domain_name /domain:trusted_domain_name /userd:user /passwordd:* /usero:user /passwordo:* /reset

 

more information, please refer to:

 

windows server 2003-based domain controllers in parent-and-child domain environment may unable replicate changes

 

http://support.microsoft.com/kb/938702/en-us

 

please perform steps above see how replication going. if need further assistance, please post back.

 

 

best wishes

--------------
morgan che



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- -------------- ---------      -------------- false   no             failed         {} issue appreciated. hi, i think should st
Read more

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

-
i've been trying disconnect server while , haven't been able to. there quick way this? i've used net session , net user , work sometime never consistent. can task? hi yrusad, thanks post. does work when check “computer management > system tools > shared folders > open files/sessions”. directly manage from gui. and based on knowledge, quick way mentioned net session /delete /y. mean never consistent? best regards, mary please remember mark replies answers if , unmark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 General
Read more

Event ID 64,77,1008 Certificates Events Windows Server 2008, 2008R2

-
hi guys, i need event ids. event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? event id 77 - 1 strange me. warning , in same time don't see suspicious: "windows default" policy module logged following warning: active directory connection <domain controller name> has been reestablished <domain controller name>. have 4 dcs. should check or ignore these messages. event id 1008 - "certificate services client: credential roaming not performed because number of tokens in local store has exceeded limit." - i've checked articles credential roaming i'm not sure should do. if give tips , answers, great. in advance. hi, event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? i assume these
Read more