Errors with Domain Controllers (Windows 2003)

-

hello all,

i'm running serious network lag issues mapped drives dropping , other weird group policy inconsistencies.  we have 2 dc on our domain , i've run dcdiag on 1 of dcs - output included below.  any appreciated!

also, there have been lot of repeated errors on dc1 machine including:

application - userenv - eventid 1053 - windows cannot determine user or computer name.

system - kerberos - eventid 4 - kerberos client received krb_ap_err_modified error... password used encrypt kerberos service ticket different on target server... etc

dns server - dns - eventid 4000 - dns server unable open active directory...

dcdiag results

dc1 - "pe2800"

domain controller diagnosis

performing initial setup:
   done gathering initial info.

doing initial required tests

   testing server: default-first-site-name\pe2800
      starting test: connectivity
         ......................... pe2800 passed test connectivity

doing primary tests

   testing server: default-first-site-name\pe2800
      starting test: replications
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:48:31.
            last success occurred @ 2000-11-19 16:58:15.
            877 failures have occurred since last success.
         [pe2901] dsbindwithspnex() failed error -2146893022,
         the target principal name incorrect..
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:48:31.
            last success occurred @ 2000-11-19 16:58:15.
            877 failures have occurred since last success.
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:48:31.
            last success occurred @ 2000-11-19 16:58:15.
            877 failures have occurred since last success.
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:49:31.
            last success occurred @ 2000-11-19 16:58:15.
            2044 failures have occurred since last success.
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 22:08:06.
            last success occurred @ 2000-11-19 17:13:12.
            78085 failures have occurred since last success.
         replication-received latency warning
         pe2800:  current time 2012-12-25 22:08:18.
            dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 17:13:12.
               warning:  this latency on tombstone lifetime of 60 days!
         ......................... pe2800 passed test replications
      starting test: ncsecdesc
         ......................... pe2800 passed test ncsecdesc
      starting test: netlogons
         ......................... pe2800 passed test netlogons
      starting test: advertising
         ......................... pe2800 passed test advertising
      starting test: knowsofroleholders
         warning: pe2901 schema owner, not responding ds rpc bind.
         [pe2901] ldap bind failed error 8341,
         a directory service error has occurred..
         warning: pe2901 schema owner, not responding ldap bind.
         warning: pe2901 domain owner, not responding ds rpc bind.
         warning: pe2901 domain owner, not responding ldap bind.
         warning: pe2901 pdc owner, not responding ds rpc bind.
         warning: pe2901 pdc owner, not responding ldap bind.
         warning: pe2901 rid owner, not responding ds rpc bind.
         warning: pe2901 rid owner, not responding ldap bind.
         warning: pe2901 infrastructure update owner, not responding ds rpc bind.
         warning: pe2901 infrastructure update owner, not responding ldap bind.
         ......................... pe2800 failed test knowsofroleholders
      starting test: ridmanager
         ......................... pe2800 failed test ridmanager
      starting test: machineaccount
         ......................... pe2800 passed test machineaccount
      starting test: services
         ......................... pe2800 passed test services
      starting test: objectsreplicated
         ......................... pe2800 passed test objectsreplicated
      starting test: frssysvol
         ......................... pe2800 passed test frssysvol
      starting test: frsevent
         ......................... pe2800 passed test frsevent
      starting test: kccevent
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc00007fa
            time generated: 12/25/2012   22:03:45
            (event string not retrieved)
         ......................... pe2800 failed test kccevent
      starting test: systemlog
         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:08:40
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:08:42
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:10:39
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:10:39
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:13:19
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:18:31
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:33:31
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:33:31
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:52:14
            event string: kerberos client received a

         ......................... pe2800 failed test systemlog
      starting test: verifyreferences
         ......................... pe2800 passed test verifyreferences

   running partition tests on : forestdnszones
      starting test: crossrefvalidation
         ......................... forestdnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... forestdnszones passed test checksdrefdom

   running partition tests on : domaindnszones
      starting test: crossrefvalidation
         ......................... domaindnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... domaindnszones passed test checksdrefdom

   running partition tests on : schema
      starting test: crossrefvalidation
         ......................... schema passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... schema passed test checksdrefdom

   running partition tests on : configuration
      starting test: crossrefvalidation
         ......................... configuration passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... configuration passed test checksdrefdom

   running partition tests on : fla
      starting test: crossrefvalidation
         ......................... fla passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... fla passed test checksdrefdom

   running enterprise tests on : fla.checkmate-florida.com
      starting test: intersite
         ......................... fla.checkmate-florida.com passed test intersite
      starting test: fsmocheck
         ......................... fla.checkmate-florida.com passed test fsmocheck

dc2 - pe2901


domain controller diagnosis

performing initial setup:
   done gathering initial info.

doing initial required tests
   
   testing server: default-first-site-name\pe2901
      starting test: connectivity
         ......................... pe2901 passed test connectivity

doing primary tests
   
   testing server: default-first-site-name\pe2901
      starting test: replications
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:59:16.
            last success occurred @ 2000-11-19 16:52:52.
            872 failures have occurred since last success.
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:59:16.
            last success occurred @ 2000-11-19 16:52:52.
            872 failures have occurred since last success.
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:59:16.
            last success occurred @ 2000-11-19 16:52:52.
            872 failures have occurred since last success.
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 22:08:46.
            last success occurred @ 2000-11-19 16:52:52.
            1891 failures have occurred since last success.
         replication-received latency warning
         pe2901:  current time 2012-12-25 22:10:20.
            dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
            dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
         ......................... pe2901 passed test replications
      starting test: ncsecdesc
         ......................... pe2901 passed test ncsecdesc
      starting test: netlogons
         ......................... pe2901 passed test netlogons
      starting test: advertising
         ......................... pe2901 passed test advertising
      starting test: knowsofroleholders
         ......................... pe2901 passed test knowsofroleholders
      starting test: ridmanager
         ......................... pe2901 passed test ridmanager
      starting test: machineaccount
         ......................... pe2901 passed test machineaccount
      starting test: services
         ......................... pe2901 passed test services
      starting test: objectsreplicated
         ......................... pe2901 passed test objectsreplicated
      starting test: frssysvol
         ......................... pe2901 passed test frssysvol
      starting test: frsevent
         ......................... pe2901 passed test frsevent
      starting test: kccevent
         ......................... pe2901 passed test kccevent
      starting test: systemlog
         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:12:30
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:19:45
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:27:15
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:34:30
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:42:00
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:49:15
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:56:30
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   22:03:45
            event string: sam database unable lockout the

         ......................... pe2901 failed test systemlog
      starting test: verifyreferences
         ......................... pe2901 passed test verifyreferences
   
   running partition tests on : forestdnszones
      starting test: crossrefvalidation
         ......................... forestdnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... forestdnszones passed test checksdrefdom
   
   running partition tests on : domaindnszones
      starting test: crossrefvalidation
         ......................... domaindnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... domaindnszones passed test checksdrefdom
   
   running partition tests on : schema
      starting test: crossrefvalidation
         ......................... schema passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... schema passed test checksdrefdom
   
   running partition tests on : configuration
      starting test: crossrefvalidation
         ......................... configuration passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... configuration passed test checksdrefdom
   
   running partition tests on : fla
      starting test: crossrefvalidation
         ......................... fla passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... fla passed test checksdrefdom
   
   running enterprise tests on : fla.checkmate-florida.com
      starting test: intersite
         ......................... fla.checkmate-florida.com passed test intersite
      starting test: fsmocheck
         ......................... fla.checkmate-florida.com passed test fsmocheck

from log clear both dc have reachead tombstoone lifecylce period , last replication recieved is year 2000-11-19.just configuring authorative time server not fix replication issue.you need enable strict replication consistency & allow replication divergent , corrupt partner key enable replication.more on details see link posted:http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx

alternatley if above not work you can demote non pdc role holder server forcefully followed metadata cleanup , promote server dc.

forcefull removal of dc: http://support.microsoft.com/kb/332199

complete step step guideline remove orphaned domain controller (including seizing fsmos, running metadata cleanup, , more)
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

refer below link how configure authorative time server role on pdc role holder server.
configuring time service on pdc emulator fsmo role holder
http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx
http://www.experts-exchange.com/software/server_software/file_servers/active_directory/a_10789-time-service-configuration.html

also ensuer corrrect dns setting on dc.
best practices dns client settings on dc , domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

hope helps

best regards,

sandesh dubey.

mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator | blog

disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- ------...
Read more

Windows 2016 RDS event 1306 Connection Broker Client failed to redirect the user... Error: NULL

-
Image
i'm attempting setup windows 2016 rds standard deployment session hosting.  layout follows: rds01 - rds connection broker , web access ts02 - rds session host ts03 - rds session host domain these servers part of has (1) windows 2008 server , (2) windows 2016 servers acting dcs.  domain running @ windows 2003 functional level. servers on single routed network no firewall between them.  dns , ptr records servers exist , resolve on hosts.  servers can pinged each other. in other words, there no network connectivity issues. i've setup rds deployment several times w/ same results. the issue can login via rdweb interface on rds01 win10 desktop , connect published rdp desktop without issue (i.e. no error messages user) , no errors in logs.  when try directly rdp rds01, authenticate user (per event log) error stating user doesn't have access system.  in event log event id 1306 message of "remote desktop connection broker client faile...
Read more

Como saber quien entro a mi PC por la Red

-
quisiera saber si es posible, o existe forma de auditar quien accedió a mi pc vía red, es decir se que hay software que perminten auditar el file server para saber quien entro y modifico y/o borro un archivo... pero si alguien entro mi pc \\pcname\c$ hay forma de determinar que usuario entro al disco c de una pc en especifica y copio, modifico o borro un archivo...   y la otra pregunta cuales son las mejores herramientas para auditar la red y el file server   gracias una forma de detectar quien esta conectado tu pc es través del comando net user entra en cmd y escribes net user eso muestra los usuarios que están conectados en tu equipo en un momento determinado, se que no es lo que pides pero puede servir para descubir alguien en determinado momento. para que no este compartido le dan clic derecho sobre mi pc>propiedades>remoto y le desmarcan donde dice ''permitir que este equipo envíe invitaciones ...
Read more