Errors with Domain Controllers (Windows 2003)

-

hello all,

i'm running serious network lag issues mapped drives dropping , other weird group policy inconsistencies.  we have 2 dc on our domain , i've run dcdiag on 1 of dcs - output included below.  any appreciated!

also, there have been lot of repeated errors on dc1 machine including:

application - userenv - eventid 1053 - windows cannot determine user or computer name.

system - kerberos - eventid 4 - kerberos client received krb_ap_err_modified error... password used encrypt kerberos service ticket different on target server... etc

dns server - dns - eventid 4000 - dns server unable open active directory...

dcdiag results

dc1 - "pe2800"

domain controller diagnosis

performing initial setup:
   done gathering initial info.

doing initial required tests

   testing server: default-first-site-name\pe2800
      starting test: connectivity
         ......................... pe2800 passed test connectivity

doing primary tests

   testing server: default-first-site-name\pe2800
      starting test: replications
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:48:31.
            last success occurred @ 2000-11-19 16:58:15.
            877 failures have occurred since last success.
         [pe2901] dsbindwithspnex() failed error -2146893022,
         the target principal name incorrect..
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:48:31.
            last success occurred @ 2000-11-19 16:58:15.
            877 failures have occurred since last success.
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:48:31.
            last success occurred @ 2000-11-19 16:58:15.
            877 failures have occurred since last success.
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:49:31.
            last success occurred @ 2000-11-19 16:58:15.
            2044 failures have occurred since last success.
         [replications check,pe2800] recent replication attempt failed:
            pe2901 pe2800
            naming context: dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 22:08:06.
            last success occurred @ 2000-11-19 17:13:12.
            78085 failures have occurred since last success.
         replication-received latency warning
         pe2800:  current time 2012-12-25 22:08:18.
            dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 16:58:15.
               warning:  this latency on tombstone lifetime of 60 days!
            dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2901 @ 2000-11-19 17:13:12.
               warning:  this latency on tombstone lifetime of 60 days!
         ......................... pe2800 passed test replications
      starting test: ncsecdesc
         ......................... pe2800 passed test ncsecdesc
      starting test: netlogons
         ......................... pe2800 passed test netlogons
      starting test: advertising
         ......................... pe2800 passed test advertising
      starting test: knowsofroleholders
         warning: pe2901 schema owner, not responding ds rpc bind.
         [pe2901] ldap bind failed error 8341,
         a directory service error has occurred..
         warning: pe2901 schema owner, not responding ldap bind.
         warning: pe2901 domain owner, not responding ds rpc bind.
         warning: pe2901 domain owner, not responding ldap bind.
         warning: pe2901 pdc owner, not responding ds rpc bind.
         warning: pe2901 pdc owner, not responding ldap bind.
         warning: pe2901 rid owner, not responding ds rpc bind.
         warning: pe2901 rid owner, not responding ldap bind.
         warning: pe2901 infrastructure update owner, not responding ds rpc bind.
         warning: pe2901 infrastructure update owner, not responding ldap bind.
         ......................... pe2800 failed test knowsofroleholders
      starting test: ridmanager
         ......................... pe2800 failed test ridmanager
      starting test: machineaccount
         ......................... pe2800 passed test machineaccount
      starting test: services
         ......................... pe2800 passed test services
      starting test: objectsreplicated
         ......................... pe2800 passed test objectsreplicated
      starting test: frssysvol
         ......................... pe2800 passed test frssysvol
      starting test: frsevent
         ......................... pe2800 passed test frsevent
      starting test: kccevent
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an warning event occured.  eventid: 0x8025082d
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc0000748
            time generated: 12/25/2012   22:03:31
            (event string not retrieved)
         an error event occured.  eventid: 0xc00007fa
            time generated: 12/25/2012   22:03:45
            (event string not retrieved)
         ......................... pe2800 failed test kccevent
      starting test: systemlog
         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:08:40
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:08:42
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:10:39
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:10:39
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:13:19
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:18:31
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:33:31
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:33:31
            event string: kerberos client received a

         an error event occured.  eventid: 0x40000004
            time generated: 12/25/2012   21:52:14
            event string: kerberos client received a

         ......................... pe2800 failed test systemlog
      starting test: verifyreferences
         ......................... pe2800 passed test verifyreferences

   running partition tests on : forestdnszones
      starting test: crossrefvalidation
         ......................... forestdnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... forestdnszones passed test checksdrefdom

   running partition tests on : domaindnszones
      starting test: crossrefvalidation
         ......................... domaindnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... domaindnszones passed test checksdrefdom

   running partition tests on : schema
      starting test: crossrefvalidation
         ......................... schema passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... schema passed test checksdrefdom

   running partition tests on : configuration
      starting test: crossrefvalidation
         ......................... configuration passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... configuration passed test checksdrefdom

   running partition tests on : fla
      starting test: crossrefvalidation
         ......................... fla passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... fla passed test checksdrefdom

   running enterprise tests on : fla.checkmate-florida.com
      starting test: intersite
         ......................... fla.checkmate-florida.com passed test intersite
      starting test: fsmocheck
         ......................... fla.checkmate-florida.com passed test fsmocheck

dc2 - pe2901


domain controller diagnosis

performing initial setup:
   done gathering initial info.

doing initial required tests
   
   testing server: default-first-site-name\pe2901
      starting test: connectivity
         ......................... pe2901 passed test connectivity

doing primary tests
   
   testing server: default-first-site-name\pe2901
      starting test: replications
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:59:16.
            last success occurred @ 2000-11-19 16:52:52.
            872 failures have occurred since last success.
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:59:16.
            last success occurred @ 2000-11-19 16:52:52.
            872 failures have occurred since last success.
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 21:59:16.
            last success occurred @ 2000-11-19 16:52:52.
            872 failures have occurred since last success.
         [replications check,pe2901] recent replication attempt failed:
            pe2800 pe2901
            naming context: cn=configuration,dc=fla,dc=checkmate-florida,dc=com
            replication generated error (8614):
            active directory cannot replicate server because time since last replication server has exceeded tombstone lifetime.
            failure occurred @ 2012-12-25 22:08:46.
            last success occurred @ 2000-11-19 16:52:52.
            1891 failures have occurred since last success.
         replication-received latency warning
         pe2901:  current time 2012-12-25 22:10:20.
            dc=forestdnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
            dc=domaindnszones,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=schema,cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
            cn=configuration,dc=fla,dc=checkmate-florida,dc=com
               last replication recieved pe2800 @ 2000-11-19 16:52:52.
               warning:  this latency on tombstone lifetime of 60 days!
         ......................... pe2901 passed test replications
      starting test: ncsecdesc
         ......................... pe2901 passed test ncsecdesc
      starting test: netlogons
         ......................... pe2901 passed test netlogons
      starting test: advertising
         ......................... pe2901 passed test advertising
      starting test: knowsofroleholders
         ......................... pe2901 passed test knowsofroleholders
      starting test: ridmanager
         ......................... pe2901 passed test ridmanager
      starting test: machineaccount
         ......................... pe2901 passed test machineaccount
      starting test: services
         ......................... pe2901 passed test services
      starting test: objectsreplicated
         ......................... pe2901 passed test objectsreplicated
      starting test: frssysvol
         ......................... pe2901 passed test frssysvol
      starting test: frsevent
         ......................... pe2901 passed test frsevent
      starting test: kccevent
         ......................... pe2901 passed test kccevent
      starting test: systemlog
         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:12:30
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:19:45
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:27:15
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:34:30
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:42:00
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:49:15
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   21:56:30
            event string: sam database unable lockout the

         an error event occured.  eventid: 0x00003006
            time generated: 12/25/2012   22:03:45
            event string: sam database unable lockout the

         ......................... pe2901 failed test systemlog
      starting test: verifyreferences
         ......................... pe2901 passed test verifyreferences
   
   running partition tests on : forestdnszones
      starting test: crossrefvalidation
         ......................... forestdnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... forestdnszones passed test checksdrefdom
   
   running partition tests on : domaindnszones
      starting test: crossrefvalidation
         ......................... domaindnszones passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... domaindnszones passed test checksdrefdom
   
   running partition tests on : schema
      starting test: crossrefvalidation
         ......................... schema passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... schema passed test checksdrefdom
   
   running partition tests on : configuration
      starting test: crossrefvalidation
         ......................... configuration passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... configuration passed test checksdrefdom
   
   running partition tests on : fla
      starting test: crossrefvalidation
         ......................... fla passed test crossrefvalidation
      starting test: checksdrefdom
         ......................... fla passed test checksdrefdom
   
   running enterprise tests on : fla.checkmate-florida.com
      starting test: intersite
         ......................... fla.checkmate-florida.com passed test intersite
      starting test: fsmocheck
         ......................... fla.checkmate-florida.com passed test fsmocheck

from log clear both dc have reachead tombstoone lifecylce period , last replication recieved is year 2000-11-19.just configuring authorative time server not fix replication issue.you need enable strict replication consistency & allow replication divergent , corrupt partner key enable replication.more on details see link posted:http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx

alternatley if above not work you can demote non pdc role holder server forcefully followed metadata cleanup , promote server dc.

forcefull removal of dc: http://support.microsoft.com/kb/332199

complete step step guideline remove orphaned domain controller (including seizing fsmos, running metadata cleanup, , more)
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx

refer below link how configure authorative time server role on pdc role holder server.
configuring time service on pdc emulator fsmo role holder
http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx
http://www.experts-exchange.com/software/server_software/file_servers/active_directory/a_10789-time-service-configuration.html

also ensuer corrrect dns setting on dc.
best practices dns client settings on dc , domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

hope helps

best regards,

sandesh dubey.

mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator | blog

disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- -------------- ---------      -------------- false   no             failed         {} issue appreciated. hi, i think should st
Read more

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

-
i've been trying disconnect server while , haven't been able to. there quick way this? i've used net session , net user , work sometime never consistent. can task? hi yrusad, thanks post. does work when check “computer management > system tools > shared folders > open files/sessions”. directly manage from gui. and based on knowledge, quick way mentioned net session /delete /y. mean never consistent? best regards, mary please remember mark replies answers if , unmark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 General
Read more

Event ID 64,77,1008 Certificates Events Windows Server 2008, 2008R2

-
hi guys, i need event ids. event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? event id 77 - 1 strange me. warning , in same time don't see suspicious: "windows default" policy module logged following warning: active directory connection <domain controller name> has been reestablished <domain controller name>. have 4 dcs. should check or ignore these messages. event id 1008 - "certificate services client: credential roaming not performed because number of tokens in local store has exceeded limit." - i've checked articles credential roaming i'm not sure should do. if give tips , answers, great. in advance. hi, event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? i assume these
Read more