Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Hi Glen,
Thanks for your help, but I managed to sort out my problem. I had so many
network issues that I decided to phone Microsoft directly. They ran a
mpsreports on R101NS02 and found that the secure channel had been broken.
They downloaded a fix which solved the problem.
Thanks
Johan
"Glenn L" wrote:
> What are the errors you get when you attempt to map a drive to this server?
> What error do you get when you open ADUC or AD sites and services on
> R101NS02?
>
> I suggest you download and run mpsreports on R101NS02.
>
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_DirSvc.EXE
> It produces a CAB file of all the reports it runs.
> I'll look it over if you email it to me.
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Johan" <johan@rona.ca> wrote in message
> news:A624E873-0C0F-4FF8-B20F-4CD28076776B@microsoft.com...
> > Hi Glen,
> >
> > The network config is as follows:
> >
> > Host Name R101NS02
> > Primary DNS Suffix west.rona.ca
> > Node Type Hybrid
> > IP Routing Enabled No
> > WINS Proxy Enabled No
> > DNS suffix search list west.rona.ca
> > rona.ca
> >
> > Ethernet Adapter Local Area Connecters
> > Connection-specific DNS suffix
> > Description AMD PCNET Family Ethernet Adapter
> > Physical Address 00-60-94-57-36-F1
> > DHCP Enabled No
> > IP address 10.1.1.29
> > Subnet Mask 255.255.254.0
> > Gateway 10.1.1.254
> > DNS Servers 10.1.1.30
> > 10.1.1.29
> > Primary WINS server 10.1.1.30
> > Secondary WINS Server 10.1.1.29
> >
> > I cannot map drives to this DC, and have been receiving event ID 3034
> > -MRxSmb errors in the systems log. I have also been receiving Event ID
> > 3051
> > and event ID 5706 errors with regards to netlogon and sysvol. I did try
> > and
> > copy these from R101NS05, but did not help.
> >
> > Johan
> >
> > "Glenn L" wrote:
> >
> >> what is the network configuration or R101NS02? Do an IPCONFIG /ALL
> >>
> >>
> >> --
> >> Glenn L
> >> CCNA, MCSE 2000/2003 + Security
> >>
> >> "Johan" <johan@rona.ca> wrote in message
> >> news:34FA1ECD-B7DF-4CB1-84B8-B70F7792D559@microsoft.com...
> >> > Hi Glen,
> >> >
> >> > Yes, R101NS02 is the Infrastructure Update Master, and it did not bind
> >> > when
> >> > I ran repadmin /showreps. Here are the results:
> >> >
> >> > R101NS02 [d:\nt\private\ds\src\util\repadmin\repinfo.c, 389] LDAP error
> >> > 82
> >> > (local error)
> >> >
> >> > R101NS01 and R101NS05 seemed to have worked fine, and they show they
> >> > were
> >> > successful with R101NS02.
> >> > I couldn't capture this info for you, could not find the /switch
> >> >
> >> > Thanks
> >> >
> >> > Johan
> >> >
> >> > I
> >> >
> >> > "Glenn L" wrote:
> >> >
> >> >> Johan,
> >> >> Does r101ns02 hold any FSMO roles or do anything else besides DC work?
> >> >> The quickest way back to health for r101ns02 is to force demote it, do
> >> >> a
> >> >> metadata cleanup of r101ns02 using KB216498, then repromote it.
> >> >>
> >> >> If you execute repadmin /showreps from r101ns02, do you get the LDAP
> >> >> bind
> >> >> error?
> >> >> Execute repadmin /showreps from R101NS01 and R101NS05, are they
> >> >> getting
> >> >> replication from R101NS02?
> >> >>
> >> >> If you want to continue to troubleshoot, then the next step is to
> >> >> reset
> >> >> the
> >> >> machine account password of the DC with the domain.
> >> >>
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q260575
> >> >> Aftger you reset the password and initiate the reboot, be sure to
> >> >> force
> >> >> replication between R101NS01 and R101NS05
> >> >>
> >> >> --
> >> >> Glenn L
> >> >> CCNA, MCSE 2000/2003 + Security
> >> >>
> >> >> "Johan" <johan@rona.ca> wrote in message
> >> >> news:FADD81D1-1D26-4BF5-8D95-5EF5924D6A35@microsoft.com...
> >> >> > Hi Glenn,
> >> >> >
> >> >> > All the DC's are within 1min of each other, and I have rebooted all
> >> >> > the
> >> >> > DC's
> >> >> > a number of times. I ran dcdiag and here are the results:
> >> >> >
> >> >> > DC1
> >> >> > Domain Controller Diagnosis
> >> >> >
> >> >> > Performing initial setup:
> >> >> > Done gathering initial info.
> >> >> >
> >> >> > Doing initial required tests
> >> >> >
> >> >> > Testing server: SSC\R101NS01
> >> >> > Starting test: Connectivity
> >> >> > ......................... R101NS01 passed test Connectivity
> >> >> >
> >> >> > Doing primary tests
> >> >> >
> >> >> > Testing server: SSC\R101NS01
> >> >> > Starting test: Replications
> >> >> > ......................... R101NS01 passed test Replications
> >> >> > Starting test: NCSecDesc
> >> >> > ......................... R101NS01 passed test NCSecDesc
> >> >> > Starting test: NetLogons
> >> >> > ......................... R101NS01 passed test NetLogons
> >> >> > Starting test: Advertising
> >> >> > ......................... R101NS01 passed test Advertising
> >> >> > Starting test: KnowsOfRoleHolders
> >> >> > ......................... R101NS01 passed test
> >> >> > KnowsOfRoleHolders
> >> >> > Starting test: RidManager
> >> >> > ......................... R101NS01 passed test RidManager
> >> >> > Starting test: MachineAccount
> >> >> > ......................... R101NS01 passed test
> >> >> > MachineAccount
> >> >> > Starting test: Services
> >> >> > ......................... R101NS01 passed test Services
> >> >> > Starting test: ObjectsReplicated
> >> >> > ......................... R101NS01 passed test
> >> >> > ObjectsReplicated
> >> >> > Starting test: frssysvol
> >> >> > There are errors after the SYSVOL has been shared.
> >> >> > The SYSVOL can prevent the AD from starting.
> >> >> > ......................... R101NS01 passed test frssysvol
> >> >> > Starting test: kccevent
> >> >> > ......................... R101NS01 passed test kccevent
> >> >> > Starting test: systemlog
> >> >> > An Error Event occured. EventID: 0x00000457
> >> >> > Time Generated: 01/06/2005 07:09:11
> >> >> > Event String: Driver Xerox Phaser 790 required for
> >> >> > printer
> >> >> >
> >> >> > An Error Event occured. EventID: 0x00000452
> >> >> > Time Generated: 01/06/2005 07:09:11
> >> >> > Event String: The printer could not be installed.
> >> >> > An Error Event occured. EventID: 0x00000457
> >> >> > Time Generated: 01/06/2005 07:09:14
> >> >> > Event String: Driver Xerox Phaser 790 required for
> >> >> > printer
> >> >> >
> >> >> > An Error Event occured. EventID: 0x00000452
> >> >> > Time Generated: 01/06/2005 07:09:14
> >> >> > Event String: The printer could not be installed.
> >> >> > An Error Event occured. EventID: 0x00000457
> >> >> > Time Generated: 01/06/2005 07:09:24
> >> >> > Event String: Driver HP DesignJet 450C (E/A0) by HP
> >> >> > required
> >> >> >
> >> >> > An Error Event occured. EventID: 0x00000452
> >> >> > Time Generated: 01/06/2005 07:09:24
> >> >> > Event String: The printer could not be installed.
> >> >> > ......................... R101NS01 failed test systemlog
> >> >> >
> >> >> > Running enterprise tests on : rona.ca
> >> >> > Starting test: Intersite
> >> >> > ......................... rona.ca passed test Intersite
> >> >> > Starting test: FsmoCheck
> >> >> > ......................... rona.ca passed test FsmoCheck
> >> >> >
> >> >> > DC2
> >> >> > Domain Controller Diagnosis
> >> >> >
> >> >> > Performing initial setup:
> >> >> > [r101ns02] LDAP bind failed with error 31,
> >> >> > A device attached to the system is not functioning..
> >> >> >
> >> >> > DC3
> >> >> > Domain Controller Diagnosis
> >> >> >
> >> >> > Performing initial setup:
> >> >> > Done gathering initial info.
> >> >> >
> >> >> > Doing initial required tests
> >> >> >
> >> >> > Testing server: SSC\R101NS05
> >> >> > Starting test: Connectivity
> >> >> > ......................... R101NS05 passed test Connectivity
> >> >> >
> >> >> > Doing primary tests
> >> >> >
> >> >> > Testing server: SSC\R101NS05
> >> >> > Starting test: Replications
> >> >> > ......................... R101NS05 passed test Replications
> >> >> > Starting test: NCSecDesc
> >> >> > ......................... R101NS05 passed test NCSecDesc
> >> >> > Starting test: NetLogons
> >> >> > ......................... R101NS05 passed test NetLogons
> >> >> > Starting test: Advertising
> >> >> > ......................... R101NS05 passed test Advertising
> >> >> > Starting test: KnowsOfRoleHolders
> >> >> > ......................... R101NS05 passed test
> >> >> > KnowsOfRoleHolders
> >> >> > Starting test: RidManager
> >> >> > ......................... R101NS05 passed test RidManager
> >> >> > Starting test: MachineAccount
> >> >> > ......................... R101NS05 passed test
> >> >> > MachineAccount
> >> >> > Starting test: Services
> >> >> > ......................... R101NS05 passed test Services
> >> >> > Starting test: ObjectsReplicated
> >> >> > ......................... R101NS05 passed test
> >> >> > ObjectsReplicated
> >> >> > Starting test: frssysvol
> >> >> > There are errors after the SYSVOL has been shared.
> >> >> > The SYSVOL can prevent the AD from starting.
> >> >> > ......................... R101NS05 passed test frssysvol
> >> >> > Starting test: kccevent
> >> >> > ......................... R101NS05 passed test kccevent
> >> >> > Starting test: systemlog
> >> >> > ......................... R101NS05 passed test systemlog
> >> >> >
> >> >> > Running enterprise tests on : rona.ca
> >> >> > Starting test: Intersite
> >> >> > ......................... rona.ca passed test Intersite
> >> >> > Starting test: FsmoCheck
> >> >> > ......................... rona.ca passed test FsmoCheck
> >> >> >
> >> >> > I tried to do a ADSI edit on DC2 to fix the LDAP bind error, but it
> >> >> > would
> >> >> > not allow me
> >> >> >
> >> >> > Thanks
> >> >> >
> >> >> > Johan
> >> >> >
> >> >> > "Glenn L" wrote:
> >> >> >
> >> >> >> These are typiccally a kerberos time skew issue.
> >> >> >> Verify all DCs are withing 5 minutes of each other.
> >> >> >> If that does not take care of things, have you rebooted DC1?
> >> >> >>
> >> >> >> Also, run dcdiag on each DC.
> >> >> >> post the results here.
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >> Glenn L
> >> >> >> CCNA, MCSE 2000/2003 + Security
> >> >> >>
> >> >> >> "Johan" <johan@rona.ca> wrote in message
> >> >> >> news:61C3AD30-74E9-4395-9516-8E399475E942@microsoft.com...
> >> >> >> >I have 3 Domain Controllers, all are running W2K SP4. DC1 holds
> >> >> >> >the
> >> >> >> >Global
> >> >> >> > Catalog.
> >> >> >> > Since this morning DC1 seems to have a problem replicating to DC2
> >> >> >> > and
> >> >> >> > DC3
> >> >> >> > in
> >> >> >> > the same domain.
> >> >> >> >
> >> >> >> > The error I get on DC1 is as follows:
> >> >> >> > Source: NTDS KCC
> >> >> >> > Error Event ID 1311
> >> >> >> > "The Directory Service consistency checker has determined that
> >> >> >> > either,
> >> >> >> > (a)there is not enough physical connectivity published via the
> >> >> >> > Acrtive
> >> >> >> > Directory Sites and Services Manager to create a spanning tree to
> >> >> >> > connecting
> >> >> >> > all the sites containing the Partition DC=xxx,DC=ca, or (b)
> >> >> >> > replication
> >> >> >> > cannot be performed with one or more critical servers in order
> >> >> >> > for
> >> >> >> > changes
> >> >> >> > to
> >> >> >> > propogate across all sites (most often being due to the servers
> >> >> >> > being
> >> >> >> > unreachable)
> >> >> >> > I also get Error Event ID 1265 which says "The RPC server is to
> >> >> >> > busy
> >> >> >> > to
> >> >> >> > complete this operation."
> >> >> >> >
> >> >> >> > The errors I get on DC2 and DC3 are:
> >> >> >> > Event ID 1126: "unable to establish connection with the Global
> >> >> >> > Catalog."
> >> >> >> > Event ID 1655: "the attempt to communicate with global catalog
> >> >> >> > \\DC.xxx.ca
> >> >> >> > failed with the following status. The RPC Server is to busy to
> >> >> >> > complete
> >> >> >> > this
> >> >> >> > operation.
> >> >> >> >
> >> >> >> > No changes were made to any of the DC's before this problem
> >> >> >> > occured.
> >> >> >> > No DC's were demoted and their time are all in sync.
> >> >> >> > I tried making DC3 a GC, but I still have users that cannot be
> >> >> >> > authenticated, and none can connect to the web via my proxy
> >> >> >> > server.
> >> >> >> >
> >> >> >> > Can you please help?????
> >> >> >> >
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>