Sign in with
Sign up | Sign in
Your question

Failed to query SPN registration?

Last response: in Windows 2000/NT
Share
Anonymous
August 17, 2004 8:02:10 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

History - rebuilt a Win2K Domain controller and recreated a domain
with the same domain name as it

was previous to the build.

All laptops (different types, Dell and Toshiba) and some desktops now
do not receive group

policy updates. Errors in Event Viewer are thus :

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1054
Date: 30/07/2004
Time: 17:18:02
User: NT AUTHORITY\SYSTEM
Computer: BH053
Description:
Windows cannot obtain the domain controller name for your computer
network. (The specified

domain either does not exist or could not be contacted. ). Group
Policy processing aborted.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

AND

Occasionally this one :

Event Type: Error
Event Source: UserInit
Event Category: None
Event ID: 1000
Date: 12/08/2004
Time: 08:57:48
User: N/A
Computer: BH039
Description:
Could not execute the following script

\\big-hand.co.uk\SysVol\big-hand.co.uk\scripts\Marketing.bat.
Configuration information

could not be read from the domain controller, either because the
machine is unavailable, or

access has been denied.
..

However, the Home drive (P:)  specified in the AD User Profile always
gets mapped! Only the bat

files described above do not get mapped.

What I have done :

a) Nslookup tests successful.
b) Checked Permissions on netlogon share - successful
c) Stopped IPSec Service on Domain Controller.
d) Taken machines off the domain and put them back on - this seems to
sort it out for a bit but then problem returns.

When I run netdiag everything is okay apart from one thing...During
the LDAP query I get 'Failed to query SPN registration on DC
'xxxx.xxx-xxx.co.uk' What is it trying to do here and is this error
anything to be worry about? I have looked at setspn.exe on the
Support Tools/Resource Kit and I can see the entries for SPN when I
use adsiedit.msc. So, why can't the netdiag query it? I am running it
as Domain Admin.

Other facts :

Firewalls have been disabled and problem still exists.
Freshly built new machines also have this problem.
Only 1 Domain Controller on this Domain. Win2K Server Service Pack 3
? Surely this is not an SP4 problem??

Can anybody help me? Users are getting frustrated!

Thanks,



<jabrandt@online.microsoft.com> wrote in message news:<uRrNcAWgEHA.3272@TK2MSFTNGP11.phx.gbl>...
> Run a Dcdiag /v >dcdiag.txt
> In there is will list all of the registered SPN's and should report any
> errors of ones that are not registered.
> If clients are disjoined and rejoined do you see a 1704 event in the
> application log and/or gpresult confirms that the group policy was applied?
>
> Are you seeing any events in event viewer on the DC that point to any
> problems?
>
> --
> James Brandt [MSFT]
>
>
-----------------------------------------------------------------------------
If I rejoin clients to the domain then yes they do get the SceCli 1704
event for a couple of times and then seem to resort back to not
getting the Group Policies.

Updated to SP4 and also ran dcdiag /v I have pasted the SPN
information from this as presumably you don't need to see anything
else? (Everything else didn't have any errors). Here it is below....



Starting test: MachineAccount
* SPN found :LDAP/bhdc.big-hand.co.uk/big-hand.co.uk
* SPN found :LDAP/bhdc.big-hand.co.uk
* SPN found :LDAP/BHDC
* SPN found :LDAP/bhdc.big-hand.co.uk/BIGHAND
* SPN found
:LDAP/24a91a51-7e64-4514-8a91-18eae7fbd615._msdcs.big-hand.co.uk
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/24a91a51-7e64-4514-8a91-18eae7fbd615/big-hand.co.uk
* SPN found :HOST/bhdc.big-hand.co.uk/big-hand.co.uk
* SPN found :HOST/bhdc.big-hand.co.uk
* SPN found :HOST/BHDC
* SPN found :HOST/bhdc.big-hand.co.uk/BIGHAND
* SPN found :GC/bhdc.big-hand.co.uk/big-hand.co.uk
......................... BHDC passed test MachineAccount

A few other things I have noticed in Event Viewer on the DC. The
licensing service is saying that Windows 2000 and IIS is out of
licenses? Could this be anything to do with it?

Also, one of my XP laptops is giving this error on the Domain
Controller "The Master Browser has received a Server announcement from
the machine "BH053" - this is one of the machines having the problem
and is only running XP Pro. Why is this machine doing this?

Also, when I rebooted the Domain Controller, I got the following 2
errors (not sure whether these are anything to do with the situation?

Event Type: Warning
Event Source: RSVP
Event Category: None
Event ID: 10035
Date: 14/08/2004
Time: 11:58:48
User: N/A
Computer: BHDC
Description:
This host can not be ACS since the Active Directory has not been
properly configured via the QoS ACS management console. Please
configure the subnets via the QoS ACS mangement console.

Event Type: Warning
Event Source: RSVP
Event Category: None
Event ID: 10047
Date: 14/08/2004
Time: 11:58:48
User: N/A
Computer: BHDC
Description:
QoS RSVP has failed to find any interfaces with traffic control
enabled. Install QoS traffic control services via network and dial-up
connections.

Thanks for your help.
August 17, 2004 9:22:47 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Dave-

I would almost guess that you named the rebuilt DC the
same as what it was before it crashed, and didn't remove
its computer account from the domain ahead. I'd try
demoting the rebuilt dc, disjoin it from the domain,
removing all references to that machine in AD, then re-
join the domain, and re-promote it... you may have
to 'play' with the FSMO roles to tell AD that the new
machine should handle those roles. I'd also consider
renaming the machine to something that hasn't been used,
this way you're not running the risk of the directory
looking for a non-existent machine--and if it does,
you'll know it instantly.

Good luck--I don't envy you

Ken
>-----Original Message-----
>History - rebuilt a Win2K Domain controller and
recreated a domain
>with the same domain name as it
>
>was previous to the build.
>
>All laptops (different types, Dell and Toshiba) and some
desktops now
>do not receive group
>
>policy updates. Errors in Event Viewer are thus :
>
>Event Type: Error
>Event Source: Userenv
>Event Category: None
>Event ID: 1054
>Date: 30/07/2004
>Time: 17:18:02
>User: NT AUTHORITY\SYSTEM
>Computer: BH053
>Description:
>Windows cannot obtain the domain controller name for
your computer
>network. (The specified
>
>domain either does not exist or could not be
contacted. ). Group
>Policy processing aborted.
>
>For more information, see Help and Support Center at
>
>http://go.microsoft.com/fwlink/events.asp.
>
>AND
>
>Occasionally this one :
>
>Event Type: Error
>Event Source: UserInit
>Event Category: None
>Event ID: 1000
>Date: 12/08/2004
>Time: 08:57:48
>User: N/A
>Computer: BH039
>Description:
>Could not execute the following script
>
>\\big-hand.co.uk\SysVol\big-
hand.co.uk\scripts\Marketing.bat.
>Configuration information
>
>could not be read from the domain controller, either
because the
>machine is unavailable, or
>
>access has been denied.
>..
>
>However, the Home drive (P:)  specified in the AD User
Profile always
>gets mapped! Only the bat
>
>files described above do not get mapped.
>
>What I have done :
>
>a) Nslookup tests successful.
>b) Checked Permissions on netlogon share - successful
>c) Stopped IPSec Service on Domain Controller.
>d) Taken machines off the domain and put them back
on - this seems to
>sort it out for a bit but then problem returns.
>
>When I run netdiag everything is okay apart from one
thing...During
>the LDAP query I get 'Failed to query SPN registration
on DC
>'xxxx.xxx-xxx.co.uk' What is it trying to do here and
is this error
>anything to be worry about? I have looked at setspn.exe
on the
>Support Tools/Resource Kit and I can see the entries for
SPN when I
>use adsiedit.msc. So, why can't the netdiag query it? I
am running it
>as Domain Admin.
>
>Other facts :
>
>Firewalls have been disabled and problem still exists.
>Freshly built new machines also have this problem.
>Only 1 Domain Controller on this Domain. Win2K Server
Service Pack 3
>? Surely this is not an SP4 problem??
>
>Can anybody help me? Users are getting frustrated!
>
>Thanks,
>
>
>
><jabrandt@online.microsoft.com> wrote in message
news:<uRrNcAWgEHA.3272@TK2MSFTNGP11.phx.gbl>...
>> Run a Dcdiag /v >dcdiag.txt
>> In there is will list all of the registered SPN's and
should report any
>> errors of ones that are not registered.
>> If clients are disjoined and rejoined do you see a
1704 event in the
>> application log and/or gpresult confirms that the
group policy was applied?
>>
>> Are you seeing any events in event viewer on the DC
that point to any
>> problems?
>>
>> --
>> James Brandt [MSFT]
>>
>>
>---------------------------------------------------------
--------------------
>If I rejoin clients to the domain then yes they do get
the SceCli 1704
>event for a couple of times and then seem to resort back
to not
>getting the Group Policies.
>
>Updated to SP4 and also ran dcdiag /v I have pasted the
SPN
>information from this as presumably you don't need to
see anything
>else? (Everything else didn't have any errors). Here it
is below....
>
>
>
> Starting test: MachineAccount
> * SPN found :LDAP/bhdc.big-hand.co.uk/big-
hand.co.uk
> * SPN found :LDAP/bhdc.big-hand.co.uk
> * SPN found :LDAP/BHDC
> * SPN found :LDAP/bhdc.big-hand.co.uk/BIGHAND
> * SPN found
>:LDAP/24a91a51-7e64-4514-8a91-18eae7fbd615._msdcs.big-
hand.co.uk
>* SPN found
>:E3514235-4B06-11D1-AB04-00C04FC2DCD2/24a91a51-7e64-4514-
8a91-18eae7fbd615/big-hand.co.uk
> * SPN found :HOST/bhdc.big-hand.co.uk/big-
hand.co.uk
> * SPN found :HOST/bhdc.big-hand.co.uk
> * SPN found :HOST/BHDC
> * SPN found :HOST/bhdc.big-hand.co.uk/BIGHAND
> * SPN found :GC/bhdc.big-hand.co.uk/big-
hand.co.uk
> ......................... BHDC passed test
MachineAccount
>
>A few other things I have noticed in Event Viewer on the
DC. The
>licensing service is saying that Windows 2000 and IIS is
out of
>licenses? Could this be anything to do with it?
>
>Also, one of my XP laptops is giving this error on the
Domain
>Controller "The Master Browser has received a Server
announcement from
>the machine "BH053" - this is one of the machines having
the problem
>and is only running XP Pro. Why is this machine doing
this?
>
>Also, when I rebooted the Domain Controller, I got the
following 2
>errors (not sure whether these are anything to do with
the situation?
>
>Event Type: Warning
>Event Source: RSVP
>Event Category: None
>Event ID: 10035
>Date: 14/08/2004
>Time: 11:58:48
>User: N/A
>Computer: BHDC
>Description:
>This host can not be ACS since the Active Directory has
not been
>properly configured via the QoS ACS management console.
Please
>configure the subnets via the QoS ACS mangement console.
>
>Event Type: Warning
>Event Source: RSVP
>Event Category: None
>Event ID: 10047
>Date: 14/08/2004
>Time: 11:58:48
>User: N/A
>Computer: BHDC
>Description:
>QoS RSVP has failed to find any interfaces with traffic
control
>enabled. Install QoS traffic control services via
network and dial-up
>connections.
>
>Thanks for your help.
>.
>
August 17, 2004 11:25:16 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

This looks suspiciously like the problem I have been
having with my own domain !!!(See post Duplicate GUIDs) I
too made the mistake of recreating/reinstalling the Domain
Controller without removing all traces to it in other DCs
in the network or as in your case, from the machine
itself. Each time the system is installed, a different
GUID is generated and the DNS records will therfore
contain reference to both the GUIDs. Your SPN query
clearly shows both the GUIDs linked to big-hand.co.uk. I
would agree with Ken that the best bet seems to be to
demote the DC, remove it from the domain, rename it,
remove all the traces of the original name and then rejoin
the domain before being promoted again.

>-----Original Message-----
>Dave-
>
>I would almost guess that you named the rebuilt DC the
>same as what it was before it crashed, and didn't remove
>its computer account from the domain ahead. I'd try
>demoting the rebuilt dc, disjoin it from the domain,
>removing all references to that machine in AD, then re-
>join the domain, and re-promote it... you may have
>to 'play' with the FSMO roles to tell AD that the new
>machine should handle those roles. I'd also consider
>renaming the machine to something that hasn't been used,
>this way you're not running the risk of the directory
>looking for a non-existent machine--and if it does,
>you'll know it instantly.
>
>Good luck--I don't envy you
>
>Ken
>>-----Original Message-----
>>History - rebuilt a Win2K Domain controller and
>recreated a domain
>>with the same domain name as it
>>
>>was previous to the build.
>>
>>All laptops (different types, Dell and Toshiba) and some
>desktops now
>>do not receive group
>>
>>policy updates. Errors in Event Viewer are thus :
>>
>>Event Type: Error
>>Event Source: Userenv
>>Event Category: None
>>Event ID: 1054
>>Date: 30/07/2004
>>Time: 17:18:02
>>User: NT AUTHORITY\SYSTEM
>>Computer: BH053
>>Description:
>>Windows cannot obtain the domain controller name for
>your computer
>>network. (The specified
>>
>>domain either does not exist or could not be
>contacted. ). Group
>>Policy processing aborted.
>>
>>For more information, see Help and Support Center at
>>
>>http://go.microsoft.com/fwlink/events.asp.
>>
>>AND
>>
>>Occasionally this one :
>>
>>Event Type: Error
>>Event Source: UserInit
>>Event Category: None
>>Event ID: 1000
>>Date: 12/08/2004
>>Time: 08:57:48
>>User: N/A
>>Computer: BH039
>>Description:
>>Could not execute the following script
>>
>>\\big-hand.co.uk\SysVol\big-
>hand.co.uk\scripts\Marketing.bat.
>>Configuration information
>>
>>could not be read from the domain controller, either
>because the
>>machine is unavailable, or
>>
>>access has been denied.
>>..
>>
>>However, the Home drive (P:)  specified in the AD User
>Profile always
>>gets mapped! Only the bat
>>
>>files described above do not get mapped.
>>
>>What I have done :
>>
>>a) Nslookup tests successful.
>>b) Checked Permissions on netlogon share - successful
>>c) Stopped IPSec Service on Domain Controller.
>>d) Taken machines off the domain and put them back
>on - this seems to
>>sort it out for a bit but then problem returns.
>>
>>When I run netdiag everything is okay apart from one
>thing...During
>>the LDAP query I get 'Failed to query SPN registration
>on DC
>>'xxxx.xxx-xxx.co.uk' What is it trying to do here and
>is this error
>>anything to be worry about? I have looked at setspn.exe
>on the
>>Support Tools/Resource Kit and I can see the entries for
>SPN when I
>>use adsiedit.msc. So, why can't the netdiag query it? I
>am running it
>>as Domain Admin.
>>
>>Other facts :
>>
>>Firewalls have been disabled and problem still exists.
>>Freshly built new machines also have this problem.
>>Only 1 Domain Controller on this Domain. Win2K Server
>Service Pack 3
>>? Surely this is not an SP4 problem??
>>
>>Can anybody help me? Users are getting frustrated!
>>
>>Thanks,
>>
>>
>>
>><jabrandt@online.microsoft.com> wrote in message
>news:<uRrNcAWgEHA.3272@TK2MSFTNGP11.phx.gbl>...
>>> Run a Dcdiag /v >dcdiag.txt
>>> In there is will list all of the registered SPN's and
>should report any
>>> errors of ones that are not registered.
>>> If clients are disjoined and rejoined do you see a
>1704 event in the
>>> application log and/or gpresult confirms that the
>group policy was applied?
>>>
>>> Are you seeing any events in event viewer on the DC
>that point to any
>>> problems?
>>>
>>> --
>>> James Brandt [MSFT]
>>>
>>>
>>---------------------------------------------------------
>--------------------
>>If I rejoin clients to the domain then yes they do get
>the SceCli 1704
>>event for a couple of times and then seem to resort back
>to not
>>getting the Group Policies.
>>
>>Updated to SP4 and also ran dcdiag /v I have pasted the
>SPN
>>information from this as presumably you don't need to
>see anything
>>else? (Everything else didn't have any errors). Here it
>is below....
>>
>>
>>
>> Starting test: MachineAccount
>> * SPN found :LDAP/bhdc.big-hand.co.uk/big-
>hand.co.uk
>> * SPN found :LDAP/bhdc.big-hand.co.uk
>> * SPN found :LDAP/BHDC
>> * SPN found :LDAP/bhdc.big-hand.co.uk/BIGHAND
>> * SPN found
>>:LDAP/24a91a51-7e64-4514-8a91-18eae7fbd615._msdcs.big-
>hand.co.uk
>>* SPN found
>>:E3514235-4B06-11D1-AB04-00C04FC2DCD2/24a91a51-7e64-4514-
>8a91-18eae7fbd615/big-hand.co.uk
>> * SPN found :HOST/bhdc.big-hand.co.uk/big-
>hand.co.uk
>> * SPN found :HOST/bhdc.big-hand.co.uk
>> * SPN found :HOST/BHDC
>> * SPN found :HOST/bhdc.big-hand.co.uk/BIGHAND
>> * SPN found :GC/bhdc.big-hand.co.uk/big-
>hand.co.uk
>> ......................... BHDC passed test
>MachineAccount
>>
>>A few other things I have noticed in Event Viewer on the
>DC. The
>>licensing service is saying that Windows 2000 and IIS is
>out of
>>licenses? Could this be anything to do with it?
>>
>>Also, one of my XP laptops is giving this error on the
>Domain
>>Controller "The Master Browser has received a Server
>announcement from
>>the machine "BH053" - this is one of the machines having
>the problem
>>and is only running XP Pro. Why is this machine doing
>this?
>>
>>Also, when I rebooted the Domain Controller, I got the
>following 2
>>errors (not sure whether these are anything to do with
>the situation?
>>
>>Event Type: Warning
>>Event Source: RSVP
>>Event Category: None
>>Event ID: 10035
>>Date: 14/08/2004
>>Time: 11:58:48
>>User: N/A
>>Computer: BHDC
>>Description:
>>This host can not be ACS since the Active Directory has
>not been
>>properly configured via the QoS ACS management console.
>Please
>>configure the subnets via the QoS ACS mangement console.
>>
>>Event Type: Warning
>>Event Source: RSVP
>>Event Category: None
>>Event ID: 10047
>>Date: 14/08/2004
>>Time: 11:58:48
>>User: N/A
>>Computer: BHDC
>>Description:
>>QoS RSVP has failed to find any interfaces with traffic
>control
>>enabled. Install QoS traffic control services via
>network and dial-up
>>connections.
>>
>>Thanks for your help.
>>.
>>
>.
>
Related resources
Anonymous
August 19, 2004 1:24:59 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

"Madhu" <anonymous@discussions.microsoft.com> wrote in message news:<7a4b01c48466$0433c9d0$a401280a@phx.gbl>...
> This looks suspiciously like the problem I have been
> having with my own domain !!!(See post Duplicate GUIDs) I
> too made the mistake of recreating/reinstalling the Domain
> Controller without removing all traces to it in other DCs
> in the network or as in your case, from the machine
> itself. Each time the system is installed, a different
> GUID is generated and the DNS records will therfore
> contain reference to both the GUIDs. Your SPN query
> clearly shows both the GUIDs linked to big-hand.co.uk. I
> would agree with Ken that the best bet seems to be to
> demote the DC, remove it from the domain, rename it,
> remove all the traces of the original name and then rejoin
> the domain before being promoted again.
>
> >-----Original Message-----
> >Dave-
> >
> >I would almost guess that you named the rebuilt DC the
> >same as what it was before it crashed, and didn't remove
> >its computer account from the domain ahead. I'd try
> >demoting the rebuilt dc, disjoin it from the domain,
> >removing all references to that machine in AD, then re-
> >join the domain, and re-promote it... you may have
> >to 'play' with the FSMO roles to tell AD that the new
> >machine should handle those roles. I'd also consider
> >renaming the machine to something that hasn't been used,
> >this way you're not running the risk of the directory
> >looking for a non-existent machine--and if it does,
> >you'll know it instantly.
> >
> >Good luck--I don't envy you
> >
> >Ken
> >>-----Original Message-----
> >>History - rebuilt a Win2K Domain controller and
> recreated a domain
> >>with the same domain name as it
> >>
> >>was previous to the build.
> >>
> >>All laptops (different types, Dell and Toshiba) and some
> desktops now
> >>do not receive group
> >>
> >>policy updates. Errors in Event Viewer are thus :
> >>
> >>Event Type: Error
> >>Event Source: Userenv
> >>Event Category: None
> >>Event ID: 1054
> >>Date: 30/07/2004
> >>Time: 17:18:02
> >>User: NT AUTHORITY\SYSTEM
> >>Computer: BH053
> >>Description:
> >>Windows cannot obtain the domain controller name for
> your computer
> >>network. (The specified
> >>
> >>domain either does not exist or could not be
> contacted. ). Group
> >>Policy processing aborted.
> >>
> >>For more information, see Help and Support Center at
> >>
> >>http://go.microsoft.com/fwlink/events.asp.
> >>
> >>AND
> >>
> >>Occasionally this one :
> >>
> >>Event Type: Error
> >>Event Source: UserInit
> >>Event Category: None
> >>Event ID: 1000
> >>Date: 12/08/2004
> >>Time: 08:57:48
> >>User: N/A
> >>Computer: BH039
> >>Description:
> >>Could not execute the following script
> >>
> >>\\big-hand.co.uk\SysVol\big-
> hand.co.uk\scripts\Marketing.bat.
> >>Configuration information
> >>
> >>could not be read from the domain controller, either
> because the
> >>machine is unavailable, or
> >>
> >>access has been denied.
> >>..
> >>
> >>However, the Home drive (P:)  specified in the AD User
> Profile always
> >>gets mapped! Only the bat
> >>
> >>files described above do not get mapped.
> >>
> >>What I have done :
> >>
> >>a) Nslookup tests successful.
> >>b) Checked Permissions on netlogon share - successful
> >>c) Stopped IPSec Service on Domain Controller.
> >>d) Taken machines off the domain and put them back
> on - this seems to
> >>sort it out for a bit but then problem returns.
> >>
> >>When I run netdiag everything is okay apart from one
> thing...During
> >>the LDAP query I get 'Failed to query SPN registration
> on DC
> >>'xxxx.xxx-xxx.co.uk' What is it trying to do here and
> is this error
> >>anything to be worry about? I have looked at setspn.exe
> on the
> >>Support Tools/Resource Kit and I can see the entries for
> SPN when I
> >>use adsiedit.msc. So, why can't the netdiag query it? I
> am running it
> >>as Domain Admin.
> >>
> >>Other facts :
> >>
> >>Firewalls have been disabled and problem still exists.
> >>Freshly built new machines also have this problem.
> >>Only 1 Domain Controller on this Domain. Win2K Server
> Service Pack 3
> >>? Surely this is not an SP4 problem??
> >>
> >>Can anybody help me? Users are getting frustrated!
> >>
> >>Thanks,
> >>
> >>
> >>
> >><jabrandt@online.microsoft.com> wrote in message
> news:<uRrNcAWgEHA.3272@TK2MSFTNGP11.phx.gbl>...
> >>> Run a Dcdiag /v >dcdiag.txt
> >>> In there is will list all of the registered SPN's and
> should report any
> >>> errors of ones that are not registered.
> >>> If clients are disjoined and rejoined do you see a
> 1704 event in the
> >>> application log and/or gpresult confirms that the
> group policy was applied?
> >>>
> >>> Are you seeing any events in event viewer on the DC
> that point to any
> >>> problems?
> >>>
> >>> --
> >>> James Brandt [MSFT]
> >>>
> >>>
> >>---------------------------------------------------------
> --------------------
> >>If I rejoin clients to the domain then yes they do get
> the SceCli 1704
> >>event for a couple of times and then seem to resort back
> to not
> >>getting the Group Policies.
> >>
> >>Updated to SP4 and also ran dcdiag /v I have pasted the
> SPN
> >>information from this as presumably you don't need to
> see anything
> >>else? (Everything else didn't have any errors). Here it
> is below....
> >>
> >>
> >>
> >> Starting test: MachineAccount
> >> * SPN found :LDAP/bhdc.big-hand.co.uk/big-
> hand.co.uk
> >> * SPN found :LDAP/bhdc.big-hand.co.uk
> >> * SPN found :LDAP/BHDC
> >> * SPN found :LDAP/bhdc.big-hand.co.uk/BIGHAND
> >> * SPN found
> >>:LDAP/24a91a51-7e64-4514-8a91-18eae7fbd615._msdcs.big-
> hand.co.uk
> * SPN found
> >>:E3514235-4B06-11D1-AB04-00C04FC2DCD2/24a91a51-7e64-4514-
> 8a91-18eae7fbd615/big-hand.co.uk
> >> * SPN found :HOST/bhdc.big-hand.co.uk/big-
> hand.co.uk
> >> * SPN found :HOST/bhdc.big-hand.co.uk
> >> * SPN found :HOST/BHDC
> >> * SPN found :HOST/bhdc.big-hand.co.uk/BIGHAND
> >> * SPN found :GC/bhdc.big-hand.co.uk/big-
> hand.co.uk
> >> ......................... BHDC passed test
> MachineAccount
> >>
> >>A few other things I have noticed in Event Viewer on the
> DC. The
> >>licensing service is saying that Windows 2000 and IIS is
> out of
> >>licenses? Could this be anything to do with it?
> >>
> >>Also, one of my XP laptops is giving this error on the
> Domain
> >>Controller "The Master Browser has received a Server
> announcement from
> >>the machine "BH053" - this is one of the machines having
> the problem
> >>and is only running XP Pro. Why is this machine doing
> this?
> >>
> >>Also, when I rebooted the Domain Controller, I got the
> following 2
> >>errors (not sure whether these are anything to do with
> the situation?
> >>
> >>Event Type: Warning
> >>Event Source: RSVP
> >>Event Category: None
> >>Event ID: 10035
> >>Date: 14/08/2004
> >>Time: 11:58:48
> >>User: N/A
> >>Computer: BHDC
> >>Description:
> >>This host can not be ACS since the Active Directory has
> not been
> >>properly configured via the QoS ACS management console.
> Please
> >>configure the subnets via the QoS ACS mangement console.
> >>
> >>Event Type: Warning
> >>Event Source: RSVP
> >>Event Category: None
> >>Event ID: 10047
> >>Date: 14/08/2004
> >>Time: 11:58:48
> >>User: N/A
> >>Computer: BHDC
> >>Description:
> >>QoS RSVP has failed to find any interfaces with traffic
> control
> >>enabled. Install QoS traffic control services via
> network and dial-up
> >>connections.
> >>
> >>Thanks for your help.
> >>.
> >>
> >.
> >
-----------------------------------------------

Thanks for your replies.

The only problem I have with this is that I only have 1 Domain
Controller on this domain. Therefore, if I demote it then the domain
will disappear presumably? I take it then that my only choice is to
promote another 2000 Server and then transfer FSMO roles to this.
Then I demote the problematic Domain Controller. Surely though the
problem will just get replicated to the newly promoted DC?

What exactly do I remove from the AD once replication has taken place
between the 2? After I have removed everything, then presumably I
then promote back the no longer problematic DC?
Anonymous
August 20, 2004 5:47:10 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks for your replies.

The only problem I have with this is that I only have 1 Domain
Controller on this domain. Therefore, if I demote it then the domain
will disappear presumably? I take it then that my only choice is to
promote another 2000 Server and then transfer FSMO roles to this.
Then I demote the problematic Domain Controller. Surely though the
problem will just get replicated to the newly promoted DC?

What exactly do I remove from the AD once replication has taken place
between the 2? After I have removed everything, then presumably I
then promote back the no longer problematic DC?
Anonymous
August 20, 2004 6:00:00 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Thanks again but we have just been discussing this internally...

When we rebuilt the domain, we literally rebuilt the domain. i.e. we
demoted all Domain Controllers and formatted the HDDs. Therefore,
when we rebuilt the domain, although it was called the same, it didn't
matter as there was no Domain holding the previous information about
that machine.

Is there something on the client machines that is, therefore, causing
the problem? But wait a minute, it can't be because I have built
brand new machines since this problem and these also have the problem.

Incidentally, my USERDNSDOMAIN is big-hand.co.uk but my USERDOMAIN is
BIGHAND - Is there anything tricky about having it like this to do
with WINS/DNS?
!