Re: ADAM service account problem

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi

I think it's the use of the IP address that's the problem; you need
to use the NETBIOS name or DNS name of the computer is that
not possible in your environment?

Thanks
Lee Flight

"Norm" <Norm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0DBAA7F6-5D20-4CCC-9ED5-47AE9BA6E811@xxxxxxxxxxxxxxxx
>I had to use the IP address - yes they are in the same domain. There is a
> firewall, so that could be a problem depending on what ports it might be
> trying to use. 389 works fine.
>
> "Lee Flight" wrote:
>
>> Hi
>>
>> are these machines are in the same domain?
>>
>> in the install wizard what did you specify for the remote server
>> (i.e. master) name? Did you use the DNS name of the machine,
>> if not could you try that?
>>
>> Thanks
>> Lee Flight
>>
>> "Norm" <Norm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:F703748A-4E79-44C3-B3D6-7538CB11B3B0@xxxxxxxxxxxxxxxx
>> >I don't see any errors on the master side in the security log - it does
>> > generate some entries, but they show success. In the debug log I see
>> > the
>> > following at the end:
>> >
>> > Enter State::GetRemotePassword
>> > Enter InitSecWinntAuthIdentity
>> > Enter State::GetOperation REPLICA
>> > NtdsAdamValidateServiceAccount() => 87
>> > info.eValidationResult = 0
>> > Enter GetErrorMessage 80070057
>> > ADAMERR_SERVICE_INVALID
>> >
>> >
>> > "Lee Flight" wrote:
>> >
>> >> Hi
>> >>
>> >> sounds like such an account should be OK...
>> >>
>> >> Have a look in
>> >>
>> >> %windir%\debug
>> >>
>> >> at the adamsetup.log for the replica install that's giving the problem
>> >> that should give us a clue around the error. Also do you have audit
>> >> failures for logon events and account logon events in the security
>> >> policy of the master, if so looking at the security event log might
>> >> also
>> >> tell us something.
>> >>
>> >> Which hotfix were you referring to?
>> >>
>> >> Thanks
>> >> Lee Flight
>> >>
>> >> "Norm" <Norm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:C8752115-01EE-4180-ABAA-ED4B09A6375F@xxxxxxxxxxxxxxxx
>> >> > The account looks to be ok - it's an admin on both machines, it's a
>> >> > domain
>> >> > account, it's being used for the service on the master, and it's in
>> >> > the
>> >> > adam
>> >> > administrators group on the master along with being a member of the
>> >> > instances
>> >> > role on the master. Could it be a firewall problem? The first part
>> >> > of
>> >> > the
>> >> > install can see the master and it's container, but perhaps it's
>> >> > using
>> >> > some
>> >> > other method and port at this stage?
>> >> >
>> >> > "Lee Flight" wrote:
>> >> >
>> >> >> Hi
>> >> >>
>> >> >> it sounds like the account that you are nominating is failing to
>> >> >> authenticate
>> >> >> for the replication authentication method in use. If you review the
>> >> >> service
>> >> >> account requirements table in:
>> >> >>
>> >> >> ADAM Help
>> >> >> Administering ADAM
>> >> >> Selecting an ADAM service account
>> >> >>
>> >> >>
>> >> >> which environment applies?
>> >> >>
>> >> >> Thanks
>> >> >> Lee Flight
>> >> >>
>> >> >> "Norm" <Norm@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:6A9B343F-183A-4FA6-B99D-9ADF29D16D2A@xxxxxxxxxxxxxxxx
>> >> >> > I'm trying to set up an adam replica. I can get to the point
>> >> >> > where
>> >> >> > the
>> >> >> > install sees the master and it's container. It then asks for a
>> >> >> > service
>> >> >> > account to run under. I give it the same one I used on the
>> >> >> > master,
>> >> >> > but
>> >> >> > it
>> >> >> > gives an error saying:
>> >> >> >
>> >> >> > The service account for this instance of ADAM cannot be used with
>> >> >> > the
>> >> >> > selected configuration set. The account failed validation with
>> >> >> > the
>> >> >> > following
>> >> >> > error:
>> >> >> > Error 0x80070057
>> >> >> > The parameter is incorrect.
>> >> >> >
>> >> >> > This only happens when trying to create a replicated instance,
>> >> >> > the
>> >> >> > account
>> >> >> > works fine for a unique instance. I see that there is is a
>> >> >> > hotfix
>> >> >> > that
>> >> >> > might
>> >> >> > pertain to this, but I don't see any place to download it. Has
>> >> >> > anyone
>> >> >> > else
>> >> >> > had this problem? If so, did you have to get the unknown hotfix
>> >> >> > and
>> >> >> > where?
>> >> >> >
>> >> >> > Thanks, Norm.
>> >> >> >
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>


.

Relevant Pages

  • Re: Problem with Mapped Drives
    ... > If NETBEUI fixed the problem then the problem was probably DNS or NETBIOS ... Installing NETBEUI ... peer2peer for years, and then XP machines were either added, or some of the ...
    (microsoft.public.windowsxp.general)
  • Re: Problem with Mapped Drives
    ... >> If NETBEUI fixed the problem then the problem was probably DNS or NETBIOS ... > peer2peer for years, and then XP machines were either added, or some of ...
    (microsoft.public.windowsxp.general)
  • Re: Master Browser problem
    ... DNS and WINS server as well. ... it will use DNS to resolve DNS names and NetBIOS to resolve ... IPX should not generally be installed on your machines unless they are ...
    (microsoft.public.windows.server.general)
  • Re: AD & BIND: domain listing is slow
    ... > Is it possible to skip NETBIOS resolution or at least shorten the timeout ... The reason is that Browsing is a NetBIOS problem so even ... the DNS resolution for it is technically part of NetBIOS. ... >>> The resolution of machines on the domain is very slow in the Network ...
    (microsoft.public.win2000.active_directory)
  • Re: WINS is realy needed
    ... W2k and later machines try DNS and Netbios name ... DNS will resolve a simple name like machinename as long as the machine ... >>>,win2k3,xp for name resolving using DNS only, now for the question. ...
    (microsoft.public.windows.server.networking)