Re: DCDiag errors with new exe, none with old
- From: Dave Hahn <DaveHahn@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 6 Mar 2006 20:16:28 -0800
Thanks for the reply. I have been looking over the eventid.net link for some
time now.
I was receiving the events in the KB articles you spec'd at boot time. I
eliminted those by making netlogon depend on DNS. I should probably make
w32time depend on it as well considering it might try to resolve names before
DNS would be up.
I did find that my DC's time was off a bit from what some time servers said.
I resolved that by finding a reliable time server and configuring w32time.
(using net time /setsntp)
The events I see seem to occur only AFTER I have run DCDiag. That and the
error code is different. Namely "The handle specified is invalid
(0x80090301)".
I found in another forum that someone used KB898060 to solve the problem. I
have tried applying that patch, but the problem still exists.
Anyone have any more ideas? If I can safely ignore what DCDiag is telling
me, that's fine. But I want to make sure that all is well on my DC before
installing Exchange 03. I might also be renaming the domain before I do that.
"Paul Bergson" wrote:
Check out the time services on your dc's, see if the links below makes sense.
to your problem. If the dns service hasn't completed startup and NetLogon
is attempting to contact dns I believe this can cause issues. Eventid.net
has users who have suffered similar problems as you.
Check out:
http://support.microsoft.com/kb/823712/en-us
http://support.microsoft.com/kb/824217/en-us
http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dave Hahn" <Dave Hahn@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F03E40EE-74FC-45CC-84FF-FBB0D2F03A5F@xxxxxxxxxxxxxxxx
Hello,
I have a domain controller that I am trying to prep for Exchange 03. It
has
SP1 and all the latest patches. The schema is simple, one domain, one
domain
controller. domain name is intranet.namehere.com
I am using DCDiag to try to ascertain my DC's health. Using SP1 DC Diag, I
get the following errors:
----------------------------------------------------------------
Testing server: Default-First-Site-Name\JMSRV01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
[JMSRV01] DsBindWithSpnEx() failed with error -2146892976,
The system detected a possible attempt to compromise security.
Please
ensure that you can contact the server that authenticated you..
......................... JMSRV01 failed test Connectivity
......
Starting test: DNS
Test results for domain controllers:
DC: jmsrv01.intranet.johnnymortgage.com
Domain: intranet.johnnymortgage.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No DS RPC connectivity
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Servic
e Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
I will also eventually get these errors in the System event log:
---------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 3/6/2006
Time: 8:08:54 PM
User: N/A
Computer: JMSRV01
Description:
The Security System detected an authentication error for the server
LDAP/caa9be6a-bc2b-4009-a7b7-a6e47a00b63c._msdcs.intranet.johnnymortgage.com.
The failure code from authentication protocol Kerberos was "The handle
specified is invalid
(0x80090301)".
-----------------------------------------------------------------------
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 3/6/2006
Time: 8:08:54 PM
User: N/A
Computer: JMSRV01
Description:
The Security System detected an authentication error for the server
LDAP/jmsrv01. The failure code from authentication protocol NTLM was "The
handle specified is invalid
(0x80090301)".
--------------------------------------------------------------
When I run the older DCDiag from the Windows 2003 Media, there are no
errors. Everything is reported as working OK.
The DC has been running fine, resources are accessible, users authenticate
fine, DNS is working properly. The client machines only point to the DC
for
name resolution. Forwarders are set to the ISP's DNS's servers. No other
unusual entries in any event log.
What gives? I have been looking tirelessly over the last couple days and I
haven' been able to find anything no matter where I look. Just people with
the same issues, but no resolution.
Thanks for any advice!!! :)
- Follow-Ups:
- Re: DCDiag errors with new exe, none with old
- From: Paul Williams [MVP]
- Re: DCDiag errors with new exe, none with old
- References:
- DCDiag errors with new exe, none with old
- From: Dave Hahn
- Re: DCDiag errors with new exe, none with old
- From: Paul Bergson
- DCDiag errors with new exe, none with old
- Prev by Date: Re: DCDiag errors with new exe, none with old
- Next by Date: ldif import to modify OU attributes
- Previous by thread: Re: DCDiag errors with new exe, none with old
- Next by thread: Re: DCDiag errors with new exe, none with old
- Index(es):
Relevant Pages
|
