Re: DCDiag errors with new exe, none with old
- From: Neil Ruston <NeilRuston@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Mar 2006 07:45:26 -0800
LOL. I was not implying that one run just DNS - I was stating a best practice
that DCs not use their local DNS service for name resolution.
I would also suggest that even for a 5 user compamny, you should invest in
an additonal DC. If the current DC blows up, what do you plan to do?
neil
"Dave Hahn" wrote:
This is a small business with exactly 5 people working in it. Having two DC's.
so one can run just DNS is 1) waaaaay to expensive for a small business and
2) Shouldn't really be necessary.
All the SRV records are created successfully as now DNS starts before
Netlogon. Not the other way around. Also, Netlogon doesn't "stop" while the
machine is running AFAIK. Looking at the server right now, Netlogon is
running. It has been up for over 12 hours.
"Neil Ruston" wrote:
I suspect your DC uses itself for DNS name resolution. This is not
recommended (IMO).
netlogon start before DNS and stops after DNS. As a result, netlogon cannot
register SRV records at boot and cannot de-register at shutdown.
If you ever decomm this DC, you'll have to manually remove its DNS records
from another DNS/DC server, for example.
Use another DC/DNS server instead.
neil
"Dave Hahn" wrote:
Thanks Paul,
That's what I had suspected as well. That DCDiag was causing the problems
specifically and making it look like there was a problem when there isn't one.
The errors appear at the same time when I run DCDiag, although not all the
time. They certainly haven't happened on boot or when I haven't run DCDiag.
I'll see if I can find any newer exe's since SP1.
On a side note for anyone else reading, it seems since I have made netlogon
depend on DNS, occasionally DNS isn't happy at startup as it is having a hard
time finding AD. This is sort of expected as my zones are AD integrated. It
just happens at startup, and DNS works fine once all services are loaded.
Thanks again!
"Paul Williams [MVP]" wrote:
If I remember correctly, that error is a bug in DCDIAG:
[JMSRV01] DsBindWithSpnEx() failed with error -2146892976, The system
detected a possible attempt to compromise security
If you're not getting the error with an earlier version of the software,
that pretty much clarifies my recollection.
Re. the Kerberos error, one your server has been up and running do these
errors go away? Or is the buggy version of DCIDAG causing them?
What I'm trying to get at is if they only occur on startup, or when you run
that version of DCDIAG you can probably ignore them. I would make sure that
you run Windows update and look for a newer version of DCDIAG too.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
- Follow-Ups:
- Re: DCDiag errors with new exe, none with old
- From: Dave Hahn
- Re: DCDiag errors with new exe, none with old
- References:
- DCDiag errors with new exe, none with old
- From: Dave Hahn
- Re: DCDiag errors with new exe, none with old
- From: Paul Bergson
- Re: DCDiag errors with new exe, none with old
- From: Dave Hahn
- Re: DCDiag errors with new exe, none with old
- From: Paul Williams [MVP]
- Re: DCDiag errors with new exe, none with old
- From: Neil Ruston
- Re: DCDiag errors with new exe, none with old
- From: Dave Hahn
- DCDiag errors with new exe, none with old
- Prev by Date: Re: Local Administrator
- Next by Date: Re: DNS Problem????
- Previous by thread: Re: DCDiag errors with new exe, none with old
- Next by thread: Re: DCDiag errors with new exe, none with old
- Index(es):
Relevant Pages
|
