Re: False Alert - AD database restored by unsupported procedure.
- From: Eric <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Jun 2007 08:21:00 -0700
Thank you, Paul!
I am working on this DC.
At the same time, I still believe this is not the cause of our USN rollback
issue because:
1) The two DCs which cannot talk ('loc-DC01.company.com' is down) are at
different AD sites and different physical locations, which are connected via
WAN. And from the Site and Service MMC, there are no connections between
them so they do not replicate directly.
2) The DC which has USN rollback issue is in the HQ, which sits between
these two locations. And there are more than one DCs in this location. I
believe if this ('loc-DC01.company.com' is down) warning caused the USN
rollback issue of this server, it should also bring the same issue to the
other DCs in HQ. But this didn't happen.
--
Eric
"Paul Bergson [MVP-DS]" wrote:
So what is up with loc-DC01.company.com.
Why can't it be reached, this should be resolved. You can all kinds of
weird errors so lets start by figuring out what is going on with this dc.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Eric" <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:36CA4D2E-A91C-4A8C-B965-41F308550E97@xxxxxxxxxxxxxxxx
Thank you very much, Paul!
I run the tests you mentioned on all the DCs and the DC which has 2103
error
is healthy base on these tests.
There is no error/warning/fail, except the following:
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
[WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Received Address Errors = 128,290
UDP Statistics Receive Errors = 71
IP Statistics Reassembly Failures = 23
TCP Statistics Failed Connection Attempts = 2,690
DNS Error code: ERROR_TIMEOUT (Dns server may be down.) [WARNING] The
DNS entries for this DC cannot be verified right now on DNS server
xxx.xxx.xxx.xxx, ERROR_TIMEOUT.
Since 'loc-DC01.company.com' is down, it cannot be tested.
[WARNING] Failed to query SPN registration on DC 'loc-DC01.company.com'
.
And the DC which has 2103 error is not in the group of the servers
involved
the DNS and SPN warnings. i.e. these warnings are not from this DC's log
file, nor is the object (ip, servername) of the warnings related to this
DC.
--
Eric
"Paul Bergson [MVP-DS]" wrote:
Run diagnostics against your Active Directory domain.
If you don't have the support tools installed, install them from your
server
install disk.
d:\support\tools\setup.exe
Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's
in the forest. If you have significant numbers of DC's this test could
generate significant detail and take a long time. You also want to take
into account slow links to dc's will also add to the testing time.
If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be
output
in notepad text files that pop up automagically.
The script is located in the download section on my website at
http://www.pbbergs.com
Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)
When complete search for fail, error and warning messages.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Eric" <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:159FA8A7-7580-4D9F-91AD-19C567F1EBFE@xxxxxxxxxxxxxxxx
Hi everyone,
I need some helps to resolve an issue we have.
Our DCs are running on virtual machines. Recently, I noticed there is
a
2103 error in the system log of one DC, which says "The Active
Directory
database has been restored using an unsupported restoration procedure",
and
the Net Logon service pauses every time the DC is rebooted.
Because there is no AD restore at any time since the server was built.
The
only reason I could think of is that I moved the DC virtual guest from
one
to
another virtual host. And I alway restart the net logon service when I
saw
the error message and I did not get any report of other issues when
doing
this.
I believe this error is a false alert and was triggered by a registry
key
or
something like that. Does anyone know how to get rid of this error
without
making de-promote the DC?
Thanks in advance,
Eric
- References:
- Re: False Alert - AD database restored by unsupported procedure.
- From: Paul Bergson [MVP-DS]
- Re: False Alert - AD database restored by unsupported procedure.
- From: Eric
- Re: False Alert - AD database restored by unsupported procedure.
- From: Paul Bergson [MVP-DS]
- Re: False Alert - AD database restored by unsupported procedure.
- Prev by Date: Re: Urgent: Restrict LDAP Queries of a domain user
- Next by Date: Re: Urgent: Restrict LDAP Queries of a domain user
- Previous by thread: Re: False Alert - AD database restored by unsupported procedure.
- Next by thread: Random Kerberos errors
- Index(es):
Relevant Pages
|
