Re: Unable to create AD objects...
- From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
- Date: Thu, 19 Jun 2008 22:23:22 +0200
are YOU able to connect to that?
also trying with fqdn of dc to access that share
ping netbios and fqdn of DC
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Steven Sinclair" <StevenSinclair@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:DD59C4CB-9665-421B-862E-0D951E09D767@xxxxxxxxxxxxxxxx
Another interesting thing...even though everything appears to be working now,
I'm still getting the following error listed under the DCDIAG report:
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\MCP01\netlogon)
[MCP01] An net use or LsaPolicy operation failed with error 1203, No
network provider accepted the given network path..
......................... MCP01 failed test NetLogons
Strange...
"Jorge de Almeida Pinto [MVP - DS]" wrote:
I wanted to something like reboot the box next .... ;-) you know that always
helps! ;-)
try DCDIAG /C /D /V again and also check the event logs
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #
BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test ANY suggestion in a test environment before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"Steven Sinclair" <StevenSinclair@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:7F432951-CD18-47D9-BC60-51B01145375F@xxxxxxxxxxxxxxxx
> Here's something really interesting...
>
> I restarted the server, and now I'm able to create user objects.
>
> Why would a simple restart correct the problem?
>
> Thanx.
>
>
>
> "Steven Sinclair" wrote:
>
>> No errors in any of the event logs until yesterday (around the time I >> ran
>> the
>> DCDIAG commands). The event was in the system event log as follows:
>>
>> Date: 6/18/2008 Source: SceSrv
>> Time: 12:20:43 PM Category: None
>> Type: Error Event ID: 1003
>> User: N/A
>> Computer: MCP01
>>
>> Description:
>> Notification of policy change from LSA/SAM has been retried and >> failed.
>> Error 4312 to save policy change for account
>> S-1-5-21-3402352517-712457843-1199885889-1632 in the default GPOs. For
>> more
>> debugging information, please look security\logs\scepol.log under >> Windows
>> root.
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> Thanx again.
>>
>>
>>
>> "Jorge de Almeida Pinto [MVP - DS]" wrote:
>>
>> > any event IDs with errors?
>> >
>> > -- >> >
>> > Cheers,
>> > (HOPEFULLY THIS INFORMATION HELPS YOU!)
>> >
>> > # Jorge de Almeida Pinto # MVP Identity & Access - Directory >> > Services #
>> >
>> > BLOG (WEB-BASED)--> >> > http://blogs.dirteam.com/blogs/jorge/default.aspx
>> > BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
>> > ------------------------------------------------------------------------------------------
>> > * How to ask a question --> http://support.microsoft.com/?id=555375
>> > ------------------------------------------------------------------------------------------
>> > * This posting is provided "AS IS" with no warranties and confers no
>> > rights!
>> > * Always test ANY suggestion in a test environment before >> > implementing!
>> > ------------------------------------------------------------------------------------------
>> > #################################################
>> > #################################################
>> > ------------------------------------------------------------------------------------------
>> > "Steven Sinclair" <StevenSinclair@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote >> > in
>> > message news:65F69275-0506-4462-803A-C5992C77C0DA@xxxxxxxxxxxxxxxx
>> > > Yes, sorry, I did mention them both a PDC and a BDC in that >> > > original
>> > > thread.
>> > >
>> > > Since I'm unaware of how to "attach" the DCDIAG output, I'll >> > > simply
>> > > insert
>> > > it here...
>> > >
>> > > ---------------
>> > > Domain Controller Diagnosis
>> > >
>> > > Performing initial setup:
>> > > * Verifying that the local machine mcp01, is a DC.
>> > > * Connecting to directory service on server mcp01.
>> > > * Collecting site info.
>> > > * Identifying all servers.
>> > > * Identifying all NC cross-refs.
>> > > * Found 1 DC(s). Testing 1 of them.
>> > > Done gathering initial info.
>> > >
>> > > Doing initial required tests
>> > >
>> > > Testing server: Default-First-Site-Name\MCP01
>> > > Starting test: Connectivity
>> > > * Active Directory LDAP Services Check
>> > > * Active Directory RPC Services Check
>> > > ......................... MCP01 passed test Connectivity
>> > >
>> > > Doing primary tests
>> > >
>> > > Testing server: Default-First-Site-Name\MCP01
>> > > Starting test: Replications
>> > > * Replications Check
>> > > * Replication Latency Check
>> > > ......................... MCP01 passed test Replications
>> > > Starting test: Topology
>> > > * Configuration Topology Integrity Check
>> > > * Analyzing the connection topology for
>> > > DC=ForestDnsZones,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the connection topology for
>> > > DC=DomainDnsZones,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the connection topology for
>> > > CN=Schema,CN=Configuration,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the connection topology for
>> > > CN=Configuration,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the connection topology for >> > > DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > ......................... MCP01 passed test Topology
>> > > Starting test: CutoffServers
>> > > * Configuration Topology Aliveness Check
>> > > * Analyzing the alive system replication topology for
>> > > DC=ForestDnsZones,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the alive system replication topology for
>> > > DC=DomainDnsZones,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the alive system replication topology for
>> > > CN=Schema,CN=Configuration,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the alive system replication topology for
>> > > CN=Configuration,DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > * Analyzing the alive system replication topology for
>> > > DC=mydomain,DC=com.
>> > > * Performing upstream (of target) analysis.
>> > > * Performing downstream (of target) analysis.
>> > > ......................... MCP01 passed test CutoffServers
>> > > Starting test: NCSecDesc
>> > > * Security Permissions check for all NC's on DC MCP01.
>> > > * Security Permissions Check for
>> > > DC=ForestDnsZones,DC=mydomain,DC=com
>> > > (NDNC,Version 2)
>> > > * Security Permissions Check for
>> > > DC=DomainDnsZones,DC=mydomain,DC=com
>> > > (NDNC,Version 2)
>> > > * Security Permissions Check for
>> > > CN=Schema,CN=Configuration,DC=mydomain,DC=com
>> > > (Schema,Version 2)
>> > > * Security Permissions Check for
>> > > CN=Configuration,DC=mydomain,DC=com
>> > > (Configuration,Version 2)
>> > > * Security Permissions Check for
>> > > DC=mydomain,DC=com
>> > > (Domain,Version 2)
>> > > ......................... MCP01 passed test NCSecDesc
>> > > Starting test: NetLogons
>> > > * Network Logons Privileges Check
>> > > Unable to connect to the NETLOGON share! >> > > (\\MCP01\netlogon)
>> > > [MCP01] An net use or LsaPolicy operation failed with >> > > error
>> > > 1203,
>> > > No network provider accepted the given network path..
>> > > ......................... MCP01 failed test NetLogons
>> > > Starting test: Advertising
>> > > The DC MCP01 is advertising itself as a DC and having a >> > > DS.
>> > > The DC MCP01 is advertising as an LDAP server
>> > > The DC MCP01 is advertising as having a writeable >> > > directory
>> > > The DC MCP01 is advertising as a Key Distribution Center
>> > > The DC MCP01 is advertising as a time server
>> > > The DS MCP01 is advertising as a GC.
>> > > ......................... MCP01 passed test Advertising
>> > > Starting test: KnowsOfRoleHolders
>> > > Role Schema Owner = CN=NTDS
>> > > Settings,CN=MCP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
>> > > Role Domain Owner = CN=NTDS
>> > > Settings,CN=MCP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
>> > > Role PDC Owner = CN=NTDS
>> > > Settings,CN=MCP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
>> > > Role Rid Owner = CN=NTDS
>> > > Settings,CN=MCP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
>> > > Role Infrastructure Update Owner = CN=NTDS
>> > > Settings,CN=MCP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
>> > > ......................... MCP01 passed test
>> > > KnowsOfRoleHolders
>> > > Starting test: RidManager
>> > > * Available RID Pool for the Domain is 2104 to 1073741823
>> > > * mcp01.mydomain.com is the RID Master
>> > > * DsBind with RID Master was successful
>> > > * rIDAllocationPool is 1604 to 2103
>> > > * rIDPreviousAllocationPool is 1604 to 2103
>> > > * rIDNextRID: 1635
>> > > ......................... MCP01 passed test RidManager
>> > > Starting test: MachineAccount
>> > > Checking machine account for DC MCP01 on DC MCP01.
>> > > * SPN found :LDAP/mcp01.mydomain.com/mydomain.com
>> > > * SPN found :LDAP/mcp01.mydomain.com
>> > > * SPN found :LDAP/MCP01
>> > > * SPN found :LDAP/mcp01.mydomain.com/PMHPRINEVILLE
>> > > * SPN found
>> > > :LDAP/17612149-47c5-4544-a68e-777e3207dc1a._msdcs.mydomain.com
>> > > * SPN found
>> > > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/17612149-47c5-4544-a68e-777e3207dc1a/mydomain.com
>> > > * SPN found :HOST/mcp01.mydomain.com/mydomain.com
>> > > * SPN found :HOST/mcp01.mydomain.com
>> > > * SPN found :HOST/MCP01
>> > > * SPN found :HOST/mcp01.mydomain.com/PMHPRINEVILLE
>> > > * SPN found :GC/mcp01.mydomain.com/mydomain.com
>> > > ......................... MCP01 passed test MachineAccount
>> > > Starting test: Services
>> > > * Checking Service: Dnscache
>> > > * Checking Service: NtFrs
>> > > * Checking Service: IsmServ
>> > > * Checking Service: kdc
>> > > * Checking Service: SamSs
>> > > * Checking Service: LanmanServer
>> > > * Checking Service: LanmanWorkstation
>> > > * Checking Service: RpcSs
>> > > * Checking Service: w32time
>> > > * Checking Service: NETLOGON
>> > > ......................... MCP01 passed test Services
>> > > Starting test: OutboundSecureChannels
>> > > * The Outbound Secure Channels test
>> > > ** Did not run Outbound Secure Channels test
>> > > because /testdomain: was not entered
>> > > ......................... MCP01 passed test
>> > > OutboundSecureChannels
>> > > Starting test: ObjectsReplicated
>> > > MCP01 is in domain DC=mydomain,DC=com
>> > > Checking for CN=MCP01,OU=Domain
>> > > Controllers,DC=mydomain,DC=com in
>> > > domain DC=mydomain,DC=com on 1 servers
>> > > Object is up-to-date on all servers.
>> > > Checking for CN=NTDS
>> > > Settings,CN=MCP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
>> > > in domain CN=Configuration,DC=mydomain,DC=com on 1 servers
>> > > Object is up-to-date on all servers.
>> > > ......................... MCP01 passed test >> > > ObjectsReplicated
>> > > Starting test: frssysvol
>> > > * The File Replication Service SYSVOL ready test
>> > > File Replication Service's SYSVOL is ready
>> > > ......................... MCP01 passed test frssysvol
>> > > Starting test: frsevent
>> > > * The File Replication Service Event log test
>> > > ......................... MCP01 passed test frsevent
>> > > Starting test: kccevent
>> > > * The KCC Event log test
>> > > Found no KCC errors in Directory Service Event log in the
>> > > last 15
>> > > minutes.
>> > > ......................... MCP01 passed test kccevent
>> > > Starting test: systemlog
>> > > * The System Event log test
>> > > An Error Event occured. EventID: 0x40011006
>> > > Time Generated: 06/18/2008 13:28:21
>> > > Event String: The connection was aborted by the remote
>> > > WINS.
>> > >
>> > > Remote WINS may not be configured to replicate
>> > >
>> > > with the server.
>> > > ......................... MCP01 failed test systemlog
>> > > Starting test: VerifyReplicas
>> > > ......................... MCP01 passed test VerifyReplicas
>> > > Starting test: VerifyReferences
>> > > The system object reference (serverReference)
>> > >
>> > > CN=MCP01,OU=Domain Controllers,DC=mydomain,DC=com and
>> > > backlink
>> > >
>> > > on
>> > >
>> > >
.
- References:
- Re: Unable to create AD objects...
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Unable to create AD objects...
- From: Steven Sinclair
- Re: Unable to create AD objects...
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Unable to create AD objects...
- From: Steven Sinclair
- Re: Unable to create AD objects...
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Unable to create AD objects...
- From: Steven Sinclair
- Re: Unable to create AD objects...
- From: Steven Sinclair
- Re: Unable to create AD objects...
- From: Jorge de Almeida Pinto [MVP - DS]
- Re: Unable to create AD objects...
- From: Steven Sinclair
- Re: Unable to create AD objects...
- Prev by Date: Re: Unable to create AD objects...
- Next by Date: Re: Remote Control Addin AD
- Previous by thread: Re: Unable to create AD objects...
- Next by thread: Re: Unable to create AD objects...
- Index(es):
Relevant Pages
|
