Re: Added 2nd AD box, but when take 1st down to test, cant auth us
- From: Donald J. Lindstrom <DonaldJLindstrom@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Mar 2009 10:03:01 -0700
Isaac, I will try that and report back - thanks !
Don
"Isaac Oben [MCITP:EA, MCSE]" wrote:
.
Hello Donald,
On the w2k8 box, change the dns configuration to point to 10.88.87.2 as the
pri. dns server, do an ipconfig /registerdns and restart the dns service and
this should fix the issue. (Give it sometime to replicate accross) If issue
not resolved do a netdiag /fix and a dcdiag /fix. Your w2k8 DC have not
completed sysvol initialization and it is not advertising yet as a domain
controller because it is looking for dns resolution from itself instead of
from the w2k3 DC which is fully functional.
Isaac
"Donald J. Lindstrom" <DonaldJLindstrom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:E64AC807-4756-449B-BB78-E9186988456E@xxxxxxxxxxxxxxxx
OK folks, all good stuff, I am fairly certian it is a DNS issue based on
the
dcdiag /v output at the beginning here. I am going to muddle through this
but
if anyone has a quick answer.....
**** FOLLOWING WAS DONE ON THE WINDOWS 2008 AD BOX ****
dcdiag /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SQLSERVER, is a Directory Server.
Home Server = SQLSERVER
* Connecting to directory service on server SQLSERVER.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=medcomsol,DC=l
ocal,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site,CN=S
ites,CN=Configuration,DC=medcomsol,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=medcomsol,DC=l
ocal,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN
=Default-First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=SQLSERVER,CN=Servers,C
N=Default-First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SQLSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SQLSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SQLSERVER
Starting test: Advertising
Warning: DsGetDcName returned information for
\\SBSERVER.medcomsol.local, when we were trying to reach
SQLSERVER.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... SQLSERVER failed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 03/10/2009 11:10:07
Event String:
The File Replication Service is having trouble enabling
replication
from SBSERVER.medcomsol.local to SQLSERVER for c:\windows\sysvol\domain
using th
e DNS name SBSERVER.medcomsol.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name
SBSERVER.medcomsol.l
ocal from this computer.
[2] FRS is not running on SBSERVER.medcomsol.local.
[3] The topology information in the Active Directory Domain
Service
s for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After
the p
roblem is fixed you will see another event log message indicating that the
conne
ction has been established.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 03/10/2009 11:17:09
Event String:
The File Replication Service is having trouble enabling
replication
from SBSERVER to SQLSERVER for c:\windows\sysvol\domain using the DNS name
SBSER
VER.medcomsol.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name
SBSERVER.medcomsol.l
ocal from this computer.
[2] FRS is not running on SBSERVER.medcomsol.local.
[3] The topology information in the Active Directory Domain
Service
s for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After
the p
roblem is fixed you will see another event log message indicating that the
conne
ction has been established.
......................... SQLSERVER passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SQLSERVER passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL.
The
error returned was 0x0 "The operation completed successfully.".
Check the FRS event log to see if the SYSVOL has successfully been
shared.
......................... SQLSERVER passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last
15
min
utes.
......................... SQLSERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-
First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-
First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-Fir
st-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Servers,CN=Default-Fir
st-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBSERVER,CN=Serv
ers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local
......................... SQLSERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SQLSERVER on DC SQLSERVER.
* SPN found :LDAP/SQLSERVER.medcomsol.local/medcomsol.local
* SPN found :LDAP/SQLSERVER.medcomsol.local
* SPN found :LDAP/SQLSERVER
* SPN found :LDAP/SQLSERVER.medcomsol.local/MEDCOMSOL
* SPN found
:LDAP/e5804bb8-5cbb-4836-9956-9457ee032e58._msdcs.medcomsol
.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5804bb8-5cbb-4836-99
56-9457ee032e58/medcomsol.local
* SPN found :HOST/SQLSERVER.medcomsol.local/medcomsol.local
* SPN found :HOST/SQLSERVER.medcomsol.local
* SPN found :HOST/SQLSERVER
* SPN found :HOST/SQLSERVER.medcomsol.local/MEDCOMSOL
* SPN found :GC/SQLSERVER.medcomsol.local/medcomsol.local
......................... SQLSERVER passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SQLSERVER.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=medcomsol,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=medcomsol,DC=local
* Security Permissions Check for
DC=DomainDnsZones,DC=medcomsol,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=medcomsol,DC=local
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=medcomsol,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=medcomsol,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=medcomsol,DC=local
(Domain,Version 3)
......................... SQLSERVER failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\SQLSERVER\netlogon)
[SQLSERVER] An net use or LsaPolicy operation failed with error
67,
The network name cannot be found..
......................... SQLSERVER failed test NetLogons
Starting test: ObjectsReplicated
SQLSERVER is in domain DC=medcomsol,DC=local
Checking for CN=SQLSERVER,OU=Domain
Controllers,DC=medcomsol,DC=local i
n domain DC=medcomsol,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SQLSERVER,CN=Servers,CN=Default-First-
Site,CN=Sites,CN=Configuration,DC=medcomsol,DC=local in domain
CN=Configuration,
DC=medcomsol,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SQLSERVER passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SQLSERVER passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2105 to 1073741823
* SBSERVER.medcomsol.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1605 to 2104
* rIDPreviousAllocationPool is 1605 to 2104
* rIDNextRID: 1620
......................... SQLSERVER passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SQLSERVER passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SQLSERVER passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SQLSERVER,OU=Domain Controllers,DC=medcomsol,DC=local and
backlink
on
CN=SQLSERVER,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration
,DC=medcomsol,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=SQLSERVER,CN=Domain System Volume (SYSVOL share),CN=File
Replication
Service,CN=System,DC=medcomsol,DC=local
and backlink on
CN=NTDS
Settings,CN=SQLSERVER,CN=Servers,CN=Default-First-Site,CN=Sites
,CN=Configuration,DC=medcomsol,DC=local
are correct.
- Follow-Ups:
- Re: Added 2nd AD box, but when take 1st down to test, cant auth us
- From: Donald J. Lindstrom
- Re: Added 2nd AD box, but when take 1st down to test, cant auth us
- References:
- Added 2nd AD box, but when take 1st down to test, cant auth users
- From: Donald J. Lindstrom
- Re: Added 2nd AD box, but when take 1st down to test, cant auth users
- From: Jorge Silva
- Re: Added 2nd AD box, but when take 1st down to test, cant auth us
- From: Donald J. Lindstrom
- Re: Added 2nd AD box, but when take 1st down to test, cant auth us
- From: Isaac Oben [MCITP:EA, MCSE]
- Added 2nd AD box, but when take 1st down to test, cant auth users
- Prev by Date: Fault Tolerance in FSMO role
- Next by Date: Justification for creating a new Domain
- Previous by thread: Re: Added 2nd AD box, but when take 1st down to test, cant auth us
- Next by thread: Re: Added 2nd AD box, but when take 1st down to test, cant auth us
- Index(es):
Relevant Pages
|
