RE: sbs2003 pdc and bdc no DNS name listed.

---

• From: BrianMultiLanguage <BrianMultiLanguage@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 28 Apr 2006 12:53:01 -0700

---

1. Is there an absolute way to verify this?
2. It's a BDC. Windows2000 server. Out from netdom query fsmo is:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>netdom query fsmo
Schema owner clisbs.CLILANG.local

Domain role owner clisbs.CLILANG.local

PDC role clisbs.CLILANG.local

RID pool manager clisbs.CLILANG.local

Infrastructure owner clisbs.CLILANG.local

The command completed successfully.


C:\Documents and Settings\Administrator>netdom query fsmo

3. the ip is static. out of the dhcp range.
4. i donot know how to do this but i do know where to look.

"Steven Zhu [MSFT]" wrote:

Hi Brian,

Thanks for your email and new information.

Based on my experience, the Event ID 1000 on your SQL Server may caused by
the Kerberos Event ID 4.

For the Kerberos Event ID 4, this event will occur if you present a service
ticket to a principal (target computer) which cannot decrypt it. Normally
the service ticket is encrypted using the shared secret of the machine
account's password as a basis for the encryption used to encrypt the
service ticket. The password is known only to the KDC (Domain controllers)
and the target machine. The client presents encrypted session ticket it
received from the KDC to the target server. If the server can decrypt the
ticket, the server then knows that it was encrypted by a trusted source
(the DC) and the presenter (the client) is also trusted. If the target
server has a different password than the DCs, the session ticket cannot be
decrypted and the failure occurs.

Since the target name is blank, Please try the following steps to check the
issue on the computer:

1. Verify there's no other computer in the domain having the same name as
CLISBS.CLILANG.LOCAL.

2. Rebuild secure channel
If the Windows 2003 server is a member server, rejoin the server to the
domain. This will rebuild the secure channel between the member server and
the DC.If the Windows 2003 server is a domain controller, please refer to
the following KB for detailed steps to reset secure channel (Though the
error message is not same, the solution of netdom utility is same):
288167 Error Message "Target Principal Name is Incorrect" When Manually
Replicating Data between Domain Controllers
http://support.microsoft.com/?id=288167

3. If you are using DHCP, make sure there's no conflict on the IP address
of CLISBS.CLILANG.LOCAL.

4. In DNS, verify the A records and the PTR records related to
CLISBS.CLILANG.LOCAL and its IP address.

Please let me know the above results so that I can provide further
assistance on this problem. If you have any other questions or concerns,
please do not hesitate to contact us. It is always our pleasure to be of
assistance.

Best Regards,

Steven Zhu
MCSE
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
updated on February 14, 2006.? Please complete a re-registration process
by entering the secure code mmpng06 when prompted. Once you have
entered the secure code mmpng06, you will be able to update your profile
and access the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================

.

---

• References:
  • RE: sbs2003 pdc and bdc no DNS name listed.
    • From: Steven Zhu [MSFT]
  • RE: sbs2003 pdc and bdc no DNS name listed.
    • From: BrianMultiLanguage
  • RE: sbs2003 pdc and bdc no DNS name listed.
    • From: Steven Zhu [MSFT]

• Prev by Date: Re: ISA Stops FTP
• Next by Date: Re: Internet Problems After SP1
• Previous by thread: RE: sbs2003 pdc and bdc no DNS name listed.
• Next by thread: SBS 2003 Memory Alert
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Kerberos error event ID:4 ... This event will occur if you present a service ticket to a principal ... which cannot be decrypted by the target. ... password as a seed for the resulting encryption used on the service ... If the server can decrypt the ticket, ... (microsoft.public.windows.server.general) RE: Kerberos error event ID:4 ... This event will occur if you present a service ticket to a principal ... which cannot be decrypted by the target. ... password as a seed for the resulting encryption used on the service ticket. ... If the server can decrypt the ticket, ... (microsoft.public.windows.server.general) Re: write with cURL ... It takes time to set up an account for you, process the billing, etc. ... Sorry, my servers are secure. ... Nothing you have told me shows me you know how to lock down a server so that it is secure - other than to use the server's file security. ... (alt.php) Re: NT4 -> Win2K3 question ... disable SMB signing for the Workstation or Server service on a domain ... Get Secure! ... The File Replication Service Event log test ... controller to the following destination domain ... (microsoft.public.windows.server.migration) [OT] Re: RSA implementation, please comment. ... on a separate server is actually a very good idea, ... This web front uses a well defined and secure ... Don't store the private key on the server. ... Every client gets a smartcard for the decryption (or a HSM, ... (comp.lang.perl.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)