none
Strange Issue in AD

    Question

  • Hi ,

    We have 2 DC servers 2008. On first server we can do everything without any problem but on second if we want to example add  new security group in GPO we will run in the error  in Group Policy Management - The network name cannot be found

    What can that be? Where to start?

    
    • Edited by kaktak Thursday, October 10, 2013 8:47 AM aaaa
    Thursday, October 10, 2013 8:42 AM

Answers

All replies

  • 1.run "dcdiag /q >> dcdiagerror.txt into the problemetic DC & check the errors.

    2. Check the firewall between the two DCs.

    All AD standard ports should be opened between the DCs.

    What All Ports Are Rrequired By Domain Controllers And Client Computers?

    http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2008/AdminTips/ActiveDirectory/WhatAllPortsAreRrequiredByDomainControllersAndClientComputers.html

    -Biswajit



    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin

    Thursday, October 10, 2013 8:47 AM
  • Dont thing that it is firewall coz it is off. Here is the dcdiag 

    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine server03, is a Directory Server. 
       Home Server = server03

       * Connecting to directory service on server server03.

       * Identified AD Forest. 
       Collecting AD specific global data 
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded 
       Iterating through the sites 
       Looking at base site object: CN=NTDS Site Settings,CN=Nienburg,CN=Sites,CN=Configuration,DC=domain,DC=com
       Getting ISTG and options for the site
       Looking at base site object: CN=NTDS Site Settings,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers 
       Getting information for the server CN=NTDS Settings,CN=FILESRV04,CN=Servers,CN=Nienburg,CN=Sites,CN=Configuration,DC=domain,DC=com 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.

       * Found 2 DC(s). Testing 1 of them.

       Done gathering initial info.


    Doing initial required tests

       
       Testing server: Sweden\server03

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity 
             Determining IP6 connectivity 
             * Active Directory RPC Services Check
             ......................... server03 passed test Connectivity



    Doing primary tests

       
       Testing server: Sweden\server03

          Starting test: Advertising

             The DC server03 is advertising itself as a DC and having a DS.
             The DC server03 is advertising as an LDAP server
             The DC server03 is advertising as having a writeable directory
             The DC server03 is advertising as a Key Distribution Center
             The DC server03 is advertising as a time server
             The DS server03 is advertising as a GC.
             ......................... server03 passed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test 
             There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL

             replication problems may cause Group Policy problems. 
             An Warning Event occurred.  EventID: 0x800034FA

                Time Generated: 05/24/2010   03:16:25

                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = File Replication Service) could not be retrieved, error 0x3afc)

             An Error Event occurred.  EventID: 0xC0003500

                Time Generated: 05/24/2010   03:21:26

                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = File Replication Service) could not be retrieved, error 0x3afc)

             ......................... server03 failed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log. 
             There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL

             replication problems may cause Group Policy problems. 
             An Error Event occurred.  EventID: 0xC00004B2

                Time Generated: 05/24/2010   03:13:57

                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = DFS Replication) could not be retrieved, error 0x3afc)

             ......................... server03 failed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test 
             File Replication Service's SYSVOL is ready 
             ......................... server03 passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... server03 passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role Domain Owner = CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role PDC Owner = CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role Rid Owner = CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com
             ......................... server03 passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC server03 on DC server03.
             * SPN found :LDAP/server03.domain.com/domain.com
             * SPN found :LDAP/server03.domain.com
             * SPN found :LDAP/server03
             * SPN found :LDAP/server03.domain.com/domain
             * SPN found :LDAP/5a670a27-befb-4737-8119-e96c14902327._msdcs.domain.com
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5a670a27-befb-4737-8119-e96c14902327/domain.com
             * SPN found :HOST/server03.domain.com/domain.com
             * SPN found :HOST/server03.domain.com
             * SPN found :HOST/server03
             * SPN found :HOST/server03.domain.com/domain
             * SPN found :GC/server03.domain.com/domain.com
             ......................... server03 passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC server03.
             The forest is not ready for RODC. Will skip checking ERODC ACEs.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=domain,DC=com
                (NDNC,Version 3)
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

                Replicating Directory Changes In Filtered Set
             access rights for the naming context:

             DC=ForestDnsZones,DC=domain,DC=com
             * Security Permissions Check for

               DC=DomainDnsZones,DC=domain,DC=com
                (NDNC,Version 3)
             Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have 

                Replicating Directory Changes In Filtered Set
             access rights for the naming context:

             DC=DomainDnsZones,DC=domain,DC=com
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=domain,DC=com
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=domain,DC=com
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=domain,DC=com
                (Domain,Version 3)
             ......................... server03 failed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Verified share \\server03\netlogon
             Verified share \\server03\sysvol
             ......................... server03 passed test NetLogons

          Starting test: ObjectsReplicated

             server03 is in domain DC=domain,DC=com
             Checking for CN=server03,OU=Domain Controllers,DC=domain,DC=com in domain DC=domain,DC=com on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com in domain CN=Configuration,DC=domain,DC=com on 1 servers
                Object is up-to-date on all servers.
             ......................... server03 passed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             * Replication Latency Check
                DC=ForestDnsZones,DC=domain,DC=com
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=DomainDnsZones,DC=domain,DC=com
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Schema,CN=Configuration,DC=domain,DC=com
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Configuration,DC=domain,DC=com
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=domain,DC=com
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
             * Replication Site Latency Check 
             ......................... server03 passed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 4605 to 1073741823
             * server03.domain.com is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 4105 to 4604
             * rIDPreviousAllocationPool is 4105 to 4604
             * rIDNextRID: 4320
             ......................... server03 passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... server03 passed test Services

          Starting test: SystemLog

             * The System Event log test
             An Warning Event occurred.  EventID: 0x800007DD

                Time Generated: 05/24/2010   10:47:26

                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = System) could not be retrieved, error 0x3afc)

             Found no errors in "System" Event log in the last 60 minutes.
             ......................... server03 passed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference) CN=server03,OU=Domain Controllers,DC=domain,DC=com and

             backlink on CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com are correct. 
             The system object reference (serverReferenceBL)

             CN=server03,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=com

             and backlink on

             CN=NTDS Settings,CN=server03,CN=Servers,CN=Sweden,CN=Sites,CN=Configuration,DC=domain,DC=com are

             correct. 
             ......................... server03 passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

       
          Test omitted by user request: DNS

          Test omitted by user request: DNS

       
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test CrossRefValidation

       
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test CrossRefValidation

       
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

       
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

       
       Running partition tests on : domain

          Starting test: CheckSDRefDom

             ......................... domain passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... domain passed test CrossRefValidation

       
       Running enterprise tests on : domain.com

          Test omitted by user request: DNS

          Test omitted by user request: DNS

          Starting test: LocatorCheck

             GC Name: \\server03.domain.com

             Locator Flags: 0xe00013fd
             PDC Name: \\server03.domain.com
             Locator Flags: 0xe00013fd
             Time Server Name: \\server03.domain.com
             Locator Flags: 0xe00013fd
             Preferred Time Server Name: \\server03.domain.com
             Locator Flags: 0xe00013fd
             KDC Name: \\server03.domain.com
             Locator Flags: 0xe00013fd
             ......................... domain.com passed test LocatorCheck

          Starting test: Intersite

             Skipping site Nienburg, this site is outside the scope provided by the command line arguments provided. 
             Skipping site Sweden, this site is outside the scope provided by the command line arguments provided. 
             ......................... domain.com passed test Intersite

    Thursday, October 10, 2013 12:05 PM
  • SYSVOL holds the group policy objects and it appears that it isn't able to replicate sysvol between the two DC's (DFSR error).

    Run:
    repadmin /replsum

    You could also load adreplstatus
    http://www.microsoft.com/en-us/download/details.aspx?id=30005


    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.


    Thursday, October 10, 2013 12:37 PM
  • Hi,

    Do you have any progresses on this issue now?

    Please let us know the latest situation, so we could help you solve the issue efficiently.

    Best Regards,

    Amy Wang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forum a great place.

    Monday, October 14, 2013 1:23 AM
  • Hi,

    I have downloaded the ad replication tool and after running it i didn't see any errors on forest and doman hmmm. 

    Wednesday, October 16, 2013 12:36 PM
  • Hi,

    According to your description in the last post, it seems like there isn’t any issue about AD replication.

    Would you please tell us have you connected to the destination DC in GPMC?

    Also, what Event IDs are logged in system event logs on the problematic DC?

    Here are some related links below that I suggest you refer to:

    Windows 2008 GPO "The Network Name Cannot be found"

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/cdc9d462-124c-4335-92e8-08e1e1f5c85f/windows-2008-gpo-the-network-name-cannot-be-found?forum=winserverDS

    Error "network cannot be found" opening SBS 2011 Group Policy Objects

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/6e82eea2-338a-4d4e-ae30-fab4ed76463c/error-network-cannot-be-found-opening-sbs-2011-group-policy-objects?forum=winserversecurity

    Best Regards,

    Amy Wang

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forum a great place.

    Friday, October 18, 2013 2:09 AM
  • Hi,

    Since we have not heard from you for a while, I assume that this issue is solved.

    I will mark a reply as an answer, please feel free to unmark it if the reply is not helpful.

    We are looking forward to hearing from you.

    Best Regards,

    Amy Wang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forum a great place.

    Friday, October 25, 2013 1:14 AM