none
Server 08 R2 DC - unable to open ADUC, netlogon does not start

    Question

  • Hello everyone, and thank you in advance for any possible support.

    Note:  All identifying server/domain names have been replaced with "CORP" "Sub" and "Sibling" where appropriate.  Our forest consists of 3 domains - two which are 'siblings' at the top, CORP and Sibling, (corp being the primarily used one), and one which is a 'child' of Corp (Sub).

    Today we identified that on one of my domain controllers (named for this post, CORP-DC6) we are unable to open ADUC. This is only one of our 8 DC's, and it does not hold any FSMO roles; the only two important pieces on this server is that it's where we manage our OCS from (we use ADUC on this system to enable a user for OCS, create SIP addresses, etc) and that Certification Authority is installed on the system.

    Attempting to open ADUC gives error "Naming information cannot be located because: The target principal name is incorrect."

    Web searches for this prompted me to check DNS for issues.  In looking into DNS, I found that the system was somehow assigned a different IP address than it should have (it was now at 192.168.1.124 instead of 192.168.1.290 where it should have been).  I moved the IP address back to the correct IP, and rebooted.  

    The issue was still there, so I continued searching; which lead me to a suggestion to check out my netlogon service.  I found that the Netlogon service was NOT running.   When attempting to start the service, it fails and I am presented wih the following error in the System event log:

    Log Name:      System
    Source:        Service Control Manager
    Date:          7/24/2013 10:54:59 AM
    Event ID:      7023
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      CORP-DC6.corp.com
    Description:
    The Netlogon service terminated with the following error: 
    %%-1073741724
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
        <EventID Qualifiers="49152">7023</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8080000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:54:59.175664400Z" />
        <EventRecordID>850085</EventRecordID>
        <Correlation />
        <Execution ProcessID="496" ThreadID="584" />
        <Channel>System</Channel>
        <Computer>CORP-DC6.corp.om</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="param1">Netlogon</Data>
        <Data Name="param2">%%-1073741724</Data>
      </EventData>
    </Event>


    Additionally, there is also this error:

    Log Name:      System
    Source:        NETLOGON
    Date:          7/24/2013 10:54:59 AM
    Event ID:      5602
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      CORP-DC6.corp.com
    Description:
    An internal error occurred while accessing the computer's local or network security database.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="NETLOGON" />
        <EventID Qualifiers="0">5602</EventID>
        <Level>2</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:54:59.000000000Z" />
        <EventRecordID>850083</EventRecordID>
        <Channel>System</Channel>
        <Computer>CORP-DC6.corp.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data>%%1317</Data>
        <Binary>640000C0</Binary>
      </EventData>
    </Event>

    At this point, I've read a bunch of stuff online and not really found anything that has helped nor seemed completely relevant.

    Additional Info that may help out:

    • When I open Server Manager, it seems to think the local system's name is WIN-3OL3DIFK4S instead of CORP-DC6; similarly opening Device Manager from w/in Server manger gives a message about managing a remote system; even though I am managing the local system.
    • There are additional errors in the System and Application log which are certainly issues, but I do not know if they pertain to the main issue at hand here or not.
    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Date:          7/24/2013 10:55:04 AM
    Event ID:      1055
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      CORP-DC6.corp.com
    Description:
    The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
    a) Name Resolution failure on the current domain controller. 
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
        <EventID>1055</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>1</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:55:04.448473700Z" />
        <EventRecordID>850088</EventRecordID>
        <Correlation ActivityID="{582C2637-5A99-47AE-B50C-C1A063DDABDC}" />
        <Execution ProcessID="888" ThreadID="1056" />
        <Channel>System</Channel>
        <Computer>CORP-DC6.corp.com</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="SupportInfo1">1</Data>
        <Data Name="SupportInfo2">1632</Data>
        <Data Name="ProcessingMode">1</Data>
        <Data Name="ProcessingTimeInMilliseconds">11762</Data>
        <Data Name="ErrorCode">5</Data>
        <Data Name="ErrorDescription">Access is denied. </Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        LsaSrv
    Date:          7/24/2013 10:55:13 AM
    Event ID:      40961
    Task Category: None
    Level:         Warning
    Keywords:      
    User:          SYSTEM
    Computer:      CORP-DC6.corp.com
    Description:
    The Security System could not establish a secured connection with the server ldap/corp-dc1.corp.com/corp.com@CORP.COM. No authentication protocol was available.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
        <EventID>40961</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:55:13.262489200Z" />
        <EventRecordID>850092</EventRecordID>
        <Correlation />
        <Execution ProcessID="504" ThreadID="1332" />
        <Channel>System</Channel>
        <Computer>CORP-DC6.corp.com</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="Target">ldap/CORP-dc1.corp.com/corp.com@OCORP.COM</Data>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-DfsSvc
    Date:          7/24/2013 10:55:24 AM
    Event ID:      14548
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      CORP-DC6.corp.com
    Description:
    The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-DfsSvc" Guid="{7DA4FE0E-FD42-4708-9AA5-89B77A224885}" EventSourceName="DfsSvc" />
        <EventID Qualifiers="49152">14548</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:55:24.000000000Z" />
        <EventRecordID>850102</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>CORP-DC6.corp.com</Computer>
        <Security />
      </System>
      <EventData Name="DfsNoTrustedDomainInfo">
        <Binary>B5060000</Binary>
      </EventData>
    </Event>

    Log Name:      System
    Source:        Microsoft-Windows-Security-Kerberos
    Date:          7/24/2013 10:57:44 AM
    Event ID:      4
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      CORP-DC6.corp.com
    Description:
    The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/corp-dc1.corp.com. The target name used was cifs/corp-dc1.corp.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CORP.COM) is different from the client domain (CORP.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
        <EventID Qualifiers="16384">4</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:57:44.000000000Z" />
        <EventRecordID>850163</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>System</Channel>
        <Computer>CORP-DC6.CORP.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="Server">host/corp-dc1.corp.com</Data>
        <Data Name="TargetRealm">CORP.COM</Data>
        <Data Name="Targetname">cifs/corp-dc1.corp.com</Data>
        <Data Name="ClientRealm">CORP.COM</Data>
        <Binary>
        </Binary>
      </EventData>
    </Event>

    • There are also the following errors in the Application event log
    Log Name:      Application
    Source:        Microsoft-Windows-CertificationAuthority
    Date:          7/24/2013 10:55:13 AM
    Event ID:      91
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          SYSTEM
    Computer:      CORP-DC6.corp.com
    Description:
    Could not connect to the Active Directory.  Active Directory Certificate Services will retry when processing requires Active Directory access.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
        <EventID Qualifiers="49754">91</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:55:13.000000000Z" />
        <EventRecordID>254767</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>CORP-DC6.corp.com</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData Name="MSG_E_DS_RETRY">
      </EventData>
    </Event>

    Log Name:      Application
    Source:        Microsoft-Windows-CertificationAuthority
    Date:          7/24/2013 10:55:30 AM
    Event ID:      44
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          SYSTEM
    Computer:      CORP-DC6.corp.com
    Description:
    The "Windows default" Policy Module "Initialize" method returned an error. Logon failure: unknown user name or bad password. The returned status code is 0x8007052e (1326).  The Active Directory containing the Certification Authority could not be contacted.
    
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
        <EventID Qualifiers="49754">44</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-24T14:55:30.000000000Z" />
        <EventRecordID>254773</EventRecordID>
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Channel>Application</Channel>
        <Computer>CORP-DC6.corp.com</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData Name="MSG_E_POLICY_ERROR">
        <Data Name="PolicyModuleDescription">Windows default</Data>
        <Data Name="MethodName">Initialize</Data>
        <Data Name="ErrorCode">0x8007052e (1326)</Data>
        <Data Name="param4">The Active Directory containing the Certification Authority could not be contacted.
    </Data>
        <Data Name="ErrorString">Logon failure: unknown user name or bad password.</Data>
      </EventData>
    </Event>

    Log Name: Application Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment Date: 7/24/2013 10:55:31 AM Event ID: 6 Task Category: None Level: Error Keywords: Classic User: N/A Computer: CORP-DC6.corp.com Description: Automatic certificate enrollment for local system failed (0x8007052e) Logon failure: unknown user name or bad password. . Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" /> <EventID Qualifiers="16384">6</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-07-24T14:55:31.000000000Z" /> <EventRecordID>254775</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>CORP-DC6.corp.com</Computer> <Security /> </System> <EventData> <Data Name="Context">local system</Data> <Data Name="ErrorCode">0x8007052e</Data> <Data Name="ErrorMsg">Logon failure: unknown user name or bad password. </Data> </EventData> </Event>

    Link to output of DCDiag on pastebin: http://pastebin.com/VFPTcEGT


    Smply based on a quick look through of the dcdiag and the various event log messages, It seems to me that the NetLogon service not starting up is causing most of the errors; but I am not aware of how to get it to start up.


    • Edited by Dan Ceola Wednesday, July 24, 2013 5:00 PM
    Wednesday, July 24, 2013 4:57 PM

All replies

  • after my last reboot, attempting to start Netlogon from the GUI (services within server manager) gives error:

    " Windows could not start the Netlogon service on WIN-3OL3DIFK4S2.  Error 0xc0000064: 0xc0000064"


    Seems weird that it says this when this isn't the system's name... which is confirmed by:

    C:\Users\daniel_da>netdom computername localhost /enum
    All of the names for the computer are:

    CORP-DC6.corp.com
    The command completed successfully.


    • Edited by Dan Ceola Wednesday, July 24, 2013 5:04 PM formatting
    Wednesday, July 24, 2013 5:03 PM
  • Hello,

    there are lot of firewall errors, please assure that ports are open according to the following document:

    http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx

    You have 7 DCs in the forest, is that correct?

    Was there a crash on one or more of them and where they restored from not AD aware backup like image/clone/snapshot/VM-file copy?

    Replication problems exist since 27 may, was there some major change that time with hardware/software etc.?

    For the error message "The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host" see for starting:

    http://support.microsoft.com/kb/558115/en-us http://jespermchristensen.wordpress.com/2008/06/12/troubleshooting-the-kerberos-error-krb_ap_err_modified/

    You use domain internal DNS servers as Forwarders, this may result in name resolution loops in the badest situation, better use external DNS servers like the ISPs one.

    Please post an UNEDITED ipconfig /all from each DC/DNS server, so we can verify settings as you also have listed lot of name resolution problems.

    How is DNS setup in detail, each domain with own DNS servers, AD integrated?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, July 24, 2013 5:14 PM
  • Thank you for the quick response!

    1. Windows firewall is disabled for all network profiles.
    2. We have do have 7 DC's in the forest.  here's an image i created a while back that lists our DC's and shows the replication partners (not really relevant, but this shows the DC's) http://i.imgur.com/AtjGuiM.jpg
    3. I believe May 27 was a date in which we performed maintenance/upgrades on our vmware virtual hardware on this VM; when we upgraded the virtual hardware, it created a new NIC device on this server (which is how the system lost it's IP address configuration).  Today, I assigned the correct IP to the 'new' NIC.
    4. will look at link about Kerberos
    5. I'm unfortunately not familiar enough with the purposes of the internal vs external forwarders to comment on this or make a change at this time.
    6. IPConfig info shown below
    7. DNS is AD integrated, each domain has it's own DNS servers and have conditional forwarders to point to the other domain when appropriate. I believe each DC is also running DNS, but via DHCP we only pass out at most two DNS servers to client systems (main office, it's 192.168.1.7, 192.168.1.8)

    C:\Users\daniel_da>ipconfig -all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : CORP-DC6
       Primary Dns Suffix  . . . . . . . : corp.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : corp.com
                                           sibling.com
                                           sub.corp.com
    
    Ethernet adapter Local Area Connection 2:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
    2
       Physical Address. . . . . . . . . : 00-50-56-AD-5C-29
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::f43a:f215:c266:5a70%14(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.190(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 285233238
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-F5-25-A1-00-50-56-AD-5C-29
    
       DNS Servers . . . . . . . . . . . : 192.168.1.8
                                           192.168.1.7
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Tunnel adapter isatap.{5B04D7AC-9161-4A51-9ADC-166E37EE4D0E}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    C:\Users\daniel_da>
    

    C:\Documents and Settings\daniel_da>ipconfig -all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : corp-dc1
       Primary Dns Suffix  . . . . . . . : corp.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : corp.com
                                           sibling.com
                                           sub.corp.com
    
    Ethernet adapter Local Area Connection 3:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
       Physical Address. . . . . . . . . : 00-50-56-AD-29-1D
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.1.8
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.8
                                           192.168.1.7
       Primary WINS Server . . . . . . . : 192.168.1.7
    
    C:\Documents and Settings\daniel_da>

    C:\Documents and Settings\daniel_da>ipconfig -all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : CORP-DC2
       Primary Dns Suffix  . . . . . . . : corp.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : corp.com
                                           sibling.com
                                           sub.corp.com
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #3
       Physical Address. . . . . . . . . : 00-50-56-AD-67-B0
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.1.7
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.7
                                           192.168.1.8
       Primary WINS Server . . . . . . . : 192.168.1.7
    
    C:\Documents and Settings\daniel_da>

    C:\Documents and Settings\daniel_da>ipconfig -all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : sub-dc2
       Primary Dns Suffix  . . . . . . . : sub.corp.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : sub.corp.com
                                           corp.com
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
       Physical Address. . . . . . . . . : 00-50-56-AD-39-7E
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.1.136
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.8
                                           192.168.1.7
    C:\Users\daniel_da>ipconfig -all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : Sibling-DC3
       Primary Dns Suffix  . . . . . . . : sibling.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : sibling.com
                                           corp.com
    
    Ethernet adapter Local Area Connection 2:
    
       Connection-specific DNS Suffix  . : corp.com
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
    2
       Physical Address. . . . . . . . . : 00-50-56-AD-6E-97
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::7c97:854f:8bf5:efdb%17(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.147(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Monday, May 27, 2013 2:53:39 PM
       Lease Expires . . . . . . . . . . : Thursday, July 25, 2013 2:56:42 AM
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.7
       DHCPv6 IAID . . . . . . . . . . . : 285233238
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B5-55-91-00-50-56-AD-6E-97
    
       DNS Servers . . . . . . . . . . . : 192.168.1.8
                                           192.168.1.7
       Primary WINS Server . . . . . . . : 192.168.1.7
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Tunnel adapter isatap.occfiber.com:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : corp.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    

    C:\Documents and Settings\daniel_da>ipconfig -all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : corpsite3-dc7
       Primary Dns Suffix  . . . . . . . : corp.com
       Node Type . . . . . . . . . . . . : Unknown
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : corp.com
                                           sibling.com
                                           sub.corp.com
    
    Ethernet adapter Dallas:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : BASP Virtual Adapter
       Physical Address. . . . . . . . . : 00-19-B9-EA-65-FA
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.35.7
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.35.1
       DNS Servers . . . . . . . . . . . : 192.168.35.7


    C:\Documents and Settings\daniel_da>ipconfig -all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : siblig-dc1
       Primary Dns Suffix  . . . . . . . : siblingsite2.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : sibling.com
                                           corp.com
    
    Ethernet adapter smpdc1_nw:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : BASP Virtual Adapter
       Physical Address. . . . . . . . . : 00-14-5E-2B-0D-88
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 172.20.24.2
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 172.20.24.5
       DNS Servers . . . . . . . . . . . : 172.20.24.2
                                           172.20.24.221

    Wednesday, July 24, 2013 5:46 PM
  • I feel like the 'server manager' showing a different system name than what is assigned to the server seems like it should be pointing me towards the issues; expecially since the error I get in the GUI when I try to start netlogon service references that name as well...

    Wednesday, July 24, 2013 5:51 PM
  • Hello,

    please check all DNS zones that all DCs are listed with the correct ip address and that also the SRV records are used with the correct ones.

    Additional assure that the hypervisor machines are NOT used for time sync on the PDCEmulators from the domains. Configure either the root PDCEmulator to an external time source and use default on the child PDCEmulators or configure each PDCEmulator to the SAME external time source. http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx

    See also time in VMs http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx http://www.vmware.com/vmtn/resources/238  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189 http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1318


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, July 24, 2013 6:26 PM
  • Thanks again!

    • I checked all DNS zones on all DNS servers, and all SRV records exist correctly in the correct locations for each DC; I used the info located: http://support.microsoft.com/kb/816587/en-us to verify that I was checking the correct location for the SRV records.
    • I have verified that the PDCEmulator in each domain (3 of them) are synchronizing time from external time servers, not from the VM host.

    In doing the first item, I found that only 5 of our 7 DCs are running DNS, 1 at each remote site, 3 at the main office; since we are only using two of the DNS servers in the main office for DNS resolution on client systems, it makes me wonder if this actually needs to be present on the DC in question (as it's not one that is passed out to clients).  but thats a thought for another time



    • Edited by Dan Ceola Wednesday, July 24, 2013 8:38 PM removed a typo
    Wednesday, July 24, 2013 7:02 PM
  • Hello,

    what do you mean with one PDCEmulator ONLY, each domain has its own PDCEmulator, please check with "netdom query fsmo" in the root and the child domains.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, July 24, 2013 7:20 PM
  • sorry, i meant to edit that out. i did update it on all 3 PDC's

    Wednesday, July 24, 2013 8:37 PM