none
No other domain controller could be found

    Question

  • Hello

    We heve te following problem:

    We wanted to upgrade our domain from a Small Business Server 2003 to a Windows 2008 R2 server (and domain).

    We installed a new server with Windows Server 2008 R2 and made it a domain controller in co-existance with the SBS 2003 domain controller. It replicated all the data and we moved the FSMO roles to the new Windows Server 2008 R2. We also installed the DNS and DHCP role on it.

    But now, when we shut down the SBS 2003 server, the whole domain goes down. Even on the new domain controller, the domain becomes unavailable.

    I must say that the 21 day grace period has expired already. I wanted to do a dcdemote today, but that doesn't seem to be a good idea now. When I try to do a dcdemote I get a message saying that no other domain controller could be contacted for this domain.

    What did I do wrong and how can this be solved? And why can't my new DC work without the old one being online?

    Thanks for any information.

    Kind regards

    Geoffrey

    Friday, April 20, 2012 12:06 PM

All replies

  • Hi,

    This problem can occur if a domain controller in the domain has not registered an "A" record for itself in DNS.

    Add the A record for the domain controller with the ipconfig /registerdns command. Flush the DNS cache on the computer running the Active Directory Installation Wizard by using the ipconfig /flushdns command.

    For more information, please refer to the following Microsoft TechNet articles:

    Troubleshooting Active Directory Installation Wizard Problems

    http://technet.microsoft.com/en-us/library/bb727058.aspx

    Troubleshooting Active Directory—Related DNS Problems

    http://technet.microsoft.com/en-us/library/bb727055.aspx

    Please read the following article for how to perform such a migration.

    Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2

    http://demazter.wordpress.com/2010/04/29/migrate-small-business-server-2003-to-exchange-2010-and-windows-2008-r2/

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Friday, April 20, 2012 12:39 PM
  • Thanks for your reply. My server does have an A-record in DNS.

    All problems started after the License Grace Period to allow more than 1 DC expired.

    Friday, April 20, 2012 1:12 PM
  • Is the new DC also a GC (global catalogue)?
    Saturday, April 21, 2012 10:13 PM
  • Adding to the general knowledge base:  There is NO restriction on the number of DC's in an SBS network, and there is NO restriction that would prohibit you from operating FOREVER with multiple DC's.  What you cannot do is:  1.  have multiple SBS system in the same AD, other than for a migration, and 2.  Operate an SBS server without the FSMO roles.  It will start, but it will not stay started.

    As for your present issue, I suspect Mr. Gumby has hit it, even though he places an unnecessary U and E in catalog. 

    Please let us know.


    Larry Struckmeyer[SBS-MVP]

    Sunday, April 22, 2012 8:46 PM
  • My new DC is a Global Catalog server.

    Indeed the SBS server started to turn off automatically, but then I installed the patch: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4116

    Now, the SBS server doesn't turn off anymore, but seems to be the only DC in the network who's working. Although it's the other, new, DC who has the FSMO roles.

    We can't demote the SBS and we can't work without it, although this machine should be removed from the network. We are still hoping on a solution.

    Monday, April 23, 2012 6:15 AM
  • That patch has NOTHING to do with your circumstances, but I guess it won't hurt either.

    I would return the FSMO roles to SBS and see if you experience any errors.

    Please note that THE ONLY action you needed to perform in order to run up 2008 as a DC in the SBS AD is to extend the AD schema to accept later version DC's. (ADPREP /forestprep & ADPREP /domainprep)

    There is no '21 day grace period' in continuing to operate SBS03 in such an environment, as long as SBS maintains the FSMO roles, but you may _choose_ to remove the SBS and later upgrade the domain functional level.


    • Edited by SuperGumby Monday, April 23, 2012 6:45 AM
    Monday, April 23, 2012 6:44 AM
  • I have now returned the FSMO roles to the SBS 2003 without errors. I installed the schema extensions as you mention before, this was necessary in order to join the new DC.

    This is such a weird problem... everything works, but I just can't demote the SBS and let the new DC take over. How can I remove the SBS 2003? When I do DCDEMOTE I still get the warning that no other domain controller could be found. (Although the netdom query /dc returns both DC's).

    Monday, April 23, 2012 9:50 AM
  • 'IPConfig /all' from both DCs please.
    Monday, April 23, 2012 10:21 AM
  • SBS2003:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : sbs2003
       Primary Dns Suffix  . . . . . . . : hemelvaart.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : hemelvaart.local

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
       Physical Address. . . . . . . . . : 00-30-05-C7-94-52
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.0.10
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.254
       DNS Servers . . . . . . . . . . . : 192.168.0.10
                                           192.168.0.20

    W2K8R2:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : W2K8-ADM
       Primary Dns Suffix  . . . . . . . : hemelvaart.local
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : hemelvaart.local

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Ada
    pter
       Physical Address. . . . . . . . . : 00-15-5D-02-25-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::6178:9b18:f514:3b4d%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.0.20(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.254
       DHCPv6 IAID . . . . . . . . . . . : 234886493
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-03-41-0A-00-15-5D-02-25-01

       DNS Servers . . . . . . . . . . . : ::1
                                           192.168.0.20
                                           192.168.0.10
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{8E039228-2F33-422D-BBE8-544A1BC42501}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Thanks for your help!

    Monday, April 23, 2012 11:18 AM
  • I'm actually wndering about that ::1 DNS entry.
    Monday, April 23, 2012 11:39 AM
  • I have now disabled IPv6 (which we don't use anyway) and now that entry in DNS is gone too.

    But disabling it didn't solve anything...


    • Edited by Geoffrey_BE Monday, April 23, 2012 11:45 AM
    Monday, April 23, 2012 11:45 AM
  • I have the output from the dcdiag /v command from the new W2K8 DC server:


    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine W2K8-ADM, is a Directory Server.
       Home Server = W2K8-ADM

       * Connecting to directory service on server W2K8-ADM.

       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=SBS2003,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=W2K8-ADM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.

       * Found 2 DC(s). Testing 1 of them.

       Done gathering initial info.


    Doing initial required tests

      
       Testing server: Default-First-Site-Name\W2K8-ADM

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... W2K8-ADM passed test Connectivity

     

    Doing primary tests

      
       Testing server: Default-First-Site-Name\W2K8-ADM

          Starting test: Advertising

             Warning: DsGetDcName returned information for

             \\sbs2003.hemelvaart.local, when we were trying to reach W2K8-ADM.

             SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

             ......................... W2K8-ADM failed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             A warning event occurred.  EventID: 0x800034C4

                Time Generated: 04/22/2012   17:48:12

                Event String:

                The File Replication Service is having trouble enabling replication from sbs2003.hemelvaart.local to W2K8-ADM for c:\windows\sysvol\domain using the DNS name sbs2003.hemelvaart.local. FRS will keep retrying.

                 Following are some of the reasons you would see this warning.

                

                 [1] FRS can not correctly resolve the DNS name sbs2003.hemelvaart.local from this computer.

                 [2] FRS is not running on sbs2003.hemelvaart.local.

                 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

                

                 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

             A warning event occurred.  EventID: 0x800034C4

                Time Generated: 04/22/2012   17:53:26

                Event String:

                The File Replication Service is having trouble enabling replication from SBS2003 to W2K8-ADM for c:\windows\sysvol\domain using the DNS name sbs2003.hemelvaart.local. FRS will keep retrying.

                 Following are some of the reasons you would see this warning.

                

                 [1] FRS can not correctly resolve the DNS name sbs2003.hemelvaart.local from this computer.

                 [2] FRS is not running on sbs2003.hemelvaart.local.

                 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

                

                 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

             A warning event occurred.  EventID: 0x800034FD

                Time Generated: 04/23/2012   13:52:17

                Event String:

                File Replication Service is initializing the system volume with data from another domain controller. Computer W2K8-ADM cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

                

                To check for the SYSVOL share, at the command prompt, type:

                net share

                

                When File Replication Service completes the initialization process, the SYSVOL share will appear.

                

                The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.

             A warning event occurred.  EventID: 0x800034C4

                Time Generated: 04/23/2012   13:53:59

                Event String:

                The File Replication Service is having trouble enabling replication from sbs2003.hemelvaart.local to W2K8-ADM for c:\windows\sysvol\domain using the DNS name sbs2003.hemelvaart.local. FRS will keep retrying.

                 Following are some of the reasons you would see this warning.

                

                 [1] FRS can not correctly resolve the DNS name sbs2003.hemelvaart.local from this computer.

                 [2] FRS is not running on sbs2003.hemelvaart.local.

                 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

                

                 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

             A warning event occurred.  EventID: 0x800034C4

                Time Generated: 04/23/2012   14:01:59

                Event String:

                The File Replication Service is having trouble enabling replication from SBS2003 to W2K8-ADM for c:\windows\sysvol\domain using the DNS name sbs2003.hemelvaart.local. FRS will keep retrying.

                 Following are some of the reasons you would see this warning.

                

                 [1] FRS can not correctly resolve the DNS name sbs2003.hemelvaart.local from this computer.

                 [2] FRS is not running on sbs2003.hemelvaart.local.

                 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

                

                 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

             ......................... W2K8-ADM passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             Skip the test because the server is running FRS.

             ......................... W2K8-ADM passed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 0x0 "The operation completed successfully.".

             Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... W2K8-ADM passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             A warning event occurred.  EventID: 0x800004C4

                Time Generated: 04/23/2012   14:10:12

                Event String:

                LDAP over Secure Sockets Layer (SSL) will be unavailable at this time because the server was unable to obtain a certificate.

                

                Additional Data

                Error value:

                8009030e No credentials are available in the security package

             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... W2K8-ADM passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=SBS2003,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=SBS2003,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=SBS2003,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=SBS2003,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=SBS2003,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local
             ......................... W2K8-ADM passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC W2K8-ADM on DC W2K8-ADM.
             * SPN found :LDAP/W2K8-ADM.hemelvaart.local/hemelvaart.local
             * SPN found :LDAP/W2K8-ADM.hemelvaart.local
             * SPN found :LDAP/W2K8-ADM
             * SPN found :LDAP/W2K8-ADM.hemelvaart.local/HEMELVAART
             * SPN found :LDAP/2fc819a1-493e-47f4-967d-a27d7a3f6c1d._msdcs.hemelvaart.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2fc819a1-493e-47f4-967d-a27d7a3f6c1d/hemelvaart.local
             * SPN found :HOST/W2K8-ADM.hemelvaart.local/hemelvaart.local
             * SPN found :HOST/W2K8-ADM.hemelvaart.local
             * SPN found :HOST/W2K8-ADM
             * SPN found :HOST/W2K8-ADM.hemelvaart.local/HEMELVAART
             * SPN found :GC/W2K8-ADM.hemelvaart.local/hemelvaart.local
             ......................... W2K8-ADM passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC W2K8-ADM.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=hemelvaart,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=hemelvaart,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=hemelvaart,DC=local
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=hemelvaart,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=hemelvaart,DC=local
                (Domain,Version 3)
             ......................... W2K8-ADM passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Unable to connect to the NETLOGON share! (\\W2K8-ADM\netlogon)

             [W2K8-ADM] An net use or LsaPolicy operation failed with error 67,

             The network name cannot be found..

             ......................... W2K8-ADM failed test NetLogons

          Starting test: ObjectsReplicated

             W2K8-ADM is in domain DC=hemelvaart,DC=local
             Checking for CN=W2K8-ADM,OU=Domain Controllers,DC=hemelvaart,DC=local in domain DC=hemelvaart,DC=local on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=W2K8-ADM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local in domain CN=Configuration,DC=hemelvaart,DC=local on 1 servers
                Object is up-to-date on all servers.
             ......................... W2K8-ADM passed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             * Replication Latency Check
             ......................... W2K8-ADM passed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 4610 to 1073741823
             * sbs2003.hemelvaart.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 3610 to 4109
             * rIDPreviousAllocationPool is 3610 to 4109
             * rIDNextRID: 3632
             ......................... W2K8-ADM passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
                Could not open NTDS Service on W2K8-ADM, error 0x5

                "Access is denied."

             * Checking Service: DnsCache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... W2K8-ADM failed test Services

          Starting test: SystemLog

             * The System Event log test
             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:31:59

                Event String:

                Driver DYMO LabelMANAGER 450 required for printer DYMO LabelMANAGER 450 is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:32:00

                Event String:

                Driver Brother PCL5e Driver required for printer !!w2K8-DATA!E33-HL2250DN is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:32:03

                Event String:

                Driver CUSTPDF Writer required for printer PDF Printer is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:32:05

                Event String:

                Driver Send To Microsoft OneNote 2010 Driver required for printer Verzenden naar OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:50:46

                Event String:

                Driver Brother PCL5e Driver required for printer !!W2K8-DATA!E33-HL2250DN is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:50:47

                Event String:

                Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:50:50

                Event String:

                Driver Send To Microsoft OneNote 2010 Driver required for printer Verzenden naar OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

             A warning event occurred.  EventID: 0x00002724

                Time Generated: 04/23/2012   13:52:11

                Event String:

                This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

             An error event occurred.  EventID: 0xC0001B61

                Time Generated: 04/23/2012   13:52:16

                Event String:

                A timeout was reached (30000 milliseconds) while waiting for the MyRo Mark Downloader service to connect.

             An error event occurred.  EventID: 0xC0001B58

                Time Generated: 04/23/2012   13:52:16

                Event String:

                The MyRo Mark Downloader service failed to start due to the following error:

                The service did not respond to the start or control request in a timely fashion.

             An error event occurred.  EventID: 0xC0FF05DC

                Time Generated: 04/23/2012   13:52:17

                Event String:

                The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:54:06

                Event String:

                Driver Brother PCL5e Driver required for printer !!W2K8-DATA!E33-HL2250DN is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:54:08

                Event String:

                Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   13:54:10

                Event String:

                Driver Send To Microsoft OneNote 2010 Driver required for printer Verzenden naar OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   14:06:06

                Event String:

                Driver Brother HL-5170DN required for printer Brother HL-5170DN is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   14:06:09

                Event String:

                Driver RICOH Aficio MP 2352 PCL 5e required for printer !!sbs2003!RICOH Aficio MP 2352 PCL 5e is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   14:06:10

                Event String:

                Driver OKI C5900(PCL) required for printer !!sbs2003!OKI C5900(PCL) is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   14:06:12

                Event String:

                Driver NRG MP 5000 PCL 6 required for printer !!server!RICOH MP5000 PCL6 is unknown. Contact the administrator to install the driver before you log in again.

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings deleted for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings created by an admin process for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings deleted for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings created by an admin process for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings deleted for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings created by an admin process for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings deleted for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:07:51

                Event String:

                SSL Certificate Settings created by an admin process for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x8000001D

                Time Generated: 04/23/2012   14:08:04

                Event String:

                The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings deleted for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings created by an admin process for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings deleted for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings created by an admin process for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings deleted for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings created by an admin process for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings deleted for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:08:18

                Event String:

                SSL Certificate Settings created by an admin process for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x8000001D

                Time Generated: 04/23/2012   14:09:46

                Event String:

                The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

             A warning event occurred.  EventID: 0x00009016

                Time Generated: 04/23/2012   14:10:12

                Event String:

                No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

             A warning event occurred.  EventID: 0x00009016

                Time Generated: 04/23/2012   14:10:17

                Event String:

                No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings deleted for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings created by an admin process for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings deleted for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings created by an admin process for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings deleted for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings created by an admin process for Port : 0.0.0.0:443 .

             A warning event occurred.  EventID: 0x80003BC4

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings deleted for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x80003BC5

                Time Generated: 04/23/2012   14:10:25

                Event String:

                SSL Certificate Settings created by an admin process for Port : 127.0.0.1:443 .

             A warning event occurred.  EventID: 0x00009016

                Time Generated: 04/23/2012   14:10:25

                Event String:

                No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this.

             An error event occurred.  EventID: 0x40000004

                Time Generated: 04/23/2012   14:12:42

                Event String:

                The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server vms-pc$. The target name used was cifs/PC-BTH-2009.hemelvaart.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (HEMELVAART.LOCAL) is different from the client domain (HEMELVAART.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   14:17:31

                Event String:

                Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   14:17:33

                Event String:

                Driver Brother PCL5e Driver required for printer !!W2K8-DATA!E33-HL2250DN is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 04/23/2012   14:17:35

                Event String:

                Driver Send To Microsoft OneNote 2010 Driver required for printer Verzenden naar OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

             ......................... W2K8-ADM failed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=W2K8-ADM,OU=Domain Controllers,DC=hemelvaart,DC=local and backlink

             on

             CN=W2K8-ADM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local

             are correct.
             The system object reference (serverReferenceBL)

             CN=W2K8-ADM,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hemelvaart,DC=local

             and backlink on

             CN=NTDS Settings,CN=W2K8-ADM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hemelvaart,DC=local

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=W2K8-ADM,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hemelvaart,DC=local

             and backlink on

             CN=W2K8-ADM,OU=Domain Controllers,DC=hemelvaart,DC=local are correct.
             ......................... W2K8-ADM passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

      
          Test omitted by user request: DNS

          Test omitted by user request: DNS

      
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

      
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

      
       Running partition tests on : hemelvaart

          Starting test: CheckSDRefDom

             ......................... hemelvaart passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... hemelvaart passed test CrossRefValidation

      
       Running enterprise tests on : hemelvaart.local

          Test omitted by user request: DNS

          Test omitted by user request: DNS

          Starting test: LocatorCheck

             GC Name: \\sbs2003.hemelvaart.local

             Locator Flags: 0xe00003fd
             PDC Name: \\sbs2003.hemelvaart.local
             Locator Flags: 0xe00003fd
             Time Server Name: \\sbs2003.hemelvaart.local
             Locator Flags: 0xe00003fd
             Preferred Time Server Name: \\sbs2003.hemelvaart.local
             Locator Flags: 0xe00003fd
             KDC Name: \\sbs2003.hemelvaart.local
             Locator Flags: 0xe00003fd
             ......................... hemelvaart.local passed test LocatorCheck

          Starting test: Intersite

             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... hemelvaart.local passed test Intersite

     

    Monday, April 23, 2012 12:23 PM
  • I haven't looked into the few errors but early on you have kerberos. Kerberos doesn't like time skew. Is the time reported on each server (at least) close to each other?
    Monday, April 23, 2012 1:23 PM
  • Yes, date/time is exactly the same on both servers.

    What I did meanwhile: I stopped the FRS service on both DC's, manually copied the SYSVOL from the SBS 2003 to the W2K8 and did a D4 on it. Restarted the FRS on both services. This way the SYSVOL and NETLOGON shares were recreated on the W2K8 server... but stil no replication happens.

    I can also read in the DCDIAG file: Computer W2K8-ADM cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL

    So I guess the SBS 2003 is not replicating... but we don't know why or how to bypass this.

    Monday, April 23, 2012 1:40 PM
  • Hi,

    You may refer to the following Microsoft TechNet articles for troubleshooting replication:

    Troubleshooting Active Directory Replication Problems

    http://technet.microsoft.com/en-us/library/bb727057.aspx

    Troubleshooting replication

    http://technet.microsoft.com/en-us/library/cc755349(v=WS.10).aspx

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Monday, May 07, 2012 4:45 AM
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Monday, May 14, 2012 2:13 AM