DHCP server cannot find authorization DC? It *IS* the DC. Windows 2003 std sp2
-
Tuesday, May 01, 2012 4:05 PM
In a very simple network, the DC Server A reports logs these three items in the event log at boot time
1059 "The DHCP service failed to see a directory server for authorization"
1044 "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain mydomain.com, has determined that it is authorized to start. It is servicing clients now."
1059 "The DHCP service failed to see a directory server for authorization"
The only other server hosts terminal services. How can a DC not see itself as a Directory server for authorization? The DHCP server has been authorized; and un-authorized, and authorized again.
This is Windows 2003 std sp2.
- Edited by rusticloud Wednesday, May 02, 2012 3:57 PM
All Replies
-
Tuesday, May 01, 2012 6:28 PM
Have you run DCDIAG to validate the status of the DC?
http://technet.microsoft.com/en-us/library/cc731968(v=ws.10).aspx
-
Tuesday, May 01, 2012 9:41 PMNo I have not. I'm not really a network/server guy so the obvious steps are not so obvious. I will try it tonight. What would I look for?
-
Wednesday, May 02, 2012 5:14 AM
I installed the windows support tools and dcdiag seems to indicate 'passed' in general. What should I look for?
>>>>>>>>>>>>>
C:\Program Files\Support Tools>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FileServer1
Starting test: Connectivity
......................... FileServer1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FileServer1
Starting test: Replications
......................... FileServer1 passed test Replications
Starting test: NCSecDesc
......................... FileServer1 passed test NCSecDesc
Starting test: NetLogons
......................... FileServer1 passed test NetLogons
Starting test: Advertising
......................... FileServer1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... FileServer1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... FileServer1 passed test RidManager
Starting test: MachineAccount
......................... FileServer1 passed test MachineAccount
Starting test: Services
......................... FileServer1 passed test Services
Starting test: ObjectsReplicated
......................... FileServer1 passed test ObjectsReplicated
Starting test: frssysvol
......................... FileServer1 passed test frssysvol
Starting test: frsevent
......................... FileServer1 passed test frsevent
Starting test: kccevent
......................... FileServer1 passed test kccevent
Starting test: systemlog
......................... FileServer1 passed test systemlog
Starting test: VerifyReferences
......................... FileServer1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed test Intersite
Starting test: FsmoCheck
......................... mydomain.com passed test FsmoCheck
C:\Program Files\Support Tools> -
Wednesday, May 02, 2012 6:33 AM
Please re-run it as dcdiag /v, then repost the results, please.
ALso:
- Post an unedited ipconfig /all
- How many DCs do you have? If you ahve more than one DC, run and post the results of repadmin /showreps and repadmin /replsum from each DC.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Wednesday, May 02, 2012 6:43 AMModerator
Hi,
Thanks for posting here.
So will DHCP service work properly after server completely startup and keep getting such failed authorization issue ?
If no I’d suspect that this might a delay issue during startup when domain service might not completely up but DHCP service did and started looking for directory service for authority.
Do we have other domain controllers in this network ?
Authorizing DHCP servers
http://technet.microsoft.com/en-us/library/cc781697(WS.10).aspx
How to delay loading of specific services
http://support.microsoft.com/kb/193888/
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
- Marked As Answer by Tiger LiModerator Tuesday, May 08, 2012 1:09 AM
-
Wednesday, May 02, 2012 1:42 PMCan you start the DHCP service manually?
-
Wednesday, May 02, 2012 3:53 PM
Hi Ace
There is just one DC. Here is dcdiag /v
File Replication Service's SYSVOL is ready
......................... FileServer1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... FileServer1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... FileServer1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002710
Time Generated: 05/02/2012 08:20:43
(Event String could not be retrieved)
......................... FileServer1 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com and backlink
on
CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=com
and backlink on
CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com are correct.
The system object reference (serverReferenceBL)
CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=com
and backlink on
CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
are correct.
......................... FileServer1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Running enterprise tests on : mydomain.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... mydomain.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
PDC Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
Time Server Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
KDC Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
......................... mydomain.com passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
C:\Documents and Settings\Administrator>dcdiag /v
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine FileServer1, is a DC.
* Connecting to directory service on server FileServer1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\FileServer1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... FileServer1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\FileServer1
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... FileServer1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC FileServer1.
* Security Permissions Check for
DC=ForestDnsZones,DC=mydomain,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=mydomain,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mydomain,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mydomain,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=mydomain,DC=com
(Domain,Version 2)
......................... FileServer1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\FileServer1\netlogon
Verified share \\FileServer1\sysvol
......................... FileServer1 passed test NetLogons
Starting test: Advertising
The DC FileServer1 is advertising itself as a DC and having a DS.
The DC FileServer1 is advertising as an LDAP server
The DC FileServer1 is advertising as having a writeable directory
The DC FileServer1 is advertising as a Key Distribution Center
The DC FileServer1 is advertising as a time server
The DS FileServer1 is advertising as a GC.
......................... FileServer1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration
,DC=mydomain,DC=com
Role Domain Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration
,DC=mydomain,DC=com
Role PDC Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC
=mydomain,DC=com
Role Rid Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC
=mydomain,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,C
N=Configuration,DC=mydomain,DC=com
......................... FileServer1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2610 to 1073741823
* FileServer1.mydomain.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1110 to 1609
* rIDPreviousAllocationPool is 1110 to 1609
* rIDNextRID: 1167
......................... FileServer1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC FileServer1 on DC FileServer1.
* SPN found :LDAP/FileServer1.mydomain.com/mydomain.com
* SPN found :LDAP/FileServer1.mydomain.com
* SPN found :LDAP/FileServer1
* SPN found :LDAP/FileServer1.mydomain.com/mydomain
* SPN found :LDAP/df9a04a9-1f70-4175-b90d-91f8f96b3a67._msdcs.mydomain.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/df9a04a9-1f70-4175-b90d-91f8f96b3a67/mydomain.com
* SPN found :HOST/FileServer1.mydomain.com/mydomain.com
* SPN found :HOST/FileServer1.mydomain.com
* SPN found :HOST/FileServer1
* SPN found :HOST/FileServer1.mydomain.com/mydomain
* SPN found :GC/FileServer1.mydomain.com/mydomain.com
......................... FileServer1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... FileServer1 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
FileServer1 is in domain DC=mydomain,DC=com
Checking for CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com in domain DC=mydomain,DC=com on 1
servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=mor
gansmasonry,DC=com in domain CN=Configuration,DC=mydomain,DC=com on 1 servers
Object is up-to-date on all servers.
......................... FileServer1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... FileServer1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... FileServer1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... FileServer1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002710
Time Generated: 05/02/2012 08:20:43
(Event String could not be retrieved)
......................... FileServer1 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com and
backlink on
CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com are
correct.
The system object reference (frsComputerReferenceBL)
CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=co
m
and backlink on CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com are correct.
The system object reference (serverReferenceBL)
CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=co
m
and backlink on
CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,D
C=com
are correct.
......................... FileServer1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Running enterprise tests on : mydomain.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... mydomain.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
PDC Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
Time Server Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
KDC Name: \\FileServer1.mydomain.com
Locator Flags: 0xe00003fd
......................... mydomain.com passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
C:\Documents and Settings\Administrator> -
Wednesday, May 02, 2012 3:55 PM
Here is ipconfig /all
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : FileServer1
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : BC-AE-C5-28-9F-65
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.2
C:\Documents and Settings\Administrator> -
Wednesday, May 02, 2012 3:58 PMHi Roy. Yes I can stop and start the dhcp service manually.
-
Wednesday, May 02, 2012 4:03 PM
Tiger Li, maybe you are right, but I wish I knew for sure. The dhcp service does seem to run ok after the machine is fully up.
Booting and getting all the services going seems to take longer than I would expect. This is a fairly fast machine. It takes 10 minutes to get to the login prompt. There are only about 20 devices on the network. At about the same time that the dhcp error is listed in the event log, during boot and before login, a dialog appears stating that one or more devices have failed.
-
Wednesday, May 02, 2012 6:08 PM
Thanks for posting the ipconfig. It looks fine.
Is the DNS Server Service running?
If you open the DNS console, under the mydomain.com zone, do you see a record for Fileserver1, and do you see a record called 'same as parent' A 192.168.1.2?
Also, do you see a zone called _msdcs.mydomain.com? If so, you should see a GC folder under it. If so, do you see an A record for 192.168.1.2?
.
As for the System log error failure, it's stating the log is full. You can clear the System log in event viewer, which should clear that failure.
.
One more thing, go through the steps in teh following link to see if there are any conflicting or duplicate zones.
Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
Published by Ace Fekay, MCT, MVP DS on Sep 2, 2009 at 2:34 PM 2313 0
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Wednesday, May 02, 2012 6:37 PM
Thanks Ace I appreciate the help.
The DNS server service is running.
In the dns management console under the tree DNS\FileServer1\Forward Lookup Zones\mydomain.com
There is a record for FileServer1, Type Host(A), Data 192.168.1.2
There is a record for (Same as parent folder), type Host(A), data 192.168.1.2
I don't see anything for _msdcs.mydomain.com, would it be in the same list as the entries above?
I will wait on trying your blog entry till later, in case the missing entry for _msdcs.mydomain.com turns out to be important.
-
Wednesday, May 02, 2012 8:01 PM
You are welcome, so far.
And yes, that _msdcs.mydomain.com is extremely important. I'm assuming it;s there, based on the dcdiag output. If the original domain when installed was under 2003, then it would have created a zone of that name. Do you see a subfolder under mydomain.com called "_msdcs?"
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Wednesday, May 02, 2012 8:12 PM
Yes that subfolder is there. But there definitely is not a peer line item line with _msdcs.mydomain.com in it; peer of the other two entries I mentioned, right under mydomain.com.
Is the _msdcs folder a 'zone'? Still, I don't see anything with " _msdcs.mydomain.com"
This server has been a windows 2003 box from day one.
-
Thursday, May 03, 2012 6:10 AMModerator
Hi rusticloud,
Thanks for update.
So could we test by setting the startup type of “DHCP server” service on this domain controller to “Automatic (Delayed Start)” and rebooting the domain controller and see if these errors will persist.
Configure a Service Item
http://technet.microsoft.com/en-us/library/cc732482.aspx
Thanks.
Tiger LiTiger Li
TechNet Community Support
-
Thursday, May 03, 2012 3:45 PMTiger Li I will try that tonight.
-
Thursday, May 03, 2012 4:52 PM
Rusti,
To expand on Tiger's suggestion, maybe the info below from my notes may help? Soem of it is redundant, since we already discussed it, and you've posted the Event log errors, but more importantly look at the MSCONFIG suggestion, and take a look at ADSI Edit to see exactly what AD thinks or doesn't think is already authorized.
============
DHCP Troubleshooting...DHCP Service will not start:
Please also troubleshoot this issue with following the steps below:
1. Verify that the DHCP server is authorized in Active Directory. See documentation on authorizing DHCP servers below:
http://technet.microsoft.com/en-us/library/cc781697(WS.10).aspx
2. Is there other DHCP related error recorded in event log, please also post here
3. Examine DHCP audit logs which are located by default at %windir%\System32\Dhcp. Instructions on analyzing DHCP server audit logs are available here :
http://technet.microsoft.com/en-us/library/cc776384(WS.10).aspx
4. 4. Use Msconfig to disable all non-Microsoft services on the service tab of the Msconfig dialog. Then reboot the Windows client back into normal mode. If the issue goes away then you can enable the third party services one at a time followed by a reboot until the issue occurs again to locate the problematic service.
See list of authorized servers using ADSI Edit:After a new DHCP server is authorized, the original DHCP server becomes unauthorized and cannot be authorized again in Windows 2000 Server
(Article ID: 306925 - Last Review: October 30, 2006 - Revision: 5.1)
http://support.microsoft.com/kb/306925.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Friday, May 04, 2012 2:48 AMAccording to that technet entry, I'd need to use the group policy management console to make the change on Windows 2003? I am not sure if I'd be able to do that without causing issues. The article is very generic. I'd need step by step instructions to be able to do this with any confidence. I might just live with the error.
-
Friday, May 04, 2012 4:13 AMWhich article? Are you referring to a step by step on how to use ADSI Edit?
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Friday, May 04, 2012 6:38 AMThis one: http://technet.microsoft.com/en-us/library/cc732482.aspx (Configure a Service Item)
-
Tuesday, May 08, 2012 3:34 AM
Hi Ace
Turns out there are in fact three DCs, with ip addresses 192.168.1.2, 192.168.2.2, 192.168.3.2, connected via vpn. I have posted the results of repadmin /showreps and repadmin /replsum from each DC below as you requested.
============
FILESERVER1
============
C:\Documents and Settings\Administrator>repadmin /showreps
Default-First-Site-Name\FILESERVER1
DC Options: IS_GC
Site Options: (none)
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
DC invocationID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
==== INBOUND NEIGHBORS ======================================
DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 19:37:37 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 19:40:35 was successful.
CN=Configuration,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 19:26:08 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 19:26:29 was successful.
CN=Schema,CN=Configuration,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 18:50:20 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 18:50:20 was successful.
DC=DomainDnsZones,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 18:50:20 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 18:50:20 was successful.
DC=ForestDnsZones,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 18:50:20 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 18:50:20 was successful.
C:\Documents and Settings\Administrator>repadmin /replsum
Replication Summary Start Time: 2012-05-07 19:43:34
Beginning data collection for replication summary, this may take awhile:
......
Source DC largest delta fails/total %% error
FILESERVER2 56m:04s 0 / 10 0
FILESERVER1 56m:05s 0 / 10 0
FILESERVER3 53m:14s 0 / 10 0
Destination DC largest delta fails/total %% error
FILESERVER2 45m:32s 0 / 10 0
FILESERVER1 53m:14s 0 / 10 0
FILESERVER3 56m:05s 0 / 10 0
============
FILESERVER2
============
C:\Documents and Settings\Administrator.mydomain>repadmin /showreps
Default-First-Site-Name\FILESERVER2
DC Options: (none)
Site Options: (none)
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
DC invocationID: 74a18098-f7f0-4013-9e7b-0f94ed0107fd
==== INBOUND NEIGHBORS ======================================
DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 20:06:41 was successful.
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 20:07:11 was successful.
CN=Configuration,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 19:58:50 was successful.
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 19:58:50 was successful.
CN=Schema,CN=Configuration,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 19:58:50 was successful.
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 19:58:50 was successful.
DC=DomainDnsZones,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 19:58:50 was successful.
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 19:58:51 was successful.
DC=ForestDnsZones,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER3 via RPC
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
Last attempt @ 2012-05-07 19:58:50 was successful.
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 19:58:51 was successful.
C:\Documents and Settings\Administrator.mydomain>repadmin /replsum
Replication Summary Start Time: 2012-05-07 20:08:07
Beginning data collection for replication summary, this may take awhile:
......
Source DC largest delta fails/total %% error
FILESERVER2 20m:38s 0 / 10 0
FILESERVER1 20m:38s 0 / 10 0
FILESERVER3 17m:48s 0 / 10 0
Destination DC largest delta fails/total %% error
FILESERVER2 09m:19s 0 / 10 0
FILESERVER1 17m:49s 0 / 10 0
FILESERVER3 20m:39s 0 / 10 0
============
FILESERVER3
============
C:\Documents and Settings\administrator.mydomain>repadmin /showreps
Default-First-Site-Name\FILESERVER3
DC Options: (none)
Site Options: (none)
DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
DC invocationID: 94b8428c-2b2a-415a-b6d4-a2c0e1651de5
==== INBOUND NEIGHBORS ======================================
DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 20:24:56 was successful.
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 20:27:21 was successful.
CN=Configuration,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 20:24:02 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 20:24:03 was successful.
CN=Schema,CN=Configuration,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 20:24:03 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 20:24:03 was successful.
DC=DomainDnsZones,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 20:24:03 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 20:24:04 was successful.
DC=ForestDnsZones,DC=mydomain,DC=com
Default-First-Site-Name\FILESERVER1 via RPC
DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
Last attempt @ 2012-05-07 20:24:04 was successful.
Default-First-Site-Name\FILESERVER2 via RPC
DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
Last attempt @ 2012-05-07 20:24:04 was successful.
C:\Documents and Settings\administrator.mydomain>repadmin /replsum
Replication Summary Start Time: 2012-05-07 20:28:17
Beginning data collection for replication summary, this may take awhile:
......
Source DC largest delta fails/total %% error
FILESERVER2 37m:57s 0 / 10 0
FILESERVER1 29m:27s 0 / 10 0
FILESERVER3 37m:57s 0 / 10 0
Destination DC largest delta fails/total %% error
FILESERVER2 29m:29s 0 / 10 0
FILESERVER1 37m:57s 0 / 10 0
FILESERVER3 04m:16s 0 / 10 0
-
Tuesday, May 08, 2012 4:05 AM
Hmm, no errors. That looks like a clean report.
I would recreate the _msdcs zone, since it should be delegated and replicated to Forest wide.
How to reconfigure an _msdcs subdomain to a forest-wide DNS application directory partition when you upgrade from Windows 2000 to Windows Server 2003
http://support.microsoft.com/kb/817470.
.
I would then do the following:
- Rename both the c:\system32\config\netlogon.dns and netlogon.dnb files by adding .old on the end of them.
- Then run an ipconfig /registerdns
- Restart the Netlogon serv
Now see if DHCP will start cleanly.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.phpThis post is provided AS-IS with no warranties or guarantees and confers no rights.
.png)
