none
DHCP server cannot find authorization DC? It *IS* the DC. Windows 2003 std sp2

    Question

  • In a very simple network, the DC Server A reports logs these three items in the event log at boot time

    1059 "The DHCP service failed to see a directory server for authorization"

    1044 "The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain mydomain.com, has determined that it is authorized to start. It is servicing clients now."

    1059 "The DHCP service failed to see a directory server for authorization"

    The only other server hosts terminal services. How can a DC not see itself as a Directory server for authorization? The DHCP server has been authorized; and un-authorized, and authorized again.

    This is Windows 2003 std sp2.


    • Edited by rusticloud Wednesday, May 02, 2012 3:57 PM
    Tuesday, May 01, 2012 4:05 PM

Answers

  • Hi,

    Thanks for posting here.

    So will DHCP service work properly after server completely startup and keep getting such failed authorization issue ?

    If no I’d suspect that this might a delay issue during startup when domain service might not completely up but DHCP service did and started looking for directory service for authority.

    Do we have other domain controllers in this network ?

    Authorizing DHCP servers

    http://technet.microsoft.com/en-us/library/cc781697(WS.10).aspx

    How to delay loading of specific services

    http://support.microsoft.com/kb/193888/

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Tuesday, May 08, 2012 1:09 AM
    Wednesday, May 02, 2012 6:43 AM

All replies

  • Have you run DCDIAG to validate the status of the DC?

    http://technet.microsoft.com/en-us/library/cc731968(v=ws.10).aspx

    Tuesday, May 01, 2012 6:28 PM
  • No I have not. I'm not really a network/server guy so the obvious steps are not so obvious. I will try it tonight. What would I look for?
    Tuesday, May 01, 2012 9:41 PM
  • I installed the windows support tools and dcdiag seems to indicate 'passed' in general. What should I look for?

    >>>>>>>>>>>>>

    C:\Program Files\Support Tools>dcdiag

    Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\FileServer1
          Starting test: Connectivity
             ......................... FileServer1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\FileServer1
          Starting test: Replications
             ......................... FileServer1 passed test Replications
          Starting test: NCSecDesc
             ......................... FileServer1 passed test NCSecDesc
          Starting test: NetLogons
             ......................... FileServer1 passed test NetLogons
          Starting test: Advertising
             ......................... FileServer1 passed test Advertising
          Starting test: KnowsOfRoleHolders
             ......................... FileServer1 passed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... FileServer1 passed test RidManager
          Starting test: MachineAccount
             ......................... FileServer1 passed test MachineAccount
          Starting test: Services
             ......................... FileServer1 passed test Services
          Starting test: ObjectsReplicated
             ......................... FileServer1 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... FileServer1 passed test frssysvol
          Starting test: frsevent
             ......................... FileServer1 passed test frsevent
          Starting test: kccevent
             ......................... FileServer1 passed test kccevent
          Starting test: systemlog
             ......................... FileServer1 passed test systemlog
          Starting test: VerifyReferences
             ......................... FileServer1 passed test VerifyReferences

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : mydomain
          Starting test: CrossRefValidation
             ......................... mydomain passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... mydomain passed test CheckSDRefDom

       Running enterprise tests on : mydomain.com
          Starting test: Intersite
             ......................... mydomain.com passed test Intersite
          Starting test: FsmoCheck
             ......................... mydomain.com passed test FsmoCheck

    C:\Program Files\Support Tools>

    Wednesday, May 02, 2012 5:14 AM
  • Please re-run it as dcdiag /v, then repost the results, please.

    ALso:

    • Post an unedited ipconfig /all
    • How many DCs do you have? If you ahve more than one DC, run and post the results of repadmin /showreps and repadmin /replsum from each DC.

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, May 02, 2012 6:33 AM
  • Hi,

    Thanks for posting here.

    So will DHCP service work properly after server completely startup and keep getting such failed authorization issue ?

    If no I’d suspect that this might a delay issue during startup when domain service might not completely up but DHCP service did and started looking for directory service for authority.

    Do we have other domain controllers in this network ?

    Authorizing DHCP servers

    http://technet.microsoft.com/en-us/library/cc781697(WS.10).aspx

    How to delay loading of specific services

    http://support.microsoft.com/kb/193888/

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by Tiger Li Tuesday, May 08, 2012 1:09 AM
    Wednesday, May 02, 2012 6:43 AM
  • Can you start the DHCP service manually?
    Wednesday, May 02, 2012 1:42 PM
  • Hi Ace

    There is just one DC. Here is dcdiag /v

             File Replication Service's SYSVOL is ready
             ......................... FileServer1 passed test frssysvol
          Starting test: frsevent
             * The File Replication Service Event log test
             ......................... FileServer1 passed test frsevent
          Starting test: kccevent
             * The KCC Event log test
             Found no KCC errors in Directory Service Event log in the last 15 minut
    es.
             ......................... FileServer1 passed test kccevent
          Starting test: systemlog
             * The System Event log test
             An Error Event occured.  EventID: 0xC0002710
                Time Generated: 05/02/2012   08:20:43
                (Event String could not be retrieved)
             ......................... FileServer1 failed test systemlog
          Test omitted by user request: VerifyReplicas
          Starting test: VerifyReferences
             The system object reference (serverReference)
             CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com and backlink
             on
             CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
             are correct.
             The system object reference (frsComputerReferenceBL)
             CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=com
             and backlink on
             CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com are correct.
             The system object reference (serverReferenceBL)
             CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=com
             and backlink on
             CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
             are correct.
             ......................... FileServer1 passed test VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: CheckSecurityError

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : mydomain
          Starting test: CrossRefValidation
             ......................... mydomain passed test CrossRefValidation

          Starting test: CheckSDRefDom
             ......................... mydomain passed test CheckSDRefDom

       Running enterprise tests on : mydomain.com
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope
             provided by the command line arguments provided.
             ......................... mydomain.com passed test Intersite
          Starting test: FsmoCheck
             GC Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             PDC Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             Time Server Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             Preferred Time Server Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             KDC Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             ......................... mydomain.com passed test FsmoCheck
          Test omitted by user request: DNS
          Test omitted by user request: DNS

    C:\Documents and Settings\Administrator>dcdiag /v

    Domain Controller Diagnosis

    Performing initial setup:
       * Verifying that the local machine FileServer1, is a DC.
       * Connecting to directory service on server FileServer1.
       * Collecting site info.
       * Identifying all servers.
       * Identifying all NC cross-refs.
       * Found 3 DC(s). Testing 1 of them.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\FileServer1
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             * Active Directory RPC Services Check
             ......................... FileServer1 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\FileServer1
          Starting test: Replications
             * Replications Check
             * Replication Latency Check
             * Replication Site Latency Check
             ......................... FileServer1 passed test Replications
          Test omitted by user request: Topology
          Test omitted by user request: CutoffServers
          Starting test: NCSecDesc
             * Security Permissions check for all NC's on DC FileServer1.
             * Security Permissions Check for
               DC=ForestDnsZones,DC=mydomain,DC=com
                (NDNC,Version 2)
             * Security Permissions Check for
               DC=DomainDnsZones,DC=mydomain,DC=com
                (NDNC,Version 2)
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=mydomain,DC=com
                (Schema,Version 2)
             * Security Permissions Check for
               CN=Configuration,DC=mydomain,DC=com
                (Configuration,Version 2)
             * Security Permissions Check for
               DC=mydomain,DC=com
                (Domain,Version 2)
             ......................... FileServer1 passed test NCSecDesc
          Starting test: NetLogons
             * Network Logons Privileges Check
             Verified share \\FileServer1\netlogon
             Verified share \\FileServer1\sysvol
             ......................... FileServer1 passed test NetLogons
          Starting test: Advertising
             The DC FileServer1 is advertising itself as a DC and having a DS.
             The DC FileServer1 is advertising as an LDAP server
             The DC FileServer1 is advertising as having a writeable directory
             The DC FileServer1 is advertising as a Key Distribution Center
             The DC FileServer1 is advertising as a time server
             The DS FileServer1 is advertising as a GC.
             ......................... FileServer1 passed test Advertising
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-

    Name,CN=Sites,CN=Configuration
    ,DC=mydomain,DC=com
             Role Domain Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-

    Name,CN=Sites,CN=Configuration
    ,DC=mydomain,DC=com
             Role PDC Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-

    Name,CN=Sites,CN=Configuration,DC
    =mydomain,DC=com
             Role Rid Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-

    Name,CN=Sites,CN=Configuration,DC
    =mydomain,DC=com
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-

    Name,CN=Sites,C
    N=Configuration,DC=mydomain,DC=com
             ......................... FileServer1 passed test KnowsOfRoleHolders
          Starting test: RidManager
             * Available RID Pool for the Domain is 2610 to 1073741823
             * FileServer1.mydomain.com is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 1110 to 1609
             * rIDPreviousAllocationPool is 1110 to 1609
             * rIDNextRID: 1167
             ......................... FileServer1 passed test RidManager
          Starting test: MachineAccount
             Checking machine account for DC FileServer1 on DC FileServer1.
             * SPN found :LDAP/FileServer1.mydomain.com/mydomain.com
             * SPN found :LDAP/FileServer1.mydomain.com
             * SPN found :LDAP/FileServer1
             * SPN found :LDAP/FileServer1.mydomain.com/mydomain
             * SPN found :LDAP/df9a04a9-1f70-4175-b90d-91f8f96b3a67._msdcs.mydomain.com
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/df9a04a9-1f70-4175-b90d-91f8f96b3a67/mydomain.com
             * SPN found :HOST/FileServer1.mydomain.com/mydomain.com
             * SPN found :HOST/FileServer1.mydomain.com
             * SPN found :HOST/FileServer1
             * SPN found :HOST/FileServer1.mydomain.com/mydomain
             * SPN found :GC/FileServer1.mydomain.com/mydomain.com
             ......................... FileServer1 passed test MachineAccount
          Starting test: Services
             * Checking Service: Dnscache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: RpcSs
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... FileServer1 passed test Services
          Test omitted by user request: OutboundSecureChannels
          Starting test: ObjectsReplicated
             FileServer1 is in domain DC=mydomain,DC=com
             Checking for CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com in domain DC=mydomain,DC=com on 1
    servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-

    Name,CN=Sites,CN=Configuration,DC=mor
    gansmasonry,DC=com in domain CN=Configuration,DC=mydomain,DC=com on 1 servers
                Object is up-to-date on all servers.
             ......................... FileServer1 passed test ObjectsReplicated
          Starting test: frssysvol
             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... FileServer1 passed test frssysvol
          Starting test: frsevent
             * The File Replication Service Event log test
             ......................... FileServer1 passed test frsevent
          Starting test: kccevent
             * The KCC Event log test
             Found no KCC errors in Directory Service Event log in the last 15 minutes.
             ......................... FileServer1 passed test kccevent
          Starting test: systemlog
             * The System Event log test
             An Error Event occured.  EventID: 0xC0002710
                Time Generated: 05/02/2012   08:20:43
                (Event String could not be retrieved)
             ......................... FileServer1 failed test systemlog
          Test omitted by user request: VerifyReplicas
          Starting test: VerifyReferences
             The system object reference (serverReference) CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com and
             backlink on
             CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com are
             correct.
             The system object reference (frsComputerReferenceBL)
             CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=co
    m
             and backlink on CN=FileServer1,OU=Domain Controllers,DC=mydomain,DC=com are correct.
             The system object reference (serverReferenceBL)
             CN=FileServer1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=co
    m
             and backlink on
             CN=NTDS Settings,CN=FileServer1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,D
    C=com
             are correct.
             ......................... FileServer1 passed test VerifyReferences
          Test omitted by user request: VerifyEnterpriseReferences
          Test omitted by user request: CheckSecurityError

       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom

       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom

       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom

       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom

       Running partition tests on : mydomain
          Starting test: CrossRefValidation
             ......................... mydomain passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... mydomain passed test CheckSDRefDom

       Running enterprise tests on : mydomain.com
          Starting test: Intersite
             Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
             provided.
             ......................... mydomain.com passed test Intersite
          Starting test: FsmoCheck
             GC Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             PDC Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             Time Server Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             Preferred Time Server Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             KDC Name: \\FileServer1.mydomain.com
             Locator Flags: 0xe00003fd
             ......................... mydomain.com passed test FsmoCheck
          Test omitted by user request: DNS
          Test omitted by user request: DNS

    C:\Documents and Settings\Administrator>

    Wednesday, May 02, 2012 3:53 PM
  • Here is ipconfig /all


    C:\Documents and Settings\Administrator>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : FileServer1
       Primary Dns Suffix  . . . . . . . : mydomain.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : mydomain.com

    Ethernet adapter Local Area Connection 2:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
       Physical Address. . . . . . . . . : BC-AE-C5-28-9F-65
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 192.168.1.2
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.2

    C:\Documents and Settings\Administrator>

    Wednesday, May 02, 2012 3:55 PM
  • Hi Roy. Yes I can stop and start the dhcp service manually.
    Wednesday, May 02, 2012 3:58 PM
  • Tiger Li, maybe you are right, but I wish I knew for sure. The dhcp service does seem to run ok after the machine is fully up.

    Booting and getting all the services going seems to take longer than I would expect. This is a fairly fast machine. It takes 10 minutes to get to the login prompt. There are only about 20 devices on the network. At about the same time that the dhcp error is listed in the event log, during boot and before login, a dialog appears stating that one or more devices have failed.

    Wednesday, May 02, 2012 4:03 PM
  • Thanks for posting the ipconfig. It looks fine.

    Is the DNS Server Service running?

    If you open the DNS console, under the mydomain.com zone, do you see a record for Fileserver1, and do you see a record called 'same as parent' A 192.168.1.2?

    Also, do you see a zone called _msdcs.mydomain.com? If so, you should see a GC folder under it. If so, do you see an A record for 192.168.1.2?

    .

    As for the System log error failure, it's stating the log is full. You can clear the System log in event viewer, which should clear that failure.

    .

    One more thing, go through the steps in teh following link to see if there are any conflicting or duplicate zones.

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    Published by Ace Fekay, MCT, MVP DS on Sep 2, 2009 at 2:34 PM  2313  0
    http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, May 02, 2012 6:08 PM
  • Thanks Ace I appreciate the help.

    The DNS server service is running.

    In the dns management console under the tree DNS\FileServer1\Forward Lookup Zones\mydomain.com

    There is a record for FileServer1, Type Host(A), Data 192.168.1.2

    There is a record for (Same as parent folder), type Host(A), data 192.168.1.2

    I don't see anything for _msdcs.mydomain.com, would it be in the same list as the entries above?

    I will wait on trying your blog entry till later, in case the missing entry for _msdcs.mydomain.com turns out to be important.

    Wednesday, May 02, 2012 6:37 PM
  • You are welcome, so far.

    And yes, that _msdcs.mydomain.com is extremely important. I'm assuming it;s there, based on the dcdiag output. If the original domain when installed was under 2003, then it would have created a zone of that name. Do you see a subfolder under mydomain.com called "_msdcs?"


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, May 02, 2012 8:01 PM
  • Yes that subfolder is there. But there definitely is not a peer line item line with _msdcs.mydomain.com in it; peer of the other two entries I mentioned, right under mydomain.com.

    Is the _msdcs folder a 'zone'? Still, I don't see anything with " _msdcs.mydomain.com"

    This server has been a windows 2003 box from day one.

    Wednesday, May 02, 2012 8:12 PM
  • Hi rusticloud,

    Thanks for update.

    So could we test by setting the startup type of “DHCP server” service on this domain controller to “Automatic (Delayed Start)” and rebooting the domain controller and see if these errors will persist.

    Configure a Service Item

    http://technet.microsoft.com/en-us/library/cc732482.aspx

    Thanks.


    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, May 03, 2012 6:10 AM
  • Tiger Li I will try that tonight.
    Thursday, May 03, 2012 3:45 PM
  • Rusti,

    To expand on Tiger's suggestion, maybe the info below from my notes may help? Soem of it is redundant, since we already discussed it, and you've posted the Event log errors, but more importantly look at the MSCONFIG suggestion, and take a look at ADSI Edit to see exactly what AD thinks or doesn't think is already authorized.

    ============
    DHCP Troubleshooting...

    DHCP Service will not start:

    Please also troubleshoot this issue with following the steps below:
     
    1.       Verify that the DHCP server is authorized in Active Directory. See documentation on authorizing DHCP servers below:
                    http://technet.microsoft.com/en-us/library/cc781697(WS.10).aspx
     
    2.       Is there other DHCP related error recorded in event log, please also post here
     
    3.       Examine DHCP audit logs which are located by default at %windir%\System32\Dhcp. Instructions on analyzing DHCP server audit logs are available here :
    http://technet.microsoft.com/en-us/library/cc776384(WS.10).aspx
     
    4.       4. Use Msconfig to disable all non-Microsoft services on the service tab of the Msconfig dialog. Then reboot the Windows client back into normal mode. If the issue goes away then you can enable the third party services one at a time followed by a reboot until the issue occurs again to locate the problematic service.


    See list of authorized servers using ADSI Edit:

    After a new DHCP server is authorized, the original DHCP server becomes unauthorized and cannot be authorized again in Windows 2000 Server
    (Article ID: 306925 - Last Review: October 30, 2006 - Revision: 5.1)
    http://support.microsoft.com/kb/306925

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, May 03, 2012 4:52 PM
  • According to that technet entry, I'd need to use the group policy management console to make the change on Windows 2003? I am not sure if I'd be able to do that without causing issues. The article is very generic. I'd need step by step instructions to be able to do this with any confidence. I might just live with the error.
    Friday, May 04, 2012 2:48 AM
  • Which article? Are you referring to a step by step on how to use ADSI Edit?

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, May 04, 2012 4:13 AM
  • This one: http://technet.microsoft.com/en-us/library/cc732482.aspx (Configure a Service Item)
    Friday, May 04, 2012 6:38 AM
  • Hi Ace

    Turns out there are in fact three DCs, with ip addresses 192.168.1.2, 192.168.2.2, 192.168.3.2, connected via vpn. I have posted the results of repadmin /showreps and repadmin /replsum from each DC below as you requested.

    ============
    FILESERVER1
    ============

    C:\Documents and Settings\Administrator>repadmin /showreps
    Default-First-Site-Name\FILESERVER1
    DC Options: IS_GC
    Site Options: (none)
    DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
    DC invocationID: df9a04a9-1f70-4175-b90d-91f8f96b3a67

    ==== INBOUND NEIGHBORS ======================================

    DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 19:37:37 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 19:40:35 was successful.

    CN=Configuration,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 19:26:08 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 19:26:29 was successful.

    CN=Schema,CN=Configuration,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 18:50:20 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 18:50:20 was successful.

    DC=DomainDnsZones,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 18:50:20 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 18:50:20 was successful.

    DC=ForestDnsZones,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 18:50:20 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 18:50:20 was successful.

    C:\Documents and Settings\Administrator>repadmin /replsum
    Replication Summary Start Time: 2012-05-07 19:43:34

    Beginning data collection for replication summary, this may take awhile:
      ......

    Source DC           largest delta  fails/total  %%  error
     FILESERVER2                   56m:04s    0 /  10    0
     FILESERVER1                   56m:05s    0 /  10    0
     FILESERVER3                   53m:14s    0 /  10    0

    Destination DC    largest delta    fails/total  %%  error
     FILESERVER2                   45m:32s    0 /  10    0
     FILESERVER1                   53m:14s    0 /  10    0
     FILESERVER3                   56m:05s    0 /  10    0


    ============
    FILESERVER2
    ============

    C:\Documents and Settings\Administrator.mydomain>repadmin /showreps
    Default-First-Site-Name\FILESERVER2
    DC Options: (none)
    Site Options: (none)
    DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
    DC invocationID: 74a18098-f7f0-4013-9e7b-0f94ed0107fd

    ==== INBOUND NEIGHBORS ======================================

    DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 20:06:41 was successful.
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 20:07:11 was successful.

    CN=Configuration,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 19:58:50 was successful.
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 19:58:50 was successful.

    CN=Schema,CN=Configuration,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 19:58:50 was successful.
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 19:58:50 was successful.

    DC=DomainDnsZones,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 19:58:50 was successful.
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 19:58:51 was successful.

    DC=ForestDnsZones,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER3 via RPC
            DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
            Last attempt @ 2012-05-07 19:58:50 was successful.
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 19:58:51 was successful.

    C:\Documents and Settings\Administrator.mydomain>repadmin /replsum
    Replication Summary Start Time: 2012-05-07 20:08:07

    Beginning data collection for replication summary, this may take awhile:
      ......


    Source DC           largest delta  fails/total  %%  error
     FILESERVER2                   20m:38s    0 /  10    0
     FILESERVER1                   20m:38s    0 /  10    0
     FILESERVER3                   17m:48s    0 /  10    0


    Destination DC    largest delta    fails/total  %%  error
     FILESERVER2                   09m:19s    0 /  10    0
     FILESERVER1                   17m:49s    0 /  10    0
     FILESERVER3                   20m:39s    0 /  10    0

    ============
    FILESERVER3
    ============

    C:\Documents and Settings\administrator.mydomain>repadmin /showreps
    Default-First-Site-Name\FILESERVER3
    DC Options: (none)
    Site Options: (none)
    DC object GUID: 0d91e9f7-98eb-454c-91c2-df2be8d37728
    DC invocationID: 94b8428c-2b2a-415a-b6d4-a2c0e1651de5

    ==== INBOUND NEIGHBORS ======================================

    DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 20:24:56 was successful.
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 20:27:21 was successful.

    CN=Configuration,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 20:24:02 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 20:24:03 was successful.

    CN=Schema,CN=Configuration,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 20:24:03 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 20:24:03 was successful.

    DC=DomainDnsZones,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 20:24:03 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 20:24:04 was successful.

    DC=ForestDnsZones,DC=mydomain,DC=com
        Default-First-Site-Name\FILESERVER1 via RPC
            DC object GUID: df9a04a9-1f70-4175-b90d-91f8f96b3a67
            Last attempt @ 2012-05-07 20:24:04 was successful.
        Default-First-Site-Name\FILESERVER2 via RPC
            DC object GUID: 35557715-e0c2-4adb-b509-7b808c8d8feb
            Last attempt @ 2012-05-07 20:24:04 was successful.

    C:\Documents and Settings\administrator.mydomain>repadmin /replsum
    Replication Summary Start Time: 2012-05-07 20:28:17

    Beginning data collection for replication summary, this may take awhile:
      ......


    Source DC           largest delta  fails/total  %%  error
     FILESERVER2                   37m:57s    0 /  10    0
     FILESERVER1                   29m:27s    0 /  10    0
     FILESERVER3                   37m:57s    0 /  10    0


    Destination DC    largest delta    fails/total  %%  error
     FILESERVER2                   29m:29s    0 /  10    0
     FILESERVER1                   37m:57s    0 /  10    0
     FILESERVER3                   04m:16s    0 /  10    0

    Tuesday, May 08, 2012 3:34 AM
  • Hmm, no errors. That looks like a clean report.

    I would recreate the _msdcs zone, since it should be delegated and replicated to Forest wide.

    How to reconfigure an _msdcs subdomain to a forest-wide DNS application directory partition when you upgrade from Windows 2000 to Windows Server 2003
    http://support.microsoft.com/kb/817470

    .

    .

    I would then do the following:

    • Rename both the c:\system32\config\netlogon.dns and netlogon.dnb files by adding .old on the end of them.
    • Then run an ipconfig /registerdns
    • Restart the Netlogon serv

    Now see if DHCP will start cleanly.

    .


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, May 08, 2012 4:05 AM