Event Log Subscription
- Found an issue while adding computers to the Source Computer Initiated - Subscription Type
Scenereo:
Multiple Domain network:
Domain.Local.1 with a NetBIOS name of Domain
Domain.Somewhere.Blah with a NetBIOS name of DomainBlah
(I am currently doing a migration from one domain to another so this is how I ran into this)
If I have a couple of computers named Server123 in Domain.Local.1
and a second computer named Server321 in Domain.Somewhere.Blah. <-- This is the one I want to Subscribe to events from
The collector I am using is Server 2008 and lets call it CollectorServer (clever huh!) and this is in the newer domain: Domain.Somewhere.Blah.
Note: WinRM is configured and has tested fine on all machines so I know this is not an issue
If Create a New Subscription, add a name, select Source Computer Initiated and try to add a server from the same domain Server321.Domain.Somewhere.Blah I keep getting an error of
"Domain\Server321 cannot be translated to a security identifier. It will not be added to the list."
From what I can see is that becuase Domain.Local.1 shows up first in the network listing (due to the name) and instead of searching by the FQDN, its trunking it down and finding a match, but its matching to the NetBIOS name of Domain instead of to the FQDN! Since Server321 does not exist on Domain, it is unable to get an SID so it fails.
If i grab Server123.Domain.Local.1, it works fine! (Except for the fact that this is the old domain that i'm trying to abandon, but will exist for a while as we finish transitioning and I don't want to wait for it to be taken dow to start setting this up)
So the question is this: Is this a bug? Am I just retarted and missing something? And/or can someone find a workaround?
(obviously the domains and names are fake, but the setup is exactly what I've been messing with for hours and no matter what I try I come up with the same results)
解答
- I found out why it is causing this after upgrading our new domain to server 2008 R2 Functional level and looking AD Administrative Center (ADSI Edit would work too, but it jumped out at me here)The issue is caused by the Pre-Windows 2000 domain name which is generated by AD automatically by trunking the FQDN, NOT the NetBIOS name.If your domain is domain.something.local and your NetBIOS name is domainstuff, the Pre-2000 Name would come up as just domain. In my example where I have a migration domain where only the suffix is changing, but 2 different netbios names, the Pre-2000 Name is just trunked to domain, which makes both domains appear to be the same to the lookup.So in my case, the subscription source and collector both appeared to be in the OLD domain, even though they were not, but since DNS doesn't know about them, it couldn't find them.This causes a problem in any domain config where the domains NetBIOS name doesn't match the prefix of the FQDN exactly.Hope this makes sense. In theory you could possibly use ADSI edit and modify all instances of the Pre-Windows 200 domain name to the correct netbios name of the domain which should make the DNS queries come up correctly at that point, however I haven't tried this and have no idea what consequences this would have on other systems (So I'm saying try this at your own risk and don't blame me if something gets mucked up!).
- 已標示為解答Mervyn ZhangMSFT, 版主2009年12月16日 上午 01:40
- 已編輯Jason McKinzie 2009年11月24日 下午 10:18Typo
所有回覆
- Hi,
Current information is not enough to find the root cause of this issue. Please help to collect the following information for research.
1. Have you tried to use FQDN (example.example.com\user_name) and UPN (for example, someone@example.com) of Server321.Domain.Somewhere.Blah to test? Please also test IP address.
2. Is Server321.Domain.Somewhere.Blah a DC? If so, please check DNS server to make sure it register itself properly.
3. Please try to connect to Server321.Domain.Somewhere.Blah using Active Directory Users and Computers-> Change Domain Controller feature.
4. Does this issue occur on any other computer?
5. Could subscriptions work on any other system?
Thanks.- 已標示為解答Mervyn ZhangMSFT, 版主2008年12月26日 上午 01:32
- 已取消標示為解答Mervyn ZhangMSFT, 版主2009年12月16日 上午 01:40
- 已編輯Mervyn ZhangMSFT, 版主2008年12月22日 下午 12:27e
- I'm having this same issue.
I tried using the FQDN, and UPN of a single computer account, as well as the Domain Computers group, which I hope to add to the list. IP address does not apply in this scenario.
I've tried adding the subscription on a new w2k8 server as well as numerous Vista machines with the same result.
Anybody have any idea what the issue could be?
We're having the same problem. Our active directory domain is "office.domain.com", and when I attempt to add computers or groups using the fully-qualified name ("office.domain.com\Domain Computers"), it attempts to add "OFFICE\Domain Computers" instead. The problem (I assume) being that OFFICE is *not* the netbios name for this domain. DNS for OFFICE is configured with the IPs of our domain controllers. If anyone else has found a solution to this, I'd love to hear from you.
Thanks!- I found out why it is causing this after upgrading our new domain to server 2008 R2 Functional level and looking AD Administrative Center (ADSI Edit would work too, but it jumped out at me here)The issue is caused by the Pre-Windows 2000 domain name which is generated by AD automatically by trunking the FQDN, NOT the NetBIOS name.If your domain is domain.something.local and your NetBIOS name is domainstuff, the Pre-2000 Name would come up as just domain. In my example where I have a migration domain where only the suffix is changing, but 2 different netbios names, the Pre-2000 Name is just trunked to domain, which makes both domains appear to be the same to the lookup.So in my case, the subscription source and collector both appeared to be in the OLD domain, even though they were not, but since DNS doesn't know about them, it couldn't find them.This causes a problem in any domain config where the domains NetBIOS name doesn't match the prefix of the FQDN exactly.Hope this makes sense. In theory you could possibly use ADSI edit and modify all instances of the Pre-Windows 200 domain name to the correct netbios name of the domain which should make the DNS queries come up correctly at that point, however I haven't tried this and have no idea what consequences this would have on other systems (So I'm saying try this at your own risk and don't blame me if something gets mucked up!).
- 已標示為解答Mervyn ZhangMSFT, 版主2009年12月16日 上午 01:40
- 已編輯Jason McKinzie 2009年11月24日 下午 10:18Typo
- Thanks Jason,
That does appear to be what's happening in our case: we have a Pre-Windows 2000 NETBIOS name that is different than our truncated FQDN. What I find strange is that this does not occur when adding computers to Controller-initiated subscriptions; only Source-initiated subscriptions exhibit this behavior. In addition, this seems to be Windows 2008 R2-specific; I've tested this on a Windows 2008 server and it correctly uses the NETBIOS name (our domain is running at a Server 2003 functional level).
I've opened a support request with Microsoft about the issue, so we'll see what they have to say.
Dave - Just thought I'd let everyone know that I've been working with Microsoft support on this, and just found out today that they've been able to repro the bug. So hopefully they'll get it fixed for the next service pack. In the meantime, as a workaround, we've been able to succesfully create the subscription from the command line using wecutil.exe.
-Dave
