locked
Each appears reboot series of errors in events... RRS feed

  • Question

  • [b]6005/6006[/b]
    [code=nocolor]The winlogon notification subscriber <GPClient> took 62 second(s) to handle the notification event (CreateSession).[/code]
    <object id="tts_flash" width="18" height="18" type="application/x-shockwave-flash" data="http://www.gstatic.com/translate/sound_player.swf" id="tts_flash" width="18" height="18"> <param name="movie" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="flashvars" value="sound_name=&sound_name_cb=_TTSSoundFile" /> <param name="wmode" value="transparent" /> <param name="allowScriptAccess" value="always" /> </object>
    solutions in the network not found at all ..ip v 6 is disabled.


    [b]1014[/b]
    [code=nocolor]Name resolution for the name domain.local timed out after none of the configured DNS servers responded.[/code]
    <object id="tts_flash" width="18" height="18" type="application/x-shockwave-flash" data="http://www.gstatic.com/translate/sound_player.swf" id="tts_flash" width="18" height="18"> <param name="movie" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="flashvars" value="sound_name=&sound_name_cb=_TTSSoundFile" /> <param name="wmode" value="transparent" /> <param name="allowScriptAccess" value="always" /> </object>
    Both dns available, what is the problem - no idea

    [b]29[/b]
    [code=nocolor]The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.[/code]
    <object id="tts_flash" width="18" height="18" type="application/x-shockwave-flash" data="http://www.gstatic.com/translate/sound_player.swf" id="tts_flash" width="18" height="18"> <param name="movie" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="flashvars" value="sound_name=&sound_name_cb=_TTSSoundFile" /> <param name="wmode" value="transparent" /> <param name="allowScriptAccess" value="always" /> </object>
    Following the steps from here
    - _ttp://technet.microsoft.com/en-us/library/cc734096%28WS.10%29.aspx

    <object id="tts_flash" width="18" height="18" type="application/x-shockwave-flash" data="http://www.gstatic.com/translate/sound_player.swf" id="tts_flash" width="18" height="18"> <param name="movie" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="flashvars" value="sound_name=&sound_name_cb=_TTSSoundFile" /> <param name="wmode" value="transparent" /> <param name="allowScriptAccess" value="always" /> </object>
    First of Certificates / Personal / - There is nothing to delete invalid.


    [i]C:\Windows\system32>certutil -dcinfo verify
    0: DC01
    1: DC00

    *** Testing DC[0]: DC01
    ** Enterprise Root Certificates for DC DC01
    No certs in Ent Root store!
    Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
    ** KDC Certificates for DC DC01
    0 KDC certs for DC01
    No KDC Certificate in MY store
    KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)

    *** Testing DC[1]: DC00
    ** Enterprise Root Certificates for DC DC00
    No certs in Ent Root store!
    Enterprise Root store: Cannot find object or property. 0x80092004 (-2146885628)
    ** KDC Certificates for DC DC00
    0 KDC certs for DC00
    No KDC Certificate in MY store
    KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)

    CertUtil: -DCInfo command FAILED: 0x80092004 (-2146885628)
    CertUtil: Cannot find object or property.[/i]

    <object id="tts_flash" width="18" height="18" type="application/x-shockwave-flash" data="http://www.gstatic.com/translate/sound_player.swf" id="tts_flash" width="18" height="18"> <param name="movie" value="http://www.gstatic.com/translate/sound_player.swf" /> <param name="flashvars" value="sound_name=&sound_name_cb=_TTSSoundFile" /> <param name="wmode" value="transparent" /> <param name="allowScriptAccess" value="always" /> </object>
    Secondly, when creating new demands to specify URI ..What is the point?if you point out [b] LDAP: [/ b], then the button is unavailable ADD ...


    [IMG]http://s42.radikal.ru/i095/1004/fa/fc98df67d5bb.jpg[/IMG]

    Microsoft Windows [Version 6.1.7600]
    Copyright © 2009 Microsoft Corporation. All rights reserved.

    ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : dc00
    Primary Dns Suffix . . . . . . . : domain.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : domain.local

    Ethernet adapter domain.local:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigab
    it Ethernet Controller
    Physical Address. . . . . . . . . : 00-0E-2E-41-09-8F
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.183.2(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.183.10
    DNS Servers . . . . . . . . . . . : 192.168.183.2
    192.168.183.1
    127.0.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{25463427-86CE-45B5-8EBE-E31DCA043513}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes


    dcdiag

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = dc00
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\DC00
    Starting test: Connectivity
    ......................... DC00 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\DC00
    Starting test: Advertising
    ......................... DC00 passed test Advertising
    Starting test: FrsEvent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... DC00 passed test FrsEvent
    Starting test: DFSREvent
    ......................... DC00 passed test DFSREvent
    Starting test: SysVolCheck
    ......................... DC00 passed test SysVolCheck
    Starting test: KccEvent
    ......................... DC00 passed test KccEvent
    Starting test: KnowsOfRoleHolders
    ......................... DC00 passed test KnowsOfRoleHolders
    Starting test: MachineAccount
    ......................... DC00 passed test MachineAccount
    Starting test: NCSecDesc
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=DomainDnsZones,DC=domain,DC=local
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=ForestDnsZones,DC=domain,DC=local
    ......................... DC00 failed test NCSecDesc
    Starting test: NetLogons
    [DC00] User credentials does not have permission to perform this
    operation.
    The account used for this test must have network logon privileges
    for this machine's domain.
    ......................... DC00 failed test NetLogons
    Starting test: ObjectsReplicated
    ......................... DC00 passed test ObjectsReplicated
    Starting test: Replications
    [Replications Check,DC00] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
    error 0x2105 "Replication access was denied."
    ......................... DC00 failed test Replications
    Starting test: RidManager
    ......................... DC00 passed test RidManager
    Starting test: Services
    Could not open NTDS Service on DC00, error 0x5 "Access is denied."
    ......................... DC00 failed test Services
    Starting test: SystemLog
    A warning event occurred. EventID: 0x8000001D
    Time Generated: 04/15/2010 19:44:12
    Event String:
    The Key Distribution Center (KDC) cannot find a suitable certificate
    to use for smart card logons, or the KDC certificate could not be verified. Sma
    rt card logon may not function correctly if this problem is not resolved. To cor
    rect this problem, either verify the existing KDC certificate using certutil.exe
    or enroll for a new KDC certificate.
    A warning event occurred. EventID: 0x0000000C
    Time Generated: 04/15/2010 19:45:28
    Event String:
    Time Provider NtpClient: This machine is configured to use the domai
    n hierarchy to determine its time source, but it is the AD PDC emulator for the
    domain at the root of the forest, so there is no machine above it in the domain
    hierarchy to use as a time source. It is recommended that you either configure a
    reliable time service in the root domain, or manually configure the AD PDC to s
    ynchronize with an external time source. Otherwise, this machine will function a
    s the authoritative time source in the domain hierarchy. If an external time sou
    rce is not configured or used for this computer, you may choose to disable the N
    tpClient.
    A warning event occurred. EventID: 0x000003F6
    Time Generated: 04/15/2010 19:48:01
    Event String:
    Name resolution for the name crl.microsoft.com timed out after none
    of the configured DNS servers responded.
    ......................... DC00 passed test SystemLog
    Starting test: VerifyReferences
    ......................... DC00 passed test VerifyReferences


    Running partition tests on : DomainDnsZones
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation

    Running partition tests on : ForestDnsZones
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation

    Running partition tests on : Schema
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation

    Running partition tests on : Configuration
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation

    Running partition tests on : domain
    Starting test: CheckSDRefDom
    ......................... domain passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... domain passed test CrossRefValidation

    Running enterprise tests on : domain.local
    Starting test: LocatorCheck
    ......................... domain.local passed test LocatorCheck
    Starting test: Intersite
    ......................... domain.local passed test Intersite


    [b]netdiag /v[/b]
    'netdiag' is not recognized as an internal or external command,
    operable program or batch file.
    Friday, April 16, 2010 7:21 AM

All replies

  • Hello,

    AFAIK from the post you have event id 29 where you are concerned about. When you don't have your own CA you can ignore this event. Event id 6005/6006 i have seen when hardware was problem so make sure to use the latest available drivers.

    For event id 1014 start with: "http://www.eventid.net/display.asp?eventid=1014&eventno=10623&source=DNS Client Events&phase=1"

    Also it seems that you don't run the dcdiag command with enough permissions, make sure to use an account that is member of the domain admins group, if you don't use the administrator please choose RUNAS to open the command prompt with elevateed permissions.

    On DC00 you have listed itself as DNS server and also the loopback ip address 127.0.0.1, which basically is the same so please remove the loopback address and keep the real one. To verify the other problems please run:

    dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
    netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and higher]
    repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then one DC exists)
    dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

    As the output will become large, DON'T post them into the thread, please use Windows Sky Drive. Also the dcdiag scans the complete forest so better run it on COB.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Saturday, June 5, 2010 11:52 AM