locked
A processing error occurred collecting data using this base domain controller. RRS feed

Answers

  • Hello!
    I solved this in our Environment and I hope that I can contribute to you all.

    We migrated a Windows 2003 DC to Windows 2012 DC, worked fine for a few hours, but later on we got the exact same error as Mr Wolf.
    Tho solution was to fix NtFrs errors on the 2003 DC first, with the reg fix "Enable Journal Wrap Automatic Restore" as suggested in Eventviewer in 2003.
    That fixed errors preventing sync between DC and 5 minutes later, all good!
    Se complete details below from error in Event log:

    Regards
    Andreas Hansson
    Aros IT-Partner

    The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
     
     Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
     Replica root path is   : "c:\windows\sysvol\domain"
     Replica root volume is : "\\.\C:"
     A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.
     
     [1] Volume "\\.\C:" has been formatted.
     [2] The NTFS USN journal on volume "\\.\C:" has been deleted.
     [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
     [4] File Replication Service was not running on this computer for a long time.
     [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
     Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
     [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
     [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
     
    WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
     
    To change this registry parameter, run regedit.
     
    Click on Start, Run and type regedit.
     
    Expand HKEY_LOCAL_MACHINE.
    Click down the key path:
       "System\CurrentControlSet\Services\NtFrs\Parameters"
    Double click on the value name
       "Enable Journal Wrap Automatic Restore"
    and update the value.
     
    If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    • Marked as answer by Yan Li_ Tuesday, May 21, 2013 7:10 AM
    Wednesday, March 20, 2013 7:52 PM

All replies

  •  
    > It seems like GPMC can't get the list of DCs:
     
    If you run "dsquery server (-hasfsmo pdc)" the returned data is correct?
    And after enabling GPMC debug logging, do you find anything in the log?
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Tuesday, November 27, 2012 1:22 PM
  • Hi Martin,

    If you run "dsquery server (-hasfsmo pdc)" the returned data is correct?

    Unfortunately, Yes.

    I also tried to change the DC in GPMC,
    The query also fails. (even if I select a 2008 R2 DC).

    I'll turn on GPMC logging now.


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!


    Tuesday, November 27, 2012 1:50 PM
  • [c38.974] 11/27/2012 13:18:12:636  [VERBOSE] CGPMReport::GenerateReportFromInfra : Collecting DC List
    [c38.974] 11/27/2012 13:18:12:636  [VERBOSE] CGroupPolicyInfrastructure::CollectDCList()
    [c38.974] 11/27/2012 13:18:12:761  [WARNING] CDomain::PopulateDCList DsGetDomainControllerInfoW failed 0x80070032
    [c38.974] 11/27/2012 13:18:12:761  [WARNING] CDomain::GetDCs failed 0x80070032
    [c38.974] 11/27/2012 13:18:12:777  [VERBOSE] CGroupPolicyInfrastructure::CollectDCList domain.GetDCs completed with a status of 0x80070032
    [c38.974] 11/27/2012 13:18:12:777  [WARNING] CGroupPolicyInfrastructure::CollectDCList domain.GetDCs failed 0x80070032
    [c38.974] 11/27/2012 13:18:12:777  [VERBOSE] CGroupPolicyInfrastructure::CollectDCList completed with a status of 0x80070032
    [c38.974] 11/27/2012 13:18:12:777  [WARNING] CGPMReport::GenerateReportFromInfra : CollectDCList failed with 0x80070032

    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Tuesday, November 27, 2012 1:52 PM
  •  
    > [c38.974] 11/27/2012 13:18:12:761  [WARNING] CDomain::PopulateDCList
    > DsGetDomainControllerInfoW failed 0x80070032
     
    Hm. The last two matches are worth a closer look. Maybe capture the
    network traffic through netmon.
     
    # as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x32
    # for hex 0x32 / decimal 50 :
      PHASE1_INITIALIZATION_FAILED bugcodes.h
      MSG_E_CANNOT_ACQUIRE_CRYPTO_CONTEXT certlog.mc
    # Certificate Services did not start: Unable to acquire a
    # cryptographic context for %1.  %2.
      CR_NO_CM_SERVICES cfgmgr32.h
      LLC_STATUS_INVALID_NODE_ADDRESS dlcapi.h
      KRB_AP_ERR_INAPP_CKSUM kerberr.h
    # Inappropriate type of checksum in message
      POLICY_ERRV_NO_PRIVILEGES lpmapi.h
      NMERR_NETWORK_NOT_OPENED netmon.h
      OLE_ERROR_TASK, ole.h
    # Server or client task is invalid        */
      TLS1_ALERT_DECODE_ERROR schannel.h
    # error
      MSG_LOCALCLOCK_UNSET w32timemsg.mc
    # The time service detected a time difference of greater than
    # %1 milliseconds
    # for %2 seconds. The time difference might be caused by
    # synchronization with
    # low-accuracy time sources or by suboptimal network
    # conditions. The time service
    # is no longer synchronized and cannot provide the time to
    # other clients or update
    # the system clock. When a valid time stamp is received from
    # a time service
    # provider, the time service will correct itself.
      ERROR_NOT_SUPPORTED winerror.h
    # The request is not supported.
      LDAP_INSUFFICIENT_RIGHTS winldap.h
    # 12 matches found for "0x80070032"
     
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Tuesday, November 27, 2012 3:07 PM
  • Hm. The last two matches are worth a closer look. Maybe capture the

    network traffic through netmon.

    I already did that.
    I thought maybe there a LDAP query that goes to hell.
    Anyway, I will do this again.

    I also thought I could find the "DsGetDomainControllerInfoW" function and write my own
    VB-program to debug this, but I could not find any nice source code.

    I will have a look at the problem tomorrow.

    At the moment I don't have a connection to my AD.


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Tuesday, November 27, 2012 5:52 PM
  • Dear All,

    I am having the same problem.

    I have Windows Server 2003 R2 holds all the FSMO roles as Domain Controller and I have a second DC running Windows Server 2012.

    It seems the policies are not synchronized.

    If I changed the domain controller from the GPMC in Windows Server 2012 to the DC 2012, when I click on any Policy, I receive the error message "The Network name cannot be found".

    When I click on TOP of my domain name in GPMC (2012), I receive below:

    Servers Name:

    Domain = Windows 2003 R2 + FSMO

    PDC = Windows 2012

    Please find below results of the follosing commands:

    C:\repadmin /showrepl:

    DC=AAAAA
        Default-First-Site-Name\DOMAIN via RPC
            DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
            Last attempt @ 2013-01-07 15:04:57 was successful.

    CN=Configuration,DC=AAAAA
        Default-First-Site-Name\DOMAIN via RPC
            DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
            Last attempt @ 2013-01-07 14:46:40 was successful.

    CN=Schema,CN=Configuration,DC=AAAAA
        Default-First-Site-Name\DOMAIN via RPC
            DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
            Last attempt @ 2013-01-07 14:46:40 was successful.

    DC=ForestDnsZones,DC=AAAAA
        Default-First-Site-Name\DOMAIN via RPC
            DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
            Last attempt @ 2013-01-07 14:46:40 was successful.

    DC=DomainDnsZones,DC=AAAAA
        Default-First-Site-Name\DOMAIN via RPC
            DSA object GUID: 0088aa8e-15c4-4678-84ba-23e127766103
            Last attempt @ 2013-01-07 14:46:40 was successful.

    C:\Users\administrator.AAAAA>dsquery server -domain pdc:

    "CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA"
    "CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA"

    C:\dcdiag /v >dcdiag.txt:

    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine PDC, is a Directory Server.
       Home Server = PDC

       * Connecting to directory service on server PDC.

       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=AAAAA,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=AAAAA,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.

       * Found 2 DC(s). Testing 1 of them.

       Done gathering initial info.


    Doing initial required tests

      
       Testing server: Default-First-Site-Name\PDC

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... PDC passed test Connectivity

     Doing primary tests

      
       Testing server: Default-First-Site-Name\PDC

          Starting test: Advertising

             Warning: DsGetDcName returned information for \\domain.AAAAA, when

             we were trying to reach PDC.

             SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

             ......................... PDC failed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             A warning event occurred.  EventID: 0x800034C4

                Time Generated: 01/06/2013   21:14:52

                Event String:

                The File Replication Service is having trouble enabling replication from DOMAIN to PDC for c:\windows\sysvol\domain using the DNS name domain.AAAAA. FRS will keep retrying.

                 Following are some of the reasons you would see this warning.

                

                 [1] FRS can not correctly resolve the DNS name domain.AAAAA from this computer.

                 [2] FRS is not running on domain.AAAAA.

                 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

                

                 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

             A warning event occurred.  EventID: 0x800034C4

                Time Generated: 01/06/2013   21:35:02

                Event String:

                The File Replication Service is having trouble enabling replication from domain.AAAAA to PDC for c:\windows\sysvol\domain using the DNS name domain.AAAAA. FRS will keep retrying.

                 Following are some of the reasons you would see this warning.

                

                 [1] FRS can not correctly resolve the DNS name domain.AAAAA from this computer.

                 [2] FRS is not running on domain.AAAAA.

                 [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

                

                 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

             ......................... PDC passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             Skip the test because the server is running FRS.

             ......................... PDC passed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 0x0 "The operation completed successfully.".

             Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... PDC passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... PDC passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
             Role Domain Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
             Role PDC Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
             Role Rid Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=DOMAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA
             ......................... PDC passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC PDC on DC PDC.
             * SPN found :LDAP/PDC.AAAAA/AAAAA
             * SPN found :LDAP/PDC.AAAAA
             * SPN found :LDAP/PDC
             * SPN found :LDAP/PDC.AAAAA/AAAAA
             * SPN found :LDAP/a45cd349-0c7a-495b-b7da-ed808a7f19c4._msdcs.AAAAA
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a45cd349-0c7a-495b-b7da-ed808a7f19c4/AAAAA
             * SPN found :HOST/PDC.AAAAA/AAAAA
             * SPN found :HOST/PDC.AAAAA
             * SPN found :HOST/PDC
             * SPN found :HOST/PDC.AAAAA/AAAAA
             * SPN found :GC/PDC.AAAAA/AAAAA
             ......................... PDC passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC PDC.
             * Security Permissions Check for

               DC=DomainDnsZones,DC=AAAAA
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=ForestDnsZones,DC=AAAAA
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=AAAAA
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=AAAAA
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=AAAAA
                (Domain,Version 3)
             ......................... PDC passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Unable to connect to the NETLOGON share! (\\PDC\netlogon)

             [PDC] An net use or LsaPolicy operation failed with error 67,

             The network name cannot be found..

             ......................... PDC failed test NetLogons

          Starting test: ObjectsReplicated

             PDC is in domain DC=AAAAA
             Checking for CN=PDC,OU=Domain Controllers,DC=AAAAA in domain DC=AAAAA on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA in domain CN=Configuration,DC=AAAAA on 1 servers
                Object is up-to-date on all servers.
             ......................... PDC passed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             * Replication Latency Check
                DC=DomainDnsZones,DC=AAAAA
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=ForestDnsZones,DC=AAAAA
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Schema,CN=Configuration,DC=AAAAA
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Configuration,DC=AAAAA
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=AAAAA
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             ......................... PDC passed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 3603 to 1073741823
             * domain.AAAAA is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 3103 to 3602
             * rIDPreviousAllocationPool is 3103 to 3602
             * rIDNextRID: 3103
             ......................... PDC passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... PDC passed test Services

          Starting test: SystemLog

             * The System Event log test
             Found no errors in "System" Event log in the last 60 minutes.
             ......................... PDC passed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=PDC,OU=Domain Controllers,DC=AAAAA and backlink on

             CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA

             are correct.
             The system object reference (serverReferenceBL)

             CN=PDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=AAAAA

             and backlink on

             CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AAAAA

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=PDC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=AAAAA

             and backlink on CN=PDC,OU=Domain Controllers,DC=AAAAA are correct.
             ......................... PDC passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

      
          Test omitted by user request: DNS

          Test omitted by user request: DNS

      
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

      
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

      
       Running partition tests on : AAAAA

          Starting test: CheckSDRefDom

             ......................... AAAAA passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... AAAAA passed test CrossRefValidation

      
       Running enterprise tests on : AAAAA

          Test omitted by user request: DNS

          Test omitted by user request: DNS

          Starting test: LocatorCheck

             GC Name: \\domain.AAAAA

             Locator Flags: 0xe00001fd
             PDC Name: \\domain.AAAAA
             Locator Flags: 0xe00001fd
             Time Server Name: \\domain.AAAAA
             Locator Flags: 0xe00001fd
             Preferred Time Server Name: \\domain.AAAAA
             Locator Flags: 0xe00001fd
             KDC Name: \\domain.AAAAA
             Locator Flags: 0xe00001fd
             ......................... AAAAA passed test LocatorCheck

          Starting test: Intersite

             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... AAAAA passed test Intersite

    Please your help is highly appreciated.

    I want to note that my domain was created without top level domain (*.net, *.com, etc...). Only AAAAA


    Regards,


    • Edited by CHAROX Monday, January 7, 2013 11:29 AM
    Monday, January 7, 2013 11:26 AM
  • Matthias-

    As near as I can tell, nltest /DCLIST uses the same DsGetDomainControllerInfoW API call so you can try that to see what it returns. It appears that that API gets the DC list from a single DC. That is, it queries the DC in the domain for the list rather than going to every DC. That may or may not help but it was interesting to see.

    Darren


    Darren Mar-Elia MS-MVP, Group Policy
    www.gpoguy.com
    www.sdmsoftware.com - "The Group Policy Experts"

    Monday, January 7, 2013 5:24 PM
  • Hello Darren,

    Thank you for the hint.
    Anyway, nltest /dclist does not show any error.

    But the dclist leads me to another good idea.
    I found that there is an old DC that is in this list.
    This was an old Windows NT DC.

    I will try to remove this old account tomorrow.
    Hopfully it helps.

    I'll let you know.


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Monday, January 7, 2013 9:28 PM
  • Dear Darren,

    I run nltest /dclist on both DCs and the return is successfull:

    C:\Users\administrator.AAAAA>nltest /dclist:AAAAA
    Get list of DCs in domain 'ISCADKC' from '\\domain.AAAAA'.
        domain.AAAAA [PDC] [DS] Site: Default-First-Site-Name
        PDC.AAAAA     [DS] Site: Default-First-Site-Name
    The command completed successfully

    I can see some errors when running DCdiag /v

    Please help.

    Thank you.


    Regards,

    Tuesday, January 8, 2013 5:37 AM
  • Unfortunately removing the old account does

    not do the trick...


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Wednesday, January 9, 2013 9:44 AM
  • Same problem here from a Windows 8-cliënt.

    Howto fix this?

    Wednesday, February 13, 2013 3:04 PM
  • Howto fix this?

    I still have the same issue.


    MVP Group Policy - Mythen, Insiderinfos und Troubleshooting zum Thema GPOs: Let's go, use GPO!

    Wednesday, February 13, 2013 5:01 PM
  • Please how to fix this issue?


    Regards,

    Thursday, February 14, 2013 6:03 AM
  • i Did a fix (until now) by rebooting one of the DC/DNS-servers.

    Now i can reconnect from my Windows 8-client using GPMC.

    Thursday, February 14, 2013 8:06 AM
  • Same problem on my end. Clean testing environment, two 2003 DCs (FFL and DFL 2003 native), one 2012 Domain Member (no DC!) with installed GPMC.

    [ca4.e9c]  3/07/2013 17:06:24:100  [WARNING] CDomain::PopulateDCList DsGetDomainControllerInfoW failed 0x80070032
    [ca4.e9c]  3/07/2013 17:06:24:101  [WARNING] CDomain::GetDCs failed 0x80070032
    [ca4.e9c]  3/07/2013 17:06:24:101  [VERBOSE] CGroupPolicyInfrastructure::CollectDCList domain.GetDCs completed with a status of 0x80070032
    [ca4.e9c]  3/07/2013 17:06:24:101  [WARNING] CGroupPolicyInfrastructure::CollectDCList domain.GetDCs failed 0x80070032
    [ca4.e9c]  3/07/2013 17:06:24:101  [VERBOSE] CGroupPolicyInfrastructure::CollectDCList completed with a status of 0x80070032
    [ca4.e9c]  3/07/2013 17:06:24:101  [WARNING] CGPMReport::GenerateReportFromInfra : CollectDCList failed with 0x80070032

    No further problems though. I am currently promoting the 2012 and will stay tuned to this thread for a solution :)

    Thanks,

    Kind regards,

    MMF

    Thursday, March 7, 2013 4:08 PM
  • Ok, after the promotion (which does the ADprep) the base error message vanishes. Fits the bill, as  0x80070032 stands for Not supported.

    Now I am experiencing the Out-of-sync-issues (which I do not believe to be mission critical) for one GPO.

    Thursday, March 7, 2013 4:51 PM
  • Hello!
    I solved this in our Environment and I hope that I can contribute to you all.

    We migrated a Windows 2003 DC to Windows 2012 DC, worked fine for a few hours, but later on we got the exact same error as Mr Wolf.
    Tho solution was to fix NtFrs errors on the 2003 DC first, with the reg fix "Enable Journal Wrap Automatic Restore" as suggested in Eventviewer in 2003.
    That fixed errors preventing sync between DC and 5 minutes later, all good!
    Se complete details below from error in Event log:

    Regards
    Andreas Hansson
    Aros IT-Partner

    The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
     
     Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
     Replica root path is   : "c:\windows\sysvol\domain"
     Replica root volume is : "\\.\C:"
     A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.
     
     [1] Volume "\\.\C:" has been formatted.
     [2] The NTFS USN journal on volume "\\.\C:" has been deleted.
     [3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.
     [4] File Replication Service was not running on this computer for a long time.
     [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".
     Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.
     [1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.
     [2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.
     
    WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.
     
    To change this registry parameter, run regedit.
     
    Click on Start, Run and type regedit.
     
    Expand HKEY_LOCAL_MACHINE.
    Click down the key path:
       "System\CurrentControlSet\Services\NtFrs\Parameters"
    Double click on the value name
       "Enable Journal Wrap Automatic Restore"
    and update the value.
     
    If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    • Marked as answer by Yan Li_ Tuesday, May 21, 2013 7:10 AM
    Wednesday, March 20, 2013 7:52 PM
  • Am 20.03.2013 20:52, schrieb Andreas Hansson:
    > We migrated a Windows 2003 DC to Windows 2012 DC, worked fine for a
    > few hours, but later on we got the exact same error as Mr Wolf.
     
    It would open my eyes wide and make me wonder - I really don't believe
    Matthias didn't check sysvol health prior to posting this behaviour ;-)
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    Wednesday, March 20, 2013 9:27 PM
  • Am 20.03.2013 20:52, schrieb Andreas Hansson:
    > We migrated a Windows 2003 DC to Windows 2012 DC, worked fine for a
    > few hours, but later on we got the exact same error as Mr Wolf.
     
    It would open my eyes wide and make me wonder - I really don't believe
    Matthias didn't check sysvol health prior to posting this behaviour ;-)
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

    I agree with you, totally =)
    I reported what worked for us in our environment, not 100% sure that it's the same error.

    Thursday, March 21, 2013 9:56 AM
  • I was having the same problem after upgrading ALL of our DC's from Server 2008 to Server 2012 DC.  It turns out that none of our DC's had all the policies.  This error only happened on policies where the DC was missing a template.  

    My computer, a domain admin, was around before the DC's were switched out and I had all the templates and policies.  So I backed them up to a network share, then went to the PDC and individually restored the policies that produced this error. 

    NOTE, that after importing/restoring the problem policies, the error doesn't go away until you do a refresh either on the policy or the entire GPO folder.

    Just for further confirmation, after doing the above on the PDC, I checked another DC that was having the same problem on the same policies, and it was now working error free too.

    I hope this helps someone else as I didn't see this solution in any of the above writings. 

    Regards,


    • Edited by DonSchaefer1 Sunday, January 12, 2014 6:36 PM spacing
    • Proposed as answer by DonSchaefer1 Sunday, January 12, 2014 6:37 PM
    Sunday, January 12, 2014 6:36 PM
  • Did you solve this issue?

    I'm having the same problem with GPMC on a W2K12 member server in two separate domains:

    Domain one is running on only W2K3R2 DC's
    Domain two is running on 4 W2K3R2 DC's and 1 W2K8R2 DC

    In the domain with only W2K3R2 DC's the "CollectDCList failed with 0x80070032" always shows, also the "Select New Baseline DC" is empty.
    In the other domain the problem is also there but sometimes it seems as if GPMC is working correctly and the "Select New Baseline DC" list is populated. 

    I didn't do any GPO modifications yet with the 2012 GPMC because I'm not sure what the impact will be on our GPO's.

    Regards


    Wednesday, January 15, 2014 3:28 PM
  •  

    I had a similar problem. My replication on my DC's were working great but RSAT/Group Policy Editor was giving the "A processing error occurred collecting data using this base domain controller" error.

    I loaded RSAT for windows 7 on a Windows 7 box and it started working again. It will not work on Windows 8 for me any more. Windows6.1-KB958830-x64-RefreshPkg.msu is for Windows 7 and Windows6.2-KB2693643-x64.msu is for Windows 8.

    Wednesday, February 26, 2014 9:29 PM
  •  
    It would open my eyes wide and make me wonder - I really don't believe
    Matthias didn't check sysvol health prior to posting this behaviour ;-)
     

    For a novice, would you happen to know of a blog post that might take me step by step checking sysvol health in our domain, which currently has a mix of 2003/2012 DCs, with some intermittent Group Policy weird behaviour.
    Wednesday, March 5, 2014 11:14 PM
  • We had this same issue and I fixed it using the link below: 

    http://support.microsoft.com/kb/2891966

    • Proposed as answer by Softwire Wednesday, March 19, 2014 4:53 PM
    Tuesday, March 11, 2014 5:55 PM
  • Seems dumb, but doing a net stop netlogon and net start netlogon solved this issue here. I performed that on the 2003 DC that recently gave up the FSMO roles, all is now well.

    Interestingly, all the other stuff, to check dsquery server and dcdiag and repadmin /replsummary were all showing all DC's online, replicating and available. 


    Ethan

    Tuesday, April 21, 2015 2:39 PM
  • I had the same thing and I found the solution here:

    https://support.microsoft.com/en-us/kb/837513

    It was the method 4 which resolved my problem.

    Saturday, May 21, 2016 12:01 AM
  • This was the fix for me.

    Open ADSI Edit.

    Browse to OU=Domain Controllers,DC=Domain,DC=com

    View the properties of the affected domain controller.

    Edit the attribute dNSHostName, make sure domain controller hostname is in all CAPS.

    example: DOMAINCONTROLLER.domain.com

    Restart Netlogon Service.


    Gold is for the mistress -- silver for the maid -- Copper for the craftsman cunning at his trade. "Good!" said the Baron, sitting in his hall, "But Iron -- Cold Iron -- is master of them all."

    Friday, August 18, 2017 4:56 PM