Principales respuestas
Evento 1101 y 1055

Pregunta
-
Buenos días, soy nuevo y tengo un problema al replicar las GPO en algunos servidores y están saliendo los siguientes errores, he leído mucho y he aplicado lo que dice en las soluciones de Windows ante estos eventos y no he llegado a la solución
Cuento con 2 servidores win server 2008 R2 haciendo replicación de DA y los que estan fallando tambien tienen el mismo SO
evento 1101
Error al procesar la directiva de grupo. Windows no pudo ubicar el objeto de directorio OU=RDP,OU=COMP SERVIDORES,OU=Holding Computers,OU=OU Holding,DC=hold2010,DC=local. La configuración de directiva de grupo no se podrá aplicar hasta que este evento se solucione. Consulte los detalles del evento para obtener más información acerca de este error.
evento 1055
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).Ojala me puedan ayudar, muchas gracias de antemano :D
Respuestas
-
Hola, Jorge Arias Estrada:
EL mensaje de error hace referencia a que no puede resolver un LDAP explícito, lo que normalmente significa que el DC afectado no ha sincronizado la arquitectura AD desde el Maestro de infraestructuras.
Lo siento mucho, compañero.. pero no se trata de decir "la configuración DNS está bien.. (..)" sino que hay que demostrarlo. Dicho de otra manera: el 90% de los fallos de éste tipo apuntan directamente a una incongruencia en la configuración de red.. y tu boquita de piñón dice que la configuración de red está bien. A quién creer?
En USA resolveríamos ésta diferencia a tiros.. pero como somos gente civilizada, vamos a hacer uso de la herramienta DCDIAG en el servidor afectado, para que nos "chive" qué tripa se le ha roto.. y aplicamos una solución que nos "mole" a los dos, te parece?
Te recomiendo desde el DC afectado, abras una sesión de consola y desde el mismo, ejecutes la herramienta DCDIAG con los siguientes parámetros:
C:\>DCDIAG /DNSALL /e /v /f: [ruta_Log]
Más info:
· Dcdiag:
https://technet.microsoft.com/en-us/library/cc731968%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396Desiderio Ondo || Engineer
- Propuesto como respuesta Moderador M jueves, 22 de junio de 2017 15:57
- Marcado como respuesta Moderador M jueves, 22 de junio de 2017 16:13
Todas las respuestas
-
Hola, JMarias80:
EL propio mensaje de error ya te está dando una pista bastante "guapa" sobre el origen del error. Te lo señalo:
"(..) Windows could not resolve the computer name (..)"
Lo que hace señalar que se trata de un fallo en la comunicación por DNS entre ambos servidores. La solución más recomendada para éstos casos es confirmar la correcta configuración de red que permita comunicarse a ambas máquinas, lo que nos lleva a recomendarte revises la configuración de red.. y sobre todo el servidor DNS. Más info:
· Cómo instalar y configurar un servidor DNS Server en Windows Server 2003 (válido para MS w2k8):
https://support.microsoft.com/es-es/help/814591/how-to-install-and-configure-dns-server-in-windows-server-2003Desiderio Ondo || Engineer
- Propuesto como respuesta Moderador M lunes, 19 de junio de 2017 17:31
-
Hola Desiderio gracias por responder, pero ya revise la configuración de mis DNS y están apuntando bien incluso hago pruebas por el nslookup y salen a la perfección.
las estaciones sincronizan correctamente, pero los servidores siguen con los mismos errores no son capaces de tomar las nuevas políticas es como si estuviesen adheridas a ellos
Me sale el siguiente error
Error al procesar la directiva de grupo. Windows no pudo ubicar el objeto de directorio OU=RDP,OU=COMP SERVIDORES,OU=Holding Computers,OU=OU Holding,DC=hold2010 ,DC=local. La configuración de directiva de grupo no se podrá aplicar hasta que este evento se solucione. Consulte los detalles del evento para obtener más información acerca de este error. La directiva de equipo no se puede actualizar correctamente debido a los siguientes errores
Ya cree una nueva OU y los pase con nuevas políticas y me sale el mismo error, de pronto hay alguna forma de limpiar las políticas o de "reiniciarlas" para hacer una sincronizan en limpio de esos servidores q me estan presentando esa falla?
Gracias
-
Hola, Jorge Arias Estrada:
EL mensaje de error hace referencia a que no puede resolver un LDAP explícito, lo que normalmente significa que el DC afectado no ha sincronizado la arquitectura AD desde el Maestro de infraestructuras.
Lo siento mucho, compañero.. pero no se trata de decir "la configuración DNS está bien.. (..)" sino que hay que demostrarlo. Dicho de otra manera: el 90% de los fallos de éste tipo apuntan directamente a una incongruencia en la configuración de red.. y tu boquita de piñón dice que la configuración de red está bien. A quién creer?
En USA resolveríamos ésta diferencia a tiros.. pero como somos gente civilizada, vamos a hacer uso de la herramienta DCDIAG en el servidor afectado, para que nos "chive" qué tripa se le ha roto.. y aplicamos una solución que nos "mole" a los dos, te parece?
Te recomiendo desde el DC afectado, abras una sesión de consola y desde el mismo, ejecutes la herramienta DCDIAG con los siguientes parámetros:
C:\>DCDIAG /DNSALL /e /v /f: [ruta_Log]
Más info:
· Dcdiag:
https://technet.microsoft.com/en-us/library/cc731968%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396Desiderio Ondo || Engineer
- Propuesto como respuesta Moderador M jueves, 22 de junio de 2017 15:57
- Marcado como respuesta Moderador M jueves, 22 de junio de 2017 16:13
-
Me aparecio lo siguiente, pero no lo se interpretar
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine Hold_Zeus, is a Directory Server.
Home Server = Hold_Zeus
* Connecting to directory service on server Hold_Zeus.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hold2010,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hold2010,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\HOLD_ZEUS
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... HOLD_ZEUS passed test Connectivity
Testing server: Default-First-Site-Name\HOLD-ARES
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... HOLD-ARES passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\HOLD_ZEUS
Starting test: Advertising
The DC HOLD_ZEUS is advertising itself as a DC and having a DS.
The DC HOLD_ZEUS is advertising as an LDAP server
The DC HOLD_ZEUS is advertising as having a writeable directory
The DC HOLD_ZEUS is advertising as a Key Distribution Center
The DC HOLD_ZEUS is advertising as a time server
The DS HOLD_ZEUS is advertising as a GC.
......................... HOLD_ZEUS passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... HOLD_ZEUS passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... HOLD_ZEUS passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... HOLD_ZEUS passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... HOLD_ZEUS passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role Domain Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role PDC Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role Rid Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
......................... HOLD_ZEUS passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC HOLD_ZEUS on DC HOLD_ZEUS.
* SPN found :LDAP/Hold_Zeus.hold2010.local/hold2010.local
* SPN found :LDAP/Hold_Zeus.hold2010.local
* SPN found :LDAP/HOLD_ZEUS
* SPN found :LDAP/Hold_Zeus.hold2010.local/HOLD2010
* SPN found :LDAP/6d2eef4e-ed17-4cb4-bcaf-119a6dc1665e._msdcs.hold2010.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/6d2eef4e-ed17-4cb4-bcaf-119a6dc1665e/hold2010.local
* SPN found :HOST/Hold_Zeus.hold2010.local/hold2010.local
* SPN found :HOST/Hold_Zeus.hold2010.local
* SPN found :HOST/HOLD_ZEUS
* SPN found :HOST/Hold_Zeus.hold2010.local/HOLD2010
* SPN found :GC/Hold_Zeus.hold2010.local/hold2010.local
......................... HOLD_ZEUS passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC HOLD_ZEUS.
* Security Permissions Check for
DC=ForestDnsZones,DC=hold2010,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=hold2010,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=hold2010,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=hold2010,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=hold2010,DC=local
(Domain,Version 3)
......................... HOLD_ZEUS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\HOLD_ZEUS\netlogon
Verified share \\HOLD_ZEUS\sysvol
......................... HOLD_ZEUS passed test NetLogons
Starting test: ObjectsReplicated
HOLD_ZEUS is in domain DC=hold2010,DC=local
Checking for CN=HOLD_ZEUS,OU=Domain Controllers,DC=hold2010,DC=local in domain DC=hold2010,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local in domain CN=Configuration,DC=hold2010,DC=local on 2 servers
Object is up-to-date on all servers.
......................... HOLD_ZEUS passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... HOLD_ZEUS passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 3100 to 1073741823
* Hold_Zeus.hold2010.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2100 to 2599
* rIDPreviousAllocationPool is 2100 to 2599
* rIDNextRID: 2231
......................... HOLD_ZEUS passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... HOLD_ZEUS passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x0000165B
Time Generated: 06/22/2017 07:28:01
Event String:
The session setup from computer 'FBR-DIRMERCADEO' failed because the security database does not contain a trust account 'FBR-DIRMERCADEO$' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO' then 'FBR-DIRMERCADEO' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:
If 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO', then 'FBR-DIRMERCADEO' should be rejoined to the domain.
If 'FBR-DIRMERCADEO$' is a legitimate interdomain trust account, then the trust should be recreated.
Otherwise, assuming that 'FBR-DIRMERCADEO$' is not a legitimate account, the following action should be taken on 'FBR-DIRMERCADEO':
If 'FBR-DIRMERCADEO' is a Domain Controller, then the trust associated with 'FBR-DIRMERCADEO$' should be deleted.
If 'FBR-DIRMERCADEO' is not a Domain Controller, it should be disjoined from the domain.
An error event occurred. EventID: 0x000016AD
Time Generated: 06/22/2017 07:33:01
Event String:
The session setup from the computer FBR-DIRMERCADEO failed to authenticate. The following error occurred:
Access is denied.
A warning event occurred. EventID: 0x000003FC
Time Generated: 06/22/2017 07:33:46
Event String:
Scope, 192.168.1.0, is 95 percent full with only 9 IP addresses remaining.
......................... HOLD_ZEUS failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=HOLD_ZEUS,OU=Domain Controllers,DC=hold2010,DC=local and backlink
on
CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=HOLD_ZEUS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local
and backlink on
CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=HOLD_ZEUS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local
and backlink on
CN=HOLD_ZEUS,OU=Domain Controllers,DC=hold2010,DC=local are correct.
......................... HOLD_ZEUS passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\HOLD-ARES
Starting test: Advertising
The DC HOLD-ARES is advertising itself as a DC and having a DS.
The DC HOLD-ARES is advertising as an LDAP server
The DC HOLD-ARES is advertising as having a writeable directory
The DC HOLD-ARES is advertising as a Key Distribution Center
The DC HOLD-ARES is advertising as a time server
The DS HOLD-ARES is advertising as a GC.
......................... HOLD-ARES passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... HOLD-ARES passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... HOLD-ARES passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... HOLD-ARES passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... HOLD-ARES passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role Domain Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role PDC Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role Rid Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
......................... HOLD-ARES passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC HOLD-ARES on DC HOLD-ARES.
* SPN found :LDAP/Hold-Ares.hold2010.local/hold2010.local
* SPN found :LDAP/Hold-Ares.hold2010.local
* SPN found :LDAP/HOLD-ARES
* SPN found :LDAP/Hold-Ares.hold2010.local/HOLD2010
* SPN found :LDAP/e5dd6def-3795-49d7-ab39-c1a55f5c3226._msdcs.hold2010.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5dd6def-3795-49d7-ab39-c1a55f5c3226/hold2010.local
* SPN found :HOST/Hold-Ares.hold2010.local/hold2010.local
* SPN found :HOST/Hold-Ares.hold2010.local
* SPN found :HOST/HOLD-ARES
* SPN found :HOST/Hold-Ares.hold2010.local/HOLD2010
* SPN found :GC/Hold-Ares.hold2010.local/hold2010.local
......................... HOLD-ARES passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC HOLD-ARES.
* Security Permissions Check for
DC=ForestDnsZones,DC=hold2010,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=hold2010,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=hold2010,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=hold2010,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=hold2010,DC=local
(Domain,Version 3)
......................... HOLD-ARES passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\HOLD-ARES\netlogon
Verified share \\HOLD-ARES\sysvol
......................... HOLD-ARES passed test NetLogons
Starting test: ObjectsReplicated
HOLD-ARES is in domain DC=hold2010,DC=local
Checking for CN=HOLD-ARES,OU=Domain Controllers,DC=hold2010,DC=local in domain DC=hold2010,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local in domain CN=Configuration,DC=hold2010,DC=local on 2 servers
Object is up-to-date on all servers.
......................... HOLD-ARES passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=hold2010,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... HOLD-ARES passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 3100 to 1073741823
* Hold_Zeus.hold2010.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2600 to 3099
* rIDPreviousAllocationPool is 2600 to 3099
* rIDNextRID: 2637
......................... HOLD-ARES passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... HOLD-ARES passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x00000457
Time Generated: 06/22/2017 07:36:14
Event String:
Driver HP LaserJet Professional P1606dn required for printer HP LaserJet Professional P1606dn is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 06/22/2017 07:36:15
Event String:
Driver HP LaserJet Professional P1606dn required for printer HP P1606dn contabilidad luis is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 06/22/2017 07:36:17
Event String:
Driver Solid PDF Creator required for printer Solid PDF Creator is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x0000165B
Time Generated: 06/22/2017 07:38:00
Event String:
The session setup from computer 'FBR-DIRMERCADEO' failed because the security database does not contain a trust account 'FBR-DIRMERCADEO$' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO' then 'FBR-DIRMERCADEO' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:
If 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO', then 'FBR-DIRMERCADEO' should be rejoined to the domain.
If 'FBR-DIRMERCADEO$' is a legitimate interdomain trust account, then the trust should be recreated.
Otherwise, assuming that 'FBR-DIRMERCADEO$' is not a legitimate account, the following action should be taken on 'FBR-DIRMERCADEO':
If 'FBR-DIRMERCADEO' is a Domain Controller, then the trust associated with 'FBR-DIRMERCADEO$' should be deleted.
If 'FBR-DIRMERCADEO' is not a Domain Controller, it should be disjoined from the domain.
An error event occurred. EventID: 0x000016AD
Time Generated: 06/22/2017 07:42:14
Event String:
The session setup from the computer FBR-DIRMERCADEO failed to authenticate. The following error occurred:
Access is denied.
......................... HOLD-ARES failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=HOLD-ARES,OU=Domain Controllers,DC=hold2010,DC=local and backlink
on
CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=HOLD-ARES,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local
and backlink on
CN=NTDS Settings,CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=HOLD-ARES,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local
and backlink on
CN=HOLD-ARES,OU=Domain Controllers,DC=hold2010,DC=local are correct.
......................... HOLD-ARES passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : hold2010
Starting test: CheckSDRefDom
......................... hold2010 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... hold2010 passed test CrossRefValidation
Running enterprise tests on : hold2010.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\Hold_Zeus.hold2010.local
Locator Flags: 0xe00033fd
PDC Name: \\Hold_Zeus.hold2010.local
Locator Flags: 0xe00033fd
Time Server Name: \\Hold_Zeus.hold2010.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\Hold_Zeus.hold2010.local
Locator Flags: 0xe00033fd
KDC Name: \\Hold_Zeus.hold2010.local
Locator Flags: 0xe00033fd
......................... hold2010.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... hold2010.local passed test Intersite
-
Hola:
Encuentro ésta parte interesante:
"
Event String:
The session setup from computer 'FBR-DIRMERCADEO' failed because the security database does not contain a trust account 'FBR-DIRMERCADEO$' referenced by the specified computer.
"
Así como ésta otra:
"
Event String:
The session setup from the computer FBR-DIRMERCADEO failed to authenticate. The following error occurred:
Access is denied.
"
Éste DCDIAG es el resultado del diagnóstico por ejecutarlo desde el servidor HOLD_ZEUS, cuando lo adecuado hubiera sido mostraras los resultados de ejecutarlo en el segundo servidor (que es el que nos presenta los fallos), tal y como te señalaba en el post anterior. En todo caso, ya es bastante esclarecedor los mensajes señalados, ya que provienen del test de LOGs. Además, el propio sistema te sugiere una serie de acciones:
"
USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO' then 'FBR-DIRMERCADEO' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:
If 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO', then 'FBR-DIRMERCADEO' should be rejoined to the domain. If 'FBR-DIRMERCADEO$' is a legitimate interdomain trust account, then the trust should be recreated. Otherwise, assuming that 'FBR-DIRMERCADEO$' is not a legitimate account, the following action should be taken on 'FBR-DIRMERCADEO':
If 'FBR-DIRMERCADEO' is a Domain Controller, then the trust associated with 'FBR-DIRMERCADEO$' should be deleted.
If 'FBR-DIRMERCADEO' is not a Domain Controller, it should be disjoined from the domain.
An error event occurred. EventID: 0x000016AD
"
En otras palabras: el canal seguro de comunicaciones entre ambos servidores se ha jod**** y ello arrastra a todo lo demás: credenciales de dominio incorrectas, fallas en la réplica del site entre las máquinas y cara de pez para el Administrador (o sea, tú!).
La solución más aceptada para éstos casos es quitar la máquina afectada del dominio (en éste caso, FBR-DIRMERCADEO), eliminar todos los registros a la misma en DNS, DHCP, DFS, RFS.. y depromoverlo limpiamente del dominio. Tras reiniciarlo y esperar unos minutos, restablecer la configuración de red con los parámetros de tu dominio y volverlo a unir como DC adicional.
Tienes los pasos exactos en:
· Forcing the Removal of a Domain Controller:
https://technet.microsoft.com/en-us/library/cc794860%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
O si lo prefieres, tienes un pequeño tutorial paso-a-paso cortesía del maestro y compañero MVP Guillermo Delprato:
· Eliminar un Controlador de Dominio Que Ya No Existe (Fácil):
https://windowserver.wordpress.com/2012/06/02/eliminar-un-controlador-de-dominio-que-ya-no-existe-fcil/
PD. Como detalle adicional, parece que tambien tienes una impresora HP LaserJet Professional P1606dn sin los drivers correctamente instalados..Desiderio Ondo || Engineer
-
Hola Desiderio que pena contestar tan tarde hice lo que vos sugeriste y en varios servidores se ha corregido la falla, solo tengo 1 que sigue con el error es un servidor con el servicio de Terminal Service
depronto hay una forma de arreglar o de reestablecer las GPO de servidor?