none
Evento 1101 y 1055 RRS feed

  • Pregunta

  • Buenos días, soy nuevo y tengo un problema al replicar las GPO en algunos servidores y están saliendo los siguientes errores, he leído mucho y he aplicado  lo que dice en las soluciones de Windows ante estos eventos y no he llegado a la solución

    Cuento con 2 servidores win server 2008 R2 haciendo replicación de DA y los que estan fallando tambien tienen el mismo SO

    evento 1101

    Error al procesar la directiva de grupo. Windows no pudo ubicar el objeto de directorio OU=RDP,OU=COMP SERVIDORES,OU=Holding Computers,OU=OU Holding,DC=hold2010,DC=local. La configuración de directiva de grupo no se podrá aplicar hasta que este evento se solucione. Consulte los detalles del evento para obtener más información acerca de este error.

    evento 1055

    The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
    a) Name Resolution failure on the current domain controller. 
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

    Ojala me puedan ayudar, muchas gracias de antemano :D

    martes, 13 de junio de 2017 16:28

Respuestas

  • Hola, Jorge Arias Estrada:

    EL mensaje de error hace referencia a que no puede resolver un LDAP explícito, lo que normalmente significa que el DC afectado no ha sincronizado la arquitectura AD desde el Maestro de infraestructuras.
    Lo siento mucho, compañero.. pero no se trata de decir "la configuración DNS está bien.. (..)" sino que hay que demostrarlo. Dicho de otra manera: el 90% de los fallos de éste tipo apuntan directamente a una incongruencia en la configuración de red.. y tu boquita de piñón dice que la configuración de red está bien. A quién creer?

    En USA resolveríamos ésta diferencia a tiros.. pero como somos gente civilizada, vamos a hacer uso de la herramienta DCDIAG en el servidor afectado, para que nos "chive" qué tripa se le ha roto.. y aplicamos una solución que nos "mole" a los dos, te parece?

    Te recomiendo desde el DC afectado, abras una sesión de consola y desde el mismo, ejecutes la herramienta DCDIAG con los siguientes parámetros:

    C:\>DCDIAG /DNSALL /e /v /f: [ruta_Log]

    Más info:
    · Dcdiag:
    https://technet.microsoft.com/en-us/library/cc731968%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Desiderio Ondo || Engineer

    • Propuesto como respuesta Moderador M jueves, 22 de junio de 2017 15:57
    • Marcado como respuesta Moderador M jueves, 22 de junio de 2017 16:13
    jueves, 22 de junio de 2017 10:12

Todas las respuestas

  • Hola, JMarias80:

    EL propio mensaje de error ya te está dando una pista bastante "guapa" sobre el origen del error. Te lo señalo:
    "(..) Windows could not resolve the computer name (..)"
    Lo que hace señalar que se trata de un fallo en la comunicación por DNS entre ambos servidores. La solución más recomendada para éstos casos es confirmar la correcta configuración de red que permita comunicarse a ambas máquinas, lo que nos lleva a recomendarte revises la configuración de red.. y sobre todo el servidor DNS. Más info:

    · Cómo instalar y configurar un servidor DNS Server en Windows Server 2003 (válido para MS w2k8):
    https://support.microsoft.com/es-es/help/814591/how-to-install-and-configure-dns-server-in-windows-server-2003

    Desiderio Ondo || Engineer

    • Propuesto como respuesta Moderador M lunes, 19 de junio de 2017 17:31
    miércoles, 14 de junio de 2017 15:55
  • Hola Desiderio gracias por responder, pero ya revise la configuración de mis DNS y están apuntando bien incluso hago pruebas por el nslookup y salen a la perfección.

    las estaciones sincronizan correctamente, pero los servidores siguen con los mismos errores no son capaces de tomar las nuevas políticas es como si estuviesen adheridas a ellos

    Me sale el siguiente error

    Error al procesar la directiva de grupo. Windows no pudo ubicar el objeto de directorio OU=RDP,OU=COMP SERVIDORES,OU=Holding Computers,OU=OU Holding,DC=hold2010 ,DC=local. La configuración de directiva de grupo no se podrá aplicar hasta que este evento se solucione. Consulte los detalles del evento para obtener más información acerca de este error. La directiva de equipo no se puede actualizar correctamente debido a los siguientes errores

    Ya cree una nueva OU y los pase con nuevas políticas y me sale el mismo error, de pronto hay alguna forma de limpiar las políticas o de "reiniciarlas" para hacer una sincronizan en limpio  de esos servidores q me estan presentando esa falla?

    Gracias

    miércoles, 21 de junio de 2017 18:24
  • Hola, Jorge Arias Estrada:

    EL mensaje de error hace referencia a que no puede resolver un LDAP explícito, lo que normalmente significa que el DC afectado no ha sincronizado la arquitectura AD desde el Maestro de infraestructuras.
    Lo siento mucho, compañero.. pero no se trata de decir "la configuración DNS está bien.. (..)" sino que hay que demostrarlo. Dicho de otra manera: el 90% de los fallos de éste tipo apuntan directamente a una incongruencia en la configuración de red.. y tu boquita de piñón dice que la configuración de red está bien. A quién creer?

    En USA resolveríamos ésta diferencia a tiros.. pero como somos gente civilizada, vamos a hacer uso de la herramienta DCDIAG en el servidor afectado, para que nos "chive" qué tripa se le ha roto.. y aplicamos una solución que nos "mole" a los dos, te parece?

    Te recomiendo desde el DC afectado, abras una sesión de consola y desde el mismo, ejecutes la herramienta DCDIAG con los siguientes parámetros:

    C:\>DCDIAG /DNSALL /e /v /f: [ruta_Log]

    Más info:
    · Dcdiag:
    https://technet.microsoft.com/en-us/library/cc731968%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Desiderio Ondo || Engineer

    • Propuesto como respuesta Moderador M jueves, 22 de junio de 2017 15:57
    • Marcado como respuesta Moderador M jueves, 22 de junio de 2017 16:13
    jueves, 22 de junio de 2017 10:12
  • Me aparecio lo siguiente, pero no lo se interpretar

    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine Hold_Zeus, is a Directory Server. 
       Home Server = Hold_Zeus

       * Connecting to directory service on server Hold_Zeus.

       * Identified AD Forest. 
       Collecting AD specific global data 
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hold2010,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded 
       Iterating through the sites 
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=hold2010,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers 
       Getting information for the server CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local 
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.

       * Found 2 DC(s). Testing 2 of them.

       Done gathering initial info.


    Doing initial required tests

       
       Testing server: Default-First-Site-Name\HOLD_ZEUS

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity 
             * Active Directory RPC Services Check
             ......................... HOLD_ZEUS passed test Connectivity

       
       Testing server: Default-First-Site-Name\HOLD-ARES

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity 
             * Active Directory RPC Services Check
             ......................... HOLD-ARES passed test Connectivity



    Doing primary tests

       
       Testing server: Default-First-Site-Name\HOLD_ZEUS

          Starting test: Advertising

             The DC HOLD_ZEUS is advertising itself as a DC and having a DS.
             The DC HOLD_ZEUS is advertising as an LDAP server
             The DC HOLD_ZEUS is advertising as having a writeable directory
             The DC HOLD_ZEUS is advertising as a Key Distribution Center
             The DC HOLD_ZEUS is advertising as a time server
             The DS HOLD_ZEUS is advertising as a GC.
             ......................... HOLD_ZEUS passed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test 
             ......................... HOLD_ZEUS passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log. 
             Skip the test because the server is running FRS.

             ......................... HOLD_ZEUS passed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test 
             File Replication Service's SYSVOL is ready 
             ......................... HOLD_ZEUS passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... HOLD_ZEUS passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             ......................... HOLD_ZEUS passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC HOLD_ZEUS on DC HOLD_ZEUS.
             * SPN found :LDAP/Hold_Zeus.hold2010.local/hold2010.local
             * SPN found :LDAP/Hold_Zeus.hold2010.local
             * SPN found :LDAP/HOLD_ZEUS
             * SPN found :LDAP/Hold_Zeus.hold2010.local/HOLD2010
             * SPN found :LDAP/6d2eef4e-ed17-4cb4-bcaf-119a6dc1665e._msdcs.hold2010.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/6d2eef4e-ed17-4cb4-bcaf-119a6dc1665e/hold2010.local
             * SPN found :HOST/Hold_Zeus.hold2010.local/hold2010.local
             * SPN found :HOST/Hold_Zeus.hold2010.local
             * SPN found :HOST/HOLD_ZEUS
             * SPN found :HOST/Hold_Zeus.hold2010.local/HOLD2010
             * SPN found :GC/Hold_Zeus.hold2010.local/hold2010.local
             ......................... HOLD_ZEUS passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC HOLD_ZEUS.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=hold2010,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=hold2010,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=hold2010,DC=local
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=hold2010,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=hold2010,DC=local
                (Domain,Version 3)
             ......................... HOLD_ZEUS passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Verified share \\HOLD_ZEUS\netlogon
             Verified share \\HOLD_ZEUS\sysvol
             ......................... HOLD_ZEUS passed test NetLogons

          Starting test: ObjectsReplicated

             HOLD_ZEUS is in domain DC=hold2010,DC=local
             Checking for CN=HOLD_ZEUS,OU=Domain Controllers,DC=hold2010,DC=local in domain DC=hold2010,DC=local on 2 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local in domain CN=Configuration,DC=hold2010,DC=local on 2 servers
                Object is up-to-date on all servers.
             ......................... HOLD_ZEUS passed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             * Replication Latency Check
                DC=ForestDnsZones,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=DomainDnsZones,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Schema,CN=Configuration,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Configuration,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
             ......................... HOLD_ZEUS passed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 3100 to 1073741823
             * Hold_Zeus.hold2010.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 2100 to 2599
             * rIDPreviousAllocationPool is 2100 to 2599
             * rIDNextRID: 2231
             ......................... HOLD_ZEUS passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: DFSR
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... HOLD_ZEUS passed test Services

          Starting test: SystemLog

             * The System Event log test
             An error event occurred.  EventID: 0x0000165B

                Time Generated: 06/22/2017   07:28:01

                Event String:

                The session setup from computer 'FBR-DIRMERCADEO' failed because the security database does not contain a trust account 'FBR-DIRMERCADEO$' referenced by the specified computer.  

                

                USER ACTION  

                If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO' then 'FBR-DIRMERCADEO' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

                

                If 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO', then 'FBR-DIRMERCADEO' should be rejoined to the domain.  

                

                If 'FBR-DIRMERCADEO$' is a legitimate interdomain trust account, then the trust should be recreated.  

                

                Otherwise, assuming that 'FBR-DIRMERCADEO$' is not a legitimate account, the following action should be taken on 'FBR-DIRMERCADEO':  

                

                If 'FBR-DIRMERCADEO' is a Domain Controller, then the trust associated with 'FBR-DIRMERCADEO$' should be deleted.  

                

                If 'FBR-DIRMERCADEO' is not a Domain Controller, it should be disjoined from the domain.

             An error event occurred.  EventID: 0x000016AD

                Time Generated: 06/22/2017   07:33:01

                Event String:

                The session setup from the computer FBR-DIRMERCADEO failed to authenticate. The following error occurred: 

                Access is denied.

             A warning event occurred.  EventID: 0x000003FC

                Time Generated: 06/22/2017   07:33:46

                Event String:

                Scope, 192.168.1.0, is 95 percent full with only 9 IP addresses remaining.

             ......................... HOLD_ZEUS failed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=HOLD_ZEUS,OU=Domain Controllers,DC=hold2010,DC=local and backlink

             on

             CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local

             are correct. 
             The system object reference (serverReferenceBL)

             CN=HOLD_ZEUS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local

             and backlink on

             CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local

             are correct. 
             The system object reference (frsComputerReferenceBL)

             CN=HOLD_ZEUS,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local

             and backlink on

             CN=HOLD_ZEUS,OU=Domain Controllers,DC=hold2010,DC=local are correct. 
             ......................... HOLD_ZEUS passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

       
       Testing server: Default-First-Site-Name\HOLD-ARES

          Starting test: Advertising

             The DC HOLD-ARES is advertising itself as a DC and having a DS.
             The DC HOLD-ARES is advertising as an LDAP server
             The DC HOLD-ARES is advertising as having a writeable directory
             The DC HOLD-ARES is advertising as a Key Distribution Center
             The DC HOLD-ARES is advertising as a time server
             The DS HOLD-ARES is advertising as a GC.
             ......................... HOLD-ARES passed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test 
             ......................... HOLD-ARES passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log. 
             Skip the test because the server is running FRS.

             ......................... HOLD-ARES passed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test 
             File Replication Service's SYSVOL is ready 
             ......................... HOLD-ARES passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... HOLD-ARES passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=HOLD_ZEUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local
             ......................... HOLD-ARES passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC HOLD-ARES on DC HOLD-ARES.
             * SPN found :LDAP/Hold-Ares.hold2010.local/hold2010.local
             * SPN found :LDAP/Hold-Ares.hold2010.local
             * SPN found :LDAP/HOLD-ARES
             * SPN found :LDAP/Hold-Ares.hold2010.local/HOLD2010
             * SPN found :LDAP/e5dd6def-3795-49d7-ab39-c1a55f5c3226._msdcs.hold2010.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e5dd6def-3795-49d7-ab39-c1a55f5c3226/hold2010.local
             * SPN found :HOST/Hold-Ares.hold2010.local/hold2010.local
             * SPN found :HOST/Hold-Ares.hold2010.local
             * SPN found :HOST/HOLD-ARES
             * SPN found :HOST/Hold-Ares.hold2010.local/HOLD2010
             * SPN found :GC/Hold-Ares.hold2010.local/hold2010.local
             ......................... HOLD-ARES passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC HOLD-ARES.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=hold2010,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=hold2010,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=hold2010,DC=local
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=hold2010,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=hold2010,DC=local
                (Domain,Version 3)
             ......................... HOLD-ARES passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Verified share \\HOLD-ARES\netlogon
             Verified share \\HOLD-ARES\sysvol
             ......................... HOLD-ARES passed test NetLogons

          Starting test: ObjectsReplicated

             HOLD-ARES is in domain DC=hold2010,DC=local
             Checking for CN=HOLD-ARES,OU=Domain Controllers,DC=hold2010,DC=local in domain DC=hold2010,DC=local on 2 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local in domain CN=Configuration,DC=hold2010,DC=local on 2 servers
                Object is up-to-date on all servers.
             ......................... HOLD-ARES passed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             * Replication Latency Check
                DC=ForestDnsZones,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=DomainDnsZones,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Schema,CN=Configuration,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Configuration,DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=hold2010,DC=local
                   Latency information for 1 entries in the vector were ignored.
                      1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
             ......................... HOLD-ARES passed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 3100 to 1073741823
             * Hold_Zeus.hold2010.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 2600 to 3099
             * rIDPreviousAllocationPool is 2600 to 3099
             * rIDNextRID: 2637
             ......................... HOLD-ARES passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: DFSR
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... HOLD-ARES passed test Services

          Starting test: SystemLog

             * The System Event log test
             An error event occurred.  EventID: 0x00000457

                Time Generated: 06/22/2017   07:36:14

                Event String:

                Driver HP LaserJet Professional P1606dn required for printer HP LaserJet Professional P1606dn is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 06/22/2017   07:36:15

                Event String:

                Driver HP LaserJet Professional P1606dn required for printer HP P1606dn contabilidad luis is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 06/22/2017   07:36:17

                Event String:

                Driver Solid PDF Creator required for printer Solid PDF Creator is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x0000165B

                Time Generated: 06/22/2017   07:38:00

                Event String:

                The session setup from computer 'FBR-DIRMERCADEO' failed because the security database does not contain a trust account 'FBR-DIRMERCADEO$' referenced by the specified computer.  

                

                USER ACTION  

                If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO' then 'FBR-DIRMERCADEO' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

                

                If 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO', then 'FBR-DIRMERCADEO' should be rejoined to the domain.  

                

                If 'FBR-DIRMERCADEO$' is a legitimate interdomain trust account, then the trust should be recreated.  

                

                Otherwise, assuming that 'FBR-DIRMERCADEO$' is not a legitimate account, the following action should be taken on 'FBR-DIRMERCADEO':  

                

                If 'FBR-DIRMERCADEO' is a Domain Controller, then the trust associated with 'FBR-DIRMERCADEO$' should be deleted.  

                

                If 'FBR-DIRMERCADEO' is not a Domain Controller, it should be disjoined from the domain.

             An error event occurred.  EventID: 0x000016AD

                Time Generated: 06/22/2017   07:42:14

                Event String:

                The session setup from the computer FBR-DIRMERCADEO failed to authenticate. The following error occurred: 

                Access is denied.

             ......................... HOLD-ARES failed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=HOLD-ARES,OU=Domain Controllers,DC=hold2010,DC=local and backlink

             on

             CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local

             are correct. 
             The system object reference (serverReferenceBL)

             CN=HOLD-ARES,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local

             and backlink on

             CN=NTDS Settings,CN=HOLD-ARES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hold2010,DC=local

             are correct. 
             The system object reference (frsComputerReferenceBL)

             CN=HOLD-ARES,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=hold2010,DC=local

             and backlink on

             CN=HOLD-ARES,OU=Domain Controllers,DC=hold2010,DC=local are correct. 
             ......................... HOLD-ARES passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

       
          Test omitted by user request: DNS

          Test omitted by user request: DNS

       
          Test omitted by user request: DNS

          Test omitted by user request: DNS

       
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

       
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

       
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

       
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

       
       Running partition tests on : hold2010

          Starting test: CheckSDRefDom

             ......................... hold2010 passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... hold2010 passed test CrossRefValidation

       
       Running enterprise tests on : hold2010.local

          Test omitted by user request: DNS

          Test omitted by user request: DNS

          Starting test: LocatorCheck

             GC Name: \\Hold_Zeus.hold2010.local

             Locator Flags: 0xe00033fd
             PDC Name: \\Hold_Zeus.hold2010.local
             Locator Flags: 0xe00033fd
             Time Server Name: \\Hold_Zeus.hold2010.local
             Locator Flags: 0xe00033fd
             Preferred Time Server Name: \\Hold_Zeus.hold2010.local
             Locator Flags: 0xe00033fd
             KDC Name: \\Hold_Zeus.hold2010.local
             Locator Flags: 0xe00033fd
             ......................... hold2010.local passed test LocatorCheck

          Starting test: Intersite

             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided. 
             ......................... hold2010.local passed test Intersite

    jueves, 22 de junio de 2017 17:05
  • Hola:

    Encuentro ésta parte interesante:
    "
    Event String:
    The session setup from computer 'FBR-DIRMERCADEO' failed because the security database does not contain a trust account 'FBR-DIRMERCADEO$' referenced by the specified computer.
    "
    Así como ésta otra:
    "
    Event String:
    The session setup from the computer FBR-DIRMERCADEO failed to authenticate. The following error occurred: 
    Access is denied.
    "

    Éste DCDIAG es el resultado del diagnóstico por ejecutarlo desde el servidor HOLD_ZEUS, cuando lo adecuado hubiera sido mostraras los resultados de ejecutarlo en el segundo servidor (que es el que nos presenta los fallos), tal y como te señalaba en el post anterior. En todo caso, ya es bastante esclarecedor los mensajes señalados, ya que provienen del test de LOGs. Además, el propio sistema te sugiere una serie de acciones:

    "
    USER ACTION  
    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time.  If this is a Read-Only Domain Controller and 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO' then 'FBR-DIRMERCADEO' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller  capable of servicing the request (for example a writable domain controller).  Otherwise, the following steps may be taken to resolve this problem:  

    If 'FBR-DIRMERCADEO$' is a legitimate machine account for the computer 'FBR-DIRMERCADEO', then 'FBR-DIRMERCADEO' should be rejoined to the domain. If 'FBR-DIRMERCADEO$' is a legitimate interdomain trust account, then the trust should be recreated. Otherwise, assuming that 'FBR-DIRMERCADEO$' is not a legitimate account, the following action should be taken on 'FBR-DIRMERCADEO':

    If 'FBR-DIRMERCADEO' is a Domain Controller, then the trust associated with 'FBR-DIRMERCADEO$' should be deleted.  
    If 'FBR-DIRMERCADEO' is not a Domain Controller, it should be disjoined from the domain.
    An error event occurred.  EventID: 0x000016AD
    "

    En otras palabras: el canal seguro de comunicaciones entre ambos servidores se ha jod**** y ello arrastra a todo lo demás: credenciales de dominio incorrectas, fallas en la réplica del site entre las máquinas y cara de pez para el Administrador (o sea, tú!). 
    La solución más aceptada para éstos casos es quitar la máquina afectada del dominio (en éste caso, FBR-DIRMERCADEO), eliminar todos los registros a la misma en DNS, DHCP, DFS, RFS.. y depromoverlo limpiamente del dominio. Tras reiniciarlo y esperar unos minutos, restablecer la configuración de red con los parámetros de tu dominio y volverlo a unir como DC adicional.
    Tienes los pasos exactos en:
    · Forcing the Removal of a Domain Controller:
    https://technet.microsoft.com/en-us/library/cc794860%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    O si lo prefieres, tienes un pequeño tutorial paso-a-paso cortesía del maestro y compañero MVP Guillermo Delprato:
    · Eliminar un Controlador de Dominio Que Ya No Existe (Fácil):
    https://windowserver.wordpress.com/2012/06/02/eliminar-un-controlador-de-dominio-que-ya-no-existe-fcil/

    PD. Como detalle adicional, parece que tambien tienes una impresora HP LaserJet Professional P1606dn sin los drivers correctamente instalados..

    Desiderio Ondo || Engineer

    viernes, 23 de junio de 2017 8:36
  • Hola Desiderio que pena contestar tan tarde hice lo que vos sugeriste y en varios servidores se ha corregido la falla, solo tengo 1 que sigue con el error es un servidor con el servicio de Terminal Service
    depronto hay una forma de arreglar o de reestablecer las GPO de servidor?
    viernes, 18 de agosto de 2017 16:05