Announcement

Collapse
No announcement yet.

Windows 2008 Two Errors after dcpromo

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 Two Errors after dcpromo

    I'm DCPROMOING a Windows 2008 server into a Windows 2003 Domain. After I turn off the firewall I get two consitant errors.

    1. Certificate enrollment for local system failed to enroll for a domaincontroller certificate from dc1.mydomain.com\dc1ca. The RPC server is unavailable 0x800706ba
    Event ID 13

    I tried to do the following on dc1 and rebooted everything ( this is in a test lab )

    add domain controller group to certsvc_dcom_access group that exists

    and

    certutil -certreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG
    net stop certsvc
    net start certsvc

    2. The processing of Group policy failed. Windows could not determine the computer account to enforce group policy settings. This may be tranient. Group policy settings including ocmputer configuration will not be enforced for this computer.
    Event ID 1097

    found another post that was saying KDC service was causing this issue. disabled it and appears they get enforced. once you reboot though its back to normal
    Thanks

  • #2
    Re: Windows 2008 Two Errors after dcpromo

    A lot of times these errors are just services trying to start before the NIC is online.

    Comment


    • #3
      Re: Windows 2008 Two Errors after dcpromo

      Originally posted by Meekrobe View Post
      A lot of times these errors are just services trying to start before the NIC is online.
      This doesnt appear to be the case with the 1079 error. Untill the GP is applied my additional DC in my test enviornment doesnt have any policies applied

      The event id 13 is interesting as I believe it happens on boot up and can possibly be happening for the reason you specify.

      I have reimaged everything and am going to go at this a different way then call M$

      Comment


      • #4
        Re: Windows 2008 Two Errors after dcpromo

        Wait just a sec before trashing the lab...
        Is the replication working ? Is SYSVOL replicated ?

        Btw, you do not need to touch FW rules - when you DCPROMO a W2K8 box, the required rule groups are enabled in the FW.
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Windows 2008 Two Errors after dcpromo

          Originally posted by guyt View Post
          Wait just a sec before trashing the lab...
          Is the replication working ? Is SYSVOL replicated ?

          Btw, you do not need to touch FW rules - when you DCPROMO a W2K8 box, the required rule groups are enabled in the FW.
          i just redid the server one more time just to test something.

          on the new server I see the sysvol from the primary dc.

          still I have two errors event id 13 about certificates,event id 1006 and event id 40961

          1006 - GP policy failed. could not authenticate

          40961 - secured connection with the server LDAP.. it references the new server Im building

          Comment


          • #6
            Re: Windows 2008 Two Errors after dcpromo

            Have you run diagnostics tools ? dcdiag/netdiag ?

            What does "repadmin /replsum" say ?
            Guy Teverovsky
            "Smith & Wesson - the original point and click interface"

            Comment


            • #7
              Re: Windows 2008 Two Errors after dcpromo

              netdiag I believe isnt present in windows 2008. Below are the outputs from dcdiag and repadmin.

              The only info in dcdiag which Im ignoring is that the broadcom is down, which is the 2nd ethernet port and about disk cache which isnt a problem.

              DCDIAG


              Directory Server Diagnosis


              Performing initial setup:

              Trying to find home server...

              Home Server = dc2

              * Identified AD Forest.
              Done gathering initial info.


              Doing initial required tests


              Testing server: Default-First-Site-Name\DC2

              Starting test: Connectivity

              ......................... DC2 passed test Connectivity



              Doing primary tests


              Testing server: Default-First-Site-Name\DC2

              Starting test: Advertising

              ......................... DC2 passed test Advertising

              Starting test: FrsEvent

              There are warning or error events within the last 24 hours after the

              SYSVOL has been shared. Failing SYSVOL replication problems may cause

              Group Policy problems.

              - I SEE THE SYSVOL on the NEW SERVER SO NOT SURE ABOUT THIS

              ......................... DC2 passed test FrsEvent

              Starting test: DFSREvent

              ......................... DC2 passed test DFSREvent

              Starting test: SysVolCheck

              ......................... DC2 passed test SysVolCheck

              Starting test: KccEvent

              An Warning Event occurred. EventID: 0x80000603

              Time Generated: 06/16/2008 11:48:26

              Event String:

              Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.


              An Warning Event occurred. EventID: 0x80000B46

              Time Generated: 06/16/2008 11:48:42

              Event String:

              The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.


              ......................... DC2 passed test KccEvent

              Starting test: KnowsOfRoleHolders

              ......................... DC2 passed test KnowsOfRoleHolders

              Starting test: MachineAccount

              ......................... DC2 passed test MachineAccount

              Starting test: NCSecDesc

              ......................... DC2 passed test NCSecDesc

              Starting test: NetLogons

              ......................... DC2 passed test NetLogons

              Starting test: ObjectsReplicated

              ......................... DC2 passed test ObjectsReplicated

              Starting test: Replications

              REPLICATION LATENCY WARNING

              ERROR: Expected notification link is missing.

              Source WMDC-MASTER

              Replication of new changes along this path will be delayed.

              This problem should self-correct on the next periodic sync.

              REPLICATION LATENCY WARNING

              ERROR: Expected notification link is missing.

              Source WMDC-MASTER

              Replication of new changes along this path will be delayed.

              This problem should self-correct on the next periodic sync.

              REPLICATION LATENCY WARNING

              ERROR: Expected notification link is missing.

              Source WMDC-MASTER

              Replication of new changes along this path will be delayed.

              This problem should self-correct on the next periodic sync.

              ......................... DC2 passed test Replications

              Starting test: RidManager

              ......................... DC2 passed test RidManager

              Starting test: Services

              ......................... DC2 passed test Services

              Starting test: SystemLog

              An Warning Event occurred. EventID: 0x80060005

              Time Generated: 06/16/2008 11:48:11

              Event String:

              The Virtual Storage Filter Driver is disabled through the registry. It is inactive for all disk drives.

              An Warning Event occurred. EventID: 0x80050004

              Time Generated: 06/16/2008 11:48:13

              Event String:

              Broadcom BCM5708C: The network link is down. Check to make sure the network cable is properly connected.

              An Warning Event occurred. EventID: 0x80040020

              Time Generated: 06/16/2008 11:48:26

              Event String:

              The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.

              An Warning Event occurred. EventID: 0x80040020

              Time Generated: 06/16/2008 11:48:26

              Event String:

              The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.

              An Warning Event occurred. EventID: 0x80040020

              Time Generated: 06/16/2008 11:48:26

              Event String:

              The driver detected that the device \Device\Harddisk0\DR0 has its write cache enabled. Data corruption may occur.

              An Warning Event occurred. EventID: 0x8000001D

              Time Generated: 06/16/2008 11:48:41

              Event String:

              The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

              An Error Event occurred. EventID: 0x0000168F

              Time Generated: 06/16/2008 11:49:13

              Event String:

              The dynamic deletion of the DNS record '_ldap._tcp.gc._msdcs.ourdomain.com. 600 IN SRV 0 100 3268 dc2.ourdomain.com.' failed on the following DNS server:


              An Error Event occurred. EventID: 0x0000168F

              Time Generated: 06/16/2008 11:49:13

              Event String:

              The dynamic deletion of the DNS record 'gc._msdcs.ourdomain.com. 600 IN A 192.168.1.205' failed on the following DNS server:


              An Error Event occurred. EventID: 0x0000168F

              Time Generated: 06/16/2008 11:49:13

              Event String:

              The dynamic deletion of the DNS record '_gc._tcp.ourdomain.com. 600 IN SRV 0 100 3268 dc2.ourdomain.com.' failed on the following DNS server:


              An Warning Event occurred. EventID: 0x8000A001

              Time Generated: 06/16/2008 11:49:14

              Event String:

              The Security System could not establish a secured connection with the server LDAP/dc2.ourdomain.com/[email protected] No authentication protocol was available.

              An Error Event occurred. EventID: 0x0000041F

              Time Generated: 06/16/2008 11:49:15

              Event String:

              The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:


              An Warning Event occurred. EventID: 0x00000010

              Time Generated: 06/16/2008 11:53:03

              Event String:

              Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

              An Error Event occurred. EventID: 0x0000168F

              Time Generated: 06/16/2008 11:54:15

              Event String:

              The dynamic deletion of the DNS record '_ldap._tcp.gc._msdcs.ourdomain.com. 600 IN SRV 0 100 3268 dc2.ourdomain.com.' failed on the following DNS server:


              An Error Event occurred. EventID: 0x0000168F

              Time Generated: 06/16/2008 11:54:15

              Event String:

              The dynamic deletion of the DNS record 'gc._msdcs.ourdomain.com. 600 IN A 192.168.1.205' failed on the following DNS server:


              An Error Event occurred. EventID: 0x0000168F

              Time Generated: 06/16/2008 11:54:15

              Event String:

              The dynamic deletion of the DNS record '_gc._tcp.ourdomain.com. 600 IN SRV 0 100 3268 dc2.ourdomain.com.' failed on the following DNS server:


              An Error Event occurred. EventID: 0x0000041F

              Time Generated: 06/16/2008 11:54:17

              Event String:

              The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:


              ......................... DC2 failed test SystemLog

              Starting test: VerifyReferences

              ......................... DC2 passed test VerifyReferences



              Running partition tests on : ForestDnsZones

              Starting test: CheckSDRefDom

              ......................... ForestDnsZones passed test CheckSDRefDom

              Starting test: CrossRefValidation

              ......................... ForestDnsZones passed test

              CrossRefValidation


              Running partition tests on : DomainDnsZones

              Starting test: CheckSDRefDom

              ......................... DomainDnsZones passed test CheckSDRefDom

              Starting test: CrossRefValidation

              ......................... DomainDnsZones passed test

              CrossRefValidation


              Running partition tests on : Schema

              Starting test: CheckSDRefDom

              < next post >

              Comment


              • #8
                Re: Windows 2008 Two Errors after dcpromo

                ......................... Schema passed test CheckSDRefDom

                Starting test: CrossRefValidation

                ......................... Schema passed test CrossRefValidation


                Running partition tests on : Configuration

                Starting test: CheckSDRefDom

                ......................... Configuration passed test CheckSDRefDom

                Starting test: CrossRefValidation

                ......................... Configuration passed test CrossRefValidation


                Running partition tests on : ourdomain

                Starting test: CheckSDRefDom

                ......................... ourdomain passed test CheckSDRefDom

                Starting test: CrossRefValidation

                ......................... ourdomain passed test CrossRefValidation


                Running enterprise tests on : ourdomain.com

                Starting test: LocatorCheck

                ......................... ourdomain.com passed test LocatorCheck

                Starting test: Intersite

                ......................... ourdomain.com passed test Intersite




                REPADMIN

                Replication Summary Start Time: 2008-06-16 11:55:04

                Beginning data collection for replication summary, this may take awhile:
                .....


                Source DSA largest delta fails/total %% error
                DC1 05m:52s 0 / 5 0
                DC2 02d.20h:07m:06s 2 / 5 40 (1753) There are no more endpoints available from the endpoint mapper.


                Destination DSA largest delta fails/total %% error
                DC1 02d.20h:07m:06s 2 / 5 40 (1753) There are no more endpoints available from the endpoint mapper.
                DC2 05m:52s 0 / 5 0

                Comment


                • #9
                  Re: Windows 2008 Two Errors after dcpromo

                  You have issues with replication. The certificates warning should currently be the least of your problems.

                  Any chance you are reverting to an old VM snapshot ?
                  Guy Teverovsky
                  "Smith & Wesson - the original point and click interface"

                  Comment


                  • #10
                    Re: Windows 2008 Two Errors after dcpromo

                    Originally posted by guyt View Post
                    You have issues with replication. The certificates warning should currently be the least of your problems.

                    Any chance you are reverting to an old VM snapshot ?
                    WoW

                    actually this is a test enviornment. I have restores my DC to different hardware and got it up and running. then I joined the new server and dcpromo'd and got this mess

                    Comment


                    • #11
                      Re: Windows 2008 Two Errors after dcpromo

                      Tuesday update:

                      I left both systems on during the night. Did a DCDIAG on the new DC and everything PASSED with NO ERRORS.

                      So I rebooted the new DC and dcdiag is throwing the same errors as before

                      weird

                      Comment

                      Working...
                      X