Announcement

Collapse
No announcement yet.

AD Problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • AD Problem

    Guys,I have a problem.

    A month ago I configured a Win2K server as an additional DC to a Win2K network.I had a Win2K server running as a single DC,so for resilience purposes,I added the other one,which acted as a DHCP server.All went well for a 5 weeks.I could create user accounts on both machines,and replication was good.Until last week,that is.

    Out of nowhere,when I tried to access AD Users and Computers,I got the following error message;

    Naming information can not be located because: The target principal name is incorrect. Contact your system administrator to verify that your domain is properly configured and is currently running.

    Then ADUC snap-in loads with a red X.

    Here's what I tried;

    1) When I tried to access the other DC,I got the "\\Server not accessible. Logon failure: The target account name is incorerct"

    2) I also tried Start>Run then \\server and I got the same error as above.

    3) Then I tried Start>Run then \\10.97.21.3 (the IP address of the other DC),and it connected successfully.

    I figured it could be domain naming service,so I checked the DNS server,it seems to be up and running.All the other clients and servers on the network don't have problems with it.I deleted the DCs records from the DNS zone then re-registered them with the ipconfig /registerdns command.The nslookup command works well with the ailing server and all other machines.

    At ADUC,when I try to use the Connect to Domain Controller coomand,I get the same errors as above.

    It's as though AD just stopped running on the server. I also suspect a DNS issue.

    My event viewer shows a lot of EventID 3034 and 16650 errors.

    Any help will be highly appreciated.

    Cheers.

  • #2
    Re: AD Problem

    run netdiag and dcdiag and post the results over here.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: AD Problem

      With no switches?

      Either way,the commands are not recognized.I have two network drives that are suppossed to map,but they don't,so the cmd automatically starts on the C:\ prompt,instead of Q:\.

      I should add,the server logs me in with locally cached credentials,I believe,because when I try using a different administrator account it gives me the wrong username/password error message. Funny thing is,when I disable the account,it gives me the account is disabled error message.

      Cheers.

      Comment


      • #4
        Re: AD Problem

        Oh wait,hey!!

        May be I need to install the support tools for the command to work?Jesus,I don't even have it here!

        Comment


        • #5
          Re: AD Problem

          Sounds like you definitely have a DNS issue. If your AD server isn't the primary AD server it will try and contact the Primary Domain Controller (PDC). I'm assuming it's not contacting the PDC and cannot/will not authenticate with the rest of the domain because of it. I just found this article googling the "Target principal name is incorrect".

          http://support.microsoft.com/kb/288167

          It sounds just like what you are experiencing. I would try this, as well as making 100% positive your DNS is set up right. Also, kind of a dumb question, can you ping -a the name of the server from a client machine?

          Comment


          • #6
            Re: AD Problem

            Originally posted by Michelinman85 View Post
            Sounds like you definitely have a DNS issue. If your AD server isn't the primary AD server it will try and contact the Primary Domain Controller (PDC). I'm assuming it's not contacting the PDC and cannot/will not authenticate with the rest of the domain because of it. I just found this article googling the "Target principal name is incorrect".

            http://support.microsoft.com/kb/288167

            It sounds just like what you are experiencing. I would try this, as well as making 100% positive your DNS is set up right. Also, kind of a dumb question, can you ping -a the name of the server from a client machine?
            Sure,I can ping the server,and every other machine for that matter,using computer names.

            Thanks for the article,I'll go through it.

            Comment


            • #7
              Re: AD Problem

              Originally posted by Giodino View Post
              With no switches?

              Either way,the commands are not recognized
              Yups otherwise I would told you to use some switches...
              However you can use netdiag > c:\netdiag.txt to export it to a textfile (same of course for dcdiag)
              And yes, You NEED to install the support tools located on the CD or download it with Microsoft.
              http://www.google.nl/search?hl=nl&q=...G=Zoeken&meta=

              I already assumed you already installed those tools because they are quite handy
              And if you add a new DC it's also quite handy to check the replication with replmon (which is also located in the support tools).
              Why? there is a lot more data replicated then useraccounts
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: AD Problem

                Originally posted by Michelinman85 View Post
                Sounds like you definitely have a DNS issue. If your AD server isn't the primary AD server it will try and contact the Primary Domain Controller (PDC). I'm assuming it's not contacting the PDC and cannot/will not authenticate with the rest of the domain because of it. I just found this article googling the "Target principal name is incorrect".

                http://support.microsoft.com/kb/288167

                It sounds just like what you are experiencing. I would try this, as well as making 100% positive your DNS is set up right. Also, kind of a dumb question, can you ping -a the name of the server from a client machine?
                1. There is NO PDC in an AD environment... and DNS has absolutely NOTHING to do with PDC/BDC/Domain Controller status - even when it is AD integrated, the DNS database is simply stored on domain controllers; so if DNS name resolution fails, it does NOT go to the "PDC" (because such doesn't exist) but it follows the "Forwarders" and root hints set in the DNS setup and if those fail it returns "Name not found".

                2. PING -A is not used with names, but with IP Addresses to resolve them TO names. It is essentially looking up a PTR record in DNS. PING -A <server name> will result in the -A option being ignored.


                Tom
                For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                Anything you say will be misquoted and used against you

                Comment


                • #9
                  Re: AD Problem

                  Thanks for the link to the support tools.I'm currently downloading them,I'll install them shortly,run the netdiag and dcdiag commands and post the results here.

                  My DNS server is configured as a member server,not as a DC.It's not a powerful machine,that's why.So my DNS is not AD intergrated.Anyhow,the PING -A command works well for every PC I ping,both with computer names and IP addresses.

                  I should also add;My DCs are Win2k.My DNS server is a Win2003 Enterprise server.

                  Cheers.
                  Last edited by Giodino; 24th June 2008, 07:20.

                  Comment


                  • #10
                    Re: AD Problem

                    Guys,here are the results for the netdiag and dcdiag commands.

                    My ailing server is named server2,and my other DC (which is perfectly fine) is server.I changed the computer names and domain namesin the output for security.

                    Netdiag


                    ..........................................

                    Computer Name: SERVER2
                    DNS Host Name: server2.domain (changed for my security)
                    System info : Windows 2000 Server (Build 2195)
                    Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
                    List of installed hotfixes :
                    KB823182
                    KB823559
                    KB824146
                    KB826232
                    KB828035
                    KB835732
                    KB841872
                    KB842773
                    KB871250
                    KB883939-IE501SP4-20050427.182731
                    KB885836
                    KB888113
                    KB891781
                    KB893803v2
                    KB897715-OE55SP2-20050503.113444
                    Q147222
                    Q828026


                    Netcard queries test . . . . . . . : Passed



                    Per interface results:

                    Adapter : Intel Fast Ethernet LAN Controller - onboard

                    Netcard queries test . . . : Passed

                    Host Name. . . . . . . . . : server2.domain
                    IP Address . . . . . . . . : 10.97.21.4
                    Subnet Mask. . . . . . . . : 255.255.255.0
                    Default Gateway. . . . . . : 10.97.21.254
                    Primary WINS Server. . . . : 10.0.3.130
                    Secondary WINS Server. . . : 10.0.3.1
                    Dns Servers. . . . . . . . : 10.97.21.6
                    10.0.4.129


                    AutoConfiguration results. . . . . . : Passed

                    Default gateway test . . . : Passed

                    NetBT name test. . . . . . : Passed

                    WINS service test. . . . . : Passed


                    Global results:


                    Domain membership test . . . . . . : Failed
                    [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


                    NetBT transports test. . . . . . . : Passed
                    List of NetBt transports currently configured:
                    NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                    1 NetBt transport currently configured.


                    Autonet address test . . . . . . . : Passed


                    IP loopback ping test. . . . . . . : Passed


                    Default gateway test . . . . . . . : Passed


                    NetBT name test. . . . . . . . . . : Passed


                    Winsock test . . . . . . . . . . . : Passed


                    DNS test . . . . . . . . . . . . . : Passed
                    [WARNING]: The DNS registration for 'server2.domain' is correct only on some DNS servers.
                    Please wait 15 min for replication and run the test again.
                    PASS - All the DNS entries for DC are registered on DNS server '10.97.21.6' and other DCs also have some of the names registered.
                    [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 10.0.4.129, ERROR_TIMEOUT.


                    Redir and Browser test . . . . . . : Passed
                    List of NetBt transports currently bound to the Redir
                    NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                    The redir is bound to 1 NetBt transport.

                    List of NetBt transports currently bound to the browser
                    NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                    The browser is bound to 1 NetBt transport.


                    DC discovery test. . . . . . . . . : Passed


                    DC list test . . . . . . . . . . . : Failed
                    [WARNING] Cannot call DsBind to server.domain (10.97.21.3). [SEC_E_WRONG_PRINCIPAL]


                    Trust relationship test. . . . . . : Failed
                    [FATAL] Secure channel to domain 'DOMAIN' is broken. [ERROR_ACCESS_DENIED]


                    Kerberos test. . . . . . . . . . . : Passed


                    LDAP test. . . . . . . . . . . . . : Passed
                    [WARNING] Failed to query SPN registration on DC 'server.domain'.


                    Bindings test. . . . . . . . . . . : Passed


                    WAN configuration test . . . . . . : Skipped
                    No active remote access connections.


                    Modem diagnostics test . . . . . . : Passed

                    IP Security test . . . . . . . . . : Passed
                    Directory IPSec Policy Active: 'Server (Request Security)'


                    The command completed successfully



                    dcdiag



                    .........................................

                    Computer Name: SERVER2
                    DNS Host Name: server2.domain // computer name and domain changed for security
                    System info : Windows 2000 Server (Build 2195)
                    Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
                    List of installed hotfixes :
                    KB823182
                    KB823559
                    KB824146
                    KB826232
                    KB828035
                    KB835732
                    KB841872
                    KB842773
                    KB871250
                    KB883939-IE501SP4-20050427.182731
                    KB885836
                    KB888113
                    KB891781
                    KB893803v2
                    KB897715-OE55SP2-20050503.113444
                    Q147222
                    Q828026


                    Netcard queries test . . . . . . . : Passed



                    Per interface results:

                    Adapter : Intel Fast Ethernet LAN Controller - onboard

                    Netcard queries test . . . : Passed

                    Host Name. . . . . . . . . : server2.domain
                    IP Address . . . . . . . . : 10.97.21.4
                    Subnet Mask. . . . . . . . : 255.255.255.0
                    Default Gateway. . . . . . : 10.97.21.254
                    Primary WINS Server. . . . : 10.0.3.130
                    Secondary WINS Server. . . : 10.0.3.1
                    Dns Servers. . . . . . . . : 10.97.21.6
                    10.0.4.129


                    AutoConfiguration results. . . . . . : Passed

                    Default gateway test . . . : Passed

                    NetBT name test. . . . . . : Passed

                    WINS service test. . . . . : Passed


                    Global results:


                    Domain membership test . . . . . . : Failed
                    [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


                    NetBT transports test. . . . . . . : Passed
                    List of NetBt transports currently configured:
                    NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                    1 NetBt transport currently configured.


                    Autonet address test . . . . . . . : Passed


                    IP loopback ping test. . . . . . . : Passed


                    Default gateway test . . . . . . . : Passed


                    NetBT name test. . . . . . . . . . : Passed


                    Winsock test . . . . . . . . . . . : Passed


                    DNS test . . . . . . . . . . . . . : Passed
                    PASS - All the DNS entries for DC are registered on DNS server '10.97.21.6' and other DCs also have some of the names registered.
                    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.4.129'. Please wait for 30 minutes for DNS server replication.


                    Redir and Browser test . . . . . . : Passed
                    List of NetBt transports currently bound to the Redir
                    NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                    The redir is bound to 1 NetBt transport.

                    List of NetBt transports currently bound to the browser
                    NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                    The browser is bound to 1 NetBt transport.


                    DC discovery test. . . . . . . . . : Passed


                    DC list test . . . . . . . . . . . : Failed
                    [WARNING] Cannot call DsBind to server.domain (10.97.21.3). [SEC_E_WRONG_PRINCIPAL]


                    Trust relationship test. . . . . . : Failed
                    [FATAL] Secure channel to domain 'DOMAIN' is broken. [ERROR_ACCESS_DENIED]


                    Kerberos test. . . . . . . . . . . : Passed


                    LDAP test. . . . . . . . . . . . . : Passed
                    [WARNING] Failed to query SPN registration on DC 'server.domain'.


                    Bindings test. . . . . . . . . . . : Passed


                    WAN configuration test . . . . . . : Skipped
                    No active remote access connections.


                    Modem diagnostics test . . . . . . : Passed

                    IP Security test . . . . . . . . . : Passed
                    Directory IPSec Policy Active: 'Server (Request Security)'


                    The command completed successfully
                    .................................................. .................................................. ..............................

                    Cheers.
                    Last edited by Giodino; 24th June 2008, 08:11.

                    Comment


                    • #11
                      Re: AD Problem

                      fix this first:

                      [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 10.0.4.129, ERROR_TIMEOUT.

                      [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.4.129'. Please wait for 30 minutes for DNS server replication.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: AD Problem

                        Originally posted by Dumber View Post
                        fix this first:

                        [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 10.0.4.129, ERROR_TIMEOUT.

                        [WARNING] The DNS entries for this DC are not registered correctly on DNS server '10.0.4.129'. Please wait for 30 minutes for DNS server replication.
                        Alright.

                        IP address 10.0.4.129 is an address for a DNS server at HQ,I am a network administrator at a branch department.Perhaps the DNS server at HQ has not been configured to perform zone transfers and forwarders to my DNS server?But why is it that I can perform queries for computer names at the HQ network,and they get resolved successfully?I used the nslookup command,then gave IP addresses,and correct computer names were resolved.WHY??

                        Also,pinging the DNS server at HQ using both IPaddress and computer name works.

                        Anyhow,I changed my TCP/IP configuration for the problematic server,such that both the primary and secondary DNS servers are set to be my local DNS server which is functioning fine(?).

                        Here's is the output for netdiag;


                        ........................................

                        Computer Name: SERVER2
                        DNS Host Name: server2.domain
                        System info : Windows 2000 Server (Build 2195)
                        Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
                        List of installed hotfixes :
                        KB823182
                        KB823559
                        KB824146
                        KB826232
                        KB828035
                        KB835732
                        KB841872
                        KB842773
                        KB871250
                        KB883939-IE501SP4-20050427.182731
                        KB885836
                        KB888113
                        KB891781
                        KB893803v2
                        KB897715-OE55SP2-20050503.113444
                        Q147222
                        Q828026


                        Netcard queries test . . . . . . . : Passed



                        Per interface results:

                        Adapter : Intel Fast Ethernet LAN Controller - onboard

                        Netcard queries test . . . : Passed

                        Host Name. . . . . . . . . : server2.domain
                        IP Address . . . . . . . . : 10.97.21.4
                        Subnet Mask. . . . . . . . : 255.255.255.0
                        Default Gateway. . . . . . : 10.97.21.254
                        Primary WINS Server. . . . : 10.0.3.130
                        Secondary WINS Server. . . : 10.0.3.1
                        Dns Servers. . . . . . . . : 10.97.21.6
                        10.97.21.6


                        AutoConfiguration results. . . . . . : Passed

                        Default gateway test . . . : Passed

                        NetBT name test. . . . . . : Passed

                        WINS service test. . . . . : Passed


                        Global results:


                        Domain membership test . . . . . . : Failed
                        [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


                        NetBT transports test. . . . . . . : Passed
                        List of NetBt transports currently configured:
                        NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                        1 NetBt transport currently configured.


                        Autonet address test . . . . . . . : Passed


                        IP loopback ping test. . . . . . . : Passed


                        Default gateway test . . . . . . . : Passed


                        NetBT name test. . . . . . . . . . : Passed


                        Winsock test . . . . . . . . . . . : Passed


                        DNS test . . . . . . . . . . . . . : Passed
                        PASS - All the DNS entries for DC are registered on DNS server '10.97.21.6' and other DCs also have some of the names registered.


                        Redir and Browser test . . . . . . : Passed
                        List of NetBt transports currently bound to the Redir
                        NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                        The redir is bound to 1 NetBt transport.

                        List of NetBt transports currently bound to the browser
                        NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                        The browser is bound to 1 NetBt transport.


                        DC discovery test. . . . . . . . . : Passed


                        DC list test . . . . . . . . . . . : Failed
                        [WARNING] Cannot call DsBind to server.domain (10.97.21.3). [SEC_E_WRONG_PRINCIPAL]


                        Trust relationship test. . . . . . : Failed
                        [FATAL] Secure channel to domain 'DOMAINNAME' is broken. [ERROR_ACCESS_DENIED]


                        Kerberos test. . . . . . . . . . . : Passed


                        LDAP test. . . . . . . . . . . . . : Passed
                        [WARNING] Failed to query SPN registration on DC 'server.domain'.


                        Bindings test. . . . . . . . . . . : Passed


                        WAN configuration test . . . . . . : Skipped
                        No active remote access connections.


                        Modem diagnostics test . . . . . . : Passed

                        IP Security test . . . . . . . . . : Passed
                        Directory IPSec Policy Active: 'Server (Request Security)'


                        The command completed successfully
                        .................................................. .................................................. ...........................

                        And things changed in the dcdiag output;


                        Domain Controller Diagnosis

                        Performing initial setup:
                        [server2] LDAP bind failed with error 31,
                        A device attached to the system is not functioning..
                        .................................................. .................................................. ..........................

                        So now I am officially lost

                        Comment


                        • #13
                          Re: AD Problem

                          try "netdiag /fix"
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: AD Problem

                            Originally posted by Dumber View Post
                            try "netdiag /fix"
                            Thanks for being patient.

                            Here's the output for the netdiag /fix command;


                            .........................................

                            Computer Name: SERVER2
                            DNS Host Name: server2.domain
                            System info : Windows 2000 Server (Build 2195)
                            Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
                            List of installed hotfixes :
                            KB823182
                            KB823559
                            KB824146
                            KB826232
                            KB828035
                            KB835732
                            KB841872
                            KB842773
                            KB871250
                            KB883939-IE501SP4-20050427.182731
                            KB885836
                            KB888113
                            KB891781
                            KB893803v2
                            KB897715-OE55SP2-20050503.113444
                            Q147222
                            Q828026


                            Netcard queries test . . . . . . . : Passed



                            Per interface results:

                            Adapter : Intel Fast Ethernet LAN Controller - onboard

                            Netcard queries test . . . : Passed

                            Host Name. . . . . . . . . : server2.domain
                            IP Address . . . . . . . . : 10.97.21.4
                            Subnet Mask. . . . . . . . : 255.255.255.0
                            Default Gateway. . . . . . : 10.97.21.254
                            Primary WINS Server. . . . : 10.0.3.130
                            Secondary WINS Server. . . : 10.0.3.1
                            Dns Servers. . . . . . . . : 10.97.21.6
                            10.97.21.6


                            AutoConfiguration results. . . . . . : Passed

                            Default gateway test . . . : Passed

                            NetBT name test. . . . . . : Passed

                            WINS service test. . . . . : Passed


                            Global results:


                            Domain membership test . . . . . . : Failed
                            [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


                            NetBT transports test. . . . . . . : Passed
                            List of NetBt transports currently configured:
                            NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                            1 NetBt transport currently configured.


                            Autonet address test . . . . . . . : Passed


                            IP loopback ping test. . . . . . . : Passed


                            Default gateway test . . . . . . . : Passed


                            NetBT name test. . . . . . . . . . : Passed


                            Winsock test . . . . . . . . . . . : Passed


                            DNS test . . . . . . . . . . . . . : Passed
                            [WARNING]: The DNS registration for 'server2.domain' is correct only on some DNS servers.
                            Please wait 15 min for replication and run the test again.
                            PASS - All the DNS entries for DC are registered on DNS server '10.97.21.6' and other DCs also have some of the names registered.


                            Redir and Browser test . . . . . . : Passed
                            List of NetBt transports currently bound to the Redir
                            NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                            The redir is bound to 1 NetBt transport.

                            List of NetBt transports currently bound to the browser
                            NetBT_Tcpip_{6B16344F-77D3-4CE3-922D-DEEFDF3551AD}
                            The browser is bound to 1 NetBt transport.


                            DC discovery test. . . . . . . . . : Passed


                            DC list test . . . . . . . . . . . : Failed
                            [WARNING] Cannot call DsBind to server.domain (10.97.21.3). [SEC_E_WRONG_PRINCIPAL]


                            Trust relationship test. . . . . . : Failed
                            [FATAL] Secure channel to domain 'DOMAINNAME' is broken. [ERROR_ACCESS_DENIED]


                            Kerberos test. . . . . . . . . . . : Passed


                            LDAP test. . . . . . . . . . . . . : Passed
                            [WARNING] Failed to query SPN registration on DC 'server.domain'.


                            Bindings test. . . . . . . . . . . : Passed


                            WAN configuration test . . . . . . : Skipped
                            No active remote access connections.


                            Modem diagnostics test . . . . . . : Passed

                            IP Security test . . . . . . . . . : Passed
                            Directory IPSec Policy Active: 'Server (Request Security)'


                            The command completed successfully
                            .................................................. .................................................. ............................


                            Another thing that I noticed; I also run the "netdiag" command on the other DC,and I noticed a difference in the IP Security policies.Here's the output from the good DC;

                            .................................................. .................................................. ..........................



                            Computer Name: SERVER
                            DNS Host Name: server.domain
                            System info : Windows 2000 Server (Build 2195)
                            Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
                            List of installed hotfixes :
                            KB824146
                            KB893803v2
                            Q147222


                            Netcard queries test . . . . . . . : Passed
                            [WARNING] The net card 'RAS Async Adapter' may not be working because it has not received any packets.



                            Per interface results:

                            Adapter : Intel Fast Ethernet LAN Controller - onboard

                            Netcard queries test . . . : Passed

                            Host Name. . . . . . . . . : server
                            IP Address . . . . . . . . : 10.97.21.3
                            Subnet Mask. . . . . . . . : 255.255.255.0
                            Default Gateway. . . . . . : 10.97.21.254
                            Primary WINS Server. . . . : 10.0.3.1
                            Secondary WINS Server. . . : 10.0.3.130
                            Dns Servers. . . . . . . . : 10.97.21.6
                            10.97.21.6


                            AutoConfiguration results. . . . . . : Passed

                            Default gateway test . . . : Passed

                            NetBT name test. . . . . . : Passed

                            WINS service test. . . . . : Passed


                            Global results:


                            Domain membership test . . . . . . : Passed


                            NetBT transports test. . . . . . . : Passed
                            List of NetBt transports currently configured:
                            NetBT_Tcpip_{4353DC05-2E9C-4F49-A904-0CC05E42E884}
                            1 NetBt transport currently configured.


                            Autonet address test . . . . . . . : Passed


                            IP loopback ping test. . . . . . . : Passed


                            Default gateway test . . . . . . . : Passed


                            NetBT name test. . . . . . . . . . : Passed


                            Winsock test . . . . . . . . . . . : Passed


                            DNS test . . . . . . . . . . . . . : Passed
                            [WARNING]: The DNS registration for 'server.domain' is correct only on some DNS servers.
                            Please wait 15 min for replication and run the test again.
                            PASS - All the DNS entries for DC are registered on DNS server '10.97.21.6' and other DCs also have some of the names registered.


                            Redir and Browser test . . . . . . : Passed
                            List of NetBt transports currently bound to the Redir
                            NetBT_Tcpip_{4353DC05-2E9C-4F49-A904-0CC05E42E884}
                            The redir is bound to 1 NetBt transport.

                            List of NetBt transports currently bound to the browser
                            NetBT_Tcpip_{4353DC05-2E9C-4F49-A904-0CC05E42E884}
                            The browser is bound to 1 NetBt transport.


                            DC discovery test. . . . . . . . . : Passed


                            DC list test . . . . . . . . . . . : Passed


                            Trust relationship test. . . . . . : Skipped


                            Kerberos test. . . . . . . . . . . : Passed


                            LDAP test. . . . . . . . . . . . . : Passed


                            Bindings test. . . . . . . . . . . : Passed


                            WAN configuration test . . . . . . : Skipped
                            No active remote access connections.


                            Modem diagnostics test . . . . . . : Passed

                            IP Security test . . . . . . . . . : Passed
                            IPSec policy service is active, but no policy is assigned.


                            The command completed successfully
                            .................................................. .................................................. ...................



                            Could this be the problem?

                            Comment


                            • #15
                              Re: AD Problem

                              Guys,I managed to solve the problem. I should have solved it two days ago though.

                              A poster with screen name Michelinman85 gave me an article to read and follow. I read through it,just didn't follow what it said.

                              So I finally woke up and used it. I disbled the KDC service on the server and restarted it. Walaal!! AD is up and running.

                              Thanks for your help guys.I learn something knew everyday.

                              Gio

                              Comment

                              Working...
                              X