Announcement

Collapse
No announcement yet.

Setting up a 2nd AD-DS GC

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up a 2nd AD-DS GC

    Hi,

    I'm new to this forum and haven't found this issue posted, but please point me to any relevant existing post you are aware of.

    I'm setting up a new active directory, new forest install, on a Windows 2008 DataCenter Server with Hyper-V hosting several virtual Windows Standard servers.

    I have two DataCenter Hosts. I want to put AD, DNS & GC on a virtual server on each DataCenter Host. AD/DNS/GC appear to install fine on the first host.

    When I run dcpromo to add the second install of AD/DNS/GC on a virtual machine on the second DataCenter host I get a failure:

    Active Directory Domain Services could not replicate the directory partition CN=Schema,CN=Configuration,DC=abc,DC=def,DC=hig for the remote Active Directory Domain Controller dns.abc.def.hig. "A security package specific error occurred."

    I'm at a loss as to what this error indicates or how to correct it. FYI, the firewalls on both virtual machines are off.

    I welcome your suggestions.

    Thanks,
    Ben

  • #2
    Re: Setting up a 2nd AD-DS GC

    Hi,

    Can you post a DCdiag ?
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Setting up a 2nd AD-DS GC

      Hi,

      Thanks for the reply and your suggestion. I ran dcdiag on both the initial server (DNS1) and from the second server (DNS2) with the "N" switch. This identified some errors I've since been able to clean-up. So now dcdiag on the DNS1 "passes" top to bottom.

      But when I run it from DNS2 I get a couple errors. I also tried dcpromo again and it still ends with the same error.

      Below are just the dcdiag tests which came back with errors.

      What does it tell you?

      Thanks,
      Ben

      Microsoft Windows [Version 6.0.6001]
      Copyright (c) 2006 Microsoft Corporation. All rights reserved.

      C:\Users\Administrator.ABC>dcdiag /n:ABC.DEF.HIG
      The distinguished name of the domain is DC=abc,DC=def,DC=hig.

      Directory Server Diagnosis

      Performing initial setup:
      Finding server for domain DC=abc,DC=def,DC=hig...
      Server for domain = dns1.abc.def.hig
      * Identified AD Forest.
      Done gathering initial info.

      Doing primary tests

      Testing server: Default-First-Site-Name\DNS1
      Starting test: KccEvent
      Iterating through the events failed, error 1825
      "A security package specific error occurred."
      ......................... DNS1 failed test KccEvent

      Starting test: ObjectsReplicated
      Failed to read object metadata on DNS, error
      The message or signature supplied for verification has been altered
      ......................... DNS1 passed test ObjectsReplicated

      Starting test: Replications
      [Replications Check,DNS1] DsReplicaGetInfo(NEIGHBORS,
      DC=abc,DC=def,DC=hig) failed, error 0x6 "The handle is invalid."
      ......................... DNS1 failed test Replications

      Starting test: SystemLog
      Iterating through the events failed, error 1825
      "A security package specific error occurred."
      ......................... DNS1 failed test SystemLog

      Comment


      • #4
        Re: Setting up a 2nd AD-DS GC

        Hi,

        Let's start with checking both hosts for any different TCP/IP configurations I.e. Both pointing at the same DNS,ensure Firewall is off etc.
        Do a connectivity test. Ping etc.
        Check the time on both is the same.
        Remove it from the domain and re-join and try to re-promote.

        Can you also post the Ipconfig /all from both?
        Last edited by L4ndy; 25th March 2009, 10:35.
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Setting up a 2nd AD-DS GC

          L4ndy,

          Thanks for your assistance. You got me pointed in the right direction. I was also having remote connections getting disconnected with a "error in data encryption". Which led to finding the following post:

          http://social.technet.microsoft.com/...-73b5254681d5/

          " ...I ran into this problem as well on my PE2950 w/ Win2k8 x64 and Broadcom NetXtreme II NICs. To resolve it open the Broadcom Advanced Control Suite and disable IPv4 Large Send Offload and your problem will be solved."

          This seems to have solved the remote connection problem and the dcpromo problem! Strange (and frustrating!) but Broadcom always seems to be in the middle of the trouble.

          Thanks again!
          Ben

          Comment

          Working...
          X