Announcement

Collapse
No announcement yet.

Missing netllogon share after DCpromo 2003 ->2008

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Missing netllogon share after DCpromo 2003 ->2008

    I am now stuck after many hours of searching.
    First I was missing both sysvol, netlogon, group policies and there where some dns problems.
    Now DCdiag don't give me those error messages anymore and I seem to be stuck with the missing netlogon error

    Starting test: NetLogons

    * Network Logons Privileges Check
    Unable to connect to the NETLOGON share! (\\SERVER2011\netlogon)

    [SERVER2011] An net use or LsaPolicy operation failed with error 67,

    The network name cannot be found..

    ......................... SERVER2011 failed test NetLogons.

    We had a hired tech doing the upgrade from 2003 to 2008r2 (transfer from a 2003 server to a new 2008 because I wanted it done properly. Everything worked properly until we had a powersurge which killed the old server which someone had reconnected.

    The server is 2008r2

    I have run DCdiag /fix
    I have Restaredt Netlogon/FRS, rebooted and out of ideas.
    Hope someone can help me on the right path here.

    So here is my DCDIAG /V /C /E /f:C:/logjul.txt file
    Attached Files

  • #2
    Re: Missing netllogon share after DCpromo 2003 ->2008

    are you on a 2008 server when you run the netdiag/dcdiag test?

    If so, try running it from an elevated command prompt, see if you get the same issues

    I'd be looking at your DNS setup.
    Ther's a few errors in there - one relating to a second DNS server configured on the ethernet adaptor - 95.159.whatever
    Also, root zone not fpound
    also, forwarders not configured

    you've got some SRV records that are missing - however they might just be missing on that dns server (which is upstream i think ?)
    Last edited by tehcamel; 20th July 2011, 13:47.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Missing netllogon share after DCpromo 2003 ->2008

      Thank you, yes I am working on the server (RDP) when doing the DCdiag.

      And I was afraid that there would be some DNS problems as well. The subject I would be most likely to flunk if I ever took a test.

      I will see if I can create root Zone and configure forwarders.

      The second dns server is 195.159 is the ISP dns server

      With run as admin C:\Users\Administrator.HQ>dcdiag

      Directory Server Diagnosis

      Performing initial setup:
      Trying to find home server...
      Home Server = SERVER2011
      * Identified AD Forest.
      Done gathering initial info.

      Doing initial required tests

      Testing server: Default-First-Site-Name\SERVER2011
      Starting test: Connectivity
      ......................... SERVER2011 passed test Connectivity

      Doing primary tests

      Testing server: Default-First-Site-Name\SERVER2011
      Starting test: Advertising
      ......................... SERVER2011 passed test Advertising
      Starting test: FrsEvent
      There are warning or error events within the last 24 hours after the
      SYSVOL has been shared. Failing SYSVOL replication problems may cause
      Group Policy problems.
      ......................... SERVER2011 passed test FrsEvent
      Starting test: DFSREvent
      ......................... SERVER2011 passed test DFSREvent
      Starting test: SysVolCheck
      ......................... SERVER2011 passed test SysVolCheck
      Starting test: KccEvent
      ......................... SERVER2011 passed test KccEvent
      Starting test: KnowsOfRoleHolders
      ......................... SERVER2011 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
      ......................... SERVER2011 passed test MachineAccount
      Starting test: NCSecDesc
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=ForestDnsZones,DC=hq,DC=isdalen,DC=no
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=DomainDnsZones,DC=hq,DC=isdalen,DC=no
      ......................... SERVER2011 failed test NCSecDesc
      Starting test: NetLogons
      Unable to connect to the NETLOGON share! (\\SERVER2011\netlogon)
      [SERVER2011] An net use or LsaPolicy operation failed with error 67,
      The network name cannot be found..
      ......................... SERVER2011 failed test NetLogons
      Starting test: ObjectsReplicated
      ......................... SERVER2011 passed test ObjectsReplicated
      Starting test: Replications
      ......................... SERVER2011 passed test Replications
      Starting test: RidManager
      ......................... SERVER2011 passed test RidManager
      Starting test: Services
      ......................... SERVER2011 passed test Services
      Starting test: SystemLog
      ......................... SERVER2011 passed test SystemLog
      Starting test: VerifyReferences
      ......................... SERVER2011 passed test VerifyReferences


      Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
      ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... ForestDnsZones passed test
      CrossRefValidation

      Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
      ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... DomainDnsZones passed test
      CrossRefValidation

      Running partition tests on : Schema
      Starting test: CheckSDRefDom
      ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... Schema passed test CrossRefValidation

      Running partition tests on : Configuration
      Starting test: CheckSDRefDom
      ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... Configuration passed test CrossRefValidation

      Running partition tests on : hq
      Starting test: CheckSDRefDom
      ......................... hq passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... hq passed test CrossRefValidation

      Running enterprise tests on : hq.isdalen.no
      Starting test: LocatorCheck
      ......................... hq.isdalen.no passed test LocatorCheck
      Starting test: Intersite
      ......................... hq.isdalen.no passed test Intersite

      C:\Users\Administrator.HQ>dcdiag /fix

      Directory Server Diagnosis

      Performing initial setup:
      Trying to find home server...
      Home Server = SERVER2011
      * Identified AD Forest.
      Done gathering initial info.

      Doing initial required tests

      Testing server: Default-First-Site-Name\SERVER2011
      Starting test: Connectivity
      ......................... SERVER2011 passed test Connectivity

      Doing primary tests

      Testing server: Default-First-Site-Name\SERVER2011
      Starting test: Advertising
      ......................... SERVER2011 passed test Advertising
      Starting test: FrsEvent
      There are warning or error events within the last 24 hours after the
      SYSVOL has been shared. Failing SYSVOL replication problems may cause
      Group Policy problems.
      ......................... SERVER2011 passed test FrsEvent
      Starting test: DFSREvent
      ......................... SERVER2011 passed test DFSREvent
      Starting test: SysVolCheck
      ......................... SERVER2011 passed test SysVolCheck
      Starting test: KccEvent
      ......................... SERVER2011 passed test KccEvent
      Starting test: KnowsOfRoleHolders
      ......................... SERVER2011 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
      ......................... SERVER2011 passed test MachineAccount
      Starting test: NCSecDesc
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=ForestDnsZones,DC=hq,DC=isdalen,DC=no
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=DomainDnsZones,DC=hq,DC=isdalen,DC=no
      ......................... SERVER2011 failed test NCSecDesc
      Starting test: NetLogons
      Unable to connect to the NETLOGON share! (\\SERVER2011\netlogon)
      [SERVER2011] An net use or LsaPolicy operation failed with error 67,
      The network name cannot be found..
      ......................... SERVER2011 failed test NetLogons
      Starting test: ObjectsReplicated
      ......................... SERVER2011 passed test ObjectsReplicated
      Starting test: Replications
      ......................... SERVER2011 passed test Replications
      Starting test: RidManager
      ......................... SERVER2011 passed test RidManager
      Starting test: Services
      ......................... SERVER2011 passed test Services
      Starting test: SystemLog
      ......................... SERVER2011 passed test SystemLog
      Starting test: VerifyReferences
      ......................... SERVER2011 passed test VerifyReferences


      Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
      ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... ForestDnsZones passed test
      CrossRefValidation

      Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
      ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... DomainDnsZones passed test
      CrossRefValidation

      Running partition tests on : Schema
      Starting test: CheckSDRefDom
      ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... Schema passed test CrossRefValidation

      Running partition tests on : Configuration
      Starting test: CheckSDRefDom
      ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... Configuration passed test CrossRefValidation

      Running partition tests on : hq
      Starting test: CheckSDRefDom
      ......................... hq passed test CheckSDRefDom
      Starting test: CrossRefValidation
      ......................... hq passed test CrossRefValidation

      Running enterprise tests on : hq.isdalen.no
      Starting test: LocatorCheck
      ......................... hq.isdalen.no passed test LocatorCheck
      Starting test: Intersite
      ......................... hq.isdalen.no passed test Intersite

      C:\Users\Administrator.HQ>

      Comment


      • #4
        Re: Missing netllogon share after DCpromo 2003 ->2008

        Less and less errors all the time.

        DNS forwarders are ok and the 195,159 error is gone.

        Will try to create a root zone

        But still no netlogon which I belive makes it a bit unstable for the users.
        Attached Files

        Comment


        • #5
          Re: Missing netllogon share after DCpromo 2003 ->2008

          try ipconfig /registerdns

          just in case..
          and also a reboot :P
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Missing netllogon share after DCpromo 2003 ->2008

            Thank you.
            Ipconfig /registerdns has been run and rebooted.

            Still no netlogon

            Microsoft Windows [Version 6.1.7601]
            Copyright (c) 2009 Microsoft Corporation. All rights reserved.

            C:\Users\Administrator.HQ>dcdiag

            Directory Server Diagnosis

            Performing initial setup:
            Trying to find home server...
            Home Server = SERVER2011
            * Identified AD Forest.
            Done gathering initial info.

            Doing initial required tests

            Testing server: Default-First-Site-Name\SERVER2011
            Starting test: Connectivity
            ......................... SERVER2011 passed test Connectivity

            Doing primary tests

            Testing server: Default-First-Site-Name\SERVER2011
            Starting test: Advertising
            ......................... SERVER2011 passed test Advertising
            Starting test: FrsEvent
            There are warning or error events within the last 24 hours after the
            SYSVOL has been shared. Failing SYSVOL replication problems may cause
            Group Policy problems.
            ......................... SERVER2011 passed test FrsEvent
            Starting test: DFSREvent
            ......................... SERVER2011 passed test DFSREvent
            Starting test: SysVolCheck
            ......................... SERVER2011 passed test SysVolCheck
            Starting test: KccEvent
            A warning event occurred. EventID: 0x80000B46
            Time Generated: 07/20/2011 18:35:00
            Event String:
            The security of this directory server can be significantly enhanced
            by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
            LDAP binds that do not request signing (integrity verification) and LDAP simple
            binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. E
            ven if no clients are using such binds, configuring the server to reject them wi
            ll improve the security of this server.
            ......................... SERVER2011 passed test KccEvent
            Starting test: KnowsOfRoleHolders
            ......................... SERVER2011 passed test KnowsOfRoleHolders
            Starting test: MachineAccount
            ......................... SERVER2011 passed test MachineAccount
            Starting test: NCSecDesc
            Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
            access rights for the naming context:
            DC=ForestDnsZones,DC=hq,DC=isdalen,DC=no
            Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
            access rights for the naming context:
            DC=DomainDnsZones,DC=hq,DC=isdalen,DC=no
            ......................... SERVER2011 failed test NCSecDesc
            Starting test: NetLogons
            Unable to connect to the NETLOGON share! (\\SERVER2011\netlogon)
            [SERVER2011] An net use or LsaPolicy operation failed with error 67,
            The network name cannot be found..
            ......................... SERVER2011 failed test NetLogons
            Starting test: ObjectsReplicated
            ......................... SERVER2011 passed test ObjectsReplicated
            Starting test: Replications
            ......................... SERVER2011 passed test Replications
            Starting test: RidManager
            ......................... SERVER2011 passed test RidManager
            Starting test: Services
            ......................... SERVER2011 passed test Services
            Starting test: SystemLog
            A warning event occurred. EventID: 0x0000002F
            Time Generated: 07/20/2011 17:51:26
            Event String:
            Time Provider NtpClient: No valid response has been received from ma
            nually configured peer time.windows.com after 8 attempts to contact it. This pee
            r will be discarded as a time source and NtpClient will attempt to discover a ne
            w peer with this DNS name. The error was: The peer is unreachable.
            A warning event occurred. EventID: 0x8000001D
            Time Generated: 07/20/2011 18:35:00
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
            to use for smart card logons, or the KDC certificate could not be verified. Sma
            rt card logon may not function correctly if this problem is not resolved. To cor
            rect this problem, either verify the existing KDC certificate using certutil.exe
            or enroll for a new KDC certificate.
            An error event occurred. EventID: 0x0000164A
            Time Generated: 07/20/2011 18:35:19
            Event String:
            The Netlogon service could not create server share C:\Windows\SYSVOL
            \sysvol\hq.isdalen.no\SCRIPTS. The following error occurred:
            An error event occurred. EventID: 0x0000041F
            Time Generated: 07/20/2011 18:35:21
            Event String:
            The processing of Group Policy failed. Windows could not resolve the
            computer name. This could be caused by one of more of the following:
            A warning event occurred. EventID: 0x00000420
            Time Generated: 07/20/2011 18:36:12
            Event String:
            The DHCP service has detected that it is running on a DC and has no
            credentials configured for use with Dynamic DNS registrations initiated by the D
            HCP service. This is not a recommended security configuration. Credentials fo
            r Dynamic DNS registrations may be configured using the command line "netsh dhcp
            server set dnscredentials" or via the DHCP Administrative tool.
            A warning event occurred. EventID: 0x00002724
            Time Generated: 07/20/2011 18:36:16
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For
            reliable DHCPv6 server operation, you should use only static IPv6 addresses.
            A warning event occurred. EventID: 0x80000201
            Time Generated: 07/20/2011 18:36:45
            Event String: Logical drive "Raid5" goes critical
            A warning event occurred. EventID: 0x000727AA
            Time Generated: 07/20/2011 18:38:43
            Event String:
            The WinRM service failed to create the following SPNs: WSMAN/SERVER2
            011.hq.isdalen.no; WSMAN/SERVER2011.
            A warning event occurred. EventID: 0x0000002F
            Time Generated: 07/20/2011 18:40:35
            Event String:
            Time Provider NtpClient: No valid response has been received from ma
            nually configured peer time.windows.com after 8 attempts to contact it. This pee
            r will be discarded as a time source and NtpClient will attempt to discover a ne
            w peer with this DNS name. The error was: The peer is unreachable.
            ......................... SERVER2011 failed test SystemLog
            Starting test: VerifyReferences
            ......................... SERVER2011 passed test VerifyReferences


            Running partition tests on : ForestDnsZones
            Starting test: CheckSDRefDom
            ......................... ForestDnsZones passed test CheckSDRefDom
            Starting test: CrossRefValidation
            ......................... ForestDnsZones passed test
            CrossRefValidation

            Running partition tests on : DomainDnsZones
            Starting test: CheckSDRefDom
            ......................... DomainDnsZones passed test CheckSDRefDom
            Starting test: CrossRefValidation
            ......................... DomainDnsZones passed test
            CrossRefValidation

            Running partition tests on : Schema
            Starting test: CheckSDRefDom
            ......................... Schema passed test CheckSDRefDom
            Starting test: CrossRefValidation
            ......................... Schema passed test CrossRefValidation

            Running partition tests on : Configuration
            Starting test: CheckSDRefDom
            ......................... Configuration passed test CheckSDRefDom
            Starting test: CrossRefValidation
            ......................... Configuration passed test CrossRefValidation

            Running partition tests on : hq
            Starting test: CheckSDRefDom
            ......................... hq passed test CheckSDRefDom
            Starting test: CrossRefValidation
            ......................... hq passed test CrossRefValidation

            Running enterprise tests on : hq.isdalen.no
            Starting test: LocatorCheck
            ......................... hq.isdalen.no passed test LocatorCheck
            Starting test: Intersite
            ......................... hq.isdalen.no passed test Intersite

            C:\Users\Administrator.HQ>

            Comment


            • #7
              Re: Missing netllogon share after DCpromo 2003 ->2008

              from the server itself,

              can you run:
              net view \\server2011\netlogon

              ?
              does it respond ?
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment


              • #8
                Re: Missing netllogon share after DCpromo 2003 ->2008

                When running that command:

                net view \\server2011\netlogon
                System error 1707 has occurred.

                The network address is invalid.

                So it looks like the share is just not there.
                The service is started

                Comment

                Working...
                X