Jump to content

big trouble with Server - as KB933994

Guest Trapulo

By Guest Trapulo
in Windows 2003 Server

 Share

Recommended Posts

Guest Trapulo

Guest Trapulo

Posted
Posted

Hello,

I added a Windows 2003 Server to an existing 2000 domain, and made it an

additional domain controller. All ok, I restarted, I made GC, all worked

fine.

 

Then I restarted an other time... boom. Every crytical windows services

don't start more. Only RPC works: others (COM+, network connections, shell

hardware detection, etc) don't start.

It seems as KB933994 describes: the old group policy didn't assign

"impersonate a client after authentication" to Service and Network accounts,

so I think that the replicated policy has blocked the 2003 system.

 

Now? I've tried to update policy on the W2003 server, but it doesn't apply

it. When I run a gpupdate, it reports that "there are no more available

endpoints" and it doesn't load changed policy.

 

Any idea? Please help.

 

thanks

  • Replies 9
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: big trouble with Server - as KB933994

 

Hello Trapulo,

 

Please post the complete error message. Additional post an unedited ipconfig

/all from both DC's. Did you run dcdiag, netdiag and repadmin /showrepl from

the support tools?

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hello,

> I added a Windows 2003 Server to an existing 2000 domain, and made it

> an

> additional domain controller. All ok, I restarted, I made GC, all

> worked

> fine.

> Then I restarted an other time... boom. Every crytical windows

> services

> don't start more. Only RPC works: others (COM+, network connections,

> shell

> hardware detection, etc) don't start.

> It seems as KB933994 describes: the old group policy didn't assign

> "impersonate a client after authentication" to Service and Network

> accounts,

> so I think that the replicated policy has blocked the 2003 system.

> Now? I've tried to update policy on the W2003 server, but it doesn't

> apply it. When I run a gpupdate, it reports that "there are no more

> available endpoints" and it doesn't load changed policy.

>

> Any idea? Please help.

>

> thanks

>

Guest Trapulo

Guest Trapulo

Posted
Posted

Re: big trouble with Server - as KB933994

 

 

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com...

> Hello Trapulo,

>

> Please post the complete error message.

 

This is the error when I try to run gpupdate:

1053

Windows cannot determine the user or computer name. (There are no more

endpoints available from the endpoint mapper. ). Group Policy processing

aborted.

 

> Additional post an unedited ipconfig /all from both DC's.

 

This is from the old Win2K controller:

 

 

 

Windows 2000 IP Configuration

 

Host Name . . . . . . . . . . . . : server01

Primary DNS Suffix . . . . . . . : mydomain.com

Node Type . . . . . . . . . . . . : Broadcast

 

IP Routing Enabled. . . . . . . . : No

 

WINS Proxy Enabled. . . . . . . . : No

 

DNS Suffix Search List. . . . . . : mydomain.com

 

Ethernet adapter Intel 82544GC Based Network Connection - onboard:

 

 

 

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel 82544GC-based XT Eval Gigabit

Adapter

Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

 

DHCP Enabled. . . . . . . . . . . : No

 

IP Address. . . . . . . . . . . . : 192.168.18.20

 

Subnet Mask . . . . . . . . . . . : 255.255.255.0

 

Default Gateway . . . . . . . . . : 192.168.18.6

 

DNS Servers . . . . . . . . . . . : 192.168.18.20

192.168.18.21

 

 

(18.21 is the other W2K domain controller, with same output)

 

 

 

This is from the new W2K3 controller that doesn't run:

 

Windows IP Configuration

 

Host Name . . . . . . . . . . . . : server08

 

Primary Dns Suffix . . . . . . . : mydomain.com

 

Node Type . . . . . . . . . . . . : Unknown

 

IP Routing Enabled. . . . . . . . : No

 

WINS Proxy Enabled. . . . . . . . : No

 

DNS Suffix Search List. . . . . . : mydomain.com

 

 

 

Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:

 

 

 

Connection-specific DNS Suffix . :

 

Description . . . . . . . . . . . : Microsoft Loopback Adapter

 

Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

 

DHCP Enabled. . . . . . . . . . . : Yes

 

Autoconfiguration Enabled . . . . : Yes

 

Autoconfiguration IP Address. . . : 169.254.25.129

 

Subnet Mask . . . . . . . . . . . : 255.255.0.0

 

Default Gateway . . . . . . . . . :

 

 

 

Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:

 

 

 

Connection-specific DNS Suffix . : mydomain.com

 

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

 

Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

 

DHCP Enabled. . . . . . . . . . . : Yes

 

Autoconfiguration Enabled . . . . : Yes

 

IP Address. . . . . . . . . . . . : 192.168.18.140

 

Subnet Mask . . . . . . . . . . . : 255.255.255.0

 

Default Gateway . . . . . . . . . : 192.168.18.6

 

DHCP Server . . . . . . . . . . . : 192.168.18.20

 

DNS Servers . . . . . . . . . . . : 192.168.18.20

 

192.168.18.21

 

Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

 

Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20

 

 

 

Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:

 

 

 

Connection-specific DNS Suffix . :

 

Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE

(NDIS VBD Client)

 

Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

 

DHCP Enabled. . . . . . . . . . . : Yes

 

Autoconfiguration Enabled . . . . : Yes

 

Autoconfiguration IP Address. . . : 169.254.73.29

 

Subnet Mask . . . . . . . . . . . : 255.255.0.0

 

Default Gateway . . . . . . . . . :

 

 

 

Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:

 

 

 

Connection-specific DNS Suffix . :

 

Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE

(NDIS VBD Client) #2

 

Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

 

DHCP Enabled. . . . . . . . . . . : Yes

 

Autoconfiguration Enabled . . . . : Yes

 

Autoconfiguration IP Address. . . : 169.254.113.88

 

Subnet Mask . . . . . . . . . . . : 255.255.0.0

 

Default Gateway . . . . . . . . . :

 

--------------------------------------------------------

> Did you run dcdiag,

 

Domain Controller Diagnosis

 

Performing initial setup:

[server08] Directory Binding Error 1753:

Win32 Error 1753

This may limit some of the tests that can be performed.

Done gathering initial info.

 

Doing initial required tests

 

Testing server: Default-First-Site-Name\SERVER08

Starting test: Connectivity

The host 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain

could not be resolved to an

IP address. Check the DNS server, DHCP, server name, etc

Although the Guid DNS name

 

(7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) couldn't

 

be resolved, the server name (server08.mydomain.com) resolved to

the

 

IP address (192.168.18.140) and was pingable. Check that the IP

 

address is registered correctly with the DNS server.

......................... SERVER08 failed test Connectivity

 

Doing primary tests

 

Testing server: Default-First-Site-Name\SERVER08

Skipping all tests, because server SERVER08 is

not responding to directory service requests

 

Running partition tests on : Schema

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

 

Running partition tests on : Configuration

Starting test: CrossRefValidation

......................... Configuration passed test

CrossRefValidation

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

 

Running partition tests on : it

Starting test: CrossRefValidation

......................... it passed test CrossRefValidation

Starting test: CheckSDRefDom

......................... it passed test CheckSDRefDom

 

Running enterprise tests on : mydomain.com

Starting test: Intersite

......................... mydomain.com passed test Intersite

Starting test: FsmoCheck

Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 2138

A Global Catalog Server could not be located - All GC's are down.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138

A Primary Domain Controller could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(TIME_SERVER) call failed, error 2138

A Time Server could not be located.

The server holding the PDC role is down.

Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

2138

A Good Time Server could not be located.

Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138

A KDC could not be located - All the KDCs are down.

......................... mydomain.com failed test FsmoCheck

 

-----------------------------------------------------

>netdiag and

 

this is very long: I attach only the interesting part:

 

Global results:

 

 

Domain membership test . . . . . . : Passed

 

 

NetBT transports test. . . . . . . : Failed

List of NetBt transports currently configured:

[FATAL] Unable to retrieve transport list from Redir.

[NERR_WkstaNotStarted]

 

 

Autonet address test . . . . . . . : Passed

 

 

IP loopback ping test. . . . . . . : Passed

 

 

Default gateway test . . . . . . . : Failed

 

[FATAL] NO GATEWAYS ARE REACHABLE.

You have no connectivity to other network segments.

If you configured the IP protocol manually then

you need to add at least one valid gateway.

 

 

NetBT name test. . . . . . . . . . : Passed

[WARNING] You don't have a single interface with the <00> 'WorkStation

Service', <03> 'Messenger Service', <20> 'WINS' names defined.

 

 

Winsock test . . . . . . . . . . . : Passed

 

 

DNS test . . . . . . . . . . . . . : Failed

[WARNING] Cannot find a primary authoritative DNS server for the

name

'server08.mydomain.com.'. [ERROR_TIMEOUT]

The name 'server08.mydomain.com.' may not be registered in DNS.

[WARNING] Cannot find a primary authoritative DNS server for the

name

'server08.mydomain.com.'. [ERROR_TIMEOUT]

The name 'server08.mydomain.com.' may not be registered in DNS.

[WARNING] Cannot find a primary authoritative DNS server for the

name

'server08.mydomain.com.'. [ERROR_TIMEOUT]

The name 'server08mydomain.com.' may not be registered in DNS.

[WARNING] Cannot find a primary authoritative DNS server for the

name

'server08.mydomain.com.'. [ERROR_TIMEOUT]

The name 'server08.mydomain.com.' may not be registered in DNS.

[WARNING] The DNS entries for this DC cannot be verified right now on

DNS server 192.168.18.20, ERROR_TIMEOUT.

[WARNING] The DNS entries for this DC cannot be verified right now on

DNS server 192.168.18.21, ERROR_TIMEOUT.

[FATAL] No DNS servers have the DNS records for this DC registered.

 

 

Redir and Browser test . . . . . . : Passed

[FATAL] Workstation service is not running. [FFFFFFFF]

 

 

DC discovery test. . . . . . . . . : Failed

[FATAL] Cannot find DC in domain 'MYDOMAIN'. [NERR_NetNotStarted]

 

 

DC list test . . . . . . . . . . . : Failed

'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

 

 

Trust relationship test. . . . . . : Skipped

 

 

Kerberos test. . . . . . . . . . . : Skipped

'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

 

 

LDAP test. . . . . . . . . . . . . : Failed

Cannot find DC to run LDAP tests on. The error occurred was: The

workstation driver is not installed.

 

 

[WARNING] Cannot find DC in domain MYDOMAIN. [NERR_NetNotStarted]

 

 

Bindings test. . . . . . . . . . . : Passed

 

 

WAN configuration test . . . . . . : Skipped

No active remote access connections.

 

 

Modem diagnostics test . . . . . . : Failed

[FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

 

IP Security test . . . . . . . . . : Skipped

 

Note: run "netsh ipsec dynamic show /?" for more detailed information

 

 

The command completed successfully

 

------------------------------------------------------

repadmin /showrepl from

> the support tools?

 

 

repadmin running command /showrepl against server localhost

 

 

Default-First-Site-Name\SERVER08

 

DC Options: IS_GC

 

Site Options: (none)

 

DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

 

DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a

 

 

 

DsBindWithCred to localhost failed with status 1753 (0x6d9):

 

Can't retrieve message string 1753 (0x6d9), error 1815.

 

 

---------------------------------------

 

 

reports seem right, if we think that all core services are down :(

 

 

 

thanks

 

 

 

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> Hello,

>> I added a Windows 2003 Server to an existing 2000 domain, and made it

>> an

>> additional domain controller. All ok, I restarted, I made GC, all

>> worked

>> fine.

>> Then I restarted an other time... boom. Every crytical windows

>> services

>> don't start more. Only RPC works: others (COM+, network connections,

>> shell

>> hardware detection, etc) don't start.

>> It seems as KB933994 describes: the old group policy didn't assign

>> "impersonate a client after authentication" to Service and Network

>> accounts,

>> so I think that the replicated policy has blocked the 2003 system.

>> Now? I've tried to update policy on the W2003 server, but it doesn't

>> apply it. When I run a gpupdate, it reports that "there are no more

>> available endpoints" and it doesn't load changed policy.

>>

>> Any idea? Please help.

>>

>> thanks

>>

>

>

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: big trouble with Server - as KB933994

 

Hello Trapulo,

 

On the 2003 disable DHCP and give it a fixed ip address. Additional disable

the not used NIC's. Then reboot the server. After that check in all DNS servers

that the 2003 server, also all other servers, is listed with the correct

ip. Then ping one of the running DC's with ip address, computer name and

FQDN(computername.mydomain.com).

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com...

>

>> Hello Trapulo,

>>

>> Please post the complete error message.

>>

> This is the error when I try to run gpupdate:

> 1053

> Windows cannot determine the user or computer name. (There are no more

> endpoints available from the endpoint mapper. ). Group Policy

> processing

> aborted.

>> Additional post an unedited ipconfig /all from both DC's.

>>

> This is from the old Win2K controller:

>

> Windows 2000 IP Configuration

>

> Host Name . . . . . . . . . . . . : server01

> Primary DNS Suffix . . . . . . . : mydomain.com

> Node Type . . . . . . . . . . . . : Broadcast

> IP Routing Enabled. . . . . . . . : No

>

> WINS Proxy Enabled. . . . . . . . : No

>

> DNS Suffix Search List. . . . . . : mydomain.com

>

> Ethernet adapter Intel 82544GC Based Network Connection - onboard:

>

> Connection-specific DNS Suffix . :

> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval

> Gigabit

> Adapter

> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

> DHCP Enabled. . . . . . . . . . . : No

>

> IP Address. . . . . . . . . . . . : 192.168.18.20

>

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>

> Default Gateway . . . . . . . . . : 192.168.18.6

>

> DNS Servers . . . . . . . . . . . : 192.168.18.20

> 192.168.18.21

> (18.21 is the other W2K domain controller, with same output)

>

> This is from the new W2K3 controller that doesn't run:

>

> Windows IP Configuration

>

> Host Name . . . . . . . . . . . . : server08

>

> Primary Dns Suffix . . . . . . . : mydomain.com

>

> Node Type . . . . . . . . . . . . : Unknown

>

> IP Routing Enabled. . . . . . . . : No

>

> WINS Proxy Enabled. . . . . . . . : No

>

> DNS Suffix Search List. . . . . . : mydomain.com

>

> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:

>

> Connection-specific DNS Suffix . :

>

> Description . . . . . . . . . . . : Microsoft Loopback Adapter

>

> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

>

> DHCP Enabled. . . . . . . . . . . : Yes

>

> Autoconfiguration Enabled . . . . : Yes

>

> Autoconfiguration IP Address. . . : 169.254.25.129

>

> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>

> Default Gateway . . . . . . . . . :

>

> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:

>

> Connection-specific DNS Suffix . : mydomain.com

>

> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit

> Ethernet

>

> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

>

> DHCP Enabled. . . . . . . . . . . : Yes

>

> Autoconfiguration Enabled . . . . : Yes

>

> IP Address. . . . . . . . . . . . : 192.168.18.140

>

> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>

> Default Gateway . . . . . . . . . : 192.168.18.6

>

> DHCP Server . . . . . . . . . . . : 192.168.18.20

>

> DNS Servers . . . . . . . . . . . : 192.168.18.20

>

> 192.168.18.21

>

> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

>

> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20

>

> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:

>

> Connection-specific DNS Suffix . :

>

> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

> GigE (NDIS VBD Client)

>

> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

>

> DHCP Enabled. . . . . . . . . . . : Yes

>

> Autoconfiguration Enabled . . . . : Yes

>

> Autoconfiguration IP Address. . . : 169.254.73.29

>

> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>

> Default Gateway . . . . . . . . . :

>

> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:

>

> Connection-specific DNS Suffix . :

>

> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

> GigE (NDIS VBD Client) #2

>

> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

>

> DHCP Enabled. . . . . . . . . . . : Yes

>

> Autoconfiguration Enabled . . . . : Yes

>

> Autoconfiguration IP Address. . . : 169.254.113.88

>

> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>

> Default Gateway . . . . . . . . . :

>

> --------------------------------------------------------

>

>> Did you run dcdiag,

>>

> Domain Controller Diagnosis

>

> Performing initial setup:

> [server08] Directory Binding Error 1753:

> Win32 Error 1753

> This may limit some of the tests that can be performed.

> Done gathering initial info.

> Doing initial required tests

>

> Testing server: Default-First-Site-Name\SERVER08

> Starting test: Connectivity

> The host

> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain

> could not be resolved to an

> IP address. Check the DNS server, DHCP, server name, etc

> Although the Guid DNS name

> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)

> couldn't

>

> be resolved, the server name (server08.mydomain.com) resolved

> to the

>

> IP address (192.168.18.140) and was pingable. Check that the

> IP

>

> address is registered correctly with the DNS server.

> ......................... SERVER08 failed test Connectivity

> Doing primary tests

>

> Testing server: Default-First-Site-Name\SERVER08

> Skipping all tests, because server SERVER08 is

> not responding to directory service requests

> Running partition tests on : Schema

> Starting test: CrossRefValidation

> ......................... Schema passed test

> CrossRefValidation

> Starting test: CheckSDRefDom

> ......................... Schema passed test CheckSDRefDom

> Running partition tests on : Configuration

> Starting test: CrossRefValidation

> ......................... Configuration passed test

> CrossRefValidation

> Starting test: CheckSDRefDom

> ......................... Configuration passed test

> CheckSDRefDom

> Running partition tests on : it

> Starting test: CrossRefValidation

> ......................... it passed test CrossRefValidation

> Starting test: CheckSDRefDom

> ......................... it passed test CheckSDRefDom

> Running enterprise tests on : mydomain.com

> Starting test: Intersite

> ......................... mydomain.com passed test Intersite

> Starting test: FsmoCheck

> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error

> 2138

> A Global Catalog Server could not be located - All GC's are

> down.

> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138

> A Primary Domain Controller could not be located.

> The server holding the PDC role is down.

> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138

> A Time Server could not be located.

> The server holding the PDC role is down.

> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,

> error

> 2138

> A Good Time Server could not be located.

> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138

> A KDC could not be located - All the KDCs are down.

> ......................... mydomain.com failed test FsmoCheck

> -----------------------------------------------------

>

>> netdiag and

>>

> this is very long: I attach only the interesting part:

>

> Global results:

>

> Domain membership test . . . . . . : Passed

>

> NetBT transports test. . . . . . . : Failed

> List of NetBt transports currently configured:

> [FATAL] Unable to retrieve transport list from Redir.

> [NERR_WkstaNotStarted]

> Autonet address test . . . . . . . : Passed

>

> IP loopback ping test. . . . . . . : Passed

>

> Default gateway test . . . . . . . : Failed

>

> [FATAL] NO GATEWAYS ARE REACHABLE.

> You have no connectivity to other network segments.

> If you configured the IP protocol manually then

> you need to add at least one valid gateway.

> NetBT name test. . . . . . . . . . : Passed

> [WARNING] You don't have a single interface with the <00>

> 'WorkStation

> Service', <03> 'Messenger Service', <20> 'WINS' names defined.

> Winsock test . . . . . . . . . . . : Passed

>

> DNS test . . . . . . . . . . . . . : Failed

> [WARNING] Cannot find a primary authoritative DNS server for

> the

> name

> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

> The name 'server08.mydomain.com.' may not be registered in

> DNS.

> [WARNING] Cannot find a primary authoritative DNS server for

> the

> name

> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

> The name 'server08.mydomain.com.' may not be registered in

> DNS.

> [WARNING] Cannot find a primary authoritative DNS server for

> the

> name

> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

> The name 'server08mydomain.com.' may not be registered in

> DNS.

> [WARNING] Cannot find a primary authoritative DNS server for

> the

> name

> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

> The name 'server08.mydomain.com.' may not be registered in

> DNS.

> [WARNING] The DNS entries for this DC cannot be verified right

> now on

> DNS server 192.168.18.20, ERROR_TIMEOUT.

> [WARNING] The DNS entries for this DC cannot be verified right

> now on

> DNS server 192.168.18.21, ERROR_TIMEOUT.

> [FATAL] No DNS servers have the DNS records for this DC

> registered.

> Redir and Browser test . . . . . . : Passed

> [FATAL] Workstation service is not running. [FFFFFFFF]

> DC discovery test. . . . . . . . . : Failed

> [FATAL] Cannot find DC in domain 'MYDOMAIN'.

> [NERR_NetNotStarted]

> DC list test . . . . . . . . . . . : Failed

> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

> Trust relationship test. . . . . . : Skipped

>

> Kerberos test. . . . . . . . . . . : Skipped

> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

> LDAP test. . . . . . . . . . . . . : Failed

> Cannot find DC to run LDAP tests on. The error occurred was: The

> workstation driver is not installed.

> [WARNING] Cannot find DC in domain MYDOMAIN.

> [NERR_NetNotStarted]

>

> Bindings test. . . . . . . . . . . : Passed

>

> WAN configuration test . . . . . . : Skipped

> No active remote access connections.

> Modem diagnostics test . . . . . . : Failed

> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

> IP Security test . . . . . . . . . : Skipped

>

> Note: run "netsh ipsec dynamic show /?" for more detailed

> information

>

> The command completed successfully

>

> ------------------------------------------------------ repadmin

> /showrepl from

>

>> the support tools?

>>

> repadmin running command /showrepl against server localhost

>

> Default-First-Site-Name\SERVER08

>

> DC Options: IS_GC

>

> Site Options: (none)

>

> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

>

> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a

>

> DsBindWithCred to localhost failed with status 1753 (0x6d9):

>

> Can't retrieve message string 1753 (0x6d9), error 1815.

>

> ---------------------------------------

>

> reports seem right, if we think that all core services are down :(

>

> thanks

>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>> Hello,

>>> I added a Windows 2003 Server to an existing 2000 domain, and made

>>> it

>>> an

>>> additional domain controller. All ok, I restarted, I made GC, all

>>> worked

>>> fine.

>>> Then I restarted an other time... boom. Every crytical windows

>>> services

>>> don't start more. Only RPC works: others (COM+, network connections,

>>> shell

>>> hardware detection, etc) don't start.

>>> It seems as KB933994 describes: the old group policy didn't assign

>>> "impersonate a client after authentication" to Service and Network

>>> accounts,

>>> so I think that the replicated policy has blocked the 2003 system.

>>> Now? I've tried to update policy on the W2003 server, but it doesn't

>>> apply it. When I run a gpupdate, it reports that "there are no more

>>> available endpoints" and it doesn't load changed policy.

>>> Any idea? Please help.

>>>

>>> thanks

>>>

Guest Trapulo

Guest Trapulo

Posted
Posted

Re: big trouble with Server - as KB933994

 

I solved with Morgan's suggestion.

 

Thanks anyway!

 

 

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com...

> Hello Trapulo,

>

> On the 2003 disable DHCP and give it a fixed ip address. Additional

> disable the not used NIC's. Then reboot the server. After that check in

> all DNS servers that the 2003 server, also all other servers, is listed

> with the correct ip. Then ping one of the running DC's with ip address,

> computer name and FQDN(computername.mydomain.com).

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com...

>>

>>> Hello Trapulo,

>>>

>>> Please post the complete error message.

>>>

>> This is the error when I try to run gpupdate:

>> 1053

>> Windows cannot determine the user or computer name. (There are no more

>> endpoints available from the endpoint mapper. ). Group Policy

>> processing

>> aborted.

>>> Additional post an unedited ipconfig /all from both DC's.

>>>

>> This is from the old Win2K controller:

>>

>> Windows 2000 IP Configuration

>>

>> Host Name . . . . . . . . . . . . : server01

>> Primary DNS Suffix . . . . . . . : mydomain.com

>> Node Type . . . . . . . . . . . . : Broadcast

>> IP Routing Enabled. . . . . . . . : No

>>

>> WINS Proxy Enabled. . . . . . . . : No

>>

>> DNS Suffix Search List. . . . . . : mydomain.com

>>

>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:

>>

>> Connection-specific DNS Suffix . :

>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval

>> Gigabit

>> Adapter

>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

>> DHCP Enabled. . . . . . . . . . . : No

>>

>> IP Address. . . . . . . . . . . . : 192.168.18.20

>>

>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>

>> Default Gateway . . . . . . . . . : 192.168.18.6

>>

>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>> 192.168.18.21

>> (18.21 is the other W2K domain controller, with same output)

>>

>> This is from the new W2K3 controller that doesn't run:

>>

>> Windows IP Configuration

>>

>> Host Name . . . . . . . . . . . . : server08

>>

>> Primary Dns Suffix . . . . . . . : mydomain.com

>>

>> Node Type . . . . . . . . . . . . : Unknown

>>

>> IP Routing Enabled. . . . . . . . : No

>>

>> WINS Proxy Enabled. . . . . . . . : No

>>

>> DNS Suffix Search List. . . . . . : mydomain.com

>>

>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:

>>

>> Connection-specific DNS Suffix . :

>>

>> Description . . . . . . . . . . . : Microsoft Loopback Adapter

>>

>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

>>

>> DHCP Enabled. . . . . . . . . . . : Yes

>>

>> Autoconfiguration Enabled . . . . : Yes

>>

>> Autoconfiguration IP Address. . . : 169.254.25.129

>>

>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>

>> Default Gateway . . . . . . . . . :

>>

>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:

>>

>> Connection-specific DNS Suffix . : mydomain.com

>>

>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit

>> Ethernet

>>

>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

>>

>> DHCP Enabled. . . . . . . . . . . : Yes

>>

>> Autoconfiguration Enabled . . . . : Yes

>>

>> IP Address. . . . . . . . . . . . : 192.168.18.140

>>

>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>

>> Default Gateway . . . . . . . . . : 192.168.18.6

>>

>> DHCP Server . . . . . . . . . . . : 192.168.18.20

>>

>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>

>> 192.168.18.21

>>

>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

>>

>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20

>>

>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:

>>

>> Connection-specific DNS Suffix . :

>>

>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>> GigE (NDIS VBD Client)

>>

>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

>>

>> DHCP Enabled. . . . . . . . . . . : Yes

>>

>> Autoconfiguration Enabled . . . . : Yes

>>

>> Autoconfiguration IP Address. . . : 169.254.73.29

>>

>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>

>> Default Gateway . . . . . . . . . :

>>

>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:

>>

>> Connection-specific DNS Suffix . :

>>

>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>> GigE (NDIS VBD Client) #2

>>

>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

>>

>> DHCP Enabled. . . . . . . . . . . : Yes

>>

>> Autoconfiguration Enabled . . . . : Yes

>>

>> Autoconfiguration IP Address. . . : 169.254.113.88

>>

>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>

>> Default Gateway . . . . . . . . . :

>>

>> --------------------------------------------------------

>>

>>> Did you run dcdiag,

>>>

>> Domain Controller Diagnosis

>>

>> Performing initial setup:

>> [server08] Directory Binding Error 1753:

>> Win32 Error 1753

>> This may limit some of the tests that can be performed.

>> Done gathering initial info.

>> Doing initial required tests

>>

>> Testing server: Default-First-Site-Name\SERVER08

>> Starting test: Connectivity

>> The host

>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain

>> could not be resolved to an

>> IP address. Check the DNS server, DHCP, server name, etc

>> Although the Guid DNS name

>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)

>> couldn't

>>

>> be resolved, the server name (server08.mydomain.com) resolved

>> to the

>>

>> IP address (192.168.18.140) and was pingable. Check that the

>> IP

>>

>> address is registered correctly with the DNS server.

>> ......................... SERVER08 failed test Connectivity

>> Doing primary tests

>>

>> Testing server: Default-First-Site-Name\SERVER08

>> Skipping all tests, because server SERVER08 is

>> not responding to directory service requests

>> Running partition tests on : Schema

>> Starting test: CrossRefValidation

>> ......................... Schema passed test

>> CrossRefValidation

>> Starting test: CheckSDRefDom

>> ......................... Schema passed test CheckSDRefDom

>> Running partition tests on : Configuration

>> Starting test: CrossRefValidation

>> ......................... Configuration passed test

>> CrossRefValidation

>> Starting test: CheckSDRefDom

>> ......................... Configuration passed test

>> CheckSDRefDom

>> Running partition tests on : it

>> Starting test: CrossRefValidation

>> ......................... it passed test CrossRefValidation

>> Starting test: CheckSDRefDom

>> ......................... it passed test CheckSDRefDom

>> Running enterprise tests on : mydomain.com

>> Starting test: Intersite

>> ......................... mydomain.com passed test Intersite

>> Starting test: FsmoCheck

>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error

>> 2138

>> A Global Catalog Server could not be located - All GC's are

>> down.

>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138

>> A Primary Domain Controller could not be located.

>> The server holding the PDC role is down.

>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138

>> A Time Server could not be located.

>> The server holding the PDC role is down.

>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,

>> error

>> 2138

>> A Good Time Server could not be located.

>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138

>> A KDC could not be located - All the KDCs are down.

>> ......................... mydomain.com failed test FsmoCheck

>> -----------------------------------------------------

>>

>>> netdiag and

>>>

>> this is very long: I attach only the interesting part:

>>

>> Global results:

>>

>> Domain membership test . . . . . . : Passed

>>

>> NetBT transports test. . . . . . . : Failed

>> List of NetBt transports currently configured:

>> [FATAL] Unable to retrieve transport list from Redir.

>> [NERR_WkstaNotStarted]

>> Autonet address test . . . . . . . : Passed

>>

>> IP loopback ping test. . . . . . . : Passed

>>

>> Default gateway test . . . . . . . : Failed

>>

>> [FATAL] NO GATEWAYS ARE REACHABLE.

>> You have no connectivity to other network segments.

>> If you configured the IP protocol manually then

>> you need to add at least one valid gateway.

>> NetBT name test. . . . . . . . . . : Passed

>> [WARNING] You don't have a single interface with the <00>

>> 'WorkStation

>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.

>> Winsock test . . . . . . . . . . . : Passed

>>

>> DNS test . . . . . . . . . . . . . : Failed

>> [WARNING] Cannot find a primary authoritative DNS server for

>> the

>> name

>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>> The name 'server08.mydomain.com.' may not be registered in

>> DNS.

>> [WARNING] Cannot find a primary authoritative DNS server for

>> the

>> name

>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>> The name 'server08.mydomain.com.' may not be registered in

>> DNS.

>> [WARNING] Cannot find a primary authoritative DNS server for

>> the

>> name

>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>> The name 'server08mydomain.com.' may not be registered in

>> DNS.

>> [WARNING] Cannot find a primary authoritative DNS server for

>> the

>> name

>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>> The name 'server08.mydomain.com.' may not be registered in

>> DNS.

>> [WARNING] The DNS entries for this DC cannot be verified right

>> now on

>> DNS server 192.168.18.20, ERROR_TIMEOUT.

>> [WARNING] The DNS entries for this DC cannot be verified right

>> now on

>> DNS server 192.168.18.21, ERROR_TIMEOUT.

>> [FATAL] No DNS servers have the DNS records for this DC

>> registered.

>> Redir and Browser test . . . . . . : Passed

>> [FATAL] Workstation service is not running. [FFFFFFFF]

>> DC discovery test. . . . . . . . . : Failed

>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.

>> [NERR_NetNotStarted]

>> DC list test . . . . . . . . . . . : Failed

>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>> Trust relationship test. . . . . . : Skipped

>>

>> Kerberos test. . . . . . . . . . . : Skipped

>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>> LDAP test. . . . . . . . . . . . . : Failed

>> Cannot find DC to run LDAP tests on. The error occurred was: The

>> workstation driver is not installed.

>> [WARNING] Cannot find DC in domain MYDOMAIN.

>> [NERR_NetNotStarted]

>>

>> Bindings test. . . . . . . . . . . : Passed

>>

>> WAN configuration test . . . . . . : Skipped

>> No active remote access connections.

>> Modem diagnostics test . . . . . . : Failed

>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

>> IP Security test . . . . . . . . . : Skipped

>>

>> Note: run "netsh ipsec dynamic show /?" for more detailed

>> information

>>

>> The command completed successfully

>>

>> ------------------------------------------------------ repadmin

>> /showrepl from

>>

>>> the support tools?

>>>

>> repadmin running command /showrepl against server localhost

>>

>> Default-First-Site-Name\SERVER08

>>

>> DC Options: IS_GC

>>

>> Site Options: (none)

>>

>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

>>

>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a

>>

>> DsBindWithCred to localhost failed with status 1753 (0x6d9):

>>

>> Can't retrieve message string 1753 (0x6d9), error 1815.

>>

>> ---------------------------------------

>>

>> reports seem right, if we think that all core services are down :(

>>

>> thanks

>>

>>> Best regards

>>>

>>> Meinolf Weber

>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>> confers no rights.

>>> ** Please do NOT email, only reply to Newsgroups

>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>> Hello,

>>>> I added a Windows 2003 Server to an existing 2000 domain, and made

>>>> it

>>>> an

>>>> additional domain controller. All ok, I restarted, I made GC, all

>>>> worked

>>>> fine.

>>>> Then I restarted an other time... boom. Every crytical windows

>>>> services

>>>> don't start more. Only RPC works: others (COM+, network connections,

>>>> shell

>>>> hardware detection, etc) don't start.

>>>> It seems as KB933994 describes: the old group policy didn't assign

>>>> "impersonate a client after authentication" to Service and Network

>>>> accounts,

>>>> so I think that the replicated policy has blocked the 2003 system.

>>>> Now? I've tried to update policy on the W2003 server, but it doesn't

>>>> apply it. When I run a gpupdate, it reports that "there are no more

>>>> available endpoints" and it doesn't load changed policy.

>>>> Any idea? Please help.

>>>>

>>>> thanks

>>>>

>

>

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: big trouble with Server - as KB933994

 

Hello Trapulo,

 

Thanks for the feedback.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I solved with Morgan's suggestion.

>

> Thanks anyway!

>

> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

> news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com...

>

>> Hello Trapulo,

>>

>> On the 2003 disable DHCP and give it a fixed ip address. Additional

>> disable the not used NIC's. Then reboot the server. After that check

>> in all DNS servers that the 2003 server, also all other servers, is

>> listed with the correct ip. Then ping one of the running DC's with ip

>> address, computer name and FQDN(computername.mydomain.com).

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

>>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com...

>>>

>>>> Hello Trapulo,

>>>>

>>>> Please post the complete error message.

>>>>

>>> This is the error when I try to run gpupdate:

>>> 1053

>>> Windows cannot determine the user or computer name. (There are no

>>> more

>>> endpoints available from the endpoint mapper. ). Group Policy

>>> processing

>>> aborted.

>>>> Additional post an unedited ipconfig /all from both DC's.

>>>>

>>> This is from the old Win2K controller:

>>>

>>> Windows 2000 IP Configuration

>>>

>>> Host Name . . . . . . . . . . . . : server01

>>> Primary DNS Suffix . . . . . . . : mydomain.com

>>> Node Type . . . . . . . . . . . . : Broadcast

>>> IP Routing Enabled. . . . . . . . : No

>>> WINS Proxy Enabled. . . . . . . . : No

>>>

>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>

>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:

>>>

>>> Connection-specific DNS Suffix . :

>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval

>>> Gigabit

>>> Adapter

>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

>>> DHCP Enabled. . . . . . . . . . . : No

>>> IP Address. . . . . . . . . . . . : 192.168.18.20

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>

>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>

>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>> 192.168.18.21

>>> (18.21 is the other W2K domain controller, with same output)

>>> This is from the new W2K3 controller that doesn't run:

>>>

>>> Windows IP Configuration

>>>

>>> Host Name . . . . . . . . . . . . : server08

>>>

>>> Primary Dns Suffix . . . . . . . : mydomain.com

>>>

>>> Node Type . . . . . . . . . . . . : Unknown

>>>

>>> IP Routing Enabled. . . . . . . . : No

>>>

>>> WINS Proxy Enabled. . . . . . . . : No

>>>

>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>

>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:

>>>

>>> Connection-specific DNS Suffix . :

>>>

>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter

>>>

>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> Autoconfiguration IP Address. . . : 169.254.25.129

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>

>>> Default Gateway . . . . . . . . . :

>>>

>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:

>>>

>>> Connection-specific DNS Suffix . : mydomain.com

>>>

>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit

>>> Ethernet

>>>

>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> IP Address. . . . . . . . . . . . : 192.168.18.140

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>

>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>

>>> DHCP Server . . . . . . . . . . . : 192.168.18.20

>>>

>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>>

>>> 192.168.18.21

>>>

>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

>>>

>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20

>>>

>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:

>>>

>>> Connection-specific DNS Suffix . :

>>>

>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>> GigE (NDIS VBD Client)

>>>

>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> Autoconfiguration IP Address. . . : 169.254.73.29

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>

>>> Default Gateway . . . . . . . . . :

>>>

>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:

>>>

>>> Connection-specific DNS Suffix . :

>>>

>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>> GigE (NDIS VBD Client) #2

>>>

>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> Autoconfiguration IP Address. . . : 169.254.113.88

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>

>>> Default Gateway . . . . . . . . . :

>>>

>>> --------------------------------------------------------

>>>

>>>> Did you run dcdiag,

>>>>

>>> Domain Controller Diagnosis

>>>

>>> Performing initial setup:

>>> [server08] Directory Binding Error 1753:

>>> Win32 Error 1753

>>> This may limit some of the tests that can be performed.

>>> Done gathering initial info.

>>> Doing initial required tests

>>> Testing server: Default-First-Site-Name\SERVER08

>>> Starting test: Connectivity

>>> The host

>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain

>>> could not be resolved to an

>>> IP address. Check the DNS server, DHCP, server name, etc

>>> Although the Guid DNS name

>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)

>>> couldn't

>>> be resolved, the server name (server08.mydomain.com) resolved to the

>>>

>>> IP address (192.168.18.140) and was pingable. Check that the IP

>>>

>>> address is registered correctly with the DNS server.

>>> ......................... SERVER08 failed test Connectivity Doing

>>> primary tests

>>>

>>> Testing server: Default-First-Site-Name\SERVER08

>>> Skipping all tests, because server SERVER08 is

>>> not responding to directory service requests

>>> Running partition tests on : Schema

>>> Starting test: CrossRefValidation

>>> ......................... Schema passed test

>>> CrossRefValidation

>>> Starting test: CheckSDRefDom

>>> ......................... Schema passed test CheckSDRefDom

>>> Running partition tests on : Configuration

>>> Starting test: CrossRefValidation

>>> ......................... Configuration passed test

>>> CrossRefValidation

>>> Starting test: CheckSDRefDom

>>> ......................... Configuration passed test

>>> CheckSDRefDom

>>> Running partition tests on : it

>>> Starting test: CrossRefValidation

>>> ......................... it passed test CrossRefValidation

>>> Starting test: CheckSDRefDom

>>> ......................... it passed test CheckSDRefDom

>>> Running enterprise tests on : mydomain.com

>>> Starting test: Intersite

>>> ......................... mydomain.com passed test Intersite

>>> Starting test: FsmoCheck

>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error

>>> 2138

>>> A Global Catalog Server could not be located - All GC's are

>>> down.

>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138

>>> A Primary Domain Controller could not be located.

>>> The server holding the PDC role is down.

>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138

>>> A Time Server could not be located.

>>> The server holding the PDC role is down.

>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,

>>> error

>>> 2138

>>> A Good Time Server could not be located.

>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138

>>> A KDC could not be located - All the KDCs are down.

>>> ......................... mydomain.com failed test FsmoCheck

>>> -----------------------------------------------------

>>>> netdiag and

>>>>

>>> this is very long: I attach only the interesting part:

>>>

>>> Global results:

>>>

>>> Domain membership test . . . . . . : Passed

>>>

>>> NetBT transports test. . . . . . . : Failed

>>> List of NetBt transports currently configured:

>>> [FATAL] Unable to retrieve transport list from Redir.

>>> [NERR_WkstaNotStarted]

>>> Autonet address test . . . . . . . : Passed

>>> IP loopback ping test. . . . . . . : Passed

>>>

>>> Default gateway test . . . . . . . : Failed

>>>

>>> [FATAL] NO GATEWAYS ARE REACHABLE.

>>> You have no connectivity to other network segments.

>>> If you configured the IP protocol manually then

>>> you need to add at least one valid gateway.

>>> NetBT name test. . . . . . . . . . : Passed

>>> [WARNING] You don't have a single interface with the <00>

>>> 'WorkStation

>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.

>>> Winsock test . . . . . . . . . . . : Passed

>>> DNS test . . . . . . . . . . . . . : Failed

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08.mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08.mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08.mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] The DNS entries for this DC cannot be verified right

>>> now on

>>> DNS server 192.168.18.20, ERROR_TIMEOUT.

>>> [WARNING] The DNS entries for this DC cannot be verified right

>>> now on

>>> DNS server 192.168.18.21, ERROR_TIMEOUT.

>>> [FATAL] No DNS servers have the DNS records for this DC

>>> registered.

>>> Redir and Browser test . . . . . . : Passed

>>> [FATAL] Workstation service is not running. [FFFFFFFF]

>>> DC discovery test. . . . . . . . . : Failed

>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.

>>> [NERR_NetNotStarted]

>>> DC list test . . . . . . . . . . . : Failed

>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>> Trust relationship test. . . . . . : Skipped

>>> Kerberos test. . . . . . . . . . . : Skipped

>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>> LDAP test. . . . . . . . . . . . . : Failed

>>> Cannot find DC to run LDAP tests on. The error occurred was: The

>>> workstation driver is not installed.

>>> [WARNING] Cannot find DC in domain MYDOMAIN.

>>> [NERR_NetNotStarted]

>>> Bindings test. . . . . . . . . . . : Passed

>>>

>>> WAN configuration test . . . . . . : Skipped

>>> No active remote access connections.

>>> Modem diagnostics test . . . . . . : Failed

>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

>>> IP Security test . . . . . . . . . : Skipped

>>> Note: run "netsh ipsec dynamic show /?" for more detailed

>>> information

>>>

>>> The command completed successfully

>>>

>>> ------------------------------------------------------ repadmin

>>> /showrepl from

>>>

>>>> the support tools?

>>>>

>>> repadmin running command /showrepl against server localhost

>>>

>>> Default-First-Site-Name\SERVER08

>>>

>>> DC Options: IS_GC

>>>

>>> Site Options: (none)

>>>

>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

>>>

>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a

>>>

>>> DsBindWithCred to localhost failed with status 1753 (0x6d9):

>>>

>>> Can't retrieve message string 1753 (0x6d9), error 1815.

>>>

>>> ---------------------------------------

>>>

>>> reports seem right, if we think that all core services are down :(

>>>

>>> thanks

>>>

>>>> Best regards

>>>>

>>>> Meinolf Weber

>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>> and

>>>> confers no rights.

>>>> ** Please do NOT email, only reply to Newsgroups

>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>> Hello,

>>>>> I added a Windows 2003 Server to an existing 2000 domain, and made

>>>>> it

>>>>> an

>>>>> additional domain controller. All ok, I restarted, I made GC, all

>>>>> worked

>>>>> fine.

>>>>> Then I restarted an other time... boom. Every crytical windows

>>>>> services

>>>>> don't start more. Only RPC works: others (COM+, network

>>>>> connections,

>>>>> shell

>>>>> hardware detection, etc) don't start.

>>>>> It seems as KB933994 describes: the old group policy didn't assign

>>>>> "impersonate a client after authentication" to Service and Network

>>>>> accounts,

>>>>> so I think that the replicated policy has blocked the 2003 system.

>>>>> Now? I've tried to update policy on the W2003 server, but it

>>>>> doesn't

>>>>> apply it. When I run a gpupdate, it reports that "there are no

>>>>> more

>>>>> available endpoints" and it doesn't load changed policy.

>>>>> Any idea? Please help.

>>>>> thanks

>>>>>

Guest Hank Arnold (MVP)

Guest Hank Arnold (MVP)

Posted
Posted

Re: big trouble with Server - as KB933994

 

Who is Morgan and what was his "fix"? I don't see any posting in the

thread from him. Were you talking about Meinolf?

 

--

 

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

 

Trapulo wrote:

> I solved with Morgan's suggestion.

>

> Thanks anyway!

>

>

> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

> news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com...

>> Hello Trapulo,

>>

>> On the 2003 disable DHCP and give it a fixed ip address. Additional

>> disable the not used NIC's. Then reboot the server. After that check

>> in all DNS servers that the 2003 server, also all other servers, is

>> listed with the correct ip. Then ping one of the running DC's with ip

>> address, computer name and FQDN(computername.mydomain.com).

>>

>> Best regards

>>

>> Meinolf Weber

>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>> confers no rights.

>> ** Please do NOT email, only reply to Newsgroups

>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>

>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

>>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com...

>>>

>>>> Hello Trapulo,

>>>>

>>>> Please post the complete error message.

>>>>

>>> This is the error when I try to run gpupdate:

>>> 1053

>>> Windows cannot determine the user or computer name. (There are no more

>>> endpoints available from the endpoint mapper. ). Group Policy

>>> processing

>>> aborted.

>>>> Additional post an unedited ipconfig /all from both DC's.

>>>>

>>> This is from the old Win2K controller:

>>>

>>> Windows 2000 IP Configuration

>>>

>>> Host Name . . . . . . . . . . . . : server01

>>> Primary DNS Suffix . . . . . . . : mydomain.com

>>> Node Type . . . . . . . . . . . . : Broadcast

>>> IP Routing Enabled. . . . . . . . : No

>>>

>>> WINS Proxy Enabled. . . . . . . . : No

>>>

>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>

>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:

>>>

>>> Connection-specific DNS Suffix . :

>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval

>>> Gigabit

>>> Adapter

>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

>>> DHCP Enabled. . . . . . . . . . . : No

>>>

>>> IP Address. . . . . . . . . . . . : 192.168.18.20

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>

>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>

>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>> 192.168.18.21

>>> (18.21 is the other W2K domain controller, with same output)

>>>

>>> This is from the new W2K3 controller that doesn't run:

>>>

>>> Windows IP Configuration

>>>

>>> Host Name . . . . . . . . . . . . : server08

>>>

>>> Primary Dns Suffix . . . . . . . : mydomain.com

>>>

>>> Node Type . . . . . . . . . . . . : Unknown

>>>

>>> IP Routing Enabled. . . . . . . . : No

>>>

>>> WINS Proxy Enabled. . . . . . . . : No

>>>

>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>

>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:

>>>

>>> Connection-specific DNS Suffix . :

>>>

>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter

>>>

>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> Autoconfiguration IP Address. . . : 169.254.25.129

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>

>>> Default Gateway . . . . . . . . . :

>>>

>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:

>>>

>>> Connection-specific DNS Suffix . : mydomain.com

>>>

>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit

>>> Ethernet

>>>

>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> IP Address. . . . . . . . . . . . : 192.168.18.140

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>

>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>

>>> DHCP Server . . . . . . . . . . . : 192.168.18.20

>>>

>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>>

>>> 192.168.18.21

>>>

>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

>>>

>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20

>>>

>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:

>>>

>>> Connection-specific DNS Suffix . :

>>>

>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>> GigE (NDIS VBD Client)

>>>

>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> Autoconfiguration IP Address. . . : 169.254.73.29

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>

>>> Default Gateway . . . . . . . . . :

>>>

>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:

>>>

>>> Connection-specific DNS Suffix . :

>>>

>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>> GigE (NDIS VBD Client) #2

>>>

>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

>>>

>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>

>>> Autoconfiguration Enabled . . . . : Yes

>>>

>>> Autoconfiguration IP Address. . . : 169.254.113.88

>>>

>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>

>>> Default Gateway . . . . . . . . . :

>>>

>>> --------------------------------------------------------

>>>

>>>> Did you run dcdiag,

>>>>

>>> Domain Controller Diagnosis

>>>

>>> Performing initial setup:

>>> [server08] Directory Binding Error 1753:

>>> Win32 Error 1753

>>> This may limit some of the tests that can be performed.

>>> Done gathering initial info.

>>> Doing initial required tests

>>>

>>> Testing server: Default-First-Site-Name\SERVER08

>>> Starting test: Connectivity

>>> The host

>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain

>>> could not be resolved to an

>>> IP address. Check the DNS server, DHCP, server name, etc

>>> Although the Guid DNS name

>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)

>>> couldn't

>>>

>>> be resolved, the server name (server08.mydomain.com) resolved

>>> to the

>>>

>>> IP address (192.168.18.140) and was pingable. Check that the

>>> IP

>>>

>>> address is registered correctly with the DNS server.

>>> ......................... SERVER08 failed test Connectivity

>>> Doing primary tests

>>>

>>> Testing server: Default-First-Site-Name\SERVER08

>>> Skipping all tests, because server SERVER08 is

>>> not responding to directory service requests

>>> Running partition tests on : Schema

>>> Starting test: CrossRefValidation

>>> ......................... Schema passed test

>>> CrossRefValidation

>>> Starting test: CheckSDRefDom

>>> ......................... Schema passed test CheckSDRefDom

>>> Running partition tests on : Configuration

>>> Starting test: CrossRefValidation

>>> ......................... Configuration passed test

>>> CrossRefValidation

>>> Starting test: CheckSDRefDom

>>> ......................... Configuration passed test

>>> CheckSDRefDom

>>> Running partition tests on : it

>>> Starting test: CrossRefValidation

>>> ......................... it passed test CrossRefValidation

>>> Starting test: CheckSDRefDom

>>> ......................... it passed test CheckSDRefDom

>>> Running enterprise tests on : mydomain.com

>>> Starting test: Intersite

>>> ......................... mydomain.com passed test Intersite

>>> Starting test: FsmoCheck

>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error

>>> 2138

>>> A Global Catalog Server could not be located - All GC's are

>>> down.

>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138

>>> A Primary Domain Controller could not be located.

>>> The server holding the PDC role is down.

>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138

>>> A Time Server could not be located.

>>> The server holding the PDC role is down.

>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,

>>> error

>>> 2138

>>> A Good Time Server could not be located.

>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138

>>> A KDC could not be located - All the KDCs are down.

>>> ......................... mydomain.com failed test FsmoCheck

>>> -----------------------------------------------------

>>>

>>>> netdiag and

>>>>

>>> this is very long: I attach only the interesting part:

>>>

>>> Global results:

>>>

>>> Domain membership test . . . . . . : Passed

>>>

>>> NetBT transports test. . . . . . . : Failed

>>> List of NetBt transports currently configured:

>>> [FATAL] Unable to retrieve transport list from Redir.

>>> [NERR_WkstaNotStarted]

>>> Autonet address test . . . . . . . : Passed

>>>

>>> IP loopback ping test. . . . . . . : Passed

>>>

>>> Default gateway test . . . . . . . : Failed

>>>

>>> [FATAL] NO GATEWAYS ARE REACHABLE.

>>> You have no connectivity to other network segments.

>>> If you configured the IP protocol manually then

>>> you need to add at least one valid gateway.

>>> NetBT name test. . . . . . . . . . : Passed

>>> [WARNING] You don't have a single interface with the <00>

>>> 'WorkStation

>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.

>>> Winsock test . . . . . . . . . . . : Passed

>>>

>>> DNS test . . . . . . . . . . . . . : Failed

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08.mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08.mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] Cannot find a primary authoritative DNS server for

>>> the

>>> name

>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>> The name 'server08.mydomain.com.' may not be registered in

>>> DNS.

>>> [WARNING] The DNS entries for this DC cannot be verified right

>>> now on

>>> DNS server 192.168.18.20, ERROR_TIMEOUT.

>>> [WARNING] The DNS entries for this DC cannot be verified right

>>> now on

>>> DNS server 192.168.18.21, ERROR_TIMEOUT.

>>> [FATAL] No DNS servers have the DNS records for this DC

>>> registered.

>>> Redir and Browser test . . . . . . : Passed

>>> [FATAL] Workstation service is not running. [FFFFFFFF]

>>> DC discovery test. . . . . . . . . : Failed

>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.

>>> [NERR_NetNotStarted]

>>> DC list test . . . . . . . . . . . : Failed

>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>> Trust relationship test. . . . . . : Skipped

>>>

>>> Kerberos test. . . . . . . . . . . : Skipped

>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>> LDAP test. . . . . . . . . . . . . : Failed

>>> Cannot find DC to run LDAP tests on. The error occurred was: The

>>> workstation driver is not installed.

>>> [WARNING] Cannot find DC in domain MYDOMAIN.

>>> [NERR_NetNotStarted]

>>>

>>> Bindings test. . . . . . . . . . . : Passed

>>>

>>> WAN configuration test . . . . . . : Skipped

>>> No active remote access connections.

>>> Modem diagnostics test . . . . . . : Failed

>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

>>> IP Security test . . . . . . . . . : Skipped

>>>

>>> Note: run "netsh ipsec dynamic show /?" for more detailed

>>> information

>>>

>>> The command completed successfully

>>>

>>> ------------------------------------------------------ repadmin

>>> /showrepl from

>>>

>>>> the support tools?

>>>>

>>> repadmin running command /showrepl against server localhost

>>>

>>> Default-First-Site-Name\SERVER08

>>>

>>> DC Options: IS_GC

>>>

>>> Site Options: (none)

>>>

>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

>>>

>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a

>>>

>>> DsBindWithCred to localhost failed with status 1753 (0x6d9):

>>>

>>> Can't retrieve message string 1753 (0x6d9), error 1815.

>>>

>>> ---------------------------------------

>>>

>>> reports seem right, if we think that all core services are down :(

>>>

>>> thanks

>>>

>>>> Best regards

>>>>

>>>> Meinolf Weber

>>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>>> confers no rights.

>>>> ** Please do NOT email, only reply to Newsgroups

>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>> Hello,

>>>>> I added a Windows 2003 Server to an existing 2000 domain, and made

>>>>> it

>>>>> an

>>>>> additional domain controller. All ok, I restarted, I made GC, all

>>>>> worked

>>>>> fine.

>>>>> Then I restarted an other time... boom. Every crytical windows

>>>>> services

>>>>> don't start more. Only RPC works: others (COM+, network connections,

>>>>> shell

>>>>> hardware detection, etc) don't start.

>>>>> It seems as KB933994 describes: the old group policy didn't assign

>>>>> "impersonate a client after authentication" to Service and Network

>>>>> accounts,

>>>>> so I think that the replicated policy has blocked the 2003 system.

>>>>> Now? I've tried to update policy on the W2003 server, but it doesn't

>>>>> apply it. When I run a gpupdate, it reports that "there are no more

>>>>> available endpoints" and it doesn't load changed policy.

>>>>> Any idea? Please help.

>>>>>

>>>>> thanks

>>>>>

>>

>>

>

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: big trouble with Server - as KB933994

 

Hello Hank,

 

Morgane has answered to another NG. This doesn't pop up here, i don't know

why because the poster used crossposting. But maybe Morgan not.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Who is Morgan and what was his "fix"? I don't see any posting in the

> thread from him. Were you talking about Meinolf?

>

> Trapulo wrote:

>

>> I solved with Morgan's suggestion.

>>

>> Thanks anyway!

>>

>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

>> news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com...

>>

>>> Hello Trapulo,

>>>

>>> On the 2003 disable DHCP and give it a fixed ip address. Additional

>>> disable the not used NIC's. Then reboot the server. After that check

>>> in all DNS servers that the 2003 server, also all other servers, is

>>> listed with the correct ip. Then ping one of the running DC's with

>>> ip address, computer name and FQDN(computername.mydomain.com).

>>>

>>> Best regards

>>>

>>> Meinolf Weber

>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>> confers no rights.

>>> ** Please do NOT email, only reply to Newsgroups

>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

>>>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com...

>>>>

>>>>> Hello Trapulo,

>>>>>

>>>>> Please post the complete error message.

>>>>>

>>>> This is the error when I try to run gpupdate:

>>>> 1053

>>>> Windows cannot determine the user or computer name. (There are no

>>>> more

>>>> endpoints available from the endpoint mapper. ). Group Policy

>>>> processing

>>>> aborted.

>>>>> Additional post an unedited ipconfig /all from both DC's.

>>>>>

>>>> This is from the old Win2K controller:

>>>>

>>>> Windows 2000 IP Configuration

>>>>

>>>> Host Name . . . . . . . . . . . . : server01

>>>> Primary DNS Suffix . . . . . . . : mydomain.com

>>>> Node Type . . . . . . . . . . . . : Broadcast

>>>> IP Routing Enabled. . . . . . . . : No

>>>> WINS Proxy Enabled. . . . . . . . : No

>>>>

>>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>>

>>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:

>>>>

>>>> Connection-specific DNS Suffix . :

>>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval

>>>> Gigabit

>>>> Adapter

>>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

>>>> DHCP Enabled. . . . . . . . . . . : No

>>>> IP Address. . . . . . . . . . . . : 192.168.18.20

>>>>

>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>

>>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>>

>>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>>> 192.168.18.21

>>>> (18.21 is the other W2K domain controller, with same output)

>>>> This is from the new W2K3 controller that doesn't run:

>>>>

>>>> Windows IP Configuration

>>>>

>>>> Host Name . . . . . . . . . . . . : server08

>>>>

>>>> Primary Dns Suffix . . . . . . . : mydomain.com

>>>>

>>>> Node Type . . . . . . . . . . . . : Unknown

>>>>

>>>> IP Routing Enabled. . . . . . . . : No

>>>>

>>>> WINS Proxy Enabled. . . . . . . . : No

>>>>

>>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>>

>>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:

>>>>

>>>> Connection-specific DNS Suffix . :

>>>>

>>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter

>>>>

>>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

>>>>

>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>

>>>> Autoconfiguration Enabled . . . . : Yes

>>>>

>>>> Autoconfiguration IP Address. . . : 169.254.25.129

>>>>

>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>>

>>>> Default Gateway . . . . . . . . . :

>>>>

>>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:

>>>>

>>>> Connection-specific DNS Suffix . : mydomain.com

>>>>

>>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit

>>>> Ethernet

>>>>

>>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

>>>>

>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>

>>>> Autoconfiguration Enabled . . . . : Yes

>>>>

>>>> IP Address. . . . . . . . . . . . : 192.168.18.140

>>>>

>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>

>>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>>

>>>> DHCP Server . . . . . . . . . . . : 192.168.18.20

>>>>

>>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>>>

>>>> 192.168.18.21

>>>>

>>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

>>>>

>>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20

>>>>

>>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:

>>>>

>>>> Connection-specific DNS Suffix . :

>>>>

>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>>> GigE (NDIS VBD Client)

>>>>

>>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

>>>>

>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>

>>>> Autoconfiguration Enabled . . . . : Yes

>>>>

>>>> Autoconfiguration IP Address. . . : 169.254.73.29

>>>>

>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>>

>>>> Default Gateway . . . . . . . . . :

>>>>

>>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:

>>>>

>>>> Connection-specific DNS Suffix . :

>>>>

>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>>> GigE (NDIS VBD Client) #2

>>>>

>>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

>>>>

>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>

>>>> Autoconfiguration Enabled . . . . : Yes

>>>>

>>>> Autoconfiguration IP Address. . . : 169.254.113.88

>>>>

>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>>

>>>> Default Gateway . . . . . . . . . :

>>>>

>>>> --------------------------------------------------------

>>>>

>>>>> Did you run dcdiag,

>>>>>

>>>> Domain Controller Diagnosis

>>>>

>>>> Performing initial setup:

>>>> [server08] Directory Binding Error 1753:

>>>> Win32 Error 1753

>>>> This may limit some of the tests that can be performed.

>>>> Done gathering initial info.

>>>> Doing initial required tests

>>>> Testing server: Default-First-Site-Name\SERVER08

>>>> Starting test: Connectivity

>>>> The host

>>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain

>>>> could not be resolved to an

>>>> IP address. Check the DNS server, DHCP, server name, etc

>>>> Although the Guid DNS name

>>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)

>>>> couldn't

>>>> be resolved, the server name (server08.mydomain.com) resolved to

>>>> the

>>>>

>>>> IP address (192.168.18.140) and was pingable. Check that the IP

>>>>

>>>> address is registered correctly with the DNS server.

>>>> ......................... SERVER08 failed test Connectivity Doing

>>>> primary tests

>>>>

>>>> Testing server: Default-First-Site-Name\SERVER08

>>>> Skipping all tests, because server SERVER08 is

>>>> not responding to directory service requests

>>>> Running partition tests on : Schema

>>>> Starting test: CrossRefValidation

>>>> ......................... Schema passed test

>>>> CrossRefValidation

>>>> Starting test: CheckSDRefDom

>>>> ......................... Schema passed test CheckSDRefDom

>>>> Running partition tests on : Configuration

>>>> Starting test: CrossRefValidation

>>>> ......................... Configuration passed test

>>>> CrossRefValidation

>>>> Starting test: CheckSDRefDom

>>>> ......................... Configuration passed test

>>>> CheckSDRefDom

>>>> Running partition tests on : it

>>>> Starting test: CrossRefValidation

>>>> ......................... it passed test CrossRefValidation

>>>> Starting test: CheckSDRefDom

>>>> ......................... it passed test CheckSDRefDom

>>>> Running enterprise tests on : mydomain.com

>>>> Starting test: Intersite

>>>> ......................... mydomain.com passed test Intersite

>>>> Starting test: FsmoCheck

>>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error

>>>> 2138

>>>> A Global Catalog Server could not be located - All GC's are

>>>> down.

>>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138

>>>> A Primary Domain Controller could not be located.

>>>> The server holding the PDC role is down.

>>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138

>>>> A Time Server could not be located.

>>>> The server holding the PDC role is down.

>>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,

>>>> error

>>>> 2138

>>>> A Good Time Server could not be located.

>>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138

>>>> A KDC could not be located - All the KDCs are down.

>>>> ......................... mydomain.com failed test FsmoCheck

>>>> -----------------------------------------------------

>>>>> netdiag and

>>>>>

>>>> this is very long: I attach only the interesting part:

>>>>

>>>> Global results:

>>>>

>>>> Domain membership test . . . . . . : Passed

>>>>

>>>> NetBT transports test. . . . . . . : Failed

>>>> List of NetBt transports currently configured:

>>>> [FATAL] Unable to retrieve transport list from Redir.

>>>> [NERR_WkstaNotStarted]

>>>> Autonet address test . . . . . . . : Passed

>>>> IP loopback ping test. . . . . . . : Passed

>>>>

>>>> Default gateway test . . . . . . . : Failed

>>>>

>>>> [FATAL] NO GATEWAYS ARE REACHABLE.

>>>> You have no connectivity to other network segments.

>>>> If you configured the IP protocol manually then

>>>> you need to add at least one valid gateway.

>>>> NetBT name test. . . . . . . . . . : Passed

>>>> [WARNING] You don't have a single interface with the <00>

>>>> 'WorkStation

>>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.

>>>> Winsock test . . . . . . . . . . . : Passed

>>>> DNS test . . . . . . . . . . . . . : Failed

>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>> the

>>>> name

>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>> The name 'server08.mydomain.com.' may not be registered in

>>>> DNS.

>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>> the

>>>> name

>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>> The name 'server08.mydomain.com.' may not be registered in

>>>> DNS.

>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>> the

>>>> name

>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>> The name 'server08mydomain.com.' may not be registered in

>>>> DNS.

>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>> the

>>>> name

>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>> The name 'server08.mydomain.com.' may not be registered in

>>>> DNS.

>>>> [WARNING] The DNS entries for this DC cannot be verified right

>>>> now on

>>>> DNS server 192.168.18.20, ERROR_TIMEOUT.

>>>> [WARNING] The DNS entries for this DC cannot be verified right

>>>> now on

>>>> DNS server 192.168.18.21, ERROR_TIMEOUT.

>>>> [FATAL] No DNS servers have the DNS records for this DC

>>>> registered.

>>>> Redir and Browser test . . . . . . : Passed

>>>> [FATAL] Workstation service is not running. [FFFFFFFF]

>>>> DC discovery test. . . . . . . . . : Failed

>>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.

>>>> [NERR_NetNotStarted]

>>>> DC list test . . . . . . . . . . . : Failed

>>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>>> Trust relationship test. . . . . . : Skipped

>>>> Kerberos test. . . . . . . . . . . : Skipped

>>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>>> LDAP test. . . . . . . . . . . . . : Failed

>>>> Cannot find DC to run LDAP tests on. The error occurred was: The

>>>> workstation driver is not installed.

>>>> [WARNING] Cannot find DC in domain MYDOMAIN.

>>>> [NERR_NetNotStarted]

>>>> Bindings test. . . . . . . . . . . : Passed

>>>>

>>>> WAN configuration test . . . . . . : Skipped

>>>> No active remote access connections.

>>>> Modem diagnostics test . . . . . . : Failed

>>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

>>>> IP Security test . . . . . . . . . : Skipped

>>>> Note: run "netsh ipsec dynamic show /?" for more detailed

>>>> information

>>>>

>>>> The command completed successfully

>>>>

>>>> ------------------------------------------------------ repadmin

>>>> /showrepl from

>>>>

>>>>> the support tools?

>>>>>

>>>> repadmin running command /showrepl against server localhost

>>>>

>>>> Default-First-Site-Name\SERVER08

>>>>

>>>> DC Options: IS_GC

>>>>

>>>> Site Options: (none)

>>>>

>>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

>>>>

>>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a

>>>>

>>>> DsBindWithCred to localhost failed with status 1753 (0x6d9):

>>>>

>>>> Can't retrieve message string 1753 (0x6d9), error 1815.

>>>>

>>>> ---------------------------------------

>>>>

>>>> reports seem right, if we think that all core services are down :(

>>>>

>>>> thanks

>>>>

>>>>> Best regards

>>>>>

>>>>> Meinolf Weber

>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>> and

>>>>> confers no rights.

>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>> Hello,

>>>>>> I added a Windows 2003 Server to an existing 2000 domain, and

>>>>>> made

>>>>>> it

>>>>>> an

>>>>>> additional domain controller. All ok, I restarted, I made GC, all

>>>>>> worked

>>>>>> fine.

>>>>>> Then I restarted an other time... boom. Every crytical windows

>>>>>> services

>>>>>> don't start more. Only RPC works: others (COM+, network

>>>>>> connections,

>>>>>> shell

>>>>>> hardware detection, etc) don't start.

>>>>>> It seems as KB933994 describes: the old group policy didn't

>>>>>> assign

>>>>>> "impersonate a client after authentication" to Service and

>>>>>> Network

>>>>>> accounts,

>>>>>> so I think that the replicated policy has blocked the 2003

>>>>>> system.

>>>>>> Now? I've tried to update policy on the W2003 server, but it

>>>>>> doesn't

>>>>>> apply it. When I run a gpupdate, it reports that "there are no

>>>>>> more

>>>>>> available endpoints" and it doesn't load changed policy.

>>>>>> Any idea? Please help.

>>>>>> thanks

>>>>>>

Guest Hank Arnold (MVP)

Guest Hank Arnold (MVP)

Posted
Posted

Re: big trouble with Server - as KB933994

 

Meinolf Weber wrote:

> Hello Hank,

>

> Morgane has answered to another NG. This doesn't pop up here, i don't

> know why because the poster used crossposting. But maybe Morgan not.

>

> Best regards

>

> Meinolf Weber

 

 

Cool......

 

--

 

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

Guest Trapulo

Guest Trapulo

Posted
Posted

Re: big trouble with Server - as KB933994

 

yes: you can see it in microsoft.public.windows.server.migration

 

 

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

news:ff16fb66a44fa8caba0d74533056@msnews.microsoft.com...

> Hello Hank,

>

> Morgane has answered to another NG. This doesn't pop up here, i don't know

> why because the poster used crossposting. But maybe Morgan not.

>

> Best regards

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> Who is Morgan and what was his "fix"? I don't see any posting in the

>> thread from him. Were you talking about Meinolf?

>>

>> Trapulo wrote:

>>

>>> I solved with Morgan's suggestion.

>>>

>>> Thanks anyway!

>>>

>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

>>> news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com...

>>>

>>>> Hello Trapulo,

>>>>

>>>> On the 2003 disable DHCP and give it a fixed ip address. Additional

>>>> disable the not used NIC's. Then reboot the server. After that check

>>>> in all DNS servers that the 2003 server, also all other servers, is

>>>> listed with the correct ip. Then ping one of the running DC's with

>>>> ip address, computer name and FQDN(computername.mydomain.com).

>>>>

>>>> Best regards

>>>>

>>>> Meinolf Weber

>>>> Disclaimer: This posting is provided "AS IS" with no warranties, and

>>>> confers no rights.

>>>> ** Please do NOT email, only reply to Newsgroups

>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message

>>>>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com...

>>>>>

>>>>>> Hello Trapulo,

>>>>>>

>>>>>> Please post the complete error message.

>>>>>>

>>>>> This is the error when I try to run gpupdate:

>>>>> 1053

>>>>> Windows cannot determine the user or computer name. (There are no

>>>>> more

>>>>> endpoints available from the endpoint mapper. ). Group Policy

>>>>> processing

>>>>> aborted.

>>>>>> Additional post an unedited ipconfig /all from both DC's.

>>>>>>

>>>>> This is from the old Win2K controller:

>>>>>

>>>>> Windows 2000 IP Configuration

>>>>>

>>>>> Host Name . . . . . . . . . . . . : server01

>>>>> Primary DNS Suffix . . . . . . . : mydomain.com

>>>>> Node Type . . . . . . . . . . . . : Broadcast

>>>>> IP Routing Enabled. . . . . . . . : No

>>>>> WINS Proxy Enabled. . . . . . . . : No

>>>>>

>>>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>>>

>>>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:

>>>>>

>>>>> Connection-specific DNS Suffix . :

>>>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval

>>>>> Gigabit

>>>>> Adapter

>>>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

>>>>> DHCP Enabled. . . . . . . . . . . : No

>>>>> IP Address. . . . . . . . . . . . : 192.168.18.20

>>>>>

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>

>>>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>>>

>>>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>>>> 192.168.18.21

>>>>> (18.21 is the other W2K domain controller, with same output)

>>>>> This is from the new W2K3 controller that doesn't run:

>>>>>

>>>>> Windows IP Configuration

>>>>>

>>>>> Host Name . . . . . . . . . . . . : server08

>>>>>

>>>>> Primary Dns Suffix . . . . . . . : mydomain.com

>>>>>

>>>>> Node Type . . . . . . . . . . . . : Unknown

>>>>>

>>>>> IP Routing Enabled. . . . . . . . : No

>>>>>

>>>>> WINS Proxy Enabled. . . . . . . . : No

>>>>>

>>>>> DNS Suffix Search List. . . . . . : mydomain.com

>>>>>

>>>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:

>>>>>

>>>>> Connection-specific DNS Suffix . :

>>>>>

>>>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter

>>>>>

>>>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

>>>>>

>>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>>

>>>>> Autoconfiguration Enabled . . . . : Yes

>>>>>

>>>>> Autoconfiguration IP Address. . . : 169.254.25.129

>>>>>

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>>>

>>>>> Default Gateway . . . . . . . . . :

>>>>>

>>>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:

>>>>>

>>>>> Connection-specific DNS Suffix . : mydomain.com

>>>>>

>>>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit

>>>>> Ethernet

>>>>>

>>>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

>>>>>

>>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>>

>>>>> Autoconfiguration Enabled . . . . : Yes

>>>>>

>>>>> IP Address. . . . . . . . . . . . : 192.168.18.140

>>>>>

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0

>>>>>

>>>>> Default Gateway . . . . . . . . . : 192.168.18.6

>>>>>

>>>>> DHCP Server . . . . . . . . . . . : 192.168.18.20

>>>>>

>>>>> DNS Servers . . . . . . . . . . . : 192.168.18.20

>>>>>

>>>>> 192.168.18.21

>>>>>

>>>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

>>>>>

>>>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20

>>>>>

>>>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:

>>>>>

>>>>> Connection-specific DNS Suffix . :

>>>>>

>>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>>>> GigE (NDIS VBD Client)

>>>>>

>>>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

>>>>>

>>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>>

>>>>> Autoconfiguration Enabled . . . . : Yes

>>>>>

>>>>> Autoconfiguration IP Address. . . : 169.254.73.29

>>>>>

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>>>

>>>>> Default Gateway . . . . . . . . . :

>>>>>

>>>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:

>>>>>

>>>>> Connection-specific DNS Suffix . :

>>>>>

>>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II

>>>>> GigE (NDIS VBD Client) #2

>>>>>

>>>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

>>>>>

>>>>> DHCP Enabled. . . . . . . . . . . : Yes

>>>>>

>>>>> Autoconfiguration Enabled . . . . : Yes

>>>>>

>>>>> Autoconfiguration IP Address. . . : 169.254.113.88

>>>>>

>>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0

>>>>>

>>>>> Default Gateway . . . . . . . . . :

>>>>>

>>>>> --------------------------------------------------------

>>>>>

>>>>>> Did you run dcdiag,

>>>>>>

>>>>> Domain Controller Diagnosis

>>>>>

>>>>> Performing initial setup:

>>>>> [server08] Directory Binding Error 1753:

>>>>> Win32 Error 1753

>>>>> This may limit some of the tests that can be performed.

>>>>> Done gathering initial info.

>>>>> Doing initial required tests

>>>>> Testing server: Default-First-Site-Name\SERVER08

>>>>> Starting test: Connectivity

>>>>> The host

>>>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain

>>>>> could not be resolved to an

>>>>> IP address. Check the DNS server, DHCP, server name, etc

>>>>> Although the Guid DNS name

>>>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)

>>>>> couldn't

>>>>> be resolved, the server name (server08.mydomain.com) resolved to

>>>>> the

>>>>>

>>>>> IP address (192.168.18.140) and was pingable. Check that the IP

>>>>>

>>>>> address is registered correctly with the DNS server.

>>>>> ......................... SERVER08 failed test Connectivity Doing

>>>>> primary tests

>>>>>

>>>>> Testing server: Default-First-Site-Name\SERVER08

>>>>> Skipping all tests, because server SERVER08 is

>>>>> not responding to directory service requests

>>>>> Running partition tests on : Schema

>>>>> Starting test: CrossRefValidation

>>>>> ......................... Schema passed test

>>>>> CrossRefValidation

>>>>> Starting test: CheckSDRefDom

>>>>> ......................... Schema passed test CheckSDRefDom

>>>>> Running partition tests on : Configuration

>>>>> Starting test: CrossRefValidation

>>>>> ......................... Configuration passed test

>>>>> CrossRefValidation

>>>>> Starting test: CheckSDRefDom

>>>>> ......................... Configuration passed test

>>>>> CheckSDRefDom

>>>>> Running partition tests on : it

>>>>> Starting test: CrossRefValidation

>>>>> ......................... it passed test CrossRefValidation

>>>>> Starting test: CheckSDRefDom

>>>>> ......................... it passed test CheckSDRefDom

>>>>> Running enterprise tests on : mydomain.com

>>>>> Starting test: Intersite

>>>>> ......................... mydomain.com passed test Intersite

>>>>> Starting test: FsmoCheck

>>>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error

>>>>> 2138

>>>>> A Global Catalog Server could not be located - All GC's are

>>>>> down.

>>>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138

>>>>> A Primary Domain Controller could not be located.

>>>>> The server holding the PDC role is down.

>>>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138

>>>>> A Time Server could not be located.

>>>>> The server holding the PDC role is down.

>>>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,

>>>>> error

>>>>> 2138

>>>>> A Good Time Server could not be located.

>>>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138

>>>>> A KDC could not be located - All the KDCs are down.

>>>>> ......................... mydomain.com failed test FsmoCheck

>>>>> -----------------------------------------------------

>>>>>> netdiag and

>>>>>>

>>>>> this is very long: I attach only the interesting part:

>>>>>

>>>>> Global results:

>>>>>

>>>>> Domain membership test . . . . . . : Passed

>>>>>

>>>>> NetBT transports test. . . . . . . : Failed

>>>>> List of NetBt transports currently configured:

>>>>> [FATAL] Unable to retrieve transport list from Redir.

>>>>> [NERR_WkstaNotStarted]

>>>>> Autonet address test . . . . . . . : Passed

>>>>> IP loopback ping test. . . . . . . : Passed

>>>>>

>>>>> Default gateway test . . . . . . . : Failed

>>>>>

>>>>> [FATAL] NO GATEWAYS ARE REACHABLE.

>>>>> You have no connectivity to other network segments.

>>>>> If you configured the IP protocol manually then

>>>>> you need to add at least one valid gateway.

>>>>> NetBT name test. . . . . . . . . . : Passed

>>>>> [WARNING] You don't have a single interface with the <00>

>>>>> 'WorkStation

>>>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.

>>>>> Winsock test . . . . . . . . . . . : Passed

>>>>> DNS test . . . . . . . . . . . . . : Failed

>>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>>> the

>>>>> name

>>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>>> The name 'server08.mydomain.com.' may not be registered in

>>>>> DNS.

>>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>>> the

>>>>> name

>>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>>> The name 'server08.mydomain.com.' may not be registered in

>>>>> DNS.

>>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>>> the

>>>>> name

>>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>>> The name 'server08mydomain.com.' may not be registered in

>>>>> DNS.

>>>>> [WARNING] Cannot find a primary authoritative DNS server for

>>>>> the

>>>>> name

>>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]

>>>>> The name 'server08.mydomain.com.' may not be registered in

>>>>> DNS.

>>>>> [WARNING] The DNS entries for this DC cannot be verified right

>>>>> now on

>>>>> DNS server 192.168.18.20, ERROR_TIMEOUT.

>>>>> [WARNING] The DNS entries for this DC cannot be verified right

>>>>> now on

>>>>> DNS server 192.168.18.21, ERROR_TIMEOUT.

>>>>> [FATAL] No DNS servers have the DNS records for this DC

>>>>> registered.

>>>>> Redir and Browser test . . . . . . : Passed

>>>>> [FATAL] Workstation service is not running. [FFFFFFFF]

>>>>> DC discovery test. . . . . . . . . : Failed

>>>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.

>>>>> [NERR_NetNotStarted]

>>>>> DC list test . . . . . . . . . . . : Failed

>>>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>>>> Trust relationship test. . . . . . : Skipped

>>>>> Kerberos test. . . . . . . . . . . : Skipped

>>>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].

>>>>> LDAP test. . . . . . . . . . . . . : Failed

>>>>> Cannot find DC to run LDAP tests on. The error occurred was: The

>>>>> workstation driver is not installed.

>>>>> [WARNING] Cannot find DC in domain MYDOMAIN.

>>>>> [NERR_NetNotStarted]

>>>>> Bindings test. . . . . . . . . . . : Passed

>>>>>

>>>>> WAN configuration test . . . . . . : Skipped

>>>>> No active remote access connections.

>>>>> Modem diagnostics test . . . . . . : Failed

>>>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

>>>>> IP Security test . . . . . . . . . : Skipped

>>>>> Note: run "netsh ipsec dynamic show /?" for more detailed

>>>>> information

>>>>>

>>>>> The command completed successfully

>>>>>

>>>>> ------------------------------------------------------ repadmin

>>>>> /showrepl from

>>>>>

>>>>>> the support tools?

>>>>>>

>>>>> repadmin running command /showrepl against server localhost

>>>>>

>>>>> Default-First-Site-Name\SERVER08

>>>>>

>>>>> DC Options: IS_GC

>>>>>

>>>>> Site Options: (none)

>>>>>

>>>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

>>>>>

>>>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a

>>>>>

>>>>> DsBindWithCred to localhost failed with status 1753 (0x6d9):

>>>>>

>>>>> Can't retrieve message string 1753 (0x6d9), error 1815.

>>>>>

>>>>> ---------------------------------------

>>>>>

>>>>> reports seem right, if we think that all core services are down :(

>>>>>

>>>>> thanks

>>>>>

>>>>>> Best regards

>>>>>>

>>>>>> Meinolf Weber

>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,

>>>>>> and

>>>>>> confers no rights.

>>>>>> ** Please do NOT email, only reply to Newsgroups

>>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>>>>>>> Hello,

>>>>>>> I added a Windows 2003 Server to an existing 2000 domain, and

>>>>>>> made

>>>>>>> it

>>>>>>> an

>>>>>>> additional domain controller. All ok, I restarted, I made GC, all

>>>>>>> worked

>>>>>>> fine.

>>>>>>> Then I restarted an other time... boom. Every crytical windows

>>>>>>> services

>>>>>>> don't start more. Only RPC works: others (COM+, network

>>>>>>> connections,

>>>>>>> shell

>>>>>>> hardware detection, etc) don't start.

>>>>>>> It seems as KB933994 describes: the old group policy didn't

>>>>>>> assign

>>>>>>> "impersonate a client after authentication" to Service and

>>>>>>> Network

>>>>>>> accounts,

>>>>>>> so I think that the replicated policy has blocked the 2003

>>>>>>> system.

>>>>>>> Now? I've tried to update policy on the W2003 server, but it

>>>>>>> doesn't

>>>>>>> apply it. When I run a gpupdate, it reports that "there are no

>>>>>>> more

>>>>>>> available endpoints" and it doesn't load changed policy.

>>>>>>> Any idea? Please help.

>>>>>>> thanks

>>>>>>>

>

>

 Share
Go to topic listing
×
×
  • Create New...