Guest Trapulo Posted July 18, 2008 Posted July 18, 2008 Hello, I added a Windows 2003 Server to an existing 2000 domain, and made it an additional domain controller. All ok, I restarted, I made GC, all worked fine. Then I restarted an other time... boom. Every crytical windows services don't start more. Only RPC works: others (COM+, network connections, shell hardware detection, etc) don't start. It seems as KB933994 describes: the old group policy didn't assign "impersonate a client after authentication" to Service and Network accounts, so I think that the replicated policy has blocked the 2003 system. Now? I've tried to update policy on the W2003 server, but it doesn't apply it. When I run a gpupdate, it reports that "there are no more available endpoints" and it doesn't load changed policy. Any idea? Please help. thanks
Guest Meinolf Weber Posted July 18, 2008 Posted July 18, 2008 Re: big trouble with Server - as KB933994 Hello Trapulo, Please post the complete error message. Additional post an unedited ipconfig /all from both DC's. Did you run dcdiag, netdiag and repadmin /showrepl from the support tools? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hello, > I added a Windows 2003 Server to an existing 2000 domain, and made it > an > additional domain controller. All ok, I restarted, I made GC, all > worked > fine. > Then I restarted an other time... boom. Every crytical windows > services > don't start more. Only RPC works: others (COM+, network connections, > shell > hardware detection, etc) don't start. > It seems as KB933994 describes: the old group policy didn't assign > "impersonate a client after authentication" to Service and Network > accounts, > so I think that the replicated policy has blocked the 2003 system. > Now? I've tried to update policy on the W2003 server, but it doesn't > apply it. When I run a gpupdate, it reports that "there are no more > available endpoints" and it doesn't load changed policy. > > Any idea? Please help. > > thanks >
Guest Trapulo Posted July 21, 2008 Posted July 21, 2008 Re: big trouble with Server - as KB933994 "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com... > Hello Trapulo, > > Please post the complete error message. This is the error when I try to run gpupdate: 1053 Windows cannot determine the user or computer name. (There are no more endpoints available from the endpoint mapper. ). Group Policy processing aborted. > Additional post an unedited ipconfig /all from both DC's. This is from the old Win2K controller: Windows 2000 IP Configuration Host Name . . . . . . . . . . . . : server01 Primary DNS Suffix . . . . . . . : mydomain.com Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mydomain.com Ethernet adapter Intel 82544GC Based Network Connection - onboard: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel 82544GC-based XT Eval Gigabit Adapter Physical Address. . . . . . . . . : 00-06-5B-8F-99-78 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.18.20 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.18.6 DNS Servers . . . . . . . . . . . : 192.168.18.20 192.168.18.21 (18.21 is the other W2K domain controller, with same output) This is from the new W2K3 controller that doesn't run: Windows IP Configuration Host Name . . . . . . . . . . . . : server08 Primary Dns Suffix . . . . . . . : mydomain.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mydomain.com Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Loopback Adapter Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.25.129 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}: Connection-specific DNS Suffix . : mydomain.com Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet Physical Address. . . . . . . . . : 00-10-18-33-9A-E4 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.18.140 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.18.6 DHCP Server . . . . . . . . . . . : 192.168.18.20 DNS Servers . . . . . . . . . . . : 192.168.18.20 192.168.18.21 Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20 Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20 Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.73.29 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2 Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.113.88 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : -------------------------------------------------------- > Did you run dcdiag, Domain Controller Diagnosis Performing initial setup: [server08] Directory Binding Error 1753: Win32 Error 1753 This may limit some of the tests that can be performed. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SERVER08 Starting test: Connectivity The host 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) couldn't be resolved, the server name (server08.mydomain.com) resolved to the IP address (192.168.18.140) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... SERVER08 failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SERVER08 Skipping all tests, because server SERVER08 is not responding to directory service requests Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : it Starting test: CrossRefValidation ......................... it passed test CrossRefValidation Starting test: CheckSDRefDom ......................... it passed test CheckSDRefDom Running enterprise tests on : mydomain.com Starting test: Intersite ......................... mydomain.com passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 2138 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138 A Primary Domain Controller could not be located. The server holding the PDC role is down. Warning: DcGetDcName(TIME_SERVER) call failed, error 2138 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 2138 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138 A KDC could not be located - All the KDCs are down. ......................... mydomain.com failed test FsmoCheck ----------------------------------------------------- >netdiag and this is very long: I attach only the interesting part: Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Failed List of NetBt transports currently configured: [FATAL] Unable to retrieve transport list from Redir. [NERR_WkstaNotStarted] Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Failed [FATAL] NO GATEWAYS ARE REACHABLE. You have no connectivity to other network segments. If you configured the IP protocol manually then you need to add at least one valid gateway. NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Failed [WARNING] Cannot find a primary authoritative DNS server for the name 'server08.mydomain.com.'. [ERROR_TIMEOUT] The name 'server08.mydomain.com.' may not be registered in DNS. [WARNING] Cannot find a primary authoritative DNS server for the name 'server08.mydomain.com.'. [ERROR_TIMEOUT] The name 'server08.mydomain.com.' may not be registered in DNS. [WARNING] Cannot find a primary authoritative DNS server for the name 'server08.mydomain.com.'. [ERROR_TIMEOUT] The name 'server08mydomain.com.' may not be registered in DNS. [WARNING] Cannot find a primary authoritative DNS server for the name 'server08.mydomain.com.'. [ERROR_TIMEOUT] The name 'server08.mydomain.com.' may not be registered in DNS. [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.18.20, ERROR_TIMEOUT. [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.18.21, ERROR_TIMEOUT. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed [FATAL] Workstation service is not running. [FFFFFFFF] DC discovery test. . . . . . . . . : Failed [FATAL] Cannot find DC in domain 'MYDOMAIN'. [NERR_NetNotStarted] DC list test . . . . . . . . . . . : Failed 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Skipped 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. LDAP test. . . . . . . . . . . . . : Failed Cannot find DC to run LDAP tests on. The error occurred was: The workstation driver is not installed. [WARNING] Cannot find DC in domain MYDOMAIN. [NERR_NetNotStarted] Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Failed [FATAL] Cannot initialize TAPI. Failed with error(0x80000048). IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully ------------------------------------------------------ repadmin /showrepl from > the support tools? repadmin running command /showrepl against server localhost Default-First-Site-Name\SERVER08 DC Options: IS_GC Site Options: (none) DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005 DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a DsBindWithCred to localhost failed with status 1753 (0x6d9): Can't retrieve message string 1753 (0x6d9), error 1815. --------------------------------------- reports seem right, if we think that all core services are down :( thanks > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> Hello, >> I added a Windows 2003 Server to an existing 2000 domain, and made it >> an >> additional domain controller. All ok, I restarted, I made GC, all >> worked >> fine. >> Then I restarted an other time... boom. Every crytical windows >> services >> don't start more. Only RPC works: others (COM+, network connections, >> shell >> hardware detection, etc) don't start. >> It seems as KB933994 describes: the old group policy didn't assign >> "impersonate a client after authentication" to Service and Network >> accounts, >> so I think that the replicated policy has blocked the 2003 system. >> Now? I've tried to update policy on the W2003 server, but it doesn't >> apply it. When I run a gpupdate, it reports that "there are no more >> available endpoints" and it doesn't load changed policy. >> >> Any idea? Please help. >> >> thanks >> > >
Guest Meinolf Weber Posted July 21, 2008 Posted July 21, 2008 Re: big trouble with Server - as KB933994 Hello Trapulo, On the 2003 disable DHCP and give it a fixed ip address. Additional disable the not used NIC's. Then reboot the server. After that check in all DNS servers that the 2003 server, also all other servers, is listed with the correct ip. Then ping one of the running DC's with ip address, computer name and FQDN(computername.mydomain.com). Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com... > >> Hello Trapulo, >> >> Please post the complete error message. >> > This is the error when I try to run gpupdate: > 1053 > Windows cannot determine the user or computer name. (There are no more > endpoints available from the endpoint mapper. ). Group Policy > processing > aborted. >> Additional post an unedited ipconfig /all from both DC's. >> > This is from the old Win2K controller: > > Windows 2000 IP Configuration > > Host Name . . . . . . . . . . . . : server01 > Primary DNS Suffix . . . . . . . : mydomain.com > Node Type . . . . . . . . . . . . : Broadcast > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : mydomain.com > > Ethernet adapter Intel 82544GC Based Network Connection - onboard: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel 82544GC-based XT Eval > Gigabit > Adapter > Physical Address. . . . . . . . . : 00-06-5B-8F-99-78 > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.18.20 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.18.6 > > DNS Servers . . . . . . . . . . . : 192.168.18.20 > 192.168.18.21 > (18.21 is the other W2K domain controller, with same output) > > This is from the new W2K3 controller that doesn't run: > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : server08 > > Primary Dns Suffix . . . . . . . : mydomain.com > > Node Type . . . . . . . . . . . . : Unknown > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : mydomain.com > > Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}: > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Microsoft Loopback Adapter > > Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 > > DHCP Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : Yes > > Autoconfiguration IP Address. . . : 169.254.25.129 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : > > Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}: > > Connection-specific DNS Suffix . : mydomain.com > > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit > Ethernet > > Physical Address. . . . . . . . . : 00-10-18-33-9A-E4 > > DHCP Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : Yes > > IP Address. . . . . . . . . . . . : 192.168.18.140 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.18.6 > > DHCP Server . . . . . . . . . . . : 192.168.18.20 > > DNS Servers . . . . . . . . . . . : 192.168.18.20 > > 192.168.18.21 > > Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20 > > Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20 > > Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}: > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II > GigE (NDIS VBD Client) > > Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB > > DHCP Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : Yes > > Autoconfiguration IP Address. . . : 169.254.73.29 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : > > Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}: > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II > GigE (NDIS VBD Client) #2 > > Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD > > DHCP Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : Yes > > Autoconfiguration IP Address. . . : 169.254.113.88 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : > > -------------------------------------------------------- > >> Did you run dcdiag, >> > Domain Controller Diagnosis > > Performing initial setup: > [server08] Directory Binding Error 1753: > Win32 Error 1753 > This may limit some of the tests that can be performed. > Done gathering initial info. > Doing initial required tests > > Testing server: Default-First-Site-Name\SERVER08 > Starting test: Connectivity > The host > 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain > could not be resolved to an > IP address. Check the DNS server, DHCP, server name, etc > Although the Guid DNS name > (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) > couldn't > > be resolved, the server name (server08.mydomain.com) resolved > to the > > IP address (192.168.18.140) and was pingable. Check that the > IP > > address is registered correctly with the DNS server. > ......................... SERVER08 failed test Connectivity > Doing primary tests > > Testing server: Default-First-Site-Name\SERVER08 > Skipping all tests, because server SERVER08 is > not responding to directory service requests > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test > CheckSDRefDom > Running partition tests on : it > Starting test: CrossRefValidation > ......................... it passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... it passed test CheckSDRefDom > Running enterprise tests on : mydomain.com > Starting test: Intersite > ......................... mydomain.com passed test Intersite > Starting test: FsmoCheck > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error > 2138 > A Global Catalog Server could not be located - All GC's are > down. > Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138 > A Primary Domain Controller could not be located. > The server holding the PDC role is down. > Warning: DcGetDcName(TIME_SERVER) call failed, error 2138 > A Time Server could not be located. > The server holding the PDC role is down. > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, > error > 2138 > A Good Time Server could not be located. > Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138 > A KDC could not be located - All the KDCs are down. > ......................... mydomain.com failed test FsmoCheck > ----------------------------------------------------- > >> netdiag and >> > this is very long: I attach only the interesting part: > > Global results: > > Domain membership test . . . . . . : Passed > > NetBT transports test. . . . . . . : Failed > List of NetBt transports currently configured: > [FATAL] Unable to retrieve transport list from Redir. > [NERR_WkstaNotStarted] > Autonet address test . . . . . . . : Passed > > IP loopback ping test. . . . . . . : Passed > > Default gateway test . . . . . . . : Failed > > [FATAL] NO GATEWAYS ARE REACHABLE. > You have no connectivity to other network segments. > If you configured the IP protocol manually then > you need to add at least one valid gateway. > NetBT name test. . . . . . . . . . : Passed > [WARNING] You don't have a single interface with the <00> > 'WorkStation > Service', <03> 'Messenger Service', <20> 'WINS' names defined. > Winsock test . . . . . . . . . . . : Passed > > DNS test . . . . . . . . . . . . . : Failed > [WARNING] Cannot find a primary authoritative DNS server for > the > name > 'server08.mydomain.com.'. [ERROR_TIMEOUT] > The name 'server08.mydomain.com.' may not be registered in > DNS. > [WARNING] Cannot find a primary authoritative DNS server for > the > name > 'server08.mydomain.com.'. [ERROR_TIMEOUT] > The name 'server08.mydomain.com.' may not be registered in > DNS. > [WARNING] Cannot find a primary authoritative DNS server for > the > name > 'server08.mydomain.com.'. [ERROR_TIMEOUT] > The name 'server08mydomain.com.' may not be registered in > DNS. > [WARNING] Cannot find a primary authoritative DNS server for > the > name > 'server08.mydomain.com.'. [ERROR_TIMEOUT] > The name 'server08.mydomain.com.' may not be registered in > DNS. > [WARNING] The DNS entries for this DC cannot be verified right > now on > DNS server 192.168.18.20, ERROR_TIMEOUT. > [WARNING] The DNS entries for this DC cannot be verified right > now on > DNS server 192.168.18.21, ERROR_TIMEOUT. > [FATAL] No DNS servers have the DNS records for this DC > registered. > Redir and Browser test . . . . . . : Passed > [FATAL] Workstation service is not running. [FFFFFFFF] > DC discovery test. . . . . . . . . : Failed > [FATAL] Cannot find DC in domain 'MYDOMAIN'. > [NERR_NetNotStarted] > DC list test . . . . . . . . . . . : Failed > 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. > Trust relationship test. . . . . . : Skipped > > Kerberos test. . . . . . . . . . . : Skipped > 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. > LDAP test. . . . . . . . . . . . . : Failed > Cannot find DC to run LDAP tests on. The error occurred was: The > workstation driver is not installed. > [WARNING] Cannot find DC in domain MYDOMAIN. > [NERR_NetNotStarted] > > Bindings test. . . . . . . . . . . : Passed > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > Modem diagnostics test . . . . . . : Failed > [FATAL] Cannot initialize TAPI. Failed with error(0x80000048). > IP Security test . . . . . . . . . : Skipped > > Note: run "netsh ipsec dynamic show /?" for more detailed > information > > The command completed successfully > > ------------------------------------------------------ repadmin > /showrepl from > >> the support tools? >> > repadmin running command /showrepl against server localhost > > Default-First-Site-Name\SERVER08 > > DC Options: IS_GC > > Site Options: (none) > > DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005 > > DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a > > DsBindWithCred to localhost failed with status 1753 (0x6d9): > > Can't retrieve message string 1753 (0x6d9), error 1815. > > --------------------------------------- > > reports seem right, if we think that all core services are down :( > > thanks > >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Hello, >>> I added a Windows 2003 Server to an existing 2000 domain, and made >>> it >>> an >>> additional domain controller. All ok, I restarted, I made GC, all >>> worked >>> fine. >>> Then I restarted an other time... boom. Every crytical windows >>> services >>> don't start more. Only RPC works: others (COM+, network connections, >>> shell >>> hardware detection, etc) don't start. >>> It seems as KB933994 describes: the old group policy didn't assign >>> "impersonate a client after authentication" to Service and Network >>> accounts, >>> so I think that the replicated policy has blocked the 2003 system. >>> Now? I've tried to update policy on the W2003 server, but it doesn't >>> apply it. When I run a gpupdate, it reports that "there are no more >>> available endpoints" and it doesn't load changed policy. >>> Any idea? Please help. >>> >>> thanks >>>
Guest Trapulo Posted July 21, 2008 Posted July 21, 2008 Re: big trouble with Server - as KB933994 I solved with Morgan's suggestion. Thanks anyway! "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com... > Hello Trapulo, > > On the 2003 disable DHCP and give it a fixed ip address. Additional > disable the not used NIC's. Then reboot the server. After that check in > all DNS servers that the 2003 server, also all other servers, is listed > with the correct ip. Then ping one of the running DC's with ip address, > computer name and FQDN(computername.mydomain.com). > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com... >> >>> Hello Trapulo, >>> >>> Please post the complete error message. >>> >> This is the error when I try to run gpupdate: >> 1053 >> Windows cannot determine the user or computer name. (There are no more >> endpoints available from the endpoint mapper. ). Group Policy >> processing >> aborted. >>> Additional post an unedited ipconfig /all from both DC's. >>> >> This is from the old Win2K controller: >> >> Windows 2000 IP Configuration >> >> Host Name . . . . . . . . . . . . : server01 >> Primary DNS Suffix . . . . . . . : mydomain.com >> Node Type . . . . . . . . . . . . : Broadcast >> IP Routing Enabled. . . . . . . . : No >> >> WINS Proxy Enabled. . . . . . . . : No >> >> DNS Suffix Search List. . . . . . : mydomain.com >> >> Ethernet adapter Intel 82544GC Based Network Connection - onboard: >> >> Connection-specific DNS Suffix . : >> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval >> Gigabit >> Adapter >> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78 >> DHCP Enabled. . . . . . . . . . . : No >> >> IP Address. . . . . . . . . . . . : 192.168.18.20 >> >> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >> >> Default Gateway . . . . . . . . . : 192.168.18.6 >> >> DNS Servers . . . . . . . . . . . : 192.168.18.20 >> 192.168.18.21 >> (18.21 is the other W2K domain controller, with same output) >> >> This is from the new W2K3 controller that doesn't run: >> >> Windows IP Configuration >> >> Host Name . . . . . . . . . . . . : server08 >> >> Primary Dns Suffix . . . . . . . : mydomain.com >> >> Node Type . . . . . . . . . . . . : Unknown >> >> IP Routing Enabled. . . . . . . . : No >> >> WINS Proxy Enabled. . . . . . . . : No >> >> DNS Suffix Search List. . . . . . : mydomain.com >> >> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}: >> >> Connection-specific DNS Suffix . : >> >> Description . . . . . . . . . . . : Microsoft Loopback Adapter >> >> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 >> >> DHCP Enabled. . . . . . . . . . . : Yes >> >> Autoconfiguration Enabled . . . . : Yes >> >> Autoconfiguration IP Address. . . : 169.254.25.129 >> >> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >> >> Default Gateway . . . . . . . . . : >> >> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}: >> >> Connection-specific DNS Suffix . : mydomain.com >> >> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit >> Ethernet >> >> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4 >> >> DHCP Enabled. . . . . . . . . . . : Yes >> >> Autoconfiguration Enabled . . . . : Yes >> >> IP Address. . . . . . . . . . . . : 192.168.18.140 >> >> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >> >> Default Gateway . . . . . . . . . : 192.168.18.6 >> >> DHCP Server . . . . . . . . . . . : 192.168.18.20 >> >> DNS Servers . . . . . . . . . . . : 192.168.18.20 >> >> 192.168.18.21 >> >> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20 >> >> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20 >> >> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}: >> >> Connection-specific DNS Suffix . : >> >> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >> GigE (NDIS VBD Client) >> >> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB >> >> DHCP Enabled. . . . . . . . . . . : Yes >> >> Autoconfiguration Enabled . . . . : Yes >> >> Autoconfiguration IP Address. . . : 169.254.73.29 >> >> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >> >> Default Gateway . . . . . . . . . : >> >> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}: >> >> Connection-specific DNS Suffix . : >> >> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >> GigE (NDIS VBD Client) #2 >> >> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD >> >> DHCP Enabled. . . . . . . . . . . : Yes >> >> Autoconfiguration Enabled . . . . : Yes >> >> Autoconfiguration IP Address. . . : 169.254.113.88 >> >> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >> >> Default Gateway . . . . . . . . . : >> >> -------------------------------------------------------- >> >>> Did you run dcdiag, >>> >> Domain Controller Diagnosis >> >> Performing initial setup: >> [server08] Directory Binding Error 1753: >> Win32 Error 1753 >> This may limit some of the tests that can be performed. >> Done gathering initial info. >> Doing initial required tests >> >> Testing server: Default-First-Site-Name\SERVER08 >> Starting test: Connectivity >> The host >> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain >> could not be resolved to an >> IP address. Check the DNS server, DHCP, server name, etc >> Although the Guid DNS name >> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) >> couldn't >> >> be resolved, the server name (server08.mydomain.com) resolved >> to the >> >> IP address (192.168.18.140) and was pingable. Check that the >> IP >> >> address is registered correctly with the DNS server. >> ......................... SERVER08 failed test Connectivity >> Doing primary tests >> >> Testing server: Default-First-Site-Name\SERVER08 >> Skipping all tests, because server SERVER08 is >> not responding to directory service requests >> Running partition tests on : Schema >> Starting test: CrossRefValidation >> ......................... Schema passed test >> CrossRefValidation >> Starting test: CheckSDRefDom >> ......................... Schema passed test CheckSDRefDom >> Running partition tests on : Configuration >> Starting test: CrossRefValidation >> ......................... Configuration passed test >> CrossRefValidation >> Starting test: CheckSDRefDom >> ......................... Configuration passed test >> CheckSDRefDom >> Running partition tests on : it >> Starting test: CrossRefValidation >> ......................... it passed test CrossRefValidation >> Starting test: CheckSDRefDom >> ......................... it passed test CheckSDRefDom >> Running enterprise tests on : mydomain.com >> Starting test: Intersite >> ......................... mydomain.com passed test Intersite >> Starting test: FsmoCheck >> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >> 2138 >> A Global Catalog Server could not be located - All GC's are >> down. >> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138 >> A Primary Domain Controller could not be located. >> The server holding the PDC role is down. >> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138 >> A Time Server could not be located. >> The server holding the PDC role is down. >> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, >> error >> 2138 >> A Good Time Server could not be located. >> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138 >> A KDC could not be located - All the KDCs are down. >> ......................... mydomain.com failed test FsmoCheck >> ----------------------------------------------------- >> >>> netdiag and >>> >> this is very long: I attach only the interesting part: >> >> Global results: >> >> Domain membership test . . . . . . : Passed >> >> NetBT transports test. . . . . . . : Failed >> List of NetBt transports currently configured: >> [FATAL] Unable to retrieve transport list from Redir. >> [NERR_WkstaNotStarted] >> Autonet address test . . . . . . . : Passed >> >> IP loopback ping test. . . . . . . : Passed >> >> Default gateway test . . . . . . . : Failed >> >> [FATAL] NO GATEWAYS ARE REACHABLE. >> You have no connectivity to other network segments. >> If you configured the IP protocol manually then >> you need to add at least one valid gateway. >> NetBT name test. . . . . . . . . . : Passed >> [WARNING] You don't have a single interface with the <00> >> 'WorkStation >> Service', <03> 'Messenger Service', <20> 'WINS' names defined. >> Winsock test . . . . . . . . . . . : Passed >> >> DNS test . . . . . . . . . . . . . : Failed >> [WARNING] Cannot find a primary authoritative DNS server for >> the >> name >> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >> The name 'server08.mydomain.com.' may not be registered in >> DNS. >> [WARNING] Cannot find a primary authoritative DNS server for >> the >> name >> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >> The name 'server08.mydomain.com.' may not be registered in >> DNS. >> [WARNING] Cannot find a primary authoritative DNS server for >> the >> name >> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >> The name 'server08mydomain.com.' may not be registered in >> DNS. >> [WARNING] Cannot find a primary authoritative DNS server for >> the >> name >> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >> The name 'server08.mydomain.com.' may not be registered in >> DNS. >> [WARNING] The DNS entries for this DC cannot be verified right >> now on >> DNS server 192.168.18.20, ERROR_TIMEOUT. >> [WARNING] The DNS entries for this DC cannot be verified right >> now on >> DNS server 192.168.18.21, ERROR_TIMEOUT. >> [FATAL] No DNS servers have the DNS records for this DC >> registered. >> Redir and Browser test . . . . . . : Passed >> [FATAL] Workstation service is not running. [FFFFFFFF] >> DC discovery test. . . . . . . . . : Failed >> [FATAL] Cannot find DC in domain 'MYDOMAIN'. >> [NERR_NetNotStarted] >> DC list test . . . . . . . . . . . : Failed >> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >> Trust relationship test. . . . . . : Skipped >> >> Kerberos test. . . . . . . . . . . : Skipped >> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >> LDAP test. . . . . . . . . . . . . : Failed >> Cannot find DC to run LDAP tests on. The error occurred was: The >> workstation driver is not installed. >> [WARNING] Cannot find DC in domain MYDOMAIN. >> [NERR_NetNotStarted] >> >> Bindings test. . . . . . . . . . . : Passed >> >> WAN configuration test . . . . . . : Skipped >> No active remote access connections. >> Modem diagnostics test . . . . . . : Failed >> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048). >> IP Security test . . . . . . . . . : Skipped >> >> Note: run "netsh ipsec dynamic show /?" for more detailed >> information >> >> The command completed successfully >> >> ------------------------------------------------------ repadmin >> /showrepl from >> >>> the support tools? >>> >> repadmin running command /showrepl against server localhost >> >> Default-First-Site-Name\SERVER08 >> >> DC Options: IS_GC >> >> Site Options: (none) >> >> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005 >> >> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a >> >> DsBindWithCred to localhost failed with status 1753 (0x6d9): >> >> Can't retrieve message string 1753 (0x6d9), error 1815. >> >> --------------------------------------- >> >> reports seem right, if we think that all core services are down :( >> >> thanks >> >>> Best regards >>> >>> Meinolf Weber >>> Disclaimer: This posting is provided "AS IS" with no warranties, and >>> confers no rights. >>> ** Please do NOT email, only reply to Newsgroups >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>> Hello, >>>> I added a Windows 2003 Server to an existing 2000 domain, and made >>>> it >>>> an >>>> additional domain controller. All ok, I restarted, I made GC, all >>>> worked >>>> fine. >>>> Then I restarted an other time... boom. Every crytical windows >>>> services >>>> don't start more. Only RPC works: others (COM+, network connections, >>>> shell >>>> hardware detection, etc) don't start. >>>> It seems as KB933994 describes: the old group policy didn't assign >>>> "impersonate a client after authentication" to Service and Network >>>> accounts, >>>> so I think that the replicated policy has blocked the 2003 system. >>>> Now? I've tried to update policy on the W2003 server, but it doesn't >>>> apply it. When I run a gpupdate, it reports that "there are no more >>>> available endpoints" and it doesn't load changed policy. >>>> Any idea? Please help. >>>> >>>> thanks >>>> > >
Guest Meinolf Weber Posted July 21, 2008 Posted July 21, 2008 Re: big trouble with Server - as KB933994 Hello Trapulo, Thanks for the feedback. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I solved with Morgan's suggestion. > > Thanks anyway! > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com... > >> Hello Trapulo, >> >> On the 2003 disable DHCP and give it a fixed ip address. Additional >> disable the not used NIC's. Then reboot the server. After that check >> in all DNS servers that the 2003 server, also all other servers, is >> listed with the correct ip. Then ping one of the running DC's with ip >> address, computer name and FQDN(computername.mydomain.com). >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com... >>> >>>> Hello Trapulo, >>>> >>>> Please post the complete error message. >>>> >>> This is the error when I try to run gpupdate: >>> 1053 >>> Windows cannot determine the user or computer name. (There are no >>> more >>> endpoints available from the endpoint mapper. ). Group Policy >>> processing >>> aborted. >>>> Additional post an unedited ipconfig /all from both DC's. >>>> >>> This is from the old Win2K controller: >>> >>> Windows 2000 IP Configuration >>> >>> Host Name . . . . . . . . . . . . : server01 >>> Primary DNS Suffix . . . . . . . : mydomain.com >>> Node Type . . . . . . . . . . . . : Broadcast >>> IP Routing Enabled. . . . . . . . : No >>> WINS Proxy Enabled. . . . . . . . : No >>> >>> DNS Suffix Search List. . . . . . : mydomain.com >>> >>> Ethernet adapter Intel 82544GC Based Network Connection - onboard: >>> >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval >>> Gigabit >>> Adapter >>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78 >>> DHCP Enabled. . . . . . . . . . . : No >>> IP Address. . . . . . . . . . . . : 192.168.18.20 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> >>> Default Gateway . . . . . . . . . : 192.168.18.6 >>> >>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>> 192.168.18.21 >>> (18.21 is the other W2K domain controller, with same output) >>> This is from the new W2K3 controller that doesn't run: >>> >>> Windows IP Configuration >>> >>> Host Name . . . . . . . . . . . . : server08 >>> >>> Primary Dns Suffix . . . . . . . : mydomain.com >>> >>> Node Type . . . . . . . . . . . . : Unknown >>> >>> IP Routing Enabled. . . . . . . . : No >>> >>> WINS Proxy Enabled. . . . . . . . : No >>> >>> DNS Suffix Search List. . . . . . : mydomain.com >>> >>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}: >>> >>> Connection-specific DNS Suffix . : >>> >>> Description . . . . . . . . . . . : Microsoft Loopback Adapter >>> >>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> Autoconfiguration IP Address. . . : 169.254.25.129 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>> >>> Default Gateway . . . . . . . . . : >>> >>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}: >>> >>> Connection-specific DNS Suffix . : mydomain.com >>> >>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit >>> Ethernet >>> >>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4 >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> IP Address. . . . . . . . . . . . : 192.168.18.140 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> >>> Default Gateway . . . . . . . . . : 192.168.18.6 >>> >>> DHCP Server . . . . . . . . . . . : 192.168.18.20 >>> >>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>> >>> 192.168.18.21 >>> >>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20 >>> >>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20 >>> >>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}: >>> >>> Connection-specific DNS Suffix . : >>> >>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>> GigE (NDIS VBD Client) >>> >>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> Autoconfiguration IP Address. . . : 169.254.73.29 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>> >>> Default Gateway . . . . . . . . . : >>> >>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}: >>> >>> Connection-specific DNS Suffix . : >>> >>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>> GigE (NDIS VBD Client) #2 >>> >>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> Autoconfiguration IP Address. . . : 169.254.113.88 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>> >>> Default Gateway . . . . . . . . . : >>> >>> -------------------------------------------------------- >>> >>>> Did you run dcdiag, >>>> >>> Domain Controller Diagnosis >>> >>> Performing initial setup: >>> [server08] Directory Binding Error 1753: >>> Win32 Error 1753 >>> This may limit some of the tests that can be performed. >>> Done gathering initial info. >>> Doing initial required tests >>> Testing server: Default-First-Site-Name\SERVER08 >>> Starting test: Connectivity >>> The host >>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain >>> could not be resolved to an >>> IP address. Check the DNS server, DHCP, server name, etc >>> Although the Guid DNS name >>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) >>> couldn't >>> be resolved, the server name (server08.mydomain.com) resolved to the >>> >>> IP address (192.168.18.140) and was pingable. Check that the IP >>> >>> address is registered correctly with the DNS server. >>> ......................... SERVER08 failed test Connectivity Doing >>> primary tests >>> >>> Testing server: Default-First-Site-Name\SERVER08 >>> Skipping all tests, because server SERVER08 is >>> not responding to directory service requests >>> Running partition tests on : Schema >>> Starting test: CrossRefValidation >>> ......................... Schema passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Schema passed test CheckSDRefDom >>> Running partition tests on : Configuration >>> Starting test: CrossRefValidation >>> ......................... Configuration passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Configuration passed test >>> CheckSDRefDom >>> Running partition tests on : it >>> Starting test: CrossRefValidation >>> ......................... it passed test CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... it passed test CheckSDRefDom >>> Running enterprise tests on : mydomain.com >>> Starting test: Intersite >>> ......................... mydomain.com passed test Intersite >>> Starting test: FsmoCheck >>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >>> 2138 >>> A Global Catalog Server could not be located - All GC's are >>> down. >>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138 >>> A Primary Domain Controller could not be located. >>> The server holding the PDC role is down. >>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138 >>> A Time Server could not be located. >>> The server holding the PDC role is down. >>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, >>> error >>> 2138 >>> A Good Time Server could not be located. >>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138 >>> A KDC could not be located - All the KDCs are down. >>> ......................... mydomain.com failed test FsmoCheck >>> ----------------------------------------------------- >>>> netdiag and >>>> >>> this is very long: I attach only the interesting part: >>> >>> Global results: >>> >>> Domain membership test . . . . . . : Passed >>> >>> NetBT transports test. . . . . . . : Failed >>> List of NetBt transports currently configured: >>> [FATAL] Unable to retrieve transport list from Redir. >>> [NERR_WkstaNotStarted] >>> Autonet address test . . . . . . . : Passed >>> IP loopback ping test. . . . . . . : Passed >>> >>> Default gateway test . . . . . . . : Failed >>> >>> [FATAL] NO GATEWAYS ARE REACHABLE. >>> You have no connectivity to other network segments. >>> If you configured the IP protocol manually then >>> you need to add at least one valid gateway. >>> NetBT name test. . . . . . . . . . : Passed >>> [WARNING] You don't have a single interface with the <00> >>> 'WorkStation >>> Service', <03> 'Messenger Service', <20> 'WINS' names defined. >>> Winsock test . . . . . . . . . . . : Passed >>> DNS test . . . . . . . . . . . . . : Failed >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08.mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08.mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08.mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] The DNS entries for this DC cannot be verified right >>> now on >>> DNS server 192.168.18.20, ERROR_TIMEOUT. >>> [WARNING] The DNS entries for this DC cannot be verified right >>> now on >>> DNS server 192.168.18.21, ERROR_TIMEOUT. >>> [FATAL] No DNS servers have the DNS records for this DC >>> registered. >>> Redir and Browser test . . . . . . : Passed >>> [FATAL] Workstation service is not running. [FFFFFFFF] >>> DC discovery test. . . . . . . . . : Failed >>> [FATAL] Cannot find DC in domain 'MYDOMAIN'. >>> [NERR_NetNotStarted] >>> DC list test . . . . . . . . . . . : Failed >>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>> Trust relationship test. . . . . . : Skipped >>> Kerberos test. . . . . . . . . . . : Skipped >>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>> LDAP test. . . . . . . . . . . . . : Failed >>> Cannot find DC to run LDAP tests on. The error occurred was: The >>> workstation driver is not installed. >>> [WARNING] Cannot find DC in domain MYDOMAIN. >>> [NERR_NetNotStarted] >>> Bindings test. . . . . . . . . . . : Passed >>> >>> WAN configuration test . . . . . . : Skipped >>> No active remote access connections. >>> Modem diagnostics test . . . . . . : Failed >>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048). >>> IP Security test . . . . . . . . . : Skipped >>> Note: run "netsh ipsec dynamic show /?" for more detailed >>> information >>> >>> The command completed successfully >>> >>> ------------------------------------------------------ repadmin >>> /showrepl from >>> >>>> the support tools? >>>> >>> repadmin running command /showrepl against server localhost >>> >>> Default-First-Site-Name\SERVER08 >>> >>> DC Options: IS_GC >>> >>> Site Options: (none) >>> >>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005 >>> >>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a >>> >>> DsBindWithCred to localhost failed with status 1753 (0x6d9): >>> >>> Can't retrieve message string 1753 (0x6d9), error 1815. >>> >>> --------------------------------------- >>> >>> reports seem right, if we think that all core services are down :( >>> >>> thanks >>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>>> confers no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> Hello, >>>>> I added a Windows 2003 Server to an existing 2000 domain, and made >>>>> it >>>>> an >>>>> additional domain controller. All ok, I restarted, I made GC, all >>>>> worked >>>>> fine. >>>>> Then I restarted an other time... boom. Every crytical windows >>>>> services >>>>> don't start more. Only RPC works: others (COM+, network >>>>> connections, >>>>> shell >>>>> hardware detection, etc) don't start. >>>>> It seems as KB933994 describes: the old group policy didn't assign >>>>> "impersonate a client after authentication" to Service and Network >>>>> accounts, >>>>> so I think that the replicated policy has blocked the 2003 system. >>>>> Now? I've tried to update policy on the W2003 server, but it >>>>> doesn't >>>>> apply it. When I run a gpupdate, it reports that "there are no >>>>> more >>>>> available endpoints" and it doesn't load changed policy. >>>>> Any idea? Please help. >>>>> thanks >>>>>
Guest Hank Arnold (MVP) Posted July 22, 2008 Posted July 22, 2008 Re: big trouble with Server - as KB933994 Who is Morgan and what was his "fix"? I don't see any posting in the thread from him. Were you talking about Meinolf? -- Regards, Hank Arnold Microsoft MVP Windows Server - Directory Services Trapulo wrote: > I solved with Morgan's suggestion. > > Thanks anyway! > > > "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message > news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com... >> Hello Trapulo, >> >> On the 2003 disable DHCP and give it a fixed ip address. Additional >> disable the not used NIC's. Then reboot the server. After that check >> in all DNS servers that the 2003 server, also all other servers, is >> listed with the correct ip. Then ping one of the running DC's with ip >> address, computer name and FQDN(computername.mydomain.com). >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >> >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com... >>> >>>> Hello Trapulo, >>>> >>>> Please post the complete error message. >>>> >>> This is the error when I try to run gpupdate: >>> 1053 >>> Windows cannot determine the user or computer name. (There are no more >>> endpoints available from the endpoint mapper. ). Group Policy >>> processing >>> aborted. >>>> Additional post an unedited ipconfig /all from both DC's. >>>> >>> This is from the old Win2K controller: >>> >>> Windows 2000 IP Configuration >>> >>> Host Name . . . . . . . . . . . . : server01 >>> Primary DNS Suffix . . . . . . . : mydomain.com >>> Node Type . . . . . . . . . . . . : Broadcast >>> IP Routing Enabled. . . . . . . . : No >>> >>> WINS Proxy Enabled. . . . . . . . : No >>> >>> DNS Suffix Search List. . . . . . : mydomain.com >>> >>> Ethernet adapter Intel 82544GC Based Network Connection - onboard: >>> >>> Connection-specific DNS Suffix . : >>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval >>> Gigabit >>> Adapter >>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78 >>> DHCP Enabled. . . . . . . . . . . : No >>> >>> IP Address. . . . . . . . . . . . : 192.168.18.20 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> >>> Default Gateway . . . . . . . . . : 192.168.18.6 >>> >>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>> 192.168.18.21 >>> (18.21 is the other W2K domain controller, with same output) >>> >>> This is from the new W2K3 controller that doesn't run: >>> >>> Windows IP Configuration >>> >>> Host Name . . . . . . . . . . . . : server08 >>> >>> Primary Dns Suffix . . . . . . . : mydomain.com >>> >>> Node Type . . . . . . . . . . . . : Unknown >>> >>> IP Routing Enabled. . . . . . . . : No >>> >>> WINS Proxy Enabled. . . . . . . . : No >>> >>> DNS Suffix Search List. . . . . . : mydomain.com >>> >>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}: >>> >>> Connection-specific DNS Suffix . : >>> >>> Description . . . . . . . . . . . : Microsoft Loopback Adapter >>> >>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> Autoconfiguration IP Address. . . : 169.254.25.129 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>> >>> Default Gateway . . . . . . . . . : >>> >>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}: >>> >>> Connection-specific DNS Suffix . : mydomain.com >>> >>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit >>> Ethernet >>> >>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4 >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> IP Address. . . . . . . . . . . . : 192.168.18.140 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>> >>> Default Gateway . . . . . . . . . : 192.168.18.6 >>> >>> DHCP Server . . . . . . . . . . . : 192.168.18.20 >>> >>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>> >>> 192.168.18.21 >>> >>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20 >>> >>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20 >>> >>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}: >>> >>> Connection-specific DNS Suffix . : >>> >>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>> GigE (NDIS VBD Client) >>> >>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> Autoconfiguration IP Address. . . : 169.254.73.29 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>> >>> Default Gateway . . . . . . . . . : >>> >>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}: >>> >>> Connection-specific DNS Suffix . : >>> >>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>> GigE (NDIS VBD Client) #2 >>> >>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD >>> >>> DHCP Enabled. . . . . . . . . . . : Yes >>> >>> Autoconfiguration Enabled . . . . : Yes >>> >>> Autoconfiguration IP Address. . . : 169.254.113.88 >>> >>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>> >>> Default Gateway . . . . . . . . . : >>> >>> -------------------------------------------------------- >>> >>>> Did you run dcdiag, >>>> >>> Domain Controller Diagnosis >>> >>> Performing initial setup: >>> [server08] Directory Binding Error 1753: >>> Win32 Error 1753 >>> This may limit some of the tests that can be performed. >>> Done gathering initial info. >>> Doing initial required tests >>> >>> Testing server: Default-First-Site-Name\SERVER08 >>> Starting test: Connectivity >>> The host >>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain >>> could not be resolved to an >>> IP address. Check the DNS server, DHCP, server name, etc >>> Although the Guid DNS name >>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) >>> couldn't >>> >>> be resolved, the server name (server08.mydomain.com) resolved >>> to the >>> >>> IP address (192.168.18.140) and was pingable. Check that the >>> IP >>> >>> address is registered correctly with the DNS server. >>> ......................... SERVER08 failed test Connectivity >>> Doing primary tests >>> >>> Testing server: Default-First-Site-Name\SERVER08 >>> Skipping all tests, because server SERVER08 is >>> not responding to directory service requests >>> Running partition tests on : Schema >>> Starting test: CrossRefValidation >>> ......................... Schema passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Schema passed test CheckSDRefDom >>> Running partition tests on : Configuration >>> Starting test: CrossRefValidation >>> ......................... Configuration passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Configuration passed test >>> CheckSDRefDom >>> Running partition tests on : it >>> Starting test: CrossRefValidation >>> ......................... it passed test CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... it passed test CheckSDRefDom >>> Running enterprise tests on : mydomain.com >>> Starting test: Intersite >>> ......................... mydomain.com passed test Intersite >>> Starting test: FsmoCheck >>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >>> 2138 >>> A Global Catalog Server could not be located - All GC's are >>> down. >>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138 >>> A Primary Domain Controller could not be located. >>> The server holding the PDC role is down. >>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138 >>> A Time Server could not be located. >>> The server holding the PDC role is down. >>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, >>> error >>> 2138 >>> A Good Time Server could not be located. >>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138 >>> A KDC could not be located - All the KDCs are down. >>> ......................... mydomain.com failed test FsmoCheck >>> ----------------------------------------------------- >>> >>>> netdiag and >>>> >>> this is very long: I attach only the interesting part: >>> >>> Global results: >>> >>> Domain membership test . . . . . . : Passed >>> >>> NetBT transports test. . . . . . . : Failed >>> List of NetBt transports currently configured: >>> [FATAL] Unable to retrieve transport list from Redir. >>> [NERR_WkstaNotStarted] >>> Autonet address test . . . . . . . : Passed >>> >>> IP loopback ping test. . . . . . . : Passed >>> >>> Default gateway test . . . . . . . : Failed >>> >>> [FATAL] NO GATEWAYS ARE REACHABLE. >>> You have no connectivity to other network segments. >>> If you configured the IP protocol manually then >>> you need to add at least one valid gateway. >>> NetBT name test. . . . . . . . . . : Passed >>> [WARNING] You don't have a single interface with the <00> >>> 'WorkStation >>> Service', <03> 'Messenger Service', <20> 'WINS' names defined. >>> Winsock test . . . . . . . . . . . : Passed >>> >>> DNS test . . . . . . . . . . . . . : Failed >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08.mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08.mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>> The name 'server08.mydomain.com.' may not be registered in >>> DNS. >>> [WARNING] The DNS entries for this DC cannot be verified right >>> now on >>> DNS server 192.168.18.20, ERROR_TIMEOUT. >>> [WARNING] The DNS entries for this DC cannot be verified right >>> now on >>> DNS server 192.168.18.21, ERROR_TIMEOUT. >>> [FATAL] No DNS servers have the DNS records for this DC >>> registered. >>> Redir and Browser test . . . . . . : Passed >>> [FATAL] Workstation service is not running. [FFFFFFFF] >>> DC discovery test. . . . . . . . . : Failed >>> [FATAL] Cannot find DC in domain 'MYDOMAIN'. >>> [NERR_NetNotStarted] >>> DC list test . . . . . . . . . . . : Failed >>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>> Trust relationship test. . . . . . : Skipped >>> >>> Kerberos test. . . . . . . . . . . : Skipped >>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>> LDAP test. . . . . . . . . . . . . : Failed >>> Cannot find DC to run LDAP tests on. The error occurred was: The >>> workstation driver is not installed. >>> [WARNING] Cannot find DC in domain MYDOMAIN. >>> [NERR_NetNotStarted] >>> >>> Bindings test. . . . . . . . . . . : Passed >>> >>> WAN configuration test . . . . . . : Skipped >>> No active remote access connections. >>> Modem diagnostics test . . . . . . : Failed >>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048). >>> IP Security test . . . . . . . . . : Skipped >>> >>> Note: run "netsh ipsec dynamic show /?" for more detailed >>> information >>> >>> The command completed successfully >>> >>> ------------------------------------------------------ repadmin >>> /showrepl from >>> >>>> the support tools? >>>> >>> repadmin running command /showrepl against server localhost >>> >>> Default-First-Site-Name\SERVER08 >>> >>> DC Options: IS_GC >>> >>> Site Options: (none) >>> >>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005 >>> >>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a >>> >>> DsBindWithCred to localhost failed with status 1753 (0x6d9): >>> >>> Can't retrieve message string 1753 (0x6d9), error 1815. >>> >>> --------------------------------------- >>> >>> reports seem right, if we think that all core services are down :( >>> >>> thanks >>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, and >>>> confers no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> Hello, >>>>> I added a Windows 2003 Server to an existing 2000 domain, and made >>>>> it >>>>> an >>>>> additional domain controller. All ok, I restarted, I made GC, all >>>>> worked >>>>> fine. >>>>> Then I restarted an other time... boom. Every crytical windows >>>>> services >>>>> don't start more. Only RPC works: others (COM+, network connections, >>>>> shell >>>>> hardware detection, etc) don't start. >>>>> It seems as KB933994 describes: the old group policy didn't assign >>>>> "impersonate a client after authentication" to Service and Network >>>>> accounts, >>>>> so I think that the replicated policy has blocked the 2003 system. >>>>> Now? I've tried to update policy on the W2003 server, but it doesn't >>>>> apply it. When I run a gpupdate, it reports that "there are no more >>>>> available endpoints" and it doesn't load changed policy. >>>>> Any idea? Please help. >>>>> >>>>> thanks >>>>> >> >> >
Guest Meinolf Weber Posted July 22, 2008 Posted July 22, 2008 Re: big trouble with Server - as KB933994 Hello Hank, Morgane has answered to another NG. This doesn't pop up here, i don't know why because the poster used crossposting. But maybe Morgan not. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Who is Morgan and what was his "fix"? I don't see any posting in the > thread from him. Were you talking about Meinolf? > > Trapulo wrote: > >> I solved with Morgan's suggestion. >> >> Thanks anyway! >> >> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >> news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com... >> >>> Hello Trapulo, >>> >>> On the 2003 disable DHCP and give it a fixed ip address. Additional >>> disable the not used NIC's. Then reboot the server. After that check >>> in all DNS servers that the 2003 server, also all other servers, is >>> listed with the correct ip. Then ping one of the running DC's with >>> ip address, computer name and FQDN(computername.mydomain.com). >>> >>> Best regards >>> >>> Meinolf Weber >>> Disclaimer: This posting is provided "AS IS" with no warranties, and >>> confers no rights. >>> ** Please do NOT email, only reply to Newsgroups >>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com... >>>> >>>>> Hello Trapulo, >>>>> >>>>> Please post the complete error message. >>>>> >>>> This is the error when I try to run gpupdate: >>>> 1053 >>>> Windows cannot determine the user or computer name. (There are no >>>> more >>>> endpoints available from the endpoint mapper. ). Group Policy >>>> processing >>>> aborted. >>>>> Additional post an unedited ipconfig /all from both DC's. >>>>> >>>> This is from the old Win2K controller: >>>> >>>> Windows 2000 IP Configuration >>>> >>>> Host Name . . . . . . . . . . . . : server01 >>>> Primary DNS Suffix . . . . . . . : mydomain.com >>>> Node Type . . . . . . . . . . . . : Broadcast >>>> IP Routing Enabled. . . . . . . . : No >>>> WINS Proxy Enabled. . . . . . . . : No >>>> >>>> DNS Suffix Search List. . . . . . : mydomain.com >>>> >>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard: >>>> >>>> Connection-specific DNS Suffix . : >>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval >>>> Gigabit >>>> Adapter >>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78 >>>> DHCP Enabled. . . . . . . . . . . : No >>>> IP Address. . . . . . . . . . . . : 192.168.18.20 >>>> >>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>> >>>> Default Gateway . . . . . . . . . : 192.168.18.6 >>>> >>>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>>> 192.168.18.21 >>>> (18.21 is the other W2K domain controller, with same output) >>>> This is from the new W2K3 controller that doesn't run: >>>> >>>> Windows IP Configuration >>>> >>>> Host Name . . . . . . . . . . . . : server08 >>>> >>>> Primary Dns Suffix . . . . . . . : mydomain.com >>>> >>>> Node Type . . . . . . . . . . . . : Unknown >>>> >>>> IP Routing Enabled. . . . . . . . : No >>>> >>>> WINS Proxy Enabled. . . . . . . . : No >>>> >>>> DNS Suffix Search List. . . . . . : mydomain.com >>>> >>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}: >>>> >>>> Connection-specific DNS Suffix . : >>>> >>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter >>>> >>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 >>>> >>>> DHCP Enabled. . . . . . . . . . . : Yes >>>> >>>> Autoconfiguration Enabled . . . . : Yes >>>> >>>> Autoconfiguration IP Address. . . : 169.254.25.129 >>>> >>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>>> >>>> Default Gateway . . . . . . . . . : >>>> >>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}: >>>> >>>> Connection-specific DNS Suffix . : mydomain.com >>>> >>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit >>>> Ethernet >>>> >>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4 >>>> >>>> DHCP Enabled. . . . . . . . . . . : Yes >>>> >>>> Autoconfiguration Enabled . . . . : Yes >>>> >>>> IP Address. . . . . . . . . . . . : 192.168.18.140 >>>> >>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>> >>>> Default Gateway . . . . . . . . . : 192.168.18.6 >>>> >>>> DHCP Server . . . . . . . . . . . : 192.168.18.20 >>>> >>>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>>> >>>> 192.168.18.21 >>>> >>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20 >>>> >>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20 >>>> >>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}: >>>> >>>> Connection-specific DNS Suffix . : >>>> >>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>>> GigE (NDIS VBD Client) >>>> >>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB >>>> >>>> DHCP Enabled. . . . . . . . . . . : Yes >>>> >>>> Autoconfiguration Enabled . . . . : Yes >>>> >>>> Autoconfiguration IP Address. . . : 169.254.73.29 >>>> >>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>>> >>>> Default Gateway . . . . . . . . . : >>>> >>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}: >>>> >>>> Connection-specific DNS Suffix . : >>>> >>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>>> GigE (NDIS VBD Client) #2 >>>> >>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD >>>> >>>> DHCP Enabled. . . . . . . . . . . : Yes >>>> >>>> Autoconfiguration Enabled . . . . : Yes >>>> >>>> Autoconfiguration IP Address. . . : 169.254.113.88 >>>> >>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>>> >>>> Default Gateway . . . . . . . . . : >>>> >>>> -------------------------------------------------------- >>>> >>>>> Did you run dcdiag, >>>>> >>>> Domain Controller Diagnosis >>>> >>>> Performing initial setup: >>>> [server08] Directory Binding Error 1753: >>>> Win32 Error 1753 >>>> This may limit some of the tests that can be performed. >>>> Done gathering initial info. >>>> Doing initial required tests >>>> Testing server: Default-First-Site-Name\SERVER08 >>>> Starting test: Connectivity >>>> The host >>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain >>>> could not be resolved to an >>>> IP address. Check the DNS server, DHCP, server name, etc >>>> Although the Guid DNS name >>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) >>>> couldn't >>>> be resolved, the server name (server08.mydomain.com) resolved to >>>> the >>>> >>>> IP address (192.168.18.140) and was pingable. Check that the IP >>>> >>>> address is registered correctly with the DNS server. >>>> ......................... SERVER08 failed test Connectivity Doing >>>> primary tests >>>> >>>> Testing server: Default-First-Site-Name\SERVER08 >>>> Skipping all tests, because server SERVER08 is >>>> not responding to directory service requests >>>> Running partition tests on : Schema >>>> Starting test: CrossRefValidation >>>> ......................... Schema passed test >>>> CrossRefValidation >>>> Starting test: CheckSDRefDom >>>> ......................... Schema passed test CheckSDRefDom >>>> Running partition tests on : Configuration >>>> Starting test: CrossRefValidation >>>> ......................... Configuration passed test >>>> CrossRefValidation >>>> Starting test: CheckSDRefDom >>>> ......................... Configuration passed test >>>> CheckSDRefDom >>>> Running partition tests on : it >>>> Starting test: CrossRefValidation >>>> ......................... it passed test CrossRefValidation >>>> Starting test: CheckSDRefDom >>>> ......................... it passed test CheckSDRefDom >>>> Running enterprise tests on : mydomain.com >>>> Starting test: Intersite >>>> ......................... mydomain.com passed test Intersite >>>> Starting test: FsmoCheck >>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >>>> 2138 >>>> A Global Catalog Server could not be located - All GC's are >>>> down. >>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138 >>>> A Primary Domain Controller could not be located. >>>> The server holding the PDC role is down. >>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138 >>>> A Time Server could not be located. >>>> The server holding the PDC role is down. >>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, >>>> error >>>> 2138 >>>> A Good Time Server could not be located. >>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138 >>>> A KDC could not be located - All the KDCs are down. >>>> ......................... mydomain.com failed test FsmoCheck >>>> ----------------------------------------------------- >>>>> netdiag and >>>>> >>>> this is very long: I attach only the interesting part: >>>> >>>> Global results: >>>> >>>> Domain membership test . . . . . . : Passed >>>> >>>> NetBT transports test. . . . . . . : Failed >>>> List of NetBt transports currently configured: >>>> [FATAL] Unable to retrieve transport list from Redir. >>>> [NERR_WkstaNotStarted] >>>> Autonet address test . . . . . . . : Passed >>>> IP loopback ping test. . . . . . . : Passed >>>> >>>> Default gateway test . . . . . . . : Failed >>>> >>>> [FATAL] NO GATEWAYS ARE REACHABLE. >>>> You have no connectivity to other network segments. >>>> If you configured the IP protocol manually then >>>> you need to add at least one valid gateway. >>>> NetBT name test. . . . . . . . . . : Passed >>>> [WARNING] You don't have a single interface with the <00> >>>> 'WorkStation >>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined. >>>> Winsock test . . . . . . . . . . . : Passed >>>> DNS test . . . . . . . . . . . . . : Failed >>>> [WARNING] Cannot find a primary authoritative DNS server for >>>> the >>>> name >>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>> The name 'server08.mydomain.com.' may not be registered in >>>> DNS. >>>> [WARNING] Cannot find a primary authoritative DNS server for >>>> the >>>> name >>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>> The name 'server08.mydomain.com.' may not be registered in >>>> DNS. >>>> [WARNING] Cannot find a primary authoritative DNS server for >>>> the >>>> name >>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>> The name 'server08mydomain.com.' may not be registered in >>>> DNS. >>>> [WARNING] Cannot find a primary authoritative DNS server for >>>> the >>>> name >>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>> The name 'server08.mydomain.com.' may not be registered in >>>> DNS. >>>> [WARNING] The DNS entries for this DC cannot be verified right >>>> now on >>>> DNS server 192.168.18.20, ERROR_TIMEOUT. >>>> [WARNING] The DNS entries for this DC cannot be verified right >>>> now on >>>> DNS server 192.168.18.21, ERROR_TIMEOUT. >>>> [FATAL] No DNS servers have the DNS records for this DC >>>> registered. >>>> Redir and Browser test . . . . . . : Passed >>>> [FATAL] Workstation service is not running. [FFFFFFFF] >>>> DC discovery test. . . . . . . . . : Failed >>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'. >>>> [NERR_NetNotStarted] >>>> DC list test . . . . . . . . . . . : Failed >>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>>> Trust relationship test. . . . . . : Skipped >>>> Kerberos test. . . . . . . . . . . : Skipped >>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>>> LDAP test. . . . . . . . . . . . . : Failed >>>> Cannot find DC to run LDAP tests on. The error occurred was: The >>>> workstation driver is not installed. >>>> [WARNING] Cannot find DC in domain MYDOMAIN. >>>> [NERR_NetNotStarted] >>>> Bindings test. . . . . . . . . . . : Passed >>>> >>>> WAN configuration test . . . . . . : Skipped >>>> No active remote access connections. >>>> Modem diagnostics test . . . . . . : Failed >>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048). >>>> IP Security test . . . . . . . . . : Skipped >>>> Note: run "netsh ipsec dynamic show /?" for more detailed >>>> information >>>> >>>> The command completed successfully >>>> >>>> ------------------------------------------------------ repadmin >>>> /showrepl from >>>> >>>>> the support tools? >>>>> >>>> repadmin running command /showrepl against server localhost >>>> >>>> Default-First-Site-Name\SERVER08 >>>> >>>> DC Options: IS_GC >>>> >>>> Site Options: (none) >>>> >>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005 >>>> >>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a >>>> >>>> DsBindWithCred to localhost failed with status 1753 (0x6d9): >>>> >>>> Can't retrieve message string 1753 (0x6d9), error 1815. >>>> >>>> --------------------------------------- >>>> >>>> reports seem right, if we think that all core services are down :( >>>> >>>> thanks >>>> >>>>> Best regards >>>>> >>>>> Meinolf Weber >>>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>>> and >>>>> confers no rights. >>>>> ** Please do NOT email, only reply to Newsgroups >>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>> Hello, >>>>>> I added a Windows 2003 Server to an existing 2000 domain, and >>>>>> made >>>>>> it >>>>>> an >>>>>> additional domain controller. All ok, I restarted, I made GC, all >>>>>> worked >>>>>> fine. >>>>>> Then I restarted an other time... boom. Every crytical windows >>>>>> services >>>>>> don't start more. Only RPC works: others (COM+, network >>>>>> connections, >>>>>> shell >>>>>> hardware detection, etc) don't start. >>>>>> It seems as KB933994 describes: the old group policy didn't >>>>>> assign >>>>>> "impersonate a client after authentication" to Service and >>>>>> Network >>>>>> accounts, >>>>>> so I think that the replicated policy has blocked the 2003 >>>>>> system. >>>>>> Now? I've tried to update policy on the W2003 server, but it >>>>>> doesn't >>>>>> apply it. When I run a gpupdate, it reports that "there are no >>>>>> more >>>>>> available endpoints" and it doesn't load changed policy. >>>>>> Any idea? Please help. >>>>>> thanks >>>>>>
Guest Hank Arnold (MVP) Posted July 22, 2008 Posted July 22, 2008 Re: big trouble with Server - as KB933994 Meinolf Weber wrote: > Hello Hank, > > Morgane has answered to another NG. This doesn't pop up here, i don't > know why because the poster used crossposting. But maybe Morgan not. > > Best regards > > Meinolf Weber Cool...... -- Regards, Hank Arnold Microsoft MVP Windows Server - Directory Services
Guest Trapulo Posted July 22, 2008 Posted July 22, 2008 Re: big trouble with Server - as KB933994 yes: you can see it in microsoft.public.windows.server.migration "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message news:ff16fb66a44fa8caba0d74533056@msnews.microsoft.com... > Hello Hank, > > Morgane has answered to another NG. This doesn't pop up here, i don't know > why because the poster used crossposting. But maybe Morgan not. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and > confers no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >> Who is Morgan and what was his "fix"? I don't see any posting in the >> thread from him. Were you talking about Meinolf? >> >> Trapulo wrote: >> >>> I solved with Morgan's suggestion. >>> >>> Thanks anyway! >>> >>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>> news:ff16fb66a43258cab9452e2ca66b@msnews.microsoft.com... >>> >>>> Hello Trapulo, >>>> >>>> On the 2003 disable DHCP and give it a fixed ip address. Additional >>>> disable the not used NIC's. Then reboot the server. After that check >>>> in all DNS servers that the 2003 server, also all other servers, is >>>> listed with the correct ip. Then ping one of the running DC's with >>>> ip address, computer name and FQDN(computername.mydomain.com). >>>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, and >>>> confers no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message >>>>> news:ff16fb66a408d8cab70642e3c33c@msnews.microsoft.com... >>>>> >>>>>> Hello Trapulo, >>>>>> >>>>>> Please post the complete error message. >>>>>> >>>>> This is the error when I try to run gpupdate: >>>>> 1053 >>>>> Windows cannot determine the user or computer name. (There are no >>>>> more >>>>> endpoints available from the endpoint mapper. ). Group Policy >>>>> processing >>>>> aborted. >>>>>> Additional post an unedited ipconfig /all from both DC's. >>>>>> >>>>> This is from the old Win2K controller: >>>>> >>>>> Windows 2000 IP Configuration >>>>> >>>>> Host Name . . . . . . . . . . . . : server01 >>>>> Primary DNS Suffix . . . . . . . : mydomain.com >>>>> Node Type . . . . . . . . . . . . : Broadcast >>>>> IP Routing Enabled. . . . . . . . : No >>>>> WINS Proxy Enabled. . . . . . . . : No >>>>> >>>>> DNS Suffix Search List. . . . . . : mydomain.com >>>>> >>>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard: >>>>> >>>>> Connection-specific DNS Suffix . : >>>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval >>>>> Gigabit >>>>> Adapter >>>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78 >>>>> DHCP Enabled. . . . . . . . . . . : No >>>>> IP Address. . . . . . . . . . . . : 192.168.18.20 >>>>> >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>> >>>>> Default Gateway . . . . . . . . . : 192.168.18.6 >>>>> >>>>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>>>> 192.168.18.21 >>>>> (18.21 is the other W2K domain controller, with same output) >>>>> This is from the new W2K3 controller that doesn't run: >>>>> >>>>> Windows IP Configuration >>>>> >>>>> Host Name . . . . . . . . . . . . : server08 >>>>> >>>>> Primary Dns Suffix . . . . . . . : mydomain.com >>>>> >>>>> Node Type . . . . . . . . . . . . : Unknown >>>>> >>>>> IP Routing Enabled. . . . . . . . : No >>>>> >>>>> WINS Proxy Enabled. . . . . . . . : No >>>>> >>>>> DNS Suffix Search List. . . . . . : mydomain.com >>>>> >>>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}: >>>>> >>>>> Connection-specific DNS Suffix . : >>>>> >>>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter >>>>> >>>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 >>>>> >>>>> DHCP Enabled. . . . . . . . . . . : Yes >>>>> >>>>> Autoconfiguration Enabled . . . . : Yes >>>>> >>>>> Autoconfiguration IP Address. . . : 169.254.25.129 >>>>> >>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>>>> >>>>> Default Gateway . . . . . . . . . : >>>>> >>>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}: >>>>> >>>>> Connection-specific DNS Suffix . : mydomain.com >>>>> >>>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit >>>>> Ethernet >>>>> >>>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4 >>>>> >>>>> DHCP Enabled. . . . . . . . . . . : Yes >>>>> >>>>> Autoconfiguration Enabled . . . . : Yes >>>>> >>>>> IP Address. . . . . . . . . . . . : 192.168.18.140 >>>>> >>>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >>>>> >>>>> Default Gateway . . . . . . . . . : 192.168.18.6 >>>>> >>>>> DHCP Server . . . . . . . . . . . : 192.168.18.20 >>>>> >>>>> DNS Servers . . . . . . . . . . . : 192.168.18.20 >>>>> >>>>> 192.168.18.21 >>>>> >>>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20 >>>>> >>>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20 >>>>> >>>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}: >>>>> >>>>> Connection-specific DNS Suffix . : >>>>> >>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>>>> GigE (NDIS VBD Client) >>>>> >>>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB >>>>> >>>>> DHCP Enabled. . . . . . . . . . . : Yes >>>>> >>>>> Autoconfiguration Enabled . . . . : Yes >>>>> >>>>> Autoconfiguration IP Address. . . : 169.254.73.29 >>>>> >>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>>>> >>>>> Default Gateway . . . . . . . . . : >>>>> >>>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}: >>>>> >>>>> Connection-specific DNS Suffix . : >>>>> >>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II >>>>> GigE (NDIS VBD Client) #2 >>>>> >>>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD >>>>> >>>>> DHCP Enabled. . . . . . . . . . . : Yes >>>>> >>>>> Autoconfiguration Enabled . . . . : Yes >>>>> >>>>> Autoconfiguration IP Address. . . : 169.254.113.88 >>>>> >>>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0 >>>>> >>>>> Default Gateway . . . . . . . . . : >>>>> >>>>> -------------------------------------------------------- >>>>> >>>>>> Did you run dcdiag, >>>>>> >>>>> Domain Controller Diagnosis >>>>> >>>>> Performing initial setup: >>>>> [server08] Directory Binding Error 1753: >>>>> Win32 Error 1753 >>>>> This may limit some of the tests that can be performed. >>>>> Done gathering initial info. >>>>> Doing initial required tests >>>>> Testing server: Default-First-Site-Name\SERVER08 >>>>> Starting test: Connectivity >>>>> The host >>>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain >>>>> could not be resolved to an >>>>> IP address. Check the DNS server, DHCP, server name, etc >>>>> Although the Guid DNS name >>>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) >>>>> couldn't >>>>> be resolved, the server name (server08.mydomain.com) resolved to >>>>> the >>>>> >>>>> IP address (192.168.18.140) and was pingable. Check that the IP >>>>> >>>>> address is registered correctly with the DNS server. >>>>> ......................... SERVER08 failed test Connectivity Doing >>>>> primary tests >>>>> >>>>> Testing server: Default-First-Site-Name\SERVER08 >>>>> Skipping all tests, because server SERVER08 is >>>>> not responding to directory service requests >>>>> Running partition tests on : Schema >>>>> Starting test: CrossRefValidation >>>>> ......................... Schema passed test >>>>> CrossRefValidation >>>>> Starting test: CheckSDRefDom >>>>> ......................... Schema passed test CheckSDRefDom >>>>> Running partition tests on : Configuration >>>>> Starting test: CrossRefValidation >>>>> ......................... Configuration passed test >>>>> CrossRefValidation >>>>> Starting test: CheckSDRefDom >>>>> ......................... Configuration passed test >>>>> CheckSDRefDom >>>>> Running partition tests on : it >>>>> Starting test: CrossRefValidation >>>>> ......................... it passed test CrossRefValidation >>>>> Starting test: CheckSDRefDom >>>>> ......................... it passed test CheckSDRefDom >>>>> Running enterprise tests on : mydomain.com >>>>> Starting test: Intersite >>>>> ......................... mydomain.com passed test Intersite >>>>> Starting test: FsmoCheck >>>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >>>>> 2138 >>>>> A Global Catalog Server could not be located - All GC's are >>>>> down. >>>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138 >>>>> A Primary Domain Controller could not be located. >>>>> The server holding the PDC role is down. >>>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138 >>>>> A Time Server could not be located. >>>>> The server holding the PDC role is down. >>>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, >>>>> error >>>>> 2138 >>>>> A Good Time Server could not be located. >>>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138 >>>>> A KDC could not be located - All the KDCs are down. >>>>> ......................... mydomain.com failed test FsmoCheck >>>>> ----------------------------------------------------- >>>>>> netdiag and >>>>>> >>>>> this is very long: I attach only the interesting part: >>>>> >>>>> Global results: >>>>> >>>>> Domain membership test . . . . . . : Passed >>>>> >>>>> NetBT transports test. . . . . . . : Failed >>>>> List of NetBt transports currently configured: >>>>> [FATAL] Unable to retrieve transport list from Redir. >>>>> [NERR_WkstaNotStarted] >>>>> Autonet address test . . . . . . . : Passed >>>>> IP loopback ping test. . . . . . . : Passed >>>>> >>>>> Default gateway test . . . . . . . : Failed >>>>> >>>>> [FATAL] NO GATEWAYS ARE REACHABLE. >>>>> You have no connectivity to other network segments. >>>>> If you configured the IP protocol manually then >>>>> you need to add at least one valid gateway. >>>>> NetBT name test. . . . . . . . . . : Passed >>>>> [WARNING] You don't have a single interface with the <00> >>>>> 'WorkStation >>>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined. >>>>> Winsock test . . . . . . . . . . . : Passed >>>>> DNS test . . . . . . . . . . . . . : Failed >>>>> [WARNING] Cannot find a primary authoritative DNS server for >>>>> the >>>>> name >>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>>> The name 'server08.mydomain.com.' may not be registered in >>>>> DNS. >>>>> [WARNING] Cannot find a primary authoritative DNS server for >>>>> the >>>>> name >>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>>> The name 'server08.mydomain.com.' may not be registered in >>>>> DNS. >>>>> [WARNING] Cannot find a primary authoritative DNS server for >>>>> the >>>>> name >>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>>> The name 'server08mydomain.com.' may not be registered in >>>>> DNS. >>>>> [WARNING] Cannot find a primary authoritative DNS server for >>>>> the >>>>> name >>>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT] >>>>> The name 'server08.mydomain.com.' may not be registered in >>>>> DNS. >>>>> [WARNING] The DNS entries for this DC cannot be verified right >>>>> now on >>>>> DNS server 192.168.18.20, ERROR_TIMEOUT. >>>>> [WARNING] The DNS entries for this DC cannot be verified right >>>>> now on >>>>> DNS server 192.168.18.21, ERROR_TIMEOUT. >>>>> [FATAL] No DNS servers have the DNS records for this DC >>>>> registered. >>>>> Redir and Browser test . . . . . . : Passed >>>>> [FATAL] Workstation service is not running. [FFFFFFFF] >>>>> DC discovery test. . . . . . . . . : Failed >>>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'. >>>>> [NERR_NetNotStarted] >>>>> DC list test . . . . . . . . . . . : Failed >>>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>>>> Trust relationship test. . . . . . : Skipped >>>>> Kerberos test. . . . . . . . . . . : Skipped >>>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped]. >>>>> LDAP test. . . . . . . . . . . . . : Failed >>>>> Cannot find DC to run LDAP tests on. The error occurred was: The >>>>> workstation driver is not installed. >>>>> [WARNING] Cannot find DC in domain MYDOMAIN. >>>>> [NERR_NetNotStarted] >>>>> Bindings test. . . . . . . . . . . : Passed >>>>> >>>>> WAN configuration test . . . . . . : Skipped >>>>> No active remote access connections. >>>>> Modem diagnostics test . . . . . . : Failed >>>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048). >>>>> IP Security test . . . . . . . . . : Skipped >>>>> Note: run "netsh ipsec dynamic show /?" for more detailed >>>>> information >>>>> >>>>> The command completed successfully >>>>> >>>>> ------------------------------------------------------ repadmin >>>>> /showrepl from >>>>> >>>>>> the support tools? >>>>>> >>>>> repadmin running command /showrepl against server localhost >>>>> >>>>> Default-First-Site-Name\SERVER08 >>>>> >>>>> DC Options: IS_GC >>>>> >>>>> Site Options: (none) >>>>> >>>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005 >>>>> >>>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a >>>>> >>>>> DsBindWithCred to localhost failed with status 1753 (0x6d9): >>>>> >>>>> Can't retrieve message string 1753 (0x6d9), error 1815. >>>>> >>>>> --------------------------------------- >>>>> >>>>> reports seem right, if we think that all core services are down :( >>>>> >>>>> thanks >>>>> >>>>>> Best regards >>>>>> >>>>>> Meinolf Weber >>>>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>>>> and >>>>>> confers no rights. >>>>>> ** Please do NOT email, only reply to Newsgroups >>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>>>> Hello, >>>>>>> I added a Windows 2003 Server to an existing 2000 domain, and >>>>>>> made >>>>>>> it >>>>>>> an >>>>>>> additional domain controller. All ok, I restarted, I made GC, all >>>>>>> worked >>>>>>> fine. >>>>>>> Then I restarted an other time... boom. Every crytical windows >>>>>>> services >>>>>>> don't start more. Only RPC works: others (COM+, network >>>>>>> connections, >>>>>>> shell >>>>>>> hardware detection, etc) don't start. >>>>>>> It seems as KB933994 describes: the old group policy didn't >>>>>>> assign >>>>>>> "impersonate a client after authentication" to Service and >>>>>>> Network >>>>>>> accounts, >>>>>>> so I think that the replicated policy has blocked the 2003 >>>>>>> system. >>>>>>> Now? I've tried to update policy on the W2003 server, but it >>>>>>> doesn't >>>>>>> apply it. When I run a gpupdate, it reports that "there are no >>>>>>> more >>>>>>> available endpoints" and it doesn't load changed policy. >>>>>>> Any idea? Please help. >>>>>>> thanks >>>>>>> > >
Recommended Posts