Re: [ActiveDir] New DC can't find the machine account

Wed, 31 May 2006 09:16:42 -0700

So after you boot and wait for a bit- if you run gpudate /force , it comes back successful yes?
And netlogon is only paused for a time. Do the DC's point to themselves for DNS? If so - you probably are hitting the behavior where we have some delay due to waiting for an initial AD sync... Im sure there are many others who can comment on the specific behavior - but it is important to note that it is by design 

steve


----- Original Message ----- 
From: "Al Lilianstrom" <[EMAIL PROTECTED]>

To: <ActiveDir@mail.activedir.org>
Sent: Wednesday, May 31, 2006 8:41 AM
Subject: Re: [ActiveDir] New DC can't find the machine account



Almeida Pinto, Jorge de wrote:

Netlogon is paused on the server. 0x14

 please check the following:
* sc query netlogon -> is it paused?


No.

C:\>sc query netlogon

SERVICE_NAME: netlogon
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
...


It only shows paused in the netlogon.log file for ~30 seconds while the 
server is booting.



* repadmin /options <FQDN DC> -> are the options "DISABLE_INBOUND_REPL" 
and "DISABLE_OUTBOUND_REPL" shown?


No.


if both answer = YES -> see directory services event log for event ID 
2095 and 2103 -> if available -> issue = USN rollback -> 
http://support.microsoft.com/?id=875495



Just for grins I looked to make sure those events weren't there and they 
are not.


al


 Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
 LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
(   Tel     : +31-(0)40-29.57.777
(   Mobile : +31-(0)6-26.26.62.80
*   E-mail : <see sender address>

________________________________

From: [EMAIL PROTECTED] on behalf of Al Lilianstrom
Sent: Wed 2006-05-31 16:53
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] New DC can't find the machine account



Almeida Pinto, Jorge de wrote:

see if the following helps:
http://www.eventid.net/display.asp?eventid=1097&eventno=2126&source=Userenv&phase=1


I had run across that page last night.

Time is ok (ntp to local time source)
I don't think that both computer accounts are corrupt as they were ok as
simple servers
I enabled debug logging for the netlogon service and at the same time I
get the userenv events I get

05/31 09:48:22 [CRITICAL] NetpDcHandlePingResponse: test.fnal.gov.:
Netlogon is paused on the server. 0x14

        al


Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services

LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
(   Tel     : +31-(0)40-29.57.777
(   Mobile : +31-(0)6-26.26.62.80
*   E-mail : <see sender address>

________________________________

From: [EMAIL PROTECTED] on behalf of Al Lilianstrom
Sent: Wed 2006-05-31 15:37
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] New DC can't find the machine account



Hi,

I have a Windows 2000 based AD (empty root with 1 child domain) that I'm
in the process of upgrading to w2003r2 as a test for our production
domain (same configuration). The adprep went fine as well as the dcpromo
of the new DC. However when the new DC reboots I get the following
messages in the application log:

EVENT TYPE      Error
SOURCE  Userenv
EVENT ID        1097
Windows cannot find the machine account, The Local Security Authority
cannot be contacted .

and

EVENT TYPE      Error
SOURCE  Userenv
EVENT ID        1030
Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine
that describes the reason for this.

Neither system has these messages when they were simple servers in the
domain. They were rebooted several times before becoming DCs to make
sure the event logs were clean.

They seem to be functioning as DCs. File replication with the orginal
w2k dc took a long time to start up.

I added a second w2k3 r2 DC and it is showing the exact same messages.
Both machines were created from the same sysprep image - the machine

that was built as the basis for the sysprep image was never in the 
domain.


I've been searching Microsoft and came up with one or two applicable
docs. One said to make sure that services like netlogon were set to
automatic (it is). Another had settings for enabling debug on the
netlogon service which I implemented. All that I see in there is
netlogon pausing.

Any ideas?

        al
--

--

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx





This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be 
copied, disclosed to, retained or used by, any other party. If you are 
not an intended recipient then please promptly delete this e-mail and any 
attachment and all copies and inform the sender. Thank you.


--

Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx

List archive: http://www.activedir.org/ml/threads.aspx 


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx






















					Reply via email to