Wow this thread went wickedly wrong... I agree that Al has definitely been quite chatty lately. That is ok, he can pick up for my volume which has been reduced. Sometimes he is even right. :)
As for the Cher stuff... Errr no. As for the saying my bad... Goodness... I do say that occasionally. I have no problem falling on my sword when I screw up... Just go through the archives and read every post from me. :) joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, June 02, 2006 2:46 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] New DC can't find the machine account >>>Why? Just because I'm feeling particularly mean this morning. I like Deji, but I think he needs some abuse for not having been around for a while. See who's talking. Just because you are chatty now, eh? Didn't you take off and went AWOL for about 6 months last year? No peep from you. Everyone wondering what happened to you. And, you just reappearing without an official explanation. You and that Todd Myrick dude. Both disappearing at the same time. At least you came back. So, tell us - what did you do with him[1] :) [1] You asked for it picking on me like that [2] [2] As for that joe guy, I'm still waiting for him to say "ooops, my bad" [3] [3] Yeah, I know. He NEVER says that :) Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.readymaids.com <http://www.readymaids.com> - we know IT www.akomolafe.com <http://www.akomolafe.com> Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Al Mulnick Sent: Fri 6/2/2006 7:16 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] New DC can't find the machine account I find myself agreeing with Deji, but I'll go one or two or three further. 1) QIP? My experience with QIP has not been favorable in past accounts, but I'll assume it works for you. I've had way to much time invested that I'll never get back with QIP/AD integration. I'm not saying it won't work, because it can, but it's way more complex/expensive than it's worth to me. 2) In the case of AD, unless you have a really good technical and/or policy reason not to, do like Deji says and make your AD dependent on an internal DNS host that supports what it needs. Like DDNS and permissions (security). Best bet here is to make AD the master and let QIP be secodary if a compromise is needed. 3) Get joe to send pictures of himself as a Cher look-alike to Deji. Why? Just because I'm feeling particularly mean this morning. I like Deji, but I think he needs some abuse for not having been around for a while. (I know it's extreme, but it's for your own good Deji.) <EG> Al On 6/2/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: In this case, you want to point the new DC to an internal DNS server authoritative for the domain. To close this - and answer joe's question - yes, it's DNS, silly. It's always DNS :). Slow startup, slow GP processing, slow desktop showing up, slow coffee maker, slow uplifting of skirts - always DNS. Choose a working INTERNAL DNS server, make netlogon dependent on DNS and 99% of the trouble is resolved :o Sincerely, _____ (, / | /) /) /) /---| (/_ ______ ___// _ // _ ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ (_/ /) (/ Microsoft MVP - Directory Services www.readymaids.com <http://www.readymaids.com > - we know IT www.akomolafe.com <http://www.akomolafe.com> Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Al Lilianstrom Sent: Thu 6/1/2006 7:52 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] New DC can't find the machine account [EMAIL PROTECTED] wrote: > Mark: why would this be "expected"? > Al: Who is doing DNS for this DC in question? If you ping a domain resource > from that DNS server, does it resolve correctly? Deji, DNS for this test domain is provided by our datacom people. It's Lucent's QIP server on a old slow NT box. According to the guy who manages it he's a couple of major releases behind on the software. We're also seeing some other issues with machines in the child domain to this domain having problems registering their DNS records. Machines Existing DCs can be resolved and accessed - which confuses me with the netlogon pausing as the DC when booting should, in my mind, query the other dc for it's account information - not itself. al > > > ________________________________ > > From: [EMAIL PROTECTED] on behalf of Mark Parris > Sent: Thu 6/1/2006 7:11 AM > To: ActiveDir.org > Subject: Re: [ActiveDir] New DC can't find the machine account > > > > Did you see my post last night - this is expected behaviour? > -----Original Message----- > From: Al Lilianstrom <[EMAIL PROTECTED]> > Date: Thu, 01 Jun 2006 08:13:20 > To:ActiveDir@mail.activedir.org > Subject: Re: [ActiveDir] New DC can't find the machine account > > [EMAIL PROTECTED] wrote: >> I bet you one crate to a bottle of German beer that your DNS is out to > lunch. >> Every time when I've seen this, it always goes away by kicking a DNS server >> somewhere. Check your DNS servers. > > I talked to the networking people and the DNS server that is used for > our test domains is a couple of major releases out of date and running > on really crap hardware. > > Building him a new server... > > Thanks for all the help. > > al > >> Sincerely, >> _____ >> (, / | /) /) /) >> /---| (/_ ______ ___// _ // _ >> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ >> (_/ /) >> (/ >> Microsoft MVP - Directory Services >> www.readymaids.com <http://www.readymaids.com > - we know IT >> www.akomolafe.com <http://www.akomolafe.com> >> Do you now realize that Today is the Tomorrow you were worried about >> Yesterday? -anon >> >> >> ________________________________ >> >> From: [EMAIL PROTECTED] on behalf of Al Lilianstrom >> Sent: Wed 5/31/2006 7:53 AM >> To: ActiveDir@mail.activedir.org >> Subject: Re: [ActiveDir] New DC can't find the machine account >> >> >> >> Almeida Pinto, Jorge de wrote: >>> see if the following helps: >>> > http://www.eventid.net/display.asp?eventid=1097&eventno=2126&source=Userenv&; p >> hase=1 >> >> I had run across that page last night. >> >> Time is ok (ntp to local time source) >> I don't think that both computer accounts are corrupt as they were ok as >> simple servers >> I enabled debug logging for the netlogon service and at the same time I >> get the userenv events I get >> >> 05/31 09:48:22 [CRITICAL] NetpDcHandlePingResponse: test.fnal.gov.: >> Netlogon is paused on the server. 0x14 >> >> al >> >>> Met vriendelijke groeten / Kind regards, >>> Ing. Jorge de Almeida Pinto >>> Senior Infrastructure Consultant >>> MVP Windows Server - Directory Services >>> >>> LogicaCMG Nederland B.V. (BU RTINC Eindhoven) >>> ( Tel : +31-(0)40-29.57.777 >>> ( Mobile : +31-(0)6-26.26.62.80 >>> * E-mail : <see sender address> >>> >>> ________________________________ >>> >>> From: [EMAIL PROTECTED] on behalf of Al Lilianstrom >>> Sent: Wed 2006-05-31 15:37 >>> To: ActiveDir@mail.activedir.org >>> Subject: [ActiveDir] New DC can't find the machine account >>> >>> >>> >>> Hi, >>> >>> I have a Windows 2000 based AD (empty root with 1 child domain) that I'm >>> in the process of upgrading to w2003r2 as a test for our production >>> domain (same configuration). The adprep went fine as well as the dcpromo >>> of the new DC. However when the new DC reboots I get the following >>> messages in the application log: >>> >>> EVENT TYPE Error >>> SOURCE Userenv >>> EVENT ID 1097 >>> Windows cannot find the machine account, The Local Security Authority >>> cannot be contacted . >>> >>> and >>> >>> EVENT TYPE Error >>> SOURCE Userenv >>> EVENT ID 1030 >>> Windows cannot query for the list of Group Policy objects. Check the >>> event log for possible messages previously logged by the policy engine >>> that describes the reason for this. >>> >>> Neither system has these messages when they were simple servers in the >>> domain. They were rebooted several times before becoming DCs to make >>> sure the event logs were clean. >>> >>> They seem to be functioning as DCs. File replication with the orginal >>> w2k dc took a long time to start up. >>> >>> I added a second w2k3 r2 DC and it is showing the exact same messages. >>> Both machines were created from the same sysprep image - the machine >>> that was built as the basis for the sysprep image was never in the domain. >>> >>> I've been searching Microsoft and came up with one or two applicable >>> docs. One said to make sure that services like netlogon were set to >>> automatic (it is). Another had settings for enabling debug on the >>> netlogon service which I implemented. All that I see in there is >>> netlogon pausing. >>> >>> Any ideas? >>> >>> al >>> -- List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
