Jump to content
Forum²

Recommended Posts

Posted

But the time service is running or not?

 

start > run > services.msc > time > right click > properties and check WHO start this service.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

  • Replies 105
  • Created
  • Last Reply

Top Posters In This Topic

Posted

But the time service is running or not?

 

start > run > services.msc > time > right click > properties and check WHO start this service.

 

Time service is running and it is started in the Local Service account

Posted

Actually you shouldn't have big problems, sorry, no problems at all.

 

Anyway, let's try to make sure everything is working fine:

 

Check permissions on SYSVOL share (this is mandatory for GP).

 

Regarding DHCP, try this:

 

ipconfig /registerdns

net restart netlogon

 

Retry but as said, you may not have problems... time service is running, this is the most important thing.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Actually you shouldn't have big problems, sorry, no problems at all.

 

Anyway, let's try to make sure everything is working fine:

 

Check permissions on SYSVOL share (this is mandatory for GP).

 

Regarding DHCP, try this:

 

ipconfig /registerdns

net restart netlogon

 

Retry but as said, you may not have problems... time service is running, this is the most important thing.

 

Permissions on SYSVOL are as follows:

 

CREATOR OWNER - Special Permissions

Authenticated Users - Read & execute, List folder contents, Read

SYSTEM - Full control

Administrators - Special permissions

Server Operators - Read & execute, List folder contents, Read

 

After performing the steps you suggested, I'm still getting a couple of errors in dcdiag. Here's the output:

 

Directory Server Diagnosis


Performing initial setup:

Trying to find home server...

Home Server = big-rig

* Identified AD Forest. 
Done gathering initial info.


Doing initial required tests


Testing server: Default-First-Site-Name\BIG-RIG

Starting test: Connectivity

......................... BIG-RIG passed test Connectivity



Doing primary tests


Testing server: Default-First-Site-Name\BIG-RIG

Starting test: Advertising

......................... BIG-RIG passed test Advertising

Starting test: FrsEvent

......................... BIG-RIG passed test FrsEvent

Starting test: DFSREvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems. 
......................... BIG-RIG failed test DFSREvent

Starting test: SysVolCheck

......................... BIG-RIG passed test SysVolCheck

Starting test: KccEvent

......................... BIG-RIG passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... BIG-RIG passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... BIG-RIG passed test MachineAccount

Starting test: NCSecDesc

......................... BIG-RIG passed test NCSecDesc

Starting test: NetLogons

......................... BIG-RIG passed test NetLogons

Starting test: ObjectsReplicated

......................... BIG-RIG passed test ObjectsReplicated

Starting test: Replications

......................... BIG-RIG passed test Replications

Starting test: RidManager

......................... BIG-RIG passed test RidManager

Starting test: Services

......................... BIG-RIG passed test Services

Starting test: SystemLog

An error event occurred. EventID: 0x00000423

Time Generated: 05/16/2011 14:40:47

Event String:

The DHCP service failed to see a directory server for authorization.

......................... BIG-RIG failed test SystemLog

Starting test: VerifyReferences

......................... BIG-RIG passed test VerifyReferences



Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation


Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation


Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation


Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation


Running partition tests on : wtbhome

Starting test: CheckSDRefDom

......................... wtbhome passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... wtbhome passed test CrossRefValidation


Running enterprise tests on : wtbhome.net

Starting test: LocatorCheck

......................... wtbhome.net passed test LocatorCheck

Starting test: Intersite

......................... wtbhome.net passed test Intersite

Posted

That's ok for sysvol. Just ignore this error.

 

Regarding the last one (DHCP), I could tell you to remove and readd the DHCP role, but if everything is working fine, you don't have to do so.

 

I think you're ok right now :)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

One more question, I'm getting errors in the event log saying that "The computer X tried to contact the server using the trust relationship established by the WTBHOME domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship." Where X is any of the machines on my network.

 

I did some searching and the suggestion was to delete the couputer account from the domain and re-create it. Well, in my case there is no computer account in the domain, so I just created one. But, it still appears that the problem exists. Any ideas?

Posted

You should tell me what is COMPUTER X, was it a server?

 

Of course it is running somewhere and it was a TRUSTED DELEGATED. Now the point is: can you find something in domains and trusts?

 

If the computer X was a part of DC, you have to remove the partnership.

 

Anyway, also this problem is not a problem (???), because the COMPUTER X will not be able to take infos about AD structure. But anyway, it will work properly.

 

If you want to establish a trusted domain parternership, you can do this by adding a trusted in DOMAIN AND TRUSTS.

ServerError.thumb.jpg.d9973e55becef522b328209f1c9565b5.jpg

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

You should tell me what is COMPUTER X, was it a server?

 

Of course it is running somewhere and it was a TRUSTED DELEGATED. Now the point is: can you find something in domains and trusts?

 

If the computer X was a part of DC, you have to remove the partnership.

 

Anyway, also this problem is not a problem (???), because the COMPUTER X will not be able to take infos about AD structure. But anyway, it will work properly.

 

If you want to establish a trusted domain parternership, you can do this by adding a trusted in DOMAIN AND TRUSTS.

 

The computer X are the workstation computers in my network.

 

There is nothing in AD Domains & Trusts. When I right click on it & select manage it opens AD Users & Computers and that is where I added the computer account. (Trying to replicate on the server what happens when you join a machine to the domain.)

Posted
Oh well, try to un-join that pc from domain. Delete the COMPUTER's entry from AD, then re-add the pc and your problem should be solved.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

Oh well, try to un-join that pc from domain. Delete the COMPUTER's entry from AD, then re-add the pc and your problem should be solved.

 

I mean, try with one pc... just to see if this resolve your problem.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

I mean, try with one pc... just to see if this resolve your problem.

 

I'd like to avoid that because I think it will wipe out the personal settings & etc. for each domain user on that computer. (Or am I completely wrong?)

Posted

I'd like to avoid that because I think it will wipe out the personal settings & etc. for each domain user on that computer. (Or am I completely wrong?)

 

if you don't redirect profiles on a server or a network share... yes.

 

Well, I don't think you will have troubles, the error simply indicates that a computer cannot be verified with its SID. Unless people are able to login with their account, you can ignore this problem.

 

 

If I'm not wrong, SID are used to avoid the entire authentication process. Anyway, if this fails, Windows will try to use user's credentials. I'm not sure...

 

Anyway, this problem is because your DC has created another DB with differents SIDs.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

if you don't redirect profiles on a server or a network share... yes.

 

Well, I don't think you will have troubles, the error simply indicates that a computer cannot be verified with its SID. Unless people are able to login with their account, you can ignore this problem.

 

 

If I'm not wrong, SID are used to avoid the entire authentication process. Anyway, if this fails, Windows will try to use user's credentials. I'm not sure...

 

Anyway, this problem is because your DC has created another DB with differents SIDs.

 

OK, I was worried about seeing errors in the event viewer and that it could catch up with me down the road. I'd love to get rid of the errors, but I don't want to jump through a bunch of hoops if they really aren't going to cause any problems.

 

Thanks for all of your help! I'm not seeing any operational problems now!

Posted

Errors and warnings are importants, but in many cases they don't cause troubles with operations.

 

We will see ;)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

First operational hiccup.......

 

My 2003 server is still on the network but demoted to a standalone server. I tried to log into it with a domain administrative account and it failed to authenticate. I had to log into the local computer.

 

It this to be expected since I demoted it and it's no longer a member of the domain or is it failing because of some other reason?

 

I checked the computer properties and it still thinks it's a part of the domain, so there may be some other problem lurking.

Posted

First operational hiccup.......

 

My 2003 server is still on the network but demoted to a standalone server. I tried to log into it with a domain administrative account and it failed to authenticate. I had to log into the local computer.

 

It this to be expected since I demoted it and it's no longer a member of the domain or is it failing because of some other reason?

 

I checked the computer properties and it still thinks it's a part of the domain, so there may be some other problem lurking.

 

if it is just a server (not a DC), remove from domain and, if you can, delete the computer object from AD. Then, rejoin.

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

FYI, I now have a completely "clean" dcdiag report.

 

It turns out the DHCP problem was that I had to "authorize" the DHCP server back into the domain after demoting and promoting.

 

I found a problem where it was not handing out an address to my laptop connected on WiFi. I opened up the DHCP panel and it told me that I needed to authorize it and told me to right click on my domain name in the panel and select ahtorize. How simple was that?!?!?

 

Hope this tidbit comes in handy for you some time in the future!

Posted

FYI, I now have a completely "clean" dcdiag report.

 

It turns out the DHCP problem was that I had to "authorize" the DHCP server back into the domain after demoting and promoting.

 

I found a problem where it was not handing out an address to my laptop connected on WiFi. I opened up the DHCP panel and it told me that I needed to authorize it and told me to right click on my domain name in the panel and select ahtorize. How simple was that?!?!?

 

Hope this tidbit comes in handy for you some time in the future!

 

I didn't know that DHCP must be authorized in order to work properly...

 

Thanks for your share :)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted
I think this is the longest post in this forum :D

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...