New Pdc Fails To Shutdown

RaviShankar · May 9, 2011

I got a new box and installed Windows Server 2008 R2 on it. Then made it a domain controlller, assigned FSMo roles, DNS, DHCP roles and replicated AD from old DC that I want to eventually remove. After all this done I trid to restart the machine but it just hangs there at "shutdown" stage.

Any hints?

ICTCity · May 9, 2011

I got a new box and installed Windows Server 2008 R2 on it. Then made it a domain controlller, assigned FSMo roles, DNS, DHCP roles and replicated AD from old DC that I want to eventually remove. After all this done I trid to restart the machine but it just hangs there at "shutdown" stage.

Any hints?

Hi there,

Can you please tell me if the DC restarts normally with this command?

shutdown -r -t 1 -f -c "Forced Shutdown"

RaviShankar · May 9, 2011

Hi there,

Can you please tell me if the DC restarts normally with this command?
shutdown -r -t 1 -f -c "Forced Shutdown"

Tried it, but same problem. I waited for 10 minutes before forcibly shutting down by turning off power. Any particular event I should look for in event ID?

ICTCity · May 9, 2011

Tried it, but same problem. I waited for 10 minutes before forcibly shutting down by turning off power. Any particular event I should look for in event ID?

Oh well, if you can post the ERRORS you get in Event Viewer once you've clicked "shut down" I can investigate on your problem.

RaviShankar · May 9, 2011

Oh well, if you can post the ERRORS you get in Event Viewer once you've clicked "shut down" I can investigate on your problem.

The only eventID (8193) I see as ERROR is in File Server:

Event ID 8193

Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.

.

Operation:

Initializing Writer

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {a3dcbbe0-2c83-4a30-a683-77bdece80bbd}

Thanks again!

ICTCity · May 9, 2011

look at this thread: http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/589f71f3-5eb5-4b07-a3f1-4c8aec36736c/

Check the alexvd's post.

let me know

RaviShankar · May 9, 2011

look at this thread: http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/589f71f3-5eb5-4b07-a3f1-4c8aec36736c/

Check the alexvd's post.
let me know

Its a no go still. The box still hangs while shutting down. FWIW, I ran dcdiag and following is the output. I have changed the dns name to hide it in public. This could probably help identify the problem. I appreciate your help.

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = my142

* Identified AD Forest.

Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\my22

Starting test: Connectivity

......................... my22 passed test Connectivity

Testing server: Default-First-Site\my142

Starting test: Connectivity

......................... my142 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site\my22

Starting test: Advertising

......................... my22 passed test Advertising

Starting test: FrsEvent

......................... my22 passed test FrsEvent

Starting test: DFSREvent

......................... my22 passed test DFSREvent

Starting test: SysVolCheck

......................... my22 passed test SysVolCheck

Starting test: KccEvent

......................... my22 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... my22 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... my22 passed test MachineAccount

Starting test: NCSecDesc

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=ForestDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=DomainDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4

......................... my22 failed test NCSecDesc

Starting test: NetLogons

......................... my22 passed test NetLogons

Starting test: ObjectsReplicated

......................... my22 passed test ObjectsReplicated

Starting test: Replications

......................... my22 passed test Replications

Starting test: RidManager

......................... my22 passed test RidManager

Starting test: Services

Invalid service type: RpcSs on my22, current value

WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

......................... my22 failed test Services

Starting test: SystemLog

......................... my22 passed test SystemLog

Starting test: VerifyReferences

......................... my22 passed test VerifyReferences

Testing server: Default-First-Site\my142

Starting test: Advertising

......................... my142 passed test Advertising

Starting test: FrsEvent

......................... my142 passed test FrsEvent

Starting test: DFSREvent

......................... my142 passed test DFSREvent

Starting test: SysVolCheck

......................... my142 passed test SysVolCheck

Starting test: KccEvent

A warning event occurred. EventID: 0x80000B46

Time Generated: 05/09/2011 13:41:22

Event String:

The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.

......................... my142 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... my142 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... my142 passed test MachineAccount

Starting test: NCSecDesc

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=ForestDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=DomainDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4

......................... my142 failed test NCSecDesc

Starting test: NetLogons

......................... my142 passed test NetLogons

Starting test: ObjectsReplicated

......................... my142 passed test ObjectsReplicated

Starting test: Replications

......................... my142 passed test Replications

Starting test: RidManager

......................... my142 passed test RidManager

Starting test: Services

......................... my142 passed test Services

Starting test: SystemLog

An error event occurred. EventID: 0x00000029

Time Generated: 05/09/2011 13:40:56

Event String:

The system has rebooted without cledom3y shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

A warning event occurred. EventID: 0x8000001D

Time Generated: 05/09/2011 13:41:20

Event String:

The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

A warning event occurred. EventID: 0x000003F6

Time Generated: 05/09/2011 13:41:30

Event String:

Name resolution for the name _ldap._tcp.dc._msdcs.dom1.dom2.dom3.dom4 timed out after none of the configured DNS servers responded.

An error event occurred. EventID: 0x0000168E

Time Generated: 05/09/2011 13:41:58

Event String:

The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site._sites.dom1.dom2.dom3.dom4. 600 IN SRV 0 100 389 my142.dom1.dom2.dom3.dom4.' failed on the following DNS server:

A warning event occurred. EventID: 0x0000000C

Time Generated: 05/09/2011 13:42:01

Event String:

Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

A warning event occurred. EventID: 0x000003F6

Time Generated: 05/09/2011 13:42:38

Event String:

Name resolution for the name 2.0.0.2.ip6.arpa timed out after none of the configured DNS servers responded.

A warning event occurred. EventID: 0x000727AA

Time Generated: 05/09/2011 13:44:01

Event String:

The WinRM service failed to create the following SPNs: WSMAN/my142.dom1.dom2.dom3.dom4; WSMAN/my142.

......................... my142 failed test SystemLog

Starting test: VerifyReferences

......................... my142 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom