Problems with installation of a new DC

[Mikael Jensen]

Hi all.

My problem is, that the newly installed DC doesn't have the Exchange
class-extenstions that the original DC has, and my guess is that this is
bad, and might cause problems in near future, so might as well take hand on
it now. (Yes, ImaNewbie, almost).

Before I installed the second DC, the event log on the original DC came with
this error repetetly (every 5 minuts + 0-2 secs)
----
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 30-04-2004
Time: 13:00:50
User: N/A
Computer: HERO2
Description:
Security policies are propagated with warning. 0x4b8 : An extended error has
occurred.
For best results in resolving this event, log on with a non-administrative
account and search http://support.microsoft.com for "Troubleshooting Event
1202s".
----
I tried looking it up, but found nothing good, just that 4b8 is a generel
error and it might be somting with GPOs.
Suspision confirmed, when i try to open the local policys on the DC i get
this
--
Windows cannot open the local policy database.
An unknown error occured when attempting to open the database
--
And the C:\WINNT\security\logs\winlogon.log
gives me this over and over again.

Error 0 to send control flag 1 over to server.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

[Mapping] gpt00000.dom = Default Domain Policy
**************************

__I don't know if ^this^ problem is related to my 2nd DC problem.__

The real problem is that, when promoting the new DC, every thing seems to be
fine, but the eventlogs tells another story.

[Taken from diffrent logs on the new DC]
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 29-04-2004
Time: 12:00:01
User: NT AUTHORITY\SYSTEM
Computer: ODIN
Description:
Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator.
DETAIL - Access is denied. , Build number ((2195)).
----
Event Type: Warning
Event Source: LoadPerf
Event Category: None
Event ID: 2000
Date: 29-04-2004
Time: 13:40:38
User: N/A
Computer: ODIN
Description:
No object list was found in the installation file. Adding an object list to
the installation file will improve performance of the system when measuring
performance counters.
----
Event Type: Error
Event Source: NTDS General
Event Category: (9)
Event ID: 1153
Date: 29-04-2004
Time: 13:41:05
User: Everyone
Computer: ODIN
Description:
Class identifier 196694 (class name protocolCfgIMAPSite) has an invalid
superclass 196692. Inheritance ignored.

[I get ALOT of ^thees^, with diffrent objects]

-----
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 30-04-2004
Time: 13:50:38
User: N/A
Computer: ODIN
Description:
The File Replication Service is having trouble enabling replication from
HERO2 to ODIN for d:\domain data\sysvol\domain using the DNS name
hero2.doms.dk. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name hero2.doms.dk from this
computer.
[2] FRS is not running on hero2.doms.dk.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: 05 00 00 00 ....

[END LOG]

And when i open a user in users and computers, I only see the standart
properties, not the Exchange properties wich are shown on the first DC.

Any thoughts on what might be wrong ??

 

[Colin]

What errors do you get when you run dcdiag and netdiag?
from the reskit? if you post the results ir might help

Regards Colin

-----Original Message-----
Hi all.

My problem is, that the newly installed DC doesn't have the Exchange
class-extenstions that the original DC has, and my guess is that this is
bad, and might cause problems in near future, so might as well take hand on
it now. (Yes, ImaNewbie, almost).

Before I installed the second DC, the event log on the original DC came with
this error repetetly (every 5 minuts + 0-2 secs)
----
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 30-04-2004
Time: 13:00:50
User: N/A
Computer: HERO2
Description:
Security policies are propagated with warning. 0x4b8 : An extended error has
occurred.
For best results in resolving this event, log on with a non-administrative
account and search http://support.microsoft.com for "Troubleshooting Event
1202s".
----
I tried looking it up, but found nothing good, just that 4b8 is a generel
error and it might be somting with GPOs.
Suspision confirmed, when i try to open the local policys on the DC i get
this
--
Windows cannot open the local policy database.
An unknown error occured when attempting to open the database
--
And the C:\WINNT\security\logs\winlogon.log
gives me this over and over again.

Error 0 to send control flag 1 over to server.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

[Mapping] gpt00000.dom = Default Domain Policy
**************************

__I don't know if ^this^ problem is related to my 2nd DC problem.__

The real problem is that, when promoting the new DC, every thing seems to be
fine, but the eventlogs tells another story.

[Taken from diffrent logs on the new DC]
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 29-04-2004
Time: 12:00:01
User: NT AUTHORITY\SYSTEM
Computer: ODIN
Description:
Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator.
DETAIL - Access is denied. , Build number ((2195)).
----
Event Type: Warning
Event Source: LoadPerf
Event Category: None
Event ID: 2000
Date: 29-04-2004
Time: 13:40:38
User: N/A
Computer: ODIN
Description:
No object list was found in the installation file. Adding an object list to
the installation file will improve performance of the system when measuring
performance counters.
----
Event Type: Error
Event Source: NTDS General
Event Category: (9)
Event ID: 1153
Date: 29-04-2004
Time: 13:41:05
User: Everyone
Computer: ODIN
Description:
Class identifier 196694 (class name protocolCfgIMAPSite) has an invalid
superclass 196692. Inheritance ignored.

[I get ALOT of ^thees^, with diffrent objects]

-----
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 30-04-2004
Time: 13:50:38
User: N/A
Computer: ODIN
Description:
The File Replication Service is having trouble enabling replication from
HERO2 to ODIN for d:\domain data\sysvol\domain using the DNS name
hero2.doms.dk. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name hero2.doms.dk from this
computer.
[2] FRS is not running on hero2.doms.dk.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: 05 00 00 00 ....

[END LOG]

And when i open a user in users and computers, I only see the standart
properties, not the Exchange properties wich are shown on the first DC.

Any thoughts on what might be wrong ??



.

 

[Cary Shultz [A.D. MVP]]

Mikael,

First things first: you installed Exchange 2000 on the first Domain
Controller, correct? And now you can not see the extra tabs in the ADUC on
the second DC that you can see on the first ( do not forget that you need to
click on the 'Advanced Features' in View ).

This is not a problem and expected behavior. Here is what you need to do to
change this: On the second DC drop in the Exchange 2000 CD and do a custom
installation. All you are going to select is the Exchange Server Manager
( not sure that this is the exact option, but similar ). That will install
the ESM on this DC. Just make sure to then install the Exchange 2000
Service Pack and you are good to go.

Now, to your 1202 error: please take a look at the following link:

http://www.eventid.net/display.asp?eventid=1202&eventno=348&source=SceCli&phase=1

Does this seem to apply in your environment?

For your other errors please take a look at the following links:

http://www.eventid.net/display.asp?eventid=1000&source=userenv
http://www.eventid.net/display.asp?eventid=2000&eventno=82&source=LoadPerf&phase=1
( indicates that the 1000 and 2000 might not be a problem. Have you
rebooted lately? )

Does this one apply for your 1153 errors?
http://www.eventid.net/display.asp?eventid=1153&eventno=1575&source=NTDS General&phase=1

For the 13508 errors - do you ever see a 13509? if so, then there is no
problem. This is 'normal'. If not, then please take a look at the
following link:

http://www.eventid.net/display.asp?eventid=13508&eventno=349&source=NtFrs&phase=1

HTH,

Cary

Hi all.

My problem is, that the newly installed DC doesn't have the Exchange
class-extenstions that the original DC has, and my guess is that this is
bad, and might cause problems in near future, so might as well take hand on
it now. (Yes, ImaNewbie, almost).

Before I installed the second DC, the event log on the original DC came with
this error repetetly (every 5 minuts + 0-2 secs)
----
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 30-04-2004
Time: 13:00:50
User: N/A
Computer: HERO2
Description:
Security policies are propagated with warning. 0x4b8 : An extended error has
occurred.
For best results in resolving this event, log on with a non-administrative
account and search http://support.microsoft.com for "Troubleshooting Event
1202s".
----
I tried looking it up, but found nothing good, just that 4b8 is a generel
error and it might be somting with GPOs.
Suspision confirmed, when i try to open the local policys on the DC i get
this
--
Windows cannot open the local policy database.
An unknown error occured when attempting to open the database
--
And the C:\WINNT\security\logs\winlogon.log
gives me this over and over again.

Error 0 to send control flag 1 over to server.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

[Mapping] gpt00000.dom = Default Domain Policy
**************************

__I don't know if ^this^ problem is related to my 2nd DC problem.__

The real problem is that, when promoting the new DC, every thing seems to be
fine, but the eventlogs tells another story.

[Taken from diffrent logs on the new DC]
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 29-04-2004
Time: 12:00:01
User: NT AUTHORITY\SYSTEM
Computer: ODIN
Description:
Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator.
DETAIL - Access is denied. , Build number ((2195)).
----
Event Type: Warning
Event Source: LoadPerf
Event Category: None
Event ID: 2000
Date: 29-04-2004
Time: 13:40:38
User: N/A
Computer: ODIN
Description:
No object list was found in the installation file. Adding an object list to
the installation file will improve performance of the system when measuring
performance counters.
----
Event Type: Error
Event Source: NTDS General
Event Category: (9)
Event ID: 1153
Date: 29-04-2004
Time: 13:41:05
User: Everyone
Computer: ODIN
Description:
Class identifier 196694 (class name protocolCfgIMAPSite) has an invalid
superclass 196692. Inheritance ignored.

[I get ALOT of ^thees^, with diffrent objects]

-----
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 30-04-2004
Time: 13:50:38
User: N/A
Computer: ODIN
Description:
The File Replication Service is having trouble enabling replication from
HERO2 to ODIN for d:\domain data\sysvol\domain using the DNS name
hero2.doms.dk. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name hero2.doms.dk from this
computer.
[2] FRS is not running on hero2.doms.dk.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: 05 00 00 00 ....

[END LOG]

And when i open a user in users and computers, I only see the standart
properties, not the Exchange properties wich are shown on the first DC.

Any thoughts on what might be wrong ??

 

[Cary Shultz [A.D. MVP]]

Colin,

Both of these tools are also available in the Support Tools as well.....

HTH,

Cary

What errors do you get when you run dcdiag and netdiag?
from the reskit? if you post the results ir might help

Regards Colin

-----Original Message-----
Hi all.

My problem is, that the newly installed DC doesn't have the Exchange
class-extenstions that the original DC has, and my guess is that this is
bad, and might cause problems in near future, so might as well take hand on
it now. (Yes, ImaNewbie, almost).

Before I installed the second DC, the event log on the original DC came with
this error repetetly (every 5 minuts + 0-2 secs)
----
Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 30-04-2004
Time: 13:00:50
User: N/A
Computer: HERO2
Description:
Security policies are propagated with warning. 0x4b8 : An extended error has
occurred.
For best results in resolving this event, log on with a non-administrative
account and search http://support.microsoft.com for "Troubleshooting Event
1202s".
----
I tried looking it up, but found nothing good, just that 4b8 is a generel
error and it might be somting with GPOs.
Suspision confirmed, when i try to open the local policys on the DC i get
this
--
Windows cannot open the local policy database.
An unknown error occured when attempting to open the database
--
And the C:\WINNT\security\logs\winlogon.log
gives me this over and over again.

Error 0 to send control flag 1 over to server.
GPLinkDomain GPO_INFO_FLAG_BACKGROUND )
GPLinkOrganizationUnit GPO_INFO_FLAG_BACKGROUND )

[Mapping] gpt00000.dom = Default Domain Policy
**************************

__I don't know if ^this^ problem is related to my 2nd DC problem.__

The real problem is that, when promoting the new DC, every thing seems to be
fine, but the eventlogs tells another story.

[Taken from diffrent logs on the new DC]
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 29-04-2004
Time: 12:00:01
User: NT AUTHORITY\SYSTEM
Computer: ODIN
Description:
Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator.
DETAIL - Access is denied. , Build number ((2195)).
----
Event Type: Warning
Event Source: LoadPerf
Event Category: None
Event ID: 2000
Date: 29-04-2004
Time: 13:40:38
User: N/A
Computer: ODIN
Description:
No object list was found in the installation file. Adding an object list to
the installation file will improve performance of the system when measuring
performance counters.
----
Event Type: Error
Event Source: NTDS General
Event Category: (9)
Event ID: 1153
Date: 29-04-2004
Time: 13:41:05
User: Everyone
Computer: ODIN
Description:
Class identifier 196694 (class name protocolCfgIMAPSite) has an invalid
superclass 196692. Inheritance ignored.

[I get ALOT of ^thees^, with diffrent objects]

-----
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 30-04-2004
Time: 13:50:38
User: N/A
Computer: ODIN
Description:
The File Replication Service is having trouble enabling replication from
HERO2 to ODIN for d:\domain data\sysvol\domain using the DNS name
hero2.doms.dk. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name hero2.doms.dk from this
computer.
[2] FRS is not running on hero2.doms.dk.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.

This event log message will appear once per connection, After the problem
is fixed you will see another event log message indicating that the
connection has been established.
Data:
0000: 05 00 00 00 ....

[END LOG]

And when i open a user in users and computers, I only see the standart
properties, not the Exchange properties wich are shown on the first DC.

Any thoughts on what might be wrong ??



.

 

[Mikael Jensen]

Hi Cary
Sorry for my late respons, but you post really gave me something to go on
and i managed to fix som of the problems, but i still have the 2end DC
replikation problem.. I am making a new post with a new and better
description with out the "other" error.
But i will just try off a couple of things on my own first (learning by
doing

In short, the only errors i have left are 1153 and that I still can't see
the Exchange properties on the user sheets

Thanks alot for all your help

Best regards
Mikael

Sorry for my late respons, but you

Mikael,

Snip

 

[Cary Shultz [A.D. MVP]]

Did you do the things that I suggested -AND- enabled the Advanced Features?

Cary

 

[Mikael Jensen]

Did you do the things that I suggested -AND- enabled the Advanced Features?

Cary

Hi Cary

Now I have.. I just installed ESM on the 2nd DC, and every thing seems to be
working now. BUT
BUT
BUT
Should i just ignore the 1153 errors I got when i promoted? (I got 51 of
them, so im a bit suspisios about it)

Other then that, everything seems to be fine, but is there anyway to check
if it soo? (No eventlog errors, either running or on boot)

 

[Cary Shultz [A.D. MVP]]

Mikael Jensen,

Based on the link that I gave you ( from eventid.net ) it would seem that
you could safely ignore this. However, you have not informed us of your
topology and I do not like errors happening all of the time. Did you look
at the link and does one of the explanations fit your environment?

Cary

 

[Mikael Jensen]

Based on the link that I gave you ( from eventid.net ) it would seem that
you could safely ignore this. However, you have not informed us of your
topology and I do not like errors happening all of the time. Did you look
at the link and does one of the explanations fit your environment?

I checked the link, but no.. Not really..

Im afraid Im not sure on the exact meaning of "topology" (Im usually a
netwok guy). But here is you setup explained.

1th DC:
550Mhz - 1G ram
W2K std Server SP4 running; Term service (1-3 clients during daytime), Print
spooler, DNS and DHCP

2th DC
400Mhz - 512megs ram
Newly installed W2K std server SP4 : Running only AD and a DNS to wich, no
client are setuped to use.

Exchange 2003 (6.5 Build 6944.4)
Big enough server - Member server

Domain 2000 Native - about 100 active users.

(I write server specs on the 2 DC, since i fear that they might be to slow
to handel the job, any thoughts on that?)

Anyway, I dont get any errors, now, but still, I get a bit worried about, if
the domain schema and/or AD objects are replicated correctly to the new DC.
For me...
Event Type: Error
Event Source: NTDS General
Event Category: (9)
Event ID: 1153
Class identifier 191508199 (class name msExchRoutingGroupConnector) has an
invalid superclass 191508196. Inheritance ignored.

Doesn't really look like something that is going to fix it self.