Unsolved Issue - Preparing Network Connections

[mibi222]

Right after installing Active Directory (Windows 2003 Enterprise), the
system hangs for more than 2 minutes on "Preparing Network
Connections". I've read MANY posts on this all stating DNS problems but
NO SOLUTION!?! Simply saying "DNS problem" doesn't help at all, and
since so many people are having this same problem, there must be a
single solution to this. Where exactly in DNS is the problem???

Here DNS seems to work perfectly. AD installed without errors
(diagnostic passed after enabling DNS dynamic updates), I can ping all
DNS entries and dynamic updates IS enabled (nonsecure and secure). In
my case, the system is connected to the internet through ADSL router,
but I don't need DNS updates from outside. I'm in a testing environment
and this computer is the only DC in a LAN of only 3 other computers
(WinXP). Below are the event errors and warnings:
(By the way, oddly the MS POP3 service also stopped working after AD)

***** Warning (In Application)
Source: MSDTC
Category: SVC
Event ID: 53258

MS DTC could not correctly process a DC Promotion/Demotion event. MS
DTC will continue to function and will use the existing security
settings. Error Specifics:
d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9280, Pid: 860
No Callstack,
CmdLine: E:\WINDOWS\system32\msdtc.exe

***** Warning (System)
Source: W32Time
Category: None
Event ID: 12

Time Provider NtpClient: This machine is configured to use the domain
hierarchy to determine its time source, but it is the PDC emulator for
the domain at the root of the forest, so there is no machine above it
in the domain hierarchy to use as a time source. It is recommended
that you either configure a reliable time service in the root domain,
or manually configure the PDC to synchronize with an external time
source. Otherwise, this machine will function as the authoritative
time source in the domain hierarchy. If an external time source is
not configured or used for this computer, you may choose to disable
the NtpClient.

***** Warning (System)
Source: LSASRV
Category: SPNEGO (Negotiator)
Event ID: 40960

The Security System detected an authentication error for the server
LDAP/Localhost. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the
logon request.
(0xc000005e)"

***** Error (System)
Source: Service Control Manager
Category: None
Event ID: 7022

The Microsoft POP3 Service service hung on starting.

***** Error (System)
Source: Service Control Manager
Category: None
Event ID: 7031

The Microsoft POP3 Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

***** Error (System)
Source: Service Control Manager
Category: None
Event ID: 7031

The Microsoft POP3 Service service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.


I haven't got Reverse Lookup Zone configured. I don't know what it's
used for since all computers in the LAN can ping normally all DNS
entries without this. Does it need to be configured? Can anyone shed a
light on this?

Your help would be greatly appreciated!

And sorry for the long post..!

 

[Ace Fekay [MVP]]

In

Right after installing Active Directory (Windows 2003 Enterprise), the
system hangs for more than 2 minutes on "Preparing Network
Connections". I've read MANY posts on this all stating DNS problems
but NO SOLUTION!?! Simply saying "DNS problem" doesn't help at all,
and since so many people are having this same problem, there must be a
single solution to this. Where exactly in DNS is the problem???

Here DNS seems to work perfectly. AD installed without errors
(diagnostic passed after enabling DNS dynamic updates), I can ping all
DNS entries and dynamic updates IS enabled (nonsecure and secure). In
my case, the system is connected to the internet through ADSL router,
but I don't need DNS updates from outside. I'm in a testing
environment and this computer is the only DC in a LAN of only 3 other
computers (WinXP). Below are the event errors and warnings:
(By the way, oddly the MS POP3 service also stopped working after AD)

***** Warning (In Application)
Source: MSDTC
Category: SVC
Event ID: 53258

MS DTC could not correctly process a DC Promotion/Demotion event. MS
DTC will continue to function and will use the existing security
settings. Error Specifics:
d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9280, Pid: 860
No Callstack,
CmdLine: E:\WINDOWS\system32\msdtc.exe

***** Warning (System)
Source: W32Time
Category: None
Event ID: 12

Time Provider NtpClient: This machine is configured to use the domain
hierarchy to determine its time source, but it is the PDC emulator for
the domain at the root of the forest, so there is no machine above it
in the domain hierarchy to use as a time source. It is recommended
that you either configure a reliable time service in the root domain,
or manually configure the PDC to synchronize with an external time
source. Otherwise, this machine will function as the authoritative
time source in the domain hierarchy. If an external time source is
not configured or used for this computer, you may choose to disable
the NtpClient.

***** Warning (System)
Source: LSASRV
Category: SPNEGO (Negotiator)
Event ID: 40960

The Security System detected an authentication error for the server
LDAP/Localhost. The failure code from authentication protocol
Kerberos was "There are currently no logon servers available to
service the logon request.
(0xc000005e)"

***** Error (System)
Source: Service Control Manager
Category: None
Event ID: 7022

The Microsoft POP3 Service service hung on starting.

***** Error (System)
Source: Service Control Manager
Category: None
Event ID: 7031

The Microsoft POP3 Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

***** Error (System)
Source: Service Control Manager
Category: None
Event ID: 7031

The Microsoft POP3 Service service terminated unexpectedly. It has
done this 2 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.


I haven't got Reverse Lookup Zone configured. I don't know what it's
used for since all computers in the LAN can ping normally all DNS
entries without this. Does it need to be configured? Can anyone shed a
light on this?

Your help would be greatly appreciated!

And sorry for the long post..!

Keep in mind this is the Win2000 newsgroup, but that's ok...

For Event ID 53258:
http://www.eventid.net/display.asp?eventid=53258&eventno=4493&source=MSDTC&phase=1

For 40960, create a reverse zone for your internal subnet, and make sure a
PTR is created for all DCs and 40960 will disappear. IT is simply the SPN
(Service Principal Name, which is it's FQDN) looks for a reverse entry to ID
itself, hence SPN "EGO".

For W32time errors, on Win2003 DC that holds the PDC Emulator role in each
domain. Note" all domain members will seek the PDC Emulator as it's time
source in an AD 2000 or 2003 domain:
net stop w32time
net time /setsntp:192.5.41.41
net start w32time

For Win2000 DC PDC Emulators:
net stop w32time
net time /setsntp:192.5.41.41
w3tm -once
net start w32time

As for the long log on times, yes, DNS is the major factor about 99% of the
time. During boot, and any other domain operation, it queries DNS for DC
locations. If the machine is not pointing to itself ONLY, or to a DNS server
that hosts your AD zone, (you cannot use an ISP's DNS in any machines' IP
properties), or the SRV records do not exist under the zone, this behavior
will result. Configure a forwarder for efficient Internet name resolution.

If the domain is a single label name, this can cause major problems too.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

 

[mibi222]

Thanks Ace!!

I had DNS settings in TCP/IP config pointing to itself AND my ADSL
router.. Removing the ADSL router solved the problem!!

Here is my current TCP/IP configuration:

IP address: 10.0.0.2
Subnet: 255.0.0.0
Default gateway: 10.0.0.138 (my ADSL modem/router)

Preferred DNS Server: 10.0.0.2
Alternate DNS Server: EMPTY

What I don't understand is how I can access the internet using normal
names (ex: www.microsoft.com) while not having either Preferred or
Alternate DNS to point to the ADSL modem/router.

As you can see, the only entry pointing to my modem is "Default
Gateway".. I'm guessing my local DNS server forwards requests for
unknown names to the default gateway..? Please correct me if I'm
wrong..

As for the other event errors, I'll try out the solutions you
suggested..

Thanks a million for your help!

 

[Ace Fekay [MVP]]

In

Thanks Ace!!

I had DNS settings in TCP/IP config pointing to itself AND my ADSL
router.. Removing the ADSL router solved the problem!!

Here is my current TCP/IP configuration:

IP address: 10.0.0.2
Subnet: 255.0.0.0
Default gateway: 10.0.0.138 (my ADSL modem/router)

Preferred DNS Server: 10.0.0.2
Alternate DNS Server: EMPTY

What I don't understand is how I can access the internet using normal
names (ex: www.microsoft.com) while not having either Preferred or
Alternate DNS to point to the ADSL modem/router.

As you can see, the only entry pointing to my modem is "Default
Gateway".. I'm guessing my local DNS server forwards requests for
unknown names to the default gateway..? Please correct me if I'm
wrong..

As for the other event errors, I'll try out the solutions you
suggested..

Thanks a million for your help!

Youa re welcome. DNS will resolve Internet names by using the Root hints.
You can make it more efficient by configuring a forwarder. If this is
win2000, see this to help you out:
http://support.microsoft.com/?id=300202

Ace