AD Errors

[Guest]

I am trying to set up a new AD domain. I am using windows 2003 SP1. After i
dcpromo the server i get the following errors in the event logs 40960 and
53258.
When i join a computer to the domain i get netlogon errors on that computer.
I can log in fine on the client for the first few times but then eventually
it says that the domain or domain controller could not be contacted and i
cannot log in. The event log shows lots of 1053 and 3210 errors. I have tried
re-doing this a number of times but always get the same errors. I have tried
to configure DNS before promoting the server to a dc then configuring it
after and i have also had the machine configure DNS for me automatically
during the DC promo process. I am at a total lost for what might be going on.

Thanks

 

[Jorge_de_Almeida_Pinto]

I am trying to set up a new AD domain. I am using windows 2003
SP1. After i
dcpromo the server i get the following errors in the event
logs 40960 and
53258.
When i join a computer to the domain i get netlogon errors on
that computer.
I can log in fine on the client for the first few times but
then eventually
it says that the domain or domain controller could not be
contacted and i
cannot log in. The event log shows lots of 1053 and 3210
errors. I have tried
re-doing this a number of times but always get the same
errors. I have tried
to configure DNS before promoting the server to a dc then
configuring it
after and i have also had the machine configure DNS for me
automatically
during the DC promo process. I am at a total lost for what
might be going on.

Thanks

see if the following helps:
http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1

 

[Guest]

see if the following helps:
http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/AD-Errors-ftopict435348.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1464464

Hi,

I replaced the nic cards on both the member server and the DC and am now not
getting any netlogon errors on the member server. How ever i am still getting
events 40960 and 53258 on the DC

 

[Ace Fekay [MVP]]

In

I am trying to set up a new AD domain. I am using windows 2003 SP1.
After i dcpromo the server i get the following errors in the event
logs 40960 and 53258.
When i join a computer to the domain i get netlogon errors on that
computer. I can log in fine on the client for the first few times but
then eventually it says that the domain or domain controller could
not be contacted and i cannot log in. The event log shows lots of
1053 and 3210 errors. I have tried re-doing this a number of times
but always get the same errors. I have tried to configure DNS before
promoting the server to a dc then configuring it after and i have
also had the machine configure DNS for me automatically during the DC
promo process. I am at a total lost for what might be going on.

Thanks

40960 errors: Create a reverse zone and make sure a PTR exists for the DCs.
That will elimiate it, otherwise Windows XP and Windows server 2003 will log
40960 SPNEGO & 40961 LsaSrv errors because they cannot securely register in
prisoner.iana.org on the Internet.

53528: Follow the link Jorge gave you to fix the MSDTC errors.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

In

40960 errors: Create a reverse zone and make sure a PTR exists for the DCs.
That will elimiate it, otherwise Windows XP and Windows server 2003 will log
40960 SPNEGO & 40961 LsaSrv errors because they cannot securely register in
prisoner.iana.org on the Internet.

53528: Follow the link Jorge gave you to fix the MSDTC errors.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Microsot Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

The only time i am getting any errors is when the box re-boots.
Should i be cocncerned or not about this

 

[Ace Fekay [MVP]]

In

The only time i am getting any errors is when the box re-boots.
Should i be cocncerned or not about this

That's up to you. The MSDTC may be critical, depending on what apps are
running, Exchange, etc. The SPNEGO is Kerberos trying to set an ID for
itself. If I were you, I would clean them up.

It's just recommended friendly advise to help with the errors you posted.

As for the original errors you additionally posted about logging on,
dcpromo, etc, they are indicative of not using only your internal DNS
server. It is *highly* recommended to ONLY use your internal DNS server in
all your domain machines' IP properties (this means all your DCs, member
servers, clients, etc). AD requests always ask DNS, "Where is the domain
controller for my domain?" If you are using your ISP's DNS, how will your
machine find the domain? Your ISP's DNS servers do not have the answer to
that query. If you are using the ISP's for Internet resolution, you can use
your own, the Root hints will handle resolution, but you can make it more
efficient by configuring a forwarder.

Ace