Confusing A.D. problems...

[Chris Hall]

We have two DCs in two physical locations, both running w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event log. I've never had
problems pinging either server from my workstation or each other. I can also
nslookup both servers by name and ip. It was pointed out that this is
probably a dns problem, which I would agree since I get the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not be resolved to an IP
address. Check the DNS server, dhcp, server name, etc. Althought the
GUID DNS name couldn't be resolved, the server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and was pingable.

I've looked at serveral KB articles and posts in this group, but have still
not been able to resolve this problem It seems that the servers replicate
sometimes, as I've seen in Event Viewer messages that tell me so.
Originally, I thought the problem was DNS related to the first server--I was
using a non-rfc compliant name (MAIN_SERVER.DOMAIN.COM)--but based on the
errors and posts I've seen in this newsgroup, I think that the problem is
somewhere else. At this point, I transferred FSMO roles to SERVER2 and have
attempted to remove/reinstall DNS according to the KB article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get this:

Performing initial setup:
[server2] LDAP bind failed with error 31,
A device attached to the system is not
functioning....

Another post descriped that the above LDAP problem has to do with Secure
Channel Password being out of sync. I tried to change this but got this
message:

The machine account password for the local machine could
not be reset.
The credentials supplied conflict with an existing set
of credentials.

I used NETDOM from the support tools to try to change this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs--and I believe that I
set this up correctly...static ip, pointed dns to self on each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed some light, I would
greatly appreciate it!!!!!!!!!!!!!!

 

[Rich]

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly for
me. The big difference between my setup and yours is that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

 

[Chris Hall]

Thanks for the reply.

I checked and the GUID is in the dns console--under _msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve my problem, but I
still get the LDAP error below when I try to run DCDIAG. I do have two
different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly for
me. The big difference between my setup and yours is that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event log. I've never had
problems pinging either server from my workstation or each other. I can also
nslookup both servers by name and ip. It was pointed out that this is
probably a dns problem, which I would agree since I get the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not be resolved to an IP
address. Check the DNS server, dhcp, server name, etc. Althought the
GUID DNS name couldn't be resolved, the server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and was pingable.

I've looked at serveral KB articles and posts in this group, but have still
not been able to resolve this problem It seems that the servers replicate
sometimes, as I've seen in Event Viewer messages that tell me so.
Originally, I thought the problem was DNS related to the first server--I was
using a non-rfc compliant name (MAIN_SERVER.DOMAIN.COM)-- but based on the
errors and posts I've seen in this newsgroup, I think that the problem is
somewhere else. At this point, I transferred FSMO roles to SERVER2 and have
attempted to remove/reinstall DNS according to the KB article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get this:

Performing initial setup:
[server2] LDAP bind failed with error 31,
A device attached to the system is not
functioning....

Another post descriped that the above LDAP problem has to do with Secure
Channel Password being out of sync. I tried to change this but got this
message:

The machine account password for the local machine could
not be reset.
The credentials supplied conflict with an existing set
of credentials.

I used NETDOM from the support tools to try to change this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs-- and I believe that I
set this up correctly...static ip, pointed dns to self on each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed some light, I would
greatly appreciate it!!!!!!!!!!!!!!


.

 

[Rich]

I think I read somewhere that doing a IPconfig /flushdns
doesn't work on a domain controller. You have to restart
the server to flush the dns.
Are you running your DNS in Active Directory integrated
mode? Do you have your DNS servers listed in the Name
Servers tab? They should both be there. Other than this I
am just as lost as you are.
Just ensure that the GUID that the DCdiag says it expects
to see and the one listed in DNS are the same if they are
not then replace the DNS with the GUID from DCDiag.


Rich

-----Original Message-----
Thanks for the reply.

I checked and the GUID is in the dns console--under _msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve my problem, but I
still get the LDAP error below when I try to run DCDIAG. I do have two
different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly for
me. The big difference between my setup and yours is that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event log. I've never had
problems pinging either server from my workstation or each other. I can also
nslookup both servers by name and ip. It was pointed

out
that this is

probably a dns problem, which I would agree since I get the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not be resolved to an IP
address. Check the DNS server, dhcp, server name, etc. Althought the
GUID DNS name couldn't be resolved, the server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and was pingable.

I've looked at serveral KB articles and posts in this group, but have still
not been able to resolve this problem It seems that the servers replicate
sometimes, as I've seen in Event Viewer messages that tell me so.
Originally, I thought the problem was DNS related to

the
first server--I was

using a non-rfc compliant name

(MAIN_SERVER.DOMAIN.COM)--
but based on the

errors and posts I've seen in this newsgroup, I think that the problem is
somewhere else. At this point, I transferred FSMO roles to SERVER2 and have
attempted to remove/reinstall DNS according to the KB article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get this:

Performing initial setup:
[server2] LDAP bind failed with error 31,
A device attached to the system is not
functioning....

Another post descriped that the above LDAP problem has

to
do with Secure

Channel Password being out of sync. I tried to change this but got this
message:

The machine account password for

the
local machine could

not be reset.
The credentials supplied conflict with an existing set
of credentials.

I used NETDOM from the support tools to try to change this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs-- and I believe that I
set this up correctly...static ip, pointed dns to self

on
each server,

dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed

some
light, I would

greatly appreciate it!!!!!!!!!!!!!!


.

.

 

[Cary Shultz [A.D. MVP]]

Rich,

Running ipconfig /flushdns followed by ipconfig /registerdns absolutely
works on a Domain Controller. You would normally first stop the netlogon
service ( via net stop netlogon ) before using these and then restart the
netlogon service ( via net start netlogon )....

Cary

I think I read somewhere that doing a IPconfig /flushdns
doesn't work on a domain controller. You have to restart
the server to flush the dns.
Are you running your DNS in Active Directory integrated
mode? Do you have your DNS servers listed in the Name
Servers tab? They should both be there. Other than this I
am just as lost as you are.
Just ensure that the GUID that the DCdiag says it expects
to see and the one listed in DNS are the same if they are
not then replace the DNS with the GUID from DCDiag.


Rich

-----Original Message-----
Thanks for the reply.

I checked and the GUID is in the dns console--under _msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve my problem, but I
still get the LDAP error below when I try to run DCDIAG. I do have two
different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly for
me. The big difference between my setup and yours is that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running
w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event
log. I've never had
problems pinging either server from my workstation or
each other. I can also
nslookup both servers by name and ip. It was pointed out
that this is
probably a dns problem, which I would agree since I get
the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not
be resolved to an IP
address. Check the DNS server, dhcp, server name, etc.
Althought the
GUID DNS name couldn't be resolved, the
server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and
was pingable.

I've looked at serveral KB articles and posts in this
group, but have still
not been able to resolve this problem It seems that the
servers replicate
sometimes, as I've seen in Event Viewer messages that
tell me so.
Originally, I thought the problem was DNS related to the
first server--I was
using a non-rfc compliant name (MAIN_SERVER.DOMAIN.COM)--
but based on the
errors and posts I've seen in this newsgroup, I think
that the problem is
somewhere else. At this point, I transferred FSMO roles
to SERVER2 and have
attempted to remove/reinstall DNS according to the KB
article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I
completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get this:

Performing initial setup:
[server2] LDAP bind failed with
error 31,
A device attached to the system
is not
functioning....

Another post descriped that the above LDAP problem has to
do with Secure
Channel Password being out of sync. I tried to change
this but got this
message:

The machine account password for the
local machine could
not be reset.
The credentials supplied conflict
with an existing set
of credentials.

I used NETDOM from the support tools to try to change
this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs--
and I believe that I
set this up correctly...static ip, pointed dns to self on
each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed some
light, I would
greatly appreciate it!!!!!!!!!!!!!!


.

.

 

[Rich]

Thanks for the information. I had always just rebooted
the server for that function. I hope someone else has a
better idea on your GUID and DNS resolution error. It
would help me out to better understand that process as
well.

Good luck.

Rich

-----Original Message-----
Rich,

Running ipconfig /flushdns followed by

ipconfig /registerdns absolutely

works on a Domain Controller. You would normally first stop the netlogon
service ( via net stop netlogon ) before using these and then restart the
netlogon service ( via net start netlogon )....

Cary

I think I read somewhere that doing a IPconfig /flushdns
doesn't work on a domain controller. You have to restart
the server to flush the dns.
Are you running your DNS in Active Directory integrated
mode? Do you have your DNS servers listed in the Name
Servers tab? They should both be there. Other than this I
am just as lost as you are.
Just ensure that the GUID that the DCdiag says it expects
to see and the one listed in DNS are the same if they are
not then replace the DNS with the GUID from DCDiag.


Rich

-----Original Message-----
Thanks for the reply.

I checked and the GUID is in the dns console--under _msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve

my
problem, but I

still get the LDAP error below when I try to run

DCDIAG.
I do have two

different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working

correctly
for

me. The big difference between my setup and yours is that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running
w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event
log. I've never had
problems pinging either server from my workstation or
each other. I can also
nslookup both servers by name and ip. It was pointed out
that this is
probably a dns problem, which I would agree since I get
the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not
be resolved to an IP
address. Check the DNS server, dhcp, server name, etc.
Althought the
GUID DNS name couldn't be resolved, the
server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and
was pingable.

I've looked at serveral KB articles and posts in this
group, but have still
not been able to resolve this problem It seems that the
servers replicate
sometimes, as I've seen in Event Viewer messages that
tell me so.
Originally, I thought the problem was DNS related to the
first server--I was
using a non-rfc compliant name (MAIN_SERVER.DOMAIN.COM)--
but based on the
errors and posts I've seen in this newsgroup, I think
that the problem is
somewhere else. At this point, I transferred FSMO roles
to SERVER2 and have
attempted to remove/reinstall DNS according to the KB
article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I
completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get this:

Performing initial setup:
[server2] LDAP bind failed with
error 31,
A device attached to the system
is not
functioning....

Another post descriped that the above LDAP problem

has
to

do with Secure
Channel Password being out of sync. I tried to change
this but got this
message:

The machine account password for the
local machine could
not be reset.
The credentials supplied conflict
with an existing set
of credentials.

I used NETDOM from the support tools to try to change
this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs--
and I believe that I
set this up correctly...static ip, pointed dns to

self
on

each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed some
light, I would
greatly appreciate it!!!!!!!!!!!!!!


.



.

.

 

[Chris Hall]

I am running AD Integrated zones. I double checked that the GUID that's in
DNS is also the same as in the Original dcdiag. I say original, because I
can no longer complete a dcdiag due to the LDAP error.

Does anyone know about the LDAP error listed below? I've searched in both
newgroups and KB articles....

Performing initial setup:
[server2] LDAP bind failed with error 31,
A device attached to the system is not
functioning....


I'd hate to have to reinstall both servers, as I tried this...suggestions?

I think I read somewhere that doing a IPconfig /flushdns
doesn't work on a domain controller. You have to restart
the server to flush the dns.
Are you running your DNS in Active Directory integrated
mode? Do you have your DNS servers listed in the Name
Servers tab? They should both be there. Other than this I
am just as lost as you are.
Just ensure that the GUID that the DCdiag says it expects
to see and the one listed in DNS are the same if they are
not then replace the DNS with the GUID from DCDiag.


Rich

-----Original Message-----
Thanks for the reply.

I checked and the GUID is in the dns console--under _msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve my problem, but I
still get the LDAP error below when I try to run DCDIAG. I do have two
different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly for
me. The big difference between my setup and yours is that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running
w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event
log. I've never had
problems pinging either server from my workstation or
each other. I can also
nslookup both servers by name and ip. It was pointed out
that this is
probably a dns problem, which I would agree since I get
the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not
be resolved to an IP
address. Check the DNS server, dhcp, server name, etc.
Althought the
GUID DNS name couldn't be resolved, the
server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and
was pingable.

I've looked at serveral KB articles and posts in this
group, but have still
not been able to resolve this problem It seems that the
servers replicate
sometimes, as I've seen in Event Viewer messages that
tell me so.
Originally, I thought the problem was DNS related to the
first server--I was
using a non-rfc compliant name (MAIN_SERVER.DOMAIN.COM)--
but based on the
errors and posts I've seen in this newsgroup, I think
that the problem is
somewhere else. At this point, I transferred FSMO roles
to SERVER2 and have
attempted to remove/reinstall DNS according to the KB
article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I
completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get this:

Performing initial setup:
[server2] LDAP bind failed with
error 31,
A device attached to the system
is not
functioning....

Another post descriped that the above LDAP problem has to
do with Secure
Channel Password being out of sync. I tried to change
this but got this
message:

The machine account password for the
local machine could
not be reset.
The credentials supplied conflict
with an existing set
of credentials.

I used NETDOM from the support tools to try to change
this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs--
and I believe that I
set this up correctly...static ip, pointed dns to self on
each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed some
light, I would
greatly appreciate it!!!!!!!!!!!!!!


.

.

 

[Chriss3]

Chris see and follow the article below.

http://www.jsiinc.com/SUBO/tip7100/rh7145.htm

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

I am running AD Integrated zones. I double checked that the GUID that's in
DNS is also the same as in the Original dcdiag. I say original, because I
can no longer complete a dcdiag due to the LDAP error.

Does anyone know about the LDAP error listed below? I've searched in both
newgroups and KB articles....

Performing initial setup:
[server2] LDAP bind failed with error 31,
A device attached to the system is not
functioning....


I'd hate to have to reinstall both servers, as I tried this...suggestions?

I think I read somewhere that doing a IPconfig /flushdns
doesn't work on a domain controller. You have to restart
the server to flush the dns.
Are you running your DNS in Active Directory integrated
mode? Do you have your DNS servers listed in the Name
Servers tab? They should both be there. Other than this I
am just as lost as you are.
Just ensure that the GUID that the DCdiag says it expects
to see and the one listed in DNS are the same if they are
not then replace the DNS with the GUID from DCDiag.


Rich

-----Original Message-----
Thanks for the reply.

I checked and the GUID is in the dns console--under _msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve my problem, but I
still get the LDAP error below when I try to run DCDIAG. I do have two
different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly for
me. The big difference between my setup and yours is that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running
w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event
log. I've never had
problems pinging either server from my workstation or
each other. I can also
nslookup both servers by name and ip. It was pointed out
that this is
probably a dns problem, which I would agree since I get
the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not
be resolved to an IP
address. Check the DNS server, dhcp, server name, etc.
Althought the
GUID DNS name couldn't be resolved, the
server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and
was pingable.

I've looked at serveral KB articles and posts in this
group, but have still
not been able to resolve this problem It seems that the
servers replicate
sometimes, as I've seen in Event Viewer messages that
tell me so.
Originally, I thought the problem was DNS related to the
first server--I was
using a non-rfc compliant name (MAIN_SERVER.DOMAIN.COM)--
but based on the
errors and posts I've seen in this newsgroup, I think
that the problem is
somewhere else. At this point, I transferred FSMO roles
to SERVER2 and have
attempted to remove/reinstall DNS according to the KB
article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I
completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get this:

Performing initial setup:
[server2] LDAP bind failed with
error 31,
A device attached to the system
is not
functioning....

Another post descriped that the above LDAP problem has to
do with Secure
Channel Password being out of sync. I tried to change
this but got this
message:

The machine account password for the
local machine could
not be reset.
The credentials supplied conflict
with an existing set
of credentials.

I used NETDOM from the support tools to try to change
this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs--
and I believe that I
set this up correctly...static ip, pointed dns to self on
each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed some
light, I would
greatly appreciate it!!!!!!!!!!!!!!


.



.

 

[Chris Hall]

Christoffer,

Thanks for your reply. I followed the document, but the userAccountControl
value was already set to 532480. I went through the document and when
typing in the netdom 'string', I received the error: the credentials
supplied conflict with an existing set of credentials. I've almost resigned
to reinstall both servers, but don't want to get the same thing again, so I
guess I'd like to find out what caused the problem in the first place.

Chris see and follow the article below.

http://www.jsiinc.com/SUBO/tip7100/rh7145.htm

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

I am running AD Integrated zones. I double checked that the GUID that's in
DNS is also the same as in the Original dcdiag. I say original, because I
can no longer complete a dcdiag due to the LDAP error.

Does anyone know about the LDAP error listed below? I've searched in both
newgroups and KB articles....

Performing initial setup:
[server2] LDAP bind failed with error 31,
A device attached to the system is not
functioning....


I'd hate to have to reinstall both servers, as I tried this...suggestions?

I think I read somewhere that doing a IPconfig /flushdns
doesn't work on a domain controller. You have to restart
the server to flush the dns.
Are you running your DNS in Active Directory integrated
mode? Do you have your DNS servers listed in the Name
Servers tab? They should both be there. Other than this I
am just as lost as you are.
Just ensure that the GUID that the DCdiag says it expects
to see and the one listed in DNS are the same if they are
not then replace the DNS with the GUID from DCDiag.


Rich

-----Original Message-----
Thanks for the reply.

I checked and the GUID is in the dns console--under
_msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve my
problem, but I
still get the LDAP error below when I try to run DCDIAG.
I do have two
different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly
for
me. The big difference between my setup and yours is
that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running
w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event
log. I've never had
problems pinging either server from my workstation or
each other. I can also
nslookup both servers by name and ip. It was pointed
out
that this is
probably a dns problem, which I would agree since I get
the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not
be resolved to an IP
address. Check the DNS server, dhcp, server name, etc.
Althought the
GUID DNS name couldn't be resolved, the
server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and
was pingable.

I've looked at serveral KB articles and posts in this
group, but have still
not been able to resolve this problem It seems that the
servers replicate
sometimes, as I've seen in Event Viewer messages that
tell me so.
Originally, I thought the problem was DNS related to
the
first server--I was
using a non-rfc compliant name
(MAIN_SERVER.DOMAIN.COM)--
but based on the
errors and posts I've seen in this newsgroup, I think
that the problem is
somewhere else. At this point, I transferred FSMO roles
to SERVER2 and have
attempted to remove/reinstall DNS according to the KB
article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I
completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get
this:

Performing initial setup:
[server2] LDAP bind failed with
error 31,
A device attached to the system
is not
functioning....

Another post descriped that the above LDAP problem has
to
do with Secure
Channel Password being out of sync. I tried to change
this but got this
message:

The machine account password for
the
local machine could
not be reset.
The credentials supplied conflict
with an existing set
of credentials.

I used NETDOM from the support tools to try to change
this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs--
and I believe that I
set this up correctly...static ip, pointed dns to self
on
each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed
some
light, I would
greatly appreciate it!!!!!!!!!!!!!!


.



.

 

[Chris Hall]

I was searching through Microsoft's site and found a document on
troubleshooting AD problems (actually, it's in the res kit) and one of the
tests recommended was NLTEST. I ran the following test: NLTEST /DSGETDC:
DOMAIN-NAME.

From the results I got back, I discovered that the DOM GUID that shows up in
this test is different from the GUID in DNS.

Has anyone seen this? Suggestions?

Christoffer,

Thanks for your reply. I followed the document, but the userAccountControl
value was already set to 532480. I went through the document and when
typing in the netdom 'string', I received the error: the credentials
supplied conflict with an existing set of credentials. I've almost resigned
to reinstall both servers, but don't want to get the same thing again, so I
guess I'd like to find out what caused the problem in the first place.

Chris see and follow the article below.

http://www.jsiinc.com/SUBO/tip7100/rh7145.htm

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

that's

in

because

I

can no longer complete a dcdiag due to the LDAP error.

Does anyone know about the LDAP error listed below? I've searched in both
newgroups and KB articles....

Performing initial setup:
[server2] LDAP bind failed with error 31,
A device attached to the system is not
functioning....


I'd hate to have to reinstall both servers, as I tried this...suggestions?

I think I read somewhere that doing a IPconfig /flushdns
doesn't work on a domain controller. You have to restart
the server to flush the dns.
Are you running your DNS in Active Directory integrated
mode? Do you have your DNS servers listed in the Name
Servers tab? They should both be there. Other than this I
am just as lost as you are.
Just ensure that the GUID that the DCdiag says it expects
to see and the one listed in DNS are the same if they are
not then replace the DNS with the GUID from DCDiag.


Rich

-----Original Message-----
Thanks for the reply.

I checked and the GUID is in the dns console--under
_msdcs. I cleaned out
dns (per KB article 294328) thinking that would solve my
problem, but I
still get the LDAP error below when I try to run DCDIAG.
I do have two
different sites/subnets.

I have had this problem with a couple of DC's and found
that when I placed the correct GUID in the DNS records
(under _msdcs option) things started working correctly
for
me. The big difference between my setup and yours is
that
both servers were on the same Subnet. See if this helps
with your error.

One other thing to look at is ensure that your sites are
setup for your two different systems (subnet/locations)

Hope this helps.

Rich

-----Original Message-----
We have two DCs in two physical locations, both running
w2k sever w/ sp4. A
while back, I noticed KCC and NtFRS errors in the event
log. I've never had
problems pinging either server from my workstation or
each other. I can also
nslookup both servers by name and ip. It was pointed
out
that this is
probably a dns problem, which I would agree since I get
the error when
running DCDIAG:

"SERVER2 server GUID DNS name could not
be resolved to an IP
address. Check the DNS server, dhcp, server name, etc.
Althought the
GUID DNS name couldn't be resolved, the
server name
SERVER2.DOMAIN.COM resolved to IP address (w.x.y.z) and
was pingable.

I've looked at serveral KB articles and posts in this
group, but have still
not been able to resolve this problem It seems that the
servers replicate
sometimes, as I've seen in Event Viewer messages that
tell me so.
Originally, I thought the problem was DNS related to
the
first server--I was
using a non-rfc compliant name
(MAIN_SERVER.DOMAIN.COM)--
but based on the
errors and posts I've seen in this newsgroup, I think
that the problem is
somewhere else. At this point, I transferred FSMO roles
to SERVER2 and have
attempted to remove/reinstall DNS according to the KB
article (294328), but
I can't open AD Users & Comp snap-in on SERVER2. I
completed this on both
servers. On SERVER2, when I try to run DCDIAG, I get
this:

Performing initial setup:
[server2] LDAP bind failed with
error 31,
A device attached to the system
is not
functioning....

Another post descriped that the above LDAP problem has
to
do with Secure
Channel Password being out of sync. I tried to change
this but got this
message:

The machine account password for
the
local machine could
not be reset.
The credentials supplied conflict
with an existing set
of credentials.

I used NETDOM from the support tools to try to change
this.

FYI: I do have time setup with an outside time server.

I'm confused because, the setup is simple--only 2 DCs--
and I believe that I
set this up correctly...static ip, pointed dns to self
on
each server,
dcpromo, setup dns during dcpromo.


I'm running out of options, so if someone could shed
some
light, I would
greatly appreciate it!!!!!!!!!!!!!!


.



.