DNS issue ( I think ) Event ID 1411 on PDC of two DC domain

S

Stephan Barr

Event 1411 on the PDC but the BDC reports replication is successful.
PDC \\frakctured became PDC about 3 weeks ago; origianl PDC \\bdtOrg is gone.
From the PDC using replmon reports...{
"DateTime","1/24/2004 7:42:22 PM"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Property Update USN: 25183"
"DirectPartnerFailure","Changes have not been successfully replicated from COIL for 150 attempt(s)."
"DirectPartnerFailure","The reason is: The DSA operation is unable to proceed because of a DNS lookup failure."
"DirectPartnerFailure","The last replication attempt was: 1/24/2004 7:18:02 PM (local)"
"DateTime","1/24/2004 8:29:04 PM"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Property Update USN: 25183"
"DirectPartnerFailure","Changes have not been successfully replicated from COIL for 155 attempt(s)."
"DirectPartnerFailure","The reason is: Replication access was denied."
"DirectPartnerFailure","The last replication attempt was: 1/24/2004 8:12:24 PM (local)"
}

Event ID 1411 reports... {

The Directory Service failed to construct a mutual authentication Service Principal Name (SPN) for server 6be61eab-bccb-45d9-8bab-fa645277ed23._msdcs.bdtechnology.org. The call is denied. The error was:

}

but the SPN referred to is not the DC (COIL - a22220ceb-3aa0-4f13-b5ed-312607d8cc15) to which the PDC is failing.


Applied Microsoft Knowledge Base Article - 329860 with no joy


DCDIAG fails with "
DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\FRAKCTURED
Starting test: Connectivity
......................... FRAKCTURED passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\FRAKCTURED
Starting test: Replications
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Schema,CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-01-24 19:18.02.
The last success occurred at 2004-01-18 20:49.33.
150 failures have occurred since the last success.
The guid-based DNS name a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
is not registered on one or more DNS servers.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8453):
Replication access was denied.
The failure occurred at 2004-01-24 19:23.37.
The last success occurred at 2004-01-18 20:50.02.
1486 failures have occurred since the last success.
The machine account for the destination FRAKCTURED.
is not configured properly.
Check the userAccountControl field.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
Verify domain partition of KDC is in sync with rest of enterprise.
The tool repadmin/syncall can be used for this purpose.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: DC=bdtechnology,DC=org
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-01-24 19:18.02.
The last success occurred at 2004-01-18 20:49.33.
822 failures have occurred since the last success.
The guid-based DNS name a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
is not registered on one or more DNS servers.
......................... FRAKCTURED passed test Replications
Starting test: NCSecDesc
......................... FRAKCTURED passed test NCSecDesc
Starting test: NetLogons
......................... FRAKCTURED passed test NetLogons
Starting test: Advertising
......................... FRAKCTURED passed test Advertising
Starting test: KnowsOfRoleHolders
......................... FRAKCTURED passed test KnowsOfRoleHolders
Starting test: RidManager
......................... FRAKCTURED passed test RidManager
Starting test: MachineAccount
* FRAKCTURED is not a server trust account
* FRAKCTURED is not trusted for account delegation
......................... FRAKCTURED failed test MachineAccount
Starting test: Services
......................... FRAKCTURED passed test Services
Starting test: ObjectsReplicated
......................... FRAKCTURED passed test ObjectsReplicated
Starting test: frssysvol
......................... FRAKCTURED passed test frssysvol
Starting test: kccevent
An Information Event occured. EventID: 0x4000051C
Time Generated: 01/24/2004 19:23:21
Event String: The Directory Service consistency checker has
An Error Event occured. EventID: 0xC0000583
Time Generated: 01/24/2004 19:23:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000583
Time Generated: 01/24/2004 19:28:51
(Event String could not be retrieved)
......................... FRAKCTURED failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B58
Time Generated: 01/24/2004 19:17:47
Event String: The hcmon service failed to start due to the
An Error Event occured. EventID: 0xC0001B58
Time Generated: 01/24/2004 19:17:47
Event String: The VMparport service failed to start due to the
An Error Event occured. EventID: 0xC0001B58
Time Generated: 01/24/2004 19:17:47
Event String: The vmx86 service failed to start due to the
An Error Event occured. EventID: 0xC0001B61
Time Generated: 01/24/2004 19:19:02
Event String: Timeout (30000 milliseconds) waiting for the
An Error Event occured. EventID: 0xC0001B61
Time Generated: 01/24/2004 19:19:02
Event String: Timeout (30000 milliseconds) waiting for the
An Error Event occured. EventID: 0xC0001B6F
Time Generated: 01/24/2004 19:19:34
Event String: The Intel File Transfer service terminated with
An Error Event occured. EventID: 0x00000457
Time Generated: 01/24/2004 19:33:19
Event String: Driver Acrobat PDFWriter required for printer
An Error Event occured. EventID: 0x00000452
Time Generated: 01/24/2004 19:33:19
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/24/2004 19:33:20
Event String: Driver HP OfficeJet T Series Fax required for
An Error Event occured. EventID: 0x00000452
Time Generated: 01/24/2004 19:33:20
Event String: The printer could not be installed.
......................... FRAKCTURED failed test systemlog

Running enterprise tests on : bdtechnology.org
Starting test: Intersite
......................... bdtechnology.org passed test Intersite
Starting test: FsmoCheck
......................... bdtechnology.org passed test FsmoCheck

Thanks guys!
 
S

Stephan Barr

The error seems to be related to the removal af a dead PDC named \\bdtOrg.
Event 1411 on the PDC but the BDC reports replication is successful.
PDC \\frakctured became PDC about 3 weeks ago; origianl PDC \\bdtOrg is gone.
From the PDC using replmon reports...{
"DateTime","1/24/2004 7:42:22 PM"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Property Update USN: 25183"
"DirectPartnerFailure","Changes have not been successfully replicated from COIL for 150 attempt(s)."
"DirectPartnerFailure","The reason is: The DSA operation is unable to proceed because of a DNS lookup failure."
"DirectPartnerFailure","The last replication attempt was: 1/24/2004 7:18:02 PM (local)"
"DateTime","1/24/2004 8:29:04 PM"
"PartnerType",">> Direct Replication Partner Data <<"
"DirectPartnerUSN","Property Update USN: 25183"
"DirectPartnerFailure","Changes have not been successfully replicated from COIL for 155 attempt(s)."
"DirectPartnerFailure","The reason is: Replication access was denied."
"DirectPartnerFailure","The last replication attempt was: 1/24/2004 8:12:24 PM (local)"
}

Event ID 1411 reports... {

The Directory Service failed to construct a mutual authentication Service Principal Name (SPN) for server 6be61eab-bccb-45d9-8bab-fa645277ed23._msdcs.bdtechnology.org. The call is denied. The error was:

}

but the SPN referred to is not the DC (COIL - a22220ceb-3aa0-4f13-b5ed-312607d8cc15) to which the PDC is failing.


Applied Microsoft Knowledge Base Article - 329860 with no joy


DCDIAG fails with "
DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\FRAKCTURED
Starting test: Connectivity
......................... FRAKCTURED passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\FRAKCTURED
Starting test: Replications
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Schema,CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-01-24 19:18.02.
The last success occurred at 2004-01-18 20:49.33.
150 failures have occurred since the last success.
The guid-based DNS name a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
is not registered on one or more DNS servers.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8453):
Replication access was denied.
The failure occurred at 2004-01-24 19:23.37.
The last success occurred at 2004-01-18 20:50.02.
1486 failures have occurred since the last success.
The machine account for the destination FRAKCTURED.
is not configured properly.
Check the userAccountControl field.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
Verify domain partition of KDC is in sync with rest of enterprise.
The tool repadmin/syncall can be used for this purpose.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: DC=bdtechnology,DC=org
The replication generated an error (8524):
The DSA operation is unable to proceed because of a DNS lookup failure.
The failure occurred at 2004-01-24 19:18.02.
The last success occurred at 2004-01-18 20:49.33.
822 failures have occurred since the last success.
The guid-based DNS name a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
is not registered on one or more DNS servers.
......................... FRAKCTURED passed test Replications
Starting test: NCSecDesc
......................... FRAKCTURED passed test NCSecDesc
Starting test: NetLogons
......................... FRAKCTURED passed test NetLogons
Starting test: Advertising
......................... FRAKCTURED passed test Advertising
Starting test: KnowsOfRoleHolders
......................... FRAKCTURED passed test KnowsOfRoleHolders
Starting test: RidManager
......................... FRAKCTURED passed test RidManager
Starting test: MachineAccount
* FRAKCTURED is not a server trust account
* FRAKCTURED is not trusted for account delegation
......................... FRAKCTURED failed test MachineAccount
Starting test: Services
......................... FRAKCTURED passed test Services
Starting test: ObjectsReplicated
......................... FRAKCTURED passed test ObjectsReplicated
Starting test: frssysvol
......................... FRAKCTURED passed test frssysvol
Starting test: kccevent
An Information Event occured. EventID: 0x4000051C
Time Generated: 01/24/2004 19:23:21
Event String: The Directory Service consistency checker has
An Error Event occured. EventID: 0xC0000583
Time Generated: 01/24/2004 19:23:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000583
Time Generated: 01/24/2004 19:28:51
(Event String could not be retrieved)
......................... FRAKCTURED failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B58
Time Generated: 01/24/2004 19:17:47
Event String: The hcmon service failed to start due to the
An Error Event occured. EventID: 0xC0001B58
Time Generated: 01/24/2004 19:17:47
Event String: The VMparport service failed to start due to the
An Error Event occured. EventID: 0xC0001B58
Time Generated: 01/24/2004 19:17:47
Event String: The vmx86 service failed to start due to the
An Error Event occured. EventID: 0xC0001B61
Time Generated: 01/24/2004 19:19:02
Event String: Timeout (30000 milliseconds) waiting for the
An Error Event occured. EventID: 0xC0001B61
Time Generated: 01/24/2004 19:19:02
Event String: Timeout (30000 milliseconds) waiting for the
An Error Event occured. EventID: 0xC0001B6F
Time Generated: 01/24/2004 19:19:34
Event String: The Intel File Transfer service terminated with
An Error Event occured. EventID: 0x00000457
Time Generated: 01/24/2004 19:33:19
Event String: Driver Acrobat PDFWriter required for printer
An Error Event occured. EventID: 0x00000452
Time Generated: 01/24/2004 19:33:19
Event String: The printer could not be installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/24/2004 19:33:20
Event String: Driver HP OfficeJet T Series Fax required for
An Error Event occured. EventID: 0x00000452
Time Generated: 01/24/2004 19:33:20
Event String: The printer could not be installed.
......................... FRAKCTURED failed test systemlog

Running enterprise tests on : bdtechnology.org
Starting test: Intersite
......................... bdtechnology.org passed test Intersite
Starting test: FsmoCheck
......................... bdtechnology.org passed test FsmoCheck

Thanks guys!
 
K

Kevin D. Goodknecht [MVP]

In Stephan Barr <[email protected]> posted a question
Then Kevin replied below:
: The error seems to be related to the removal af a dead PDC named
: \\bdtOrg.
: : Event 1411 on the PDC but the BDC reports replication is successful.
: PDC \\frakctured became PDC about 3 weeks ago; origianl PDC
: \\bdtOrg is gone.
: From the PDC using replmon reports...{
: "DateTime","1/24/2004 7:42:22 PM"
: "PartnerType",">> Direct Replication Partner Data <<"
: "DirectPartnerUSN","Property Update USN: 25183"
: "DirectPartnerFailure","Changes have not been successfully
: replicated from COIL for 150 attempt(s)."
: "DirectPartnerFailure","The reason is: The DSA operation is
: unable to proceed because of a DNS lookup failure."
: "DirectPartnerFailure","The last replication attempt was:
: 1/24/2004 7:18:02 PM (local)"
: "DateTime","1/24/2004 8:29:04 PM"
: "PartnerType",">> Direct Replication Partner Data <<"
: "DirectPartnerUSN","Property Update USN: 25183"
: "DirectPartnerFailure","Changes have not been successfully
: replicated from COIL for 155 attempt(s)."
: "DirectPartnerFailure","The reason is: Replication access was
: denied."
: "DirectPartnerFailure","The last replication attempt was:
: 1/24/2004 8:12:24 PM (local)"
: }
:
: Event ID 1411 reports... {
:
: The Directory Service failed to construct a mutual authentication
: Service Principal Name (SPN) for server
: 6be61eab-bccb-45d9-8bab-fa645277ed23._msdcs.bdtechnology.org. The
: call is denied. The error was:
:
: }
:
: but the SPN referred to is not the DC (COIL -
: a22220ceb-3aa0-4f13-b5ed-312607d8cc15) to which the PDC is failing.
:
:
: Applied Microsoft Knowledge Base Article - 329860 with no joy
:
:
: DCDIAG fails with "
: DC Diagnosis
:
: Performing initial setup:
: Done gathering initial info.
:
: Doing initial non skippeable tests
:
: Testing server: Default-First-Site-Name\FRAKCTURED
: Starting test: Connectivity
: ......................... FRAKCTURED passed test
: Connectivity
:
: Doing primary tests
:
: Testing server: Default-First-Site-Name\FRAKCTURED
: Starting test: Replications
: [Replications Check,FRAKCTURED] A recent replication
: attempt failed:
: From COIL to FRAKCTURED
: Naming Context:
: CN=Schema,CN=Configuration,DC=bdtechnology,DC=org
: The replication generated an error (8524):
: The DSA operation is unable to proceed because of a DNS
: lookup failure.
: The failure occurred at 2004-01-24 19:18.02.
: The last success occurred at 2004-01-18 20:49.33.
: 150 failures have occurred since the last success.
: The guid-based DNS name
: a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
: is not registered on one or more DNS servers.
: [Replications Check,FRAKCTURED] A recent replication
: attempt failed:
: From COIL to FRAKCTURED
: Naming Context: CN=Configuration,DC=bdtechnology,DC=org
: The replication generated an error (8453):
: Replication access was denied.
: The failure occurred at 2004-01-24 19:23.37.
: The last success occurred at 2004-01-18 20:50.02.
: 1486 failures have occurred since the last success.
: The machine account for the destination FRAKCTURED.
: is not configured properly.
: Check the userAccountControl field.
: Kerberos Error.
: The machine account is not present, or does not match
: on the.
: destination, source or KDC servers.
: Verify domain partition of KDC is in sync with rest of
: enterprise.
: The tool repadmin/syncall can be used for this purpose.
: [Replications Check,FRAKCTURED] A recent replication
: attempt failed:
: From COIL to FRAKCTURED
: Naming Context: DC=bdtechnology,DC=org
: The replication generated an error (8524):
: The DSA operation is unable to proceed because of a DNS
: lookup failure.
: The failure occurred at 2004-01-24 19:18.02.
: The last success occurred at 2004-01-18 20:49.33.
: 822 failures have occurred since the last success.
: The guid-based DNS name
: a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
: is not registered on one or more DNS servers.
: ......................... FRAKCTURED passed test
: Replications
: Starting test: NCSecDesc
: ......................... FRAKCTURED passed test NCSecDesc
: Starting test: NetLogons
: ......................... FRAKCTURED passed test NetLogons
: Starting test: Advertising
: ......................... FRAKCTURED passed test
: Advertising
: Starting test: KnowsOfRoleHolders
: ......................... FRAKCTURED passed test
: KnowsOfRoleHolders
: Starting test: RidManager
: ......................... FRAKCTURED passed test RidManager
: Starting test: MachineAccount
: * FRAKCTURED is not a server trust account
: * FRAKCTURED is not trusted for account delegation
: ......................... FRAKCTURED failed test
: MachineAccount
: Starting test: Services
: ......................... FRAKCTURED passed test Services
: Starting test: ObjectsReplicated
: ......................... FRAKCTURED passed test
: ObjectsReplicated
: Starting test: frssysvol
: ......................... FRAKCTURED passed test frssysvol
: Starting test: kccevent
: An Information Event occured. EventID: 0x4000051C
: Time Generated: 01/24/2004 19:23:21
: Event String: The Directory Service consistency checker
: has
: An Error Event occured. EventID: 0xC0000583
: Time Generated: 01/24/2004 19:23:31
: (Event String could not be retrieved)
: An Error Event occured. EventID: 0xC0000583
: Time Generated: 01/24/2004 19:28:51
: (Event String could not be retrieved)
: ......................... FRAKCTURED failed test kccevent
: Starting test: systemlog
: An Error Event occured. EventID: 0xC0001B58
: Time Generated: 01/24/2004 19:17:47
: Event String: The hcmon service failed to start due to
: the
: An Error Event occured. EventID: 0xC0001B58
: Time Generated: 01/24/2004 19:17:47
: Event String: The VMparport service failed to start due
: to the
: An Error Event occured. EventID: 0xC0001B58
: Time Generated: 01/24/2004 19:17:47
: Event String: The vmx86 service failed to start due to
: the
: An Error Event occured. EventID: 0xC0001B61
: Time Generated: 01/24/2004 19:19:02
: Event String: Timeout (30000 milliseconds) waiting for
: the
: An Error Event occured. EventID: 0xC0001B61
: Time Generated: 01/24/2004 19:19:02
: Event String: Timeout (30000 milliseconds) waiting for
: the
: An Error Event occured. EventID: 0xC0001B6F
: Time Generated: 01/24/2004 19:19:34
: Event String: The Intel File Transfer service
: terminated with
: An Error Event occured. EventID: 0x00000457
: Time Generated: 01/24/2004 19:33:19
: Event String: Driver Acrobat PDFWriter required for
: printer
: An Error Event occured. EventID: 0x00000452
: Time Generated: 01/24/2004 19:33:19
: Event String: The printer could not be installed.
: An Error Event occured. EventID: 0x00000457
: Time Generated: 01/24/2004 19:33:20
: Event String: Driver HP OfficeJet T Series Fax required
: for
: An Error Event occured. EventID: 0x00000452
: Time Generated: 01/24/2004 19:33:20
: Event String: The printer could not be installed.
: ......................... FRAKCTURED failed test systemlog
:
: Running enterprise tests on : bdtechnology.org
: Starting test: Intersite
: ......................... bdtechnology.org passed test
: Intersite
: Starting test: FsmoCheck
: ......................... bdtechnology.org passed test
: FsmoCheck
:
: Thanks guys!

To start in Active Directory domains there are no PDCs or BDCs only DCs that
hold FSMO roles.
You will have to use ADSI Edit tool to do a Metadata Cleanup to remove the
information from the dead DC. I hope you didn't just turn it off because
that would cause this, DCs must be demoted out of the domain.
An ipconfig /all would certanly help with diagnosing these errors, since you
didn't post it I'll start by saying the you cannot use any DNS in any NIC on
any DC other than the local DNS (or for that goes any member of an AD
Domain) that has the zone for the AD domain. If you have your ISP's DNS
listed you will get all kinds of errors just like these.
HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion
http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498
 
S

Stephan Barr

Kevin D. Goodknecht said:
In Stephan Barr <[email protected]> posted a question
Then Kevin replied below:
: The error seems to be related to the removal af a dead PDC named
: \\bdtOrg.
: : Event 1411 on the PDC but the BDC reports replication is successful.
: PDC \\frakctured became PDC about 3 weeks ago; origianl PDC
: \\bdtOrg is gone.
: From the PDC using replmon reports...{
: "DateTime","1/24/2004 7:42:22 PM"
: "PartnerType",">> Direct Replication Partner Data <<"
: "DirectPartnerUSN","Property Update USN: 25183"
: "DirectPartnerFailure","Changes have not been successfully
: replicated from COIL for 150 attempt(s)."
: "DirectPartnerFailure","The reason is: The DSA operation is
: unable to proceed because of a DNS lookup failure."
: "DirectPartnerFailure","The last replication attempt was:
: 1/24/2004 7:18:02 PM (local)"
: "DateTime","1/24/2004 8:29:04 PM"
: "PartnerType",">> Direct Replication Partner Data <<"
: "DirectPartnerUSN","Property Update USN: 25183"
: "DirectPartnerFailure","Changes have not been successfully
: replicated from COIL for 155 attempt(s)."
: "DirectPartnerFailure","The reason is: Replication access was
: denied."
: "DirectPartnerFailure","The last replication attempt was:
: 1/24/2004 8:12:24 PM (local)"
: }
:
: Event ID 1411 reports... {
:
: The Directory Service failed to construct a mutual authentication
: Service Principal Name (SPN) for server
: 6be61eab-bccb-45d9-8bab-fa645277ed23._msdcs.bdtechnology.org. The
: call is denied. The error was:
:
: }
:
: but the SPN referred to is not the DC (COIL -
: a22220ceb-3aa0-4f13-b5ed-312607d8cc15) to which the PDC is failing.
:
:
: Applied Microsoft Knowledge Base Article - 329860 with no joy
:
:
: DCDIAG fails with "
: DC Diagnosis
:
: Performing initial setup:
: Done gathering initial info.
:
: Doing initial non skippeable tests
:
: Testing server: Default-First-Site-Name\FRAKCTURED
: Starting test: Connectivity
: ......................... FRAKCTURED passed test
: Connectivity
:
: Doing primary tests
:
: Testing server: Default-First-Site-Name\FRAKCTURED
: Starting test: Replications
: [Replications Check,FRAKCTURED] A recent replication
: attempt failed:
: From COIL to FRAKCTURED
: Naming Context:
: CN=Schema,CN=Configuration,DC=bdtechnology,DC=org
: The replication generated an error (8524):
: The DSA operation is unable to proceed because of a DNS
: lookup failure.
: The failure occurred at 2004-01-24 19:18.02.
: The last success occurred at 2004-01-18 20:49.33.
: 150 failures have occurred since the last success.
: The guid-based DNS name
: a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
: is not registered on one or more DNS servers.
: [Replications Check,FRAKCTURED] A recent replication
: attempt failed:
: From COIL to FRAKCTURED
: Naming Context: CN=Configuration,DC=bdtechnology,DC=org
: The replication generated an error (8453):
: Replication access was denied.
: The failure occurred at 2004-01-24 19:23.37.
: The last success occurred at 2004-01-18 20:50.02.
: 1486 failures have occurred since the last success.
: The machine account for the destination FRAKCTURED.
: is not configured properly.
: Check the userAccountControl field.
: Kerberos Error.
: The machine account is not present, or does not match
: on the.
: destination, source or KDC servers.
: Verify domain partition of KDC is in sync with rest of
: enterprise.
: The tool repadmin/syncall can be used for this purpose.
: [Replications Check,FRAKCTURED] A recent replication
: attempt failed:
: From COIL to FRAKCTURED
: Naming Context: DC=bdtechnology,DC=org
: The replication generated an error (8524):
: The DSA operation is unable to proceed because of a DNS
: lookup failure.
: The failure occurred at 2004-01-24 19:18.02.
: The last success occurred at 2004-01-18 20:49.33.
: 822 failures have occurred since the last success.
: The guid-based DNS name
: a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
: is not registered on one or more DNS servers.
: ......................... FRAKCTURED passed test
: Replications
: Starting test: NCSecDesc
: ......................... FRAKCTURED passed test NCSecDesc
: Starting test: NetLogons
: ......................... FRAKCTURED passed test NetLogons
: Starting test: Advertising
: ......................... FRAKCTURED passed test
: Advertising
: Starting test: KnowsOfRoleHolders
: ......................... FRAKCTURED passed test
: KnowsOfRoleHolders
: Starting test: RidManager
: ......................... FRAKCTURED passed test RidManager
: Starting test: MachineAccount
: * FRAKCTURED is not a server trust account
: * FRAKCTURED is not trusted for account delegation
: ......................... FRAKCTURED failed test
: MachineAccount
: Starting test: Services
: ......................... FRAKCTURED passed test Services
: Starting test: ObjectsReplicated
: ......................... FRAKCTURED passed test
: ObjectsReplicated
: Starting test: frssysvol
: ......................... FRAKCTURED passed test frssysvol
: Starting test: kccevent
: An Information Event occured. EventID: 0x4000051C
: Time Generated: 01/24/2004 19:23:21
: Event String: The Directory Service consistency checker
: has
: An Error Event occured. EventID: 0xC0000583
: Time Generated: 01/24/2004 19:23:31
: (Event String could not be retrieved)
: An Error Event occured. EventID: 0xC0000583
: Time Generated: 01/24/2004 19:28:51
: (Event String could not be retrieved)
: ......................... FRAKCTURED failed test kccevent
: Starting test: systemlog
: An Error Event occured. EventID: 0xC0001B58
: Time Generated: 01/24/2004 19:17:47
: Event String: The hcmon service failed to start due to
: the
: An Error Event occured. EventID: 0xC0001B58
: Time Generated: 01/24/2004 19:17:47
: Event String: The VMparport service failed to start due
: to the
: An Error Event occured. EventID: 0xC0001B58
: Time Generated: 01/24/2004 19:17:47
: Event String: The vmx86 service failed to start due to
: the
: An Error Event occured. EventID: 0xC0001B61
: Time Generated: 01/24/2004 19:19:02
: Event String: Timeout (30000 milliseconds) waiting for
: the
: An Error Event occured. EventID: 0xC0001B61
: Time Generated: 01/24/2004 19:19:02
: Event String: Timeout (30000 milliseconds) waiting for
: the
: An Error Event occured. EventID: 0xC0001B6F
: Time Generated: 01/24/2004 19:19:34
: Event String: The Intel File Transfer service
: terminated with
: An Error Event occured. EventID: 0x00000457
: Time Generated: 01/24/2004 19:33:19
: Event String: Driver Acrobat PDFWriter required for
: printer
: An Error Event occured. EventID: 0x00000452
: Time Generated: 01/24/2004 19:33:19
: Event String: The printer could not be installed.
: An Error Event occured. EventID: 0x00000457
: Time Generated: 01/24/2004 19:33:20
: Event String: Driver HP OfficeJet T Series Fax required
: for
: An Error Event occured. EventID: 0x00000452
: Time Generated: 01/24/2004 19:33:20
: Event String: The printer could not be installed.
: ......................... FRAKCTURED failed test systemlog
:
: Running enterprise tests on : bdtechnology.org
: Starting test: Intersite
: ......................... bdtechnology.org passed test
: Intersite
: Starting test: FsmoCheck
: ......................... bdtechnology.org passed test
: FsmoCheck
:
: Thanks guys!


To start in Active Directory domains there are no PDCs or BDCs only DCs that
hold FSMO roles.
Click to expand...

Sorry. I'm referring to ADU&C; right click myDomain.org; OperationsMaster;
PDC tab info.
You will have to use ADSI Edit tool to do a Metadata Cleanup to remove the
information from the dead DC. I hope you didn't just turn it off because
that would cause this, DCs must be demoted out of the domain.
Click to expand...

Didn't simply turn off; followed Microsoft Knowledge Base Article - 223787.
An ipconfig /all
Click to expand...

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : frakctured
Primary DNS Suffix . . . . . . . : bdtechnology.org
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bdtechnology.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast
Ethernet Contro
X Compatible)
Physical Address. . . . . . . . . : 00-B0-D0-F8-91-3F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.253
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.253

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : coil
Primary DNS Suffix . . . . . . . : bdtechnology.org
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bdtechnology.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast
Ethernet Adapter
Physical Address. . . . . . . . . : 00-04-5A-54-71-C2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.252
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.253


would certanly help with diagnosing these errors, since you
didn't post it I'll start by saying the you cannot use any DNS in any NIC on
any DC other than the local DNS (or for that goes any member of an AD
Domain) that has the zone for the AD domain. If you have your ISP's DNS
listed you will get all kinds of errors just like these.
HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion
http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498
Click to expand...

Thanks for the reply!
 
K

Kevin D. Goodknecht [MVP]

In Stephan Barr <[email protected]> posted a question
Then Kevin replied below:
:
: Didn't simply turn off; followed Microsoft Knowledge Base Article -
: 223787.
:
:: An ipconfig /all
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : frakctured
: Primary DNS Suffix . . . . . . . : bdtechnology.org
: Node Type . . . . . . . . . . . . : Broadcast
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : bdtechnology.org
:
: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast
: Ethernet Contro
: X Compatible)
: Physical Address. . . . . . . . . : 00-B0-D0-F8-91-3F
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.1.253
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.1.254
: DNS Servers . . . . . . . . . . . : 192.168.1.253
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : coil
: Primary DNS Suffix . . . . . . . : bdtechnology.org
: Node Type . . . . . . . . . . . . : Broadcast
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : bdtechnology.org
:
: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast
: Ethernet Adapter
: Physical Address. . . . . . . . . : 00-04-5A-54-71-C2
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.1.252
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.1.254
: DNS Servers . . . . . . . . . . . : 192.168.1.253
:
:

:
: Thanks for the reply!
If you run dcdiag /e /v it will give a lot more detail as to the errors you
have I would like to see that if you can, just to verify that you improperly
demoted DC is not the only problem.
Your ipconfigs look OK and BTW 223787 tells you how to seize or transfer
FSMO roles that does not remove the DC from the domain, you must run DCPROMO
to remove a DC from a domain, first you demote it to a member then you use
the Network ID tab to run the wizard that removes it from the domain. Once
you do these things in order you can turn it off.
While you were tranfering the roles did you also transfer the Global
Catalog, that is, if the DC you removed was a global catalog?
Is there any chance of bringing the missing DC back to life so it can be
properly demoted? Or did you already format the hard drive?
If you did use ADSI Edit.
 
S

Stephan Barr

Kevin D. Goodknecht said:
In Stephan Barr <[email protected]> posted a question
Then Kevin replied below:
:
: Didn't simply turn off; followed Microsoft Knowledge Base Article -
: 223787.
:
:: An ipconfig /all
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : frakctured
: Primary DNS Suffix . . . . . . . : bdtechnology.org
: Node Type . . . . . . . . . . . . : Broadcast
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : bdtechnology.org
:
: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast
: Ethernet Contro
: X Compatible)
: Physical Address. . . . . . . . . : 00-B0-D0-F8-91-3F
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.1.253
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.1.254
: DNS Servers . . . . . . . . . . . : 192.168.1.253
:
: Windows 2000 IP Configuration
:
: Host Name . . . . . . . . . . . . : coil
: Primary DNS Suffix . . . . . . . : bdtechnology.org
: Node Type . . . . . . . . . . . . : Broadcast
: IP Routing Enabled. . . . . . . . : No
: WINS Proxy Enabled. . . . . . . . : No
: DNS Suffix Search List. . . . . . : bdtechnology.org
:
: Ethernet adapter Local Area Connection:
:
: Connection-specific DNS Suffix . :
: Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast
: Ethernet Adapter
: Physical Address. . . . . . . . . : 00-04-5A-54-71-C2
: DHCP Enabled. . . . . . . . . . . : No
: IP Address. . . . . . . . . . . . : 192.168.1.252
: Subnet Mask . . . . . . . . . . . : 255.255.255.0
: Default Gateway . . . . . . . . . : 192.168.1.254
: DNS Servers . . . . . . . . . . . : 192.168.1.253
:
:

:
: Thanks for the reply!
If you run dcdiag /e /v it will give a lot more detail as to the errors you
have I would like to see that if you can, just to verify that you improperly
demoted DC is not the only problem.
Click to expand...


DC Diagnosis

Performing initial setup:
* Verifing that the local machine frakctured, is a DC.
* Connecting to directory service on server frakctured.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\FRAKCTURED
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... FRAKCTURED passed test Connectivity

Testing server: Default-First-Site-Name\COIL
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... COIL passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\FRAKCTURED
Starting test: Replications
* Replications Check
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Schema,CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8453):
Replication access was denied.
The failure occurred at 2004-01-24 23:55.18.
The last success occurred at 2004-01-18 20:49.33.
162 failures have occurred since the last success.
The machine account for the destination FRAKCTURED.
is not configured properly.
Check the userAccountControl field.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
Verify domain partition of KDC is in sync with rest of enterprise.
The tool repadmin/syncall can be used for this purpose.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8453):
Replication access was denied.
The failure occurred at 2004-01-25 00:39.56.
The last success occurred at 2004-01-18 20:50.02.
1545 failures have occurred since the last success.
The machine account for the destination FRAKCTURED.
is not configured properly.
Check the userAccountControl field.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
Verify domain partition of KDC is in sync with rest of enterprise.
The tool repadmin/syncall can be used for this purpose.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: DC=bdtechnology,DC=org
The replication generated an error (8453):
Replication access was denied.
The failure occurred at 2004-01-25 00:03.29.
The last success occurred at 2004-01-18 20:49.33.
853 failures have occurred since the last success.
The machine account for the destination FRAKCTURED.
is not configured properly.
Check the userAccountControl field.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
Verify domain partition of KDC is in sync with rest of enterprise.
The tool repadmin/syncall can be used for this purpose.
......................... FRAKCTURED passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=bdtechnology,DC=org
* Security Permissions Check for
CN=Configuration,DC=bdtechnology,DC=org
* Security Permissions Check for
DC=bdtechnology,DC=org
......................... FRAKCTURED passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... FRAKCTURED passed test NetLogons
Starting test: Advertising
The DC FRAKCTURED is advertising itself as a DC and having a DS.
The DC FRAKCTURED is advertising as an LDAP server
The DC FRAKCTURED is advertising as having a writeable directory
The DC FRAKCTURED is advertising as a Key Distribution Center
The DC FRAKCTURED is advertising as a time server
The DS FRAKCTURED is advertising as a GC.
......................... FRAKCTURED passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role Domain Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role PDC Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role Rid Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role Infrastructure Update Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
......................... FRAKCTURED passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4605 to 1073741823
* frakctured.bdtechnology.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2605 to 3104
* rIDNextRID: 2642
* rIDPreviousAllocationPool is 2605 to 3104
......................... FRAKCTURED passed test RidManager
Starting test: MachineAccount
* FRAKCTURED is not a server trust account
* FRAKCTURED is not trusted for account delegation
* SPN found :LDAP/frakctured.bdtechnology.org/bdtechnology.org
* SPN found :LDAP/frakctured.bdtechnology.org
* SPN found :LDAP/FRAKCTURED
* SPN found :LDAP/frakctured.bdtechnology.org/BDTECHNOLOGY
* SPN found :LDAP/138a8b3f-6c6a-4087-8691-d3d4a2134a3f._msdcs.bdtechnology.org
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/138a8b3f-6c6a-4087-8691-d3d4a2134a3f/bdtechnology.org
* SPN found :HOST/frakctured.bdtechnology.org/bdtechnology.org
* SPN found :HOST/frakctured.bdtechnology.org
* SPN found :HOST/FRAKCTURED
* SPN found :HOST/frakctured.bdtechnology.org/BDTECHNOLOGY
* SPN found :GC/frakctured.bdtechnology.org/bdtechnology.org
......................... FRAKCTURED failed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... FRAKCTURED passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
FRAKCTURED is in domain DC=bdtechnology,DC=org
Checking for CN=FRAKCTURED,OU=Domain Controllers,DC=bdtechnology,DC=org in domain DC=bdtechnology,DC=org on 2 servers
Authoritative attribute isCriticalSystemObject on COIL (writeable)
usnLocalChange = 29594
LastOriginatingDsa = COIL
usnOriginatingChange = 29594
timeLastOriginatingChange = 2004-01-24 19:57.45
VersionLastOriginatingChange = 4
Out-of-date attribute isCriticalSystemObject on FRAKCTURED (writeable)
usnLocalChange = 514091
LastOriginatingDsa = FRAKCTURED
usnOriginatingChange = 514091
timeLastOriginatingChange = 2004-01-18 04:14.38
VersionLastOriginatingChange = 3
Authoritative attribute name on COIL (writeable)
usnLocalChange = 29728
LastOriginatingDsa = COIL
usnOriginatingChange = 29728
timeLastOriginatingChange = 2004-01-24 21:18.33
VersionLastOriginatingChange = 4
Out-of-date attribute name on FRAKCTURED (writeable)
usnLocalChange = 3766
LastOriginatingDsa = 8c83fa74-3265-40ca-953d-d7eb2acf1350
usnOriginatingChange = 196943
timeLastOriginatingChange = 2003-03-03 12:52.38
VersionLastOriginatingChange = 3
Authoritative attribute primaryGroupID on COIL (writeable)
usnLocalChange = 29594
LastOriginatingDsa = COIL
usnOriginatingChange = 29594
timeLastOriginatingChange = 2004-01-24 19:57.45
VersionLastOriginatingChange = 4
Out-of-date attribute primaryGroupID on FRAKCTURED (writeable)
usnLocalChange = 514091
LastOriginatingDsa = FRAKCTURED
usnOriginatingChange = 514091
timeLastOriginatingChange = 2004-01-18 04:14.38
VersionLastOriginatingChange = 3
Authoritative attribute userAccountControl on COIL (writeable)
usnLocalChange = 29594
LastOriginatingDsa = COIL
usnOriginatingChange = 29594
timeLastOriginatingChange = 2004-01-24 19:57.45
VersionLastOriginatingChange = 6
Out-of-date attribute userAccountControl on FRAKCTURED (writeable)
usnLocalChange = 514091
LastOriginatingDsa = FRAKCTURED
usnOriginatingChange = 514091
timeLastOriginatingChange = 2004-01-18 04:14.38
VersionLastOriginatingChange = 5
Checking for CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org in domain CN=Configuration,DC=bdtechnology,DC=org on 2 servers
Object is up-to-date on all servers.
......................... FRAKCTURED failed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... FRAKCTURED passed test frssysvol
Starting test: kccevent
* The KCC Event log test
An Error Event occured. EventID: 0xC0000583
Time Generated: 01/25/2004 00:44:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000583
Time Generated: 01/25/2004 00:51:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000583
Time Generated: 01/25/2004 00:52:08
(Event String could not be retrieved)
......................... FRAKCTURED failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... FRAKCTURED passed test systemlog

Testing server: Default-First-Site-Name\COIL
Starting test: Replications
* Replications Check
......................... COIL passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=bdtechnology,DC=org
* Security Permissions Check for
CN=Configuration,DC=bdtechnology,DC=org
* Security Permissions Check for
DC=bdtechnology,DC=org
......................... COIL passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... COIL passed test NetLogons
Starting test: Advertising
The DC COIL is advertising itself as a DC and having a DS.
The DC COIL is advertising as an LDAP server
The DC COIL is advertising as having a writeable directory
The DC COIL is advertising as a Key Distribution Center
The DC COIL is advertising as a time server
......................... COIL passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role Domain Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role PDC Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role Rid Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
Role Infrastructure Update Owner = CN=NTDS Settings,CN=FRAKCTURED,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org
......................... COIL passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4605 to 1073741823
* frakctured.bdtechnology.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4105 to 4604
* rIDNextRID: 4107
* rIDPreviousAllocationPool is 4105 to 4604
......................... COIL passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/coil.bdtechnology.org/bdtechnology.org
* SPN found :LDAP/coil.bdtechnology.org
* SPN found :LDAP/COIL
* SPN found :LDAP/coil.bdtechnology.org/BDTECHNOLOGY
* SPN found :LDAP/a2220ceb-3aa0-4f13-b5ed-312607d8cc15._msdcs.bdtechnology.org
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a2220ceb-3aa0-4f13-b5ed-312607d8cc15/bdtechnology.org
* SPN found :HOST/coil.bdtechnology.org/bdtechnology.org
* SPN found :HOST/coil.bdtechnology.org
* SPN found :HOST/COIL
* SPN found :HOST/coil.bdtechnology.org/BDTECHNOLOGY
* SPN found :GC/coil.bdtechnology.org/bdtechnology.org
......................... COIL passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... COIL passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
COIL is in domain DC=bdtechnology,DC=org
Checking for CN=COIL,OU=Domain Controllers,DC=bdtechnology,DC=org in domain DC=bdtechnology,DC=org on 2 servers
Authoritative attribute servicePrincipalName on COIL (writeable)
usnLocalChange = 25731
LastOriginatingDsa = COIL
usnOriginatingChange = 25731
timeLastOriginatingChange = 2004-01-19 23:27.33
VersionLastOriginatingChange = 13
Out-of-date attribute servicePrincipalName on FRAKCTURED (writeable)
usnLocalChange = 514173
LastOriginatingDsa = COIL
usnOriginatingChange = 9171
timeLastOriginatingChange = 2004-01-18 04:55.14
VersionLastOriginatingChange = 12
Checking for CN=NTDS Settings,CN=COIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bdtechnology,DC=org in domain CN=Configuration,DC=bdtechnology,DC=org on 2 servers
Object is up-to-date on all servers.
......................... COIL failed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... COIL passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... COIL passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... COIL passed test systemlog

Running enterprise tests on : bdtechnology.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... bdtechnology.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\frakctured.bdtechnology.org
Locator Flags: 0xe00001fd
PDC Name: \\frakctured.bdtechnology.org
Locator Flags: 0xe00001fd
Time Server Name: \\frakctured.bdtechnology.org
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\frakctured.bdtechnology.org
Locator Flags: 0xe00001fd
KDC Name: \\frakctured.bdtechnology.org
Locator Flags: 0xe00001fd
......................... bdtechnology.org passed test FsmoCheck

Your ipconfigs look OK and BTW 223787 tells you how to seize or transfer
FSMO roles that does not remove the DC from the domain, you must run DCPROMO
to remove a DC from a domain, first you demote it to a member then you use
the Network ID tab to run the wizard that removes it from the domain. Once
you do these things in order you can turn it off.
Click to expand...

Did that
While you were tranfering the roles did you also transfer the Global
Catalog, that is, if the DC you removed was a global catalog?
Click to expand...

It was and I transferred to new DC
Is there any chance of bringing the missing DC back to life so it can be
properly demoted? Or did you already format the hard drive?
Click to expand...

No chance...gone.

If you did use ADSI Edit.
Click to expand...

Do you have the KB article for what is to be done in ADSI Edit...?
Are you the Mr GoodWrench equivalent...? Working all weekend like this. It's all helped.
 
K

Kevin D. Goodknecht [MVP]

In Stephan Barr <[email protected]> posted a question
Then Kevin replied below:
Looking all the way through the dcdiag you posted the problem is not with
the DC you removed, it seems to be gone. There is a problem with the machine
account for frakctured it seems to be fractured :)
the dcdiag says it account is not present or does not match

The machine account for the destination FRAKCTURED.
is not configured properly.
Check the userAccountControl field.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
Verify domain partition of KDC is in sync with rest of
enterprise.
The tool repadmin/syncall can be used for this purpose.

That tells me that at least the machine password for frakctured is
incorrect, the only way to fix that is to reset the account. Which for
domain controllers is a problem you must use netdom to reset the account of
a DC.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8453):
Replication access was denied.
This usually means that the DC password is incorrect for that read and
follow this
HOW TO: Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000
Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;260575&Product=win2000

you also have this * FRAKCTURED is not trusted for account delegation
You can try this
1.. Click Start, point to Programs, point to Administrative Tools, and
then click Active Directory Users and Computers.
2.. In the console tree, double-click the domain node.
3.. In the console tree, click the folder containing the domain
controller. (By default, domain controllers are installed in the Domain
Controllers folder.)
4.. In the details pane, right-click the domain controller that you want
to modify, and then click Properties.
The General Tab
Some properties on the General tab are automatically assigned when the
computer joins the domain or whenever it is started. These properties cannot
be modified by the administrator (for example, DNS name, Computer name, and
Role).
a.. In the Description box, type a brief description of the computer.
b.. Click to select the Trust computer for delegation box to turn on
services running as local system on this computer to request additional
services from other servers on behalf of a remote client by authenticating
as the client to the other servers


Your only choice may be to transfer all roles to coil and demote frakctured
to a member the demote it to a standalone Server make sure the domain
account for frakctured is gone and there is no reference to it anywhere,
then rejoin it to the domain as a member and repromote it to a DC.

Coil seems to be in good shape but frakctured, well its broke. It seems to
me that all the problems are cause from its machine accout.
 
S

Stephan Barr

Did this but I'm blowing the syntax I think...

C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured.bdtechnology.org:coil.bdtechnology.org /userd:bdtechnology,org\bdt123bdt /passwo
rdd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The parameter is incorrect.

Try "NETDOM HELP" for more information.

C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured.bdtechnology.org:coil.bdtechnology.org /userd:bdtechnology,org\bdt123bdt /passwo
rdd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The parameter is incorrect. What am I doing wrong here.


C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured.bdtechnology.org:coil.bdtechnology.org /userd:bdtechnology,org\bdt123bdt /passwo
rdd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The parameter is incorrect.

Try "NETDOM HELP" for more information.

C:\Documents and Settings\bdtsb>repadmin /showmeta "CN=bdtsb,OU=Administrators,DC=coil,DC=bdtechnology,DC=org
DsReplicaGetInfo failed with status 8333 (0x208d):
Directory object not found.

C:\Documents and Settings\bdtsb>repadmin /showmeta "CN=bdtsb,OU=Users,DC=coil,DC=bdtechnology,DC=org
DsReplicaGetInfo failed with status 8333 (0x208d):
Directory object not found.

C:\Documents and Settings\bdtsb>repadmin /showmeta "CN=bdtsb,OU=Users,DC=frakctured,DC=bdtechnology,DC=org
DsReplicaGetInfo failed with status 8333 (0x208d):
Directory object not found.

C:\Documents and Settings\bdtsb>repadmin /showmeta "CN=bdtsb,OU=Administrators,DC=coil,DC=bdtechnology,DC=org
DsReplicaGetInfo failed with status 8333 (0x208d):
Directory object not found.

C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured:coil /userd:bdtechnology,org\bdt123bdt /passwordd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The parameter is incorrect.

Try "NETDOM HELP" for more information.

C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured.bdtechnology.org:coil.bdtechnology.org /userd:bdtechnology,org\bdt123bdt /passwo
rdd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The parameter is incorrect.

Try "NETDOM HELP" for more information.

C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured.bdtechnology.org:coil.bdtechnology.org /userd:bdtechnology,org\bdt123bdt /passwo
rdd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The parameter is incorrect.

Try "NETDOM HELP" for more information.

C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured.bdtechnology.org:coil.bdtechnology.org /userd:bdtechnology,org\bdt123bdt /passwo
rdd:*
Type the password associated with the domain user:
The machine account password for the local machine could not be reset.
The parameter is incorrect.






Kevin D. Goodknecht said:
In Stephan Barr <[email protected]> posted a question
Then Kevin replied below:
Looking all the way through the dcdiag you posted the problem is not with
the DC you removed, it seems to be gone. There is a problem with the machine
account for frakctured it seems to be fractured :)
the dcdiag says it account is not present or does not match

The machine account for the destination FRAKCTURED.
is not configured properly.
Check the userAccountControl field.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
Verify domain partition of KDC is in sync with rest of
enterprise.
The tool repadmin/syncall can be used for this purpose.

That tells me that at least the machine password for frakctured is
incorrect, the only way to fix that is to reset the account. Which for
domain controllers is a problem you must use netdom to reset the account of
a DC.
[Replications Check,FRAKCTURED] A recent replication attempt failed:
From COIL to FRAKCTURED
Naming Context: CN=Configuration,DC=bdtechnology,DC=org
The replication generated an error (8453):
Replication access was denied.
This usually means that the DC password is incorrect for that read and
follow this
HOW TO: Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000
Domain Controller
http://support.microsoft.com/default.aspx?scid=kb;en-us;260575&Product=win2000

you also have this * FRAKCTURED is not trusted for account delegation
You can try this
1.. Click Start, point to Programs, point to Administrative Tools, and
then click Active Directory Users and Computers.
2.. In the console tree, double-click the domain node.
3.. In the console tree, click the folder containing the domain
controller. (By default, domain controllers are installed in the Domain
Controllers folder.)
4.. In the details pane, right-click the domain controller that you want
to modify, and then click Properties.
The General Tab
Some properties on the General tab are automatically assigned when the
computer joins the domain or whenever it is started. These properties cannot
be modified by the administrator (for example, DNS name, Computer name, and
Role).
a.. In the Description box, type a brief description of the computer.
b.. Click to select the Trust computer for delegation box to turn on
services running as local system on this computer to request additional
services from other servers on behalf of a remote client by authenticating
as the client to the other servers


Your only choice may be to transfer all roles to coil and demote frakctured
to a member the demote it to a standalone Server make sure the domain
account for frakctured is gone and there is no reference to it anywhere,
then rejoin it to the domain as a member and repromote it to a DC.

Coil seems to be in good shape but frakctured, well its broke. It seems to
me that all the problems are cause from its machine accout.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
Click to expand...
 
K

Kevin D. Goodknecht [MVP]

In Stephan Barr <[email protected]> posted a question
Then Kevin replied below:
: Did this but I'm blowing the syntax I think...

The syntax should be:
netdom resetpwd /server:coil.bdtechnology.org
/userd:bdtechnology.org\administrator /passwordd:*

Stop the Kerberos Key Distribution Center service then run this command
locally from frakctured then the password will be simultaneously written to
COIL

:
: C:\Documents and Settings\bdtsb>netdom resetpwd
: /frakctured.bdtechnology.org:coil.bdtechnology.org
: /userd:bdtechnology,org\bdt123bdt /passwo
: rdd:*
: Type the password associated with the domain user:
: The machine account password for the local machine could not be reset.
: The parameter is incorrect.
:
: Try "NETDOM HELP" for more information.
:
: C:\Documents and Settings\bdtsb>netdom resetpwd
: /frakctured.bdtechnology.org:coil.bdtechnology.org
: /userd:bdtechnology,org\bdt123bdt /passwo
: rdd:*
: Type the password associated with the domain user:
: The machine account password for the local machine could not be reset.
: The parameter is incorrect. What am I doing wrong here.
:
:
: C:\Documents and Settings\bdtsb>netdom resetpwd
: /frakctured.bdtechnology.org:coil.bdtechnology.org
: /userd:bdtechnology,org\bdt123bdt /passwo
: rdd:*
: Type the password associated with the domain user:
: The machine account password for the local machine could not be reset.
: The parameter is incorrect.
:
: Try "NETDOM HELP" for more information.
:
: C:\Documents and Settings\bdtsb>repadmin /showmeta
: "CN=bdtsb,OU=Administrators,DC=coil,DC=bdtechnology,DC=org
: DsReplicaGetInfo failed with status 8333 (0x208d):
: Directory object not found.
:
: C:\Documents and Settings\bdtsb>repadmin /showmeta
: "CN=bdtsb,OU=Users,DC=coil,DC=bdtechnology,DC=org
: DsReplicaGetInfo failed with status 8333 (0x208d):
: Directory object not found.
:
: C:\Documents and Settings\bdtsb>repadmin /showmeta
: "CN=bdtsb,OU=Users,DC=frakctured,DC=bdtechnology,DC=org
: DsReplicaGetInfo failed with status 8333 (0x208d):
: Directory object not found.
:
: C:\Documents and Settings\bdtsb>repadmin /showmeta
: "CN=bdtsb,OU=Administrators,DC=coil,DC=bdtechnology,DC=org
: DsReplicaGetInfo failed with status 8333 (0x208d):
: Directory object not found.
:
: C:\Documents and Settings\bdtsb>netdom resetpwd /frakctured:coil
: /userd:bdtechnology,org\bdt123bdt /passwordd:*
: Type the password associated with the domain user:
: The machine account password for the local machine could not be reset.
: The parameter is incorrect.
:
: Try "NETDOM HELP" for more information.
:
: C:\Documents and Settings\bdtsb>netdom resetpwd
: /frakctured.bdtechnology.org:coil.bdtechnology.org
: /userd:bdtechnology,org\bdt123bdt /passwo
: rdd:*
: Type the password associated with the domain user:
: The machine account password for the local machine could not be reset.
: The parameter is incorrect.
:
: Try "NETDOM HELP" for more information.
:
: C:\Documents and Settings\bdtsb>netdom resetpwd
: /frakctured.bdtechnology.org:coil.bdtechnology.org
: /userd:bdtechnology,org\bdt123bdt /passwo
: rdd:*
: Type the password associated with the domain user:
: The machine account password for the local machine could not be reset.
: The parameter is incorrect.
:
: Try "NETDOM HELP" for more information.
:
: C:\Documents and Settings\bdtsb>netdom resetpwd
: /frakctured.bdtechnology.org:coil.bdtechnology.org
: /userd:bdtechnology,org\bdt123bdt /passwo
: rdd:*
: Type the password associated with the domain user:
: The machine account password for the local machine could not be reset.
: The parameter is incorrect.
:
:
:
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

dynamic registration of the DNS record ERROR 3
DCDiag.exe errors 1
DNS Issues Preventing ADPREP /Forestprep From Working 5
Sysvol don't replicate 3
Help My DC cant find itself - cant run AD tools 7
DNS Issue 2
error 8254 DNS Lookup failure 1
dcdiag errors 1

Top