C
Curtis Fray
Hi,
I'm working in a pure 2003 environment. All servers are running SP1.
On Monday we had to install a new DC (DC3) at a remote site. To help speed
up the process we took a back up of an existing DC's (DC1) system state and
used the <DCpromo /adv> option to promote the remote DC by using the backup.
The DC from which the backup was taken was the first DC added to the domain
and is acting as the RID, PDC and Infrastructure master.
Since adding the other DC there have been hundreds of errors popping up in
the Event Viewer, the main two of which are as follows:
==========
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 16/11/2005
Time: 13:39:43
User: DOMAIN1\IUSR_DOMAIN1DC1
Computer: DOMAIN1DC1
Description:
The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D452CB77-FB08-4CB3-B7EE-2F5369982BBE}
to the user DOMAIN1\IUSR_DOMAIN1DC1 SID
(S-1-5-21-1888780232-3231000970-1133066113-2549). This security permission
can be modified using the Component Services administrative tool.
==========
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 16/11/2005
Time: 13:35:59
User: N/A
Computer: DOMAIN1DC1
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
TC005$. The target name used was cifs/TC091.domain1.bucksnet.nhs.uk. This
indicates that the password used to encrypt the kerberos service ticket is
different than that on the target server. Commonly, this is due to
identically named machine accounts in the target realm
(DOMAIN1.BUCKSNET.NHS.UK), and the client realm. Please contact your
system administrator.
==========
For Event ID 10016 I have tried following instructions found on the MS
website to use Component Services to correct permissions, but I can't find
the corresponding CLSID in there, although it can be found in the registry.
In the registry it appears under the <LocalServer32> thread as
<C:\sms\bin\i386\SMS_SLP\slpexec.exe>.
The Event ID 4 shown above is just one example. Each error normally
indicates a different computer name.
Is there any way that promoting DC3 from a backup has messed anything up?
(It's the first time we've done this so haven't got anything to compare the
results to.) If it has messed up references to DC1 and the roles it performs
would changing the Operations Masters roles to another server help?
I have since removed DC3 and rebuilt it from scratch without using any
backups. I was hoping this fresh install would stop any problems that may
have been confusing AD but unforunately it hasn't. Whatever went wrong, it
does all seem to have started happening from the minute DC3 came online.
If anyone can help or make any suggestions it would be very greatly
appreciated. I've been looking through EventID.net but haven't found
anything that's helped so far.
Thanks in advance,
Curtis.
I'm working in a pure 2003 environment. All servers are running SP1.
On Monday we had to install a new DC (DC3) at a remote site. To help speed
up the process we took a back up of an existing DC's (DC1) system state and
used the <DCpromo /adv> option to promote the remote DC by using the backup.
The DC from which the backup was taken was the first DC added to the domain
and is acting as the RID, PDC and Infrastructure master.
Since adding the other DC there have been hundreds of errors popping up in
the Event Viewer, the main two of which are as follows:
==========
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: 16/11/2005
Time: 13:39:43
User: DOMAIN1\IUSR_DOMAIN1DC1
Computer: DOMAIN1DC1
Description:
The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID
{D452CB77-FB08-4CB3-B7EE-2F5369982BBE}
to the user DOMAIN1\IUSR_DOMAIN1DC1 SID
(S-1-5-21-1888780232-3231000970-1133066113-2549). This security permission
can be modified using the Component Services administrative tool.
==========
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 16/11/2005
Time: 13:35:59
User: N/A
Computer: DOMAIN1DC1
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
TC005$. The target name used was cifs/TC091.domain1.bucksnet.nhs.uk. This
indicates that the password used to encrypt the kerberos service ticket is
different than that on the target server. Commonly, this is due to
identically named machine accounts in the target realm
(DOMAIN1.BUCKSNET.NHS.UK), and the client realm. Please contact your
system administrator.
==========
For Event ID 10016 I have tried following instructions found on the MS
website to use Component Services to correct permissions, but I can't find
the corresponding CLSID in there, although it can be found in the registry.
In the registry it appears under the <LocalServer32> thread as
<C:\sms\bin\i386\SMS_SLP\slpexec.exe>.
The Event ID 4 shown above is just one example. Each error normally
indicates a different computer name.
Is there any way that promoting DC3 from a backup has messed anything up?
(It's the first time we've done this so haven't got anything to compare the
results to.) If it has messed up references to DC1 and the roles it performs
would changing the Operations Masters roles to another server help?
I have since removed DC3 and rebuilt it from scratch without using any
backups. I was hoping this fresh install would stop any problems that may
have been confusing AD but unforunately it hasn't. Whatever went wrong, it
does all seem to have started happening from the minute DC3 came online.
If anyone can help or make any suggestions it would be very greatly
appreciated. I've been looking through EventID.net but haven't found
anything that's helped so far.
Thanks in advance,
Curtis.