G
Guest
Hello everyone
I have read many posts regarding the issue of Event ID 673 Failures showing in the security logs on Domain Controllers. I also have this same issue, and I would take a wild guess that anyone who has upgraded a Windows 2000 Active Directory Domain Controller/s to Windows 2003 is having this same issue. You would not know you are having the problem if you do not use "Account Logon" auditing on your DC's
While the Event log entry does not really appear to be a major functionality problem in the system (no failing services, user access, etc.), it sure is a pain to have all these entries in your event log. Just the sheer volume of the entries makes you concerned
We noticed this issue started to occur right after the upgrade, and the issue is consistent on all upgraded Domain Controller servers
On other support forums, other admins have done some interesting tests, and feel this has something to do with name resolution via DNS. If you search on google for example, you will find some discussions on this topic as well. Some admins have fixed the issue by completely removing AD on all DC's, deleting the DNS zones, and starting over (not an option for most admins...including me). Other folks have added certain complex name and IP combinations to their local HOSTS file on DC's, and have seen the issue to away, but this created much larger problems for them elsewhere on the DC's (so again, not a fix, but shows name resolution having something to do with this..)
Our Active Directory is managed by very knowledgable admins, so we are certain we do not have a mis-configuration, and this this issue is the direct result of an Upgrade to Windows 2003
Others have mentioned that DCDiag does show some domain controller issues, etc.., but I have not tried this myself at this time
If anyone has a test lab (Microsoft ???), can you please take a Win2000 AD set of Domain Controllers using a fairly basic deployment of AD, and then upgrade to Win2003 Server. Do you get the error? How about with a clean new install..? Do you still get the error? I do not have a lab to try all of this, or I would
Many have complained of this error, so maybe as a group, we can solve it. As the saying goes, when AD is upset about something, it is usually DNS causing the issues... I suppose we shall eventually find out
Cheers
-Fred Luhm
I have read many posts regarding the issue of Event ID 673 Failures showing in the security logs on Domain Controllers. I also have this same issue, and I would take a wild guess that anyone who has upgraded a Windows 2000 Active Directory Domain Controller/s to Windows 2003 is having this same issue. You would not know you are having the problem if you do not use "Account Logon" auditing on your DC's
While the Event log entry does not really appear to be a major functionality problem in the system (no failing services, user access, etc.), it sure is a pain to have all these entries in your event log. Just the sheer volume of the entries makes you concerned
We noticed this issue started to occur right after the upgrade, and the issue is consistent on all upgraded Domain Controller servers
On other support forums, other admins have done some interesting tests, and feel this has something to do with name resolution via DNS. If you search on google for example, you will find some discussions on this topic as well. Some admins have fixed the issue by completely removing AD on all DC's, deleting the DNS zones, and starting over (not an option for most admins...including me). Other folks have added certain complex name and IP combinations to their local HOSTS file on DC's, and have seen the issue to away, but this created much larger problems for them elsewhere on the DC's (so again, not a fix, but shows name resolution having something to do with this..)
Our Active Directory is managed by very knowledgable admins, so we are certain we do not have a mis-configuration, and this this issue is the direct result of an Upgrade to Windows 2003
Others have mentioned that DCDiag does show some domain controller issues, etc.., but I have not tried this myself at this time
If anyone has a test lab (Microsoft ???), can you please take a Win2000 AD set of Domain Controllers using a fairly basic deployment of AD, and then upgrade to Win2003 Server. Do you get the error? How about with a clean new install..? Do you still get the error? I do not have a lab to try all of this, or I would
Many have complained of this error, so maybe as a group, we can solve it. As the saying goes, when AD is upset about something, it is usually DNS causing the issues... I suppose we shall eventually find out
Cheers
-Fred Luhm