big trouble with Server - as KB933994

Hello,
I added a Windows 2003 Server to an existing 2000 domain, and made it an
additional domain controller. All ok, I restarted, I made GC, all worked
fine.

Then I restarted an other time... boom. Every crytical windows services
don't start more. Only RPC works: others (COM+, network connections, shell
hardware detection, etc) don't start.
It seems as KB933994 describes: the old group policy didn't assign
"impersonate a client after authentication" to Service and Network accounts,
so I think that the replicated policy has blocked the 2003 system.

Now? I've tried to update policy on the W2003 server, but it doesn't apply
it. When I run a gpupdate, it reports that "there are no more available
endpoints" and it doesn't load changed policy.

Any idea? Please help.

thanks

Hello Trapulo,

Please post the complete error message. Additional post an unedited ipconfig
/all from both DC's. Did you run dcdiag, netdiag and repadmin /showrepl from
the support tools?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hello,
> I added a Windows 2003 Server to an existing 2000 domain, and made it
> an
> additional domain controller. All ok, I restarted, I made GC, all
> worked
> fine.
> Then I restarted an other time... boom. Every crytical windows
> services
> don't start more. Only RPC works: others (COM+, network connections,
> shell
> hardware detection, etc) don't start.
> It seems as KB933994 describes: the old group policy didn't assign
> "impersonate a client after authentication" to Service and Network
> accounts,
> so I think that the replicated policy has blocked the 2003 system.
> Now? I've tried to update policy on the W2003 server, but it doesn't
> apply it. When I run a gpupdate, it reports that "there are no more
> available endpoints" and it doesn't load changed policy.
>
> Any idea? Please help.
>
> thanks
>

Hi,

Based on my research, logon account for the Remote Procedure Call (RPC)
service is changed from the Local System account to the NetworkService
account in Windows Server 2003 with SP1.

When the RPC service runs under the NetworkService account, the Impersonate
a client after authentication policy must include the Administrators group
account and the SERVICE group account. Otherwise, the error message "there
are no more available endpoints" may come out.

So, please check 'Impersonate a client after authentication policy' under
Computer Configuration\Windows Settings\Security Settings\Local
Policies\User Rights Assignment firstly. By default, Administrators and
service has been assigned this privilege to impersonate a client. If this
has been modified, please refer to the following KB to revert it:

Error message when you modify the "Impersonate a client after
authentication" policy setting in Windows Server 2003 with Service Pack 1:
"There are no more endpoints available from the endpoint mapper"
http://support.microsoft.com/kb/930220/en-us

If this issue still remains, please provide me the following information:

1. Is there any error message in event log?
2. Please check if RPC service is normal as the steps below:

Please use portqry to check if RPC 135 port is listening .

For example:

The following command tries to resolve my server to an IP address and then
queries the specified range of UDP ports (135-139) in sequential order on
the corresponding host. This command also creates a log file
(my_server.txt) that contains a log of its output.

portqry -n DC_server -p udp -r 135:139 -l my_server.txt

Below is an article about the PORTTQRY tool
http://support.microsoft.com/?kbid=310099

Below is a link to download the PORTQRY tool
http://www.microsoft.com/downloads/d...747-C74B-4638-
A2D5-AC828BDC6983&displaylang=en

Please also 'netstat' command on the problematic DC to check the port
usage? Is it exhausted?

If it's port depletion, you may adjust the MaxUserPort value to add more
ports on both servers.

1. Start Registry Editor.
2. Locate the following subkey in the registry, and then click Parameters:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
3. On the Edit menu, click New, and then add the following registry entry:

Value Name: MaxUserPort
Value Type: DWORD
Value data: 65000 (decimal)

4. Quit Registry Editor.
5. Reboot the server to test again.

Description: This parameter controls the maximum port number that is used
when a program requests any available user port from the system. Typically,
ephemeral (short-lived) ports are allocated between the values of 1024 and
5000 inclusive.
3. If there is still no headway, for further assistance on this issue,
please help me collect MPSRPT log file.

You can get this tool from the link:

Microsoft Product Support's Reporting Tools (MPSRPT_DirSvc.EXE)
http://www.microsoft.com/downloads/d...C7C-7CA5-408F-
88B7-F9C79B7306C0&displaylang=en

---------------------------------------
Please send the MPS report CAB file to

Note:

a. Please include the following lines for this issue in the email body:

big trouble with Server - as KB933994
===========================
Morgan Che - MSFT

b. We will continue to discuss the issue here in newsgroup and will NOT
reply via emails.

c. Pease post a quick note in the current thread to inform me after sending
the email.

Thanks.


Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
================================================== ===
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->From: "Trapulo" <>
--->Subject: big trouble with Server - as KB933994
--->Date: Fri, 18 Jul 2008 15:45:52 +0200
--->Lines: 20
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> format=flowed;
---> charset="iso-8859-1";
---> reply-type=original
--->Content-Transfer-Encoding: 7bit
--->X-Priority: 3
--->X-MSMail-Priority: Normal
--->X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
--->Message-ID: <Ow8A$>
--->Newsgroups:
microsoft.public.windows.server.active_directory,m icrosoft.public.windows.se
rver.general,microsoft.public.windows.server.migra tion
--->NNTP-Posting-Host: 88-149-224-136.dynamic.ngi.it 88.149.224.136
--->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP05.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.general:41715
microsoft.public.windows.server.migration:4051
microsoft.public.windows.server.active_directory:4 6044
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
--->Hello,
--->I added a Windows 2003 Server to an existing 2000 domain, and made it
an
--->additional domain controller. All ok, I restarted, I made GC, all
worked
--->fine.
--->
--->Then I restarted an other time... boom. Every crytical windows services
--->don't start more. Only RPC works: others (COM+, network connections,
shell
--->hardware detection, etc) don't start.
--->It seems as KB933994 describes: the old group policy didn't assign
--->"impersonate a client after authentication" to Service and Network
accounts,
--->so I think that the replicated policy has blocked the 2003 system.
--->
--->Now? I've tried to update policy on the W2003 server, but it doesn't
apply
--->it. When I run a gpupdate, it reports that "there are no more available
--->endpoints" and it doesn't load changed policy.
--->
--->Any idea? Please help.
--->
--->thanks
--->
--->

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Trapulo,
>
> Please post the complete error message.

This is the error when I try to run gpupdate:
1053
Windows cannot determine the user or computer name. (There are no more
endpoints available from the endpoint mapper. ). Group Policy processing
aborted.


> Additional post an unedited ipconfig /all from both DC's.

This is from the old Win2K controller:



Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : server01
Primary DNS Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mydomain.com

Ethernet adapter Intel 82544GC Based Network Connection - onboard:



Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 82544GC-based XT Eval Gigabit
Adapter
Physical Address. . . . . . . . . : 00-06-5B-8F-99-78

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.18.20

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.18.6

DNS Servers . . . . . . . . . . . : 192.168.18.20
192.168.18.21


(18.21 is the other W2K domain controller, with same output)



This is from the new W2K3 controller that doesn't run:

Windows IP Configuration

Host Name . . . . . . . . . . . . : server08

Primary Dns Suffix . . . . . . . : mydomain.com

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mydomain.com



Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Loopback Adapter

Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.25.129

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:



Connection-specific DNS Suffix . : mydomain.com

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-10-18-33-9A-E4

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.18.140

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.18.6

DHCP Server . . . . . . . . . . . : 192.168.18.20

DNS Servers . . . . . . . . . . . : 192.168.18.20

192.168.18.21

Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20

Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20



Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client)

Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.73.29

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client) #2

Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.113.88

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :

--------------------------------------------------------

> Did you run dcdiag,

Domain Controller Diagnosis

Performing initial setup:
[server08] Directory Binding Error 1753:
Win32 Error 1753
This may limit some of the tests that can be performed.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER08
Starting test: Connectivity
The host 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain) couldn't

be resolved, the server name (server08.mydomain.com) resolved to
the

IP address (192.168.18.140) and was pingable. Check that the IP

address is registered correctly with the DNS server.
......................... SERVER08 failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER08
Skipping all tests, because server SERVER08 is
not responding to directory service requests

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : it
Starting test: CrossRefValidation
......................... it passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... it passed test CheckSDRefDom

Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 2138
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 2138
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
2138
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138
A KDC could not be located - All the KDCs are down.
......................... mydomain.com failed test FsmoCheck

-----------------------------------------------------
>netdiag and

this is very long: I attach only the interesting part:

Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Failed
List of NetBt transports currently configured:
[FATAL] Unable to retrieve transport list from Redir.
[NERR_WkstaNotStarted]


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'server08.mydomain.com.'. [ERROR_TIMEOUT]
The name 'server08.mydomain.com.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the
name
'server08.mydomain.com.'. [ERROR_TIMEOUT]
The name 'server08.mydomain.com.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the
name
'server08.mydomain.com.'. [ERROR_TIMEOUT]
The name 'server08mydomain.com.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for the
name
'server08.mydomain.com.'. [ERROR_TIMEOUT]
The name 'server08.mydomain.com.' may not be registered in DNS.
[WARNING] The DNS entries for this DC cannot be verified right now on
DNS server 192.168.18.20, ERROR_TIMEOUT.
[WARNING] The DNS entries for this DC cannot be verified right now on
DNS server 192.168.18.21, ERROR_TIMEOUT.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
[FATAL] Workstation service is not running. [FFFFFFFF]


DC discovery test. . . . . . . . . : Failed
[FATAL] Cannot find DC in domain 'MYDOMAIN'. [NERR_NetNotStarted]


DC list test . . . . . . . . . . . : Failed
'MYDOMAIN': Cannot find DC to get DC list from [test skipped].


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Skipped
'MYDOMAIN': Cannot find DC to get DC list from [test skipped].


LDAP test. . . . . . . . . . . . . : Failed
Cannot find DC to run LDAP tests on. The error occurred was: The
workstation driver is not installed.


[WARNING] Cannot find DC in domain MYDOMAIN. [NERR_NetNotStarted]


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Failed
[FATAL] Cannot initialize TAPI. Failed with error(0x80000048).

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

------------------------------------------------------
repadmin /showrepl from
> the support tools?


repadmin running command /showrepl against server localhost


Default-First-Site-Name\SERVER08

DC Options: IS_GC

Site Options: (none)

DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005

DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a



DsBindWithCred to localhost failed with status 1753 (0x6d9):

Can't retrieve message string 1753 (0x6d9), error 1815.


---------------------------------------


reports seem right, if we think that all core services are down



thanks




>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hello,
>> I added a Windows 2003 Server to an existing 2000 domain, and made it
>> an
>> additional domain controller. All ok, I restarted, I made GC, all
>> worked
>> fine.
>> Then I restarted an other time... boom. Every crytical windows
>> services
>> don't start more. Only RPC works: others (COM+, network connections,
>> shell
>> hardware detection, etc) don't start.
>> It seems as KB933994 describes: the old group policy didn't assign
>> "impersonate a client after authentication" to Service and Network
>> accounts,
>> so I think that the replicated policy has blocked the 2003 system.
>> Now? I've tried to update policy on the W2003 server, but it doesn't
>> apply it. When I run a gpupdate, it reports that "there are no more
>> available endpoints" and it doesn't load changed policy.
>>
>> Any idea? Please help.
>>
>> thanks
>>
>
>

Hello Trapulo,

On the 2003 disable DHCP and give it a fixed ip address. Additional disable
the not used NIC's. Then reboot the server. After that check in all DNS servers
that the 2003 server, also all other servers, is listed with the correct
ip. Then ping one of the running DC's with ip address, computer name and
FQDN(computername.mydomain.com).

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Trapulo,
>>
>> Please post the complete error message.
>>
> This is the error when I try to run gpupdate:
> 1053
> Windows cannot determine the user or computer name. (There are no more
> endpoints available from the endpoint mapper. ). Group Policy
> processing
> aborted.
>> Additional post an unedited ipconfig /all from both DC's.
>>
> This is from the old Win2K controller:
>
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : server01
> Primary DNS Suffix . . . . . . . : mydomain.com
> Node Type . . . . . . . . . . . . : Broadcast
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : mydomain.com
>
> Ethernet adapter Intel 82544GC Based Network Connection - onboard:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval
> Gigabit
> Adapter
> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.18.20
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.18.6
>
> DNS Servers . . . . . . . . . . . : 192.168.18.20
> 192.168.18.21
> (18.21 is the other W2K domain controller, with same output)
>
> This is from the new W2K3 controller that doesn't run:
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : server08
>
> Primary Dns Suffix . . . . . . . : mydomain.com
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : mydomain.com
>
> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Microsoft Loopback Adapter
>
> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
>
> DHCP Enabled. . . . . . . . . . . : Yes
>
> Autoconfiguration Enabled . . . . : Yes
>
> Autoconfiguration IP Address. . . : 169.254.25.129
>
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>
> Default Gateway . . . . . . . . . :
>
> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:
>
> Connection-specific DNS Suffix . : mydomain.com
>
> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
> Ethernet
>
> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4
>
> DHCP Enabled. . . . . . . . . . . : Yes
>
> Autoconfiguration Enabled . . . . : Yes
>
> IP Address. . . . . . . . . . . . : 192.168.18.140
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.18.6
>
> DHCP Server . . . . . . . . . . . : 192.168.18.20
>
> DNS Servers . . . . . . . . . . . : 192.168.18.20
>
> 192.168.18.21
>
> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20
>
> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20
>
> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
> GigE (NDIS VBD Client)
>
> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB
>
> DHCP Enabled. . . . . . . . . . . : Yes
>
> Autoconfiguration Enabled . . . . : Yes
>
> Autoconfiguration IP Address. . . : 169.254.73.29
>
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>
> Default Gateway . . . . . . . . . :
>
> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
> GigE (NDIS VBD Client) #2
>
> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD
>
> DHCP Enabled. . . . . . . . . . . : Yes
>
> Autoconfiguration Enabled . . . . : Yes
>
> Autoconfiguration IP Address. . . : 169.254.113.88
>
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>
> Default Gateway . . . . . . . . . :
>
> --------------------------------------------------------
>
>> Did you run dcdiag,
>>
> Domain Controller Diagnosis
>
> Performing initial setup:
> [server08] Directory Binding Error 1753:
> Win32 Error 1753
> This may limit some of the tests that can be performed.
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\SERVER08
> Starting test: Connectivity
> The host
> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain
> could not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)
> couldn't
>
> be resolved, the server name (server08.mydomain.com) resolved
> to the
>
> IP address (192.168.18.140) and was pingable. Check that the
> IP
>
> address is registered correctly with the DNS server.
> ......................... SERVER08 failed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\SERVER08
> Skipping all tests, because server SERVER08 is
> not responding to directory service requests
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
> Running partition tests on : it
> Starting test: CrossRefValidation
> ......................... it passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... it passed test CheckSDRefDom
> Running enterprise tests on : mydomain.com
> Starting test: Intersite
> ......................... mydomain.com passed test Intersite
> Starting test: FsmoCheck
> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
> 2138
> A Global Catalog Server could not be located - All GC's are
> down.
> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138
> A Primary Domain Controller could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
> error
> 2138
> A Good Time Server could not be located.
> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138
> A KDC could not be located - All the KDCs are down.
> ......................... mydomain.com failed test FsmoCheck
> -----------------------------------------------------
>
>> netdiag and
>>
> this is very long: I attach only the interesting part:
>
> Global results:
>
> Domain membership test . . . . . . : Passed
>
> NetBT transports test. . . . . . . : Failed
> List of NetBt transports currently configured:
> [FATAL] Unable to retrieve transport list from Redir.
> [NERR_WkstaNotStarted]
> Autonet address test . . . . . . . : Passed
>
> IP loopback ping test. . . . . . . : Passed
>
> Default gateway test . . . . . . . : Failed
>
> [FATAL] NO GATEWAYS ARE REACHABLE.
> You have no connectivity to other network segments.
> If you configured the IP protocol manually then
> you need to add at least one valid gateway.
> NetBT name test. . . . . . . . . . : Passed
> [WARNING] You don't have a single interface with the <00>
> 'WorkStation
> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
> Winsock test . . . . . . . . . . . : Passed
>
> DNS test . . . . . . . . . . . . . : Failed
> [WARNING] Cannot find a primary authoritative DNS server for
> the
> name
> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
> The name 'server08.mydomain.com.' may not be registered in
> DNS.
> [WARNING] Cannot find a primary authoritative DNS server for
> the
> name
> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
> The name 'server08.mydomain.com.' may not be registered in
> DNS.
> [WARNING] Cannot find a primary authoritative DNS server for
> the
> name
> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
> The name 'server08mydomain.com.' may not be registered in
> DNS.
> [WARNING] Cannot find a primary authoritative DNS server for
> the
> name
> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
> The name 'server08.mydomain.com.' may not be registered in
> DNS.
> [WARNING] The DNS entries for this DC cannot be verified right
> now on
> DNS server 192.168.18.20, ERROR_TIMEOUT.
> [WARNING] The DNS entries for this DC cannot be verified right
> now on
> DNS server 192.168.18.21, ERROR_TIMEOUT.
> [FATAL] No DNS servers have the DNS records for this DC
> registered.
> Redir and Browser test . . . . . . : Passed
> [FATAL] Workstation service is not running. [FFFFFFFF]
> DC discovery test. . . . . . . . . : Failed
> [FATAL] Cannot find DC in domain 'MYDOMAIN'.
> [NERR_NetNotStarted]
> DC list test . . . . . . . . . . . : Failed
> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
> Trust relationship test. . . . . . : Skipped
>
> Kerberos test. . . . . . . . . . . : Skipped
> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
> LDAP test. . . . . . . . . . . . . : Failed
> Cannot find DC to run LDAP tests on. The error occurred was: The
> workstation driver is not installed.
> [WARNING] Cannot find DC in domain MYDOMAIN.
> [NERR_NetNotStarted]
>
> Bindings test. . . . . . . . . . . : Passed
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
> Modem diagnostics test . . . . . . : Failed
> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed
> information
>
> The command completed successfully
>
> ------------------------------------------------------ repadmin
> /showrepl from
>
>> the support tools?
>>
> repadmin running command /showrepl against server localhost
>
> Default-First-Site-Name\SERVER08
>
> DC Options: IS_GC
>
> Site Options: (none)
>
> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005
>
> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a
>
> DsBindWithCred to localhost failed with status 1753 (0x6d9):
>
> Can't retrieve message string 1753 (0x6d9), error 1815.
>
> ---------------------------------------
>
> reports seem right, if we think that all core services are down
>
> thanks
>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hello,
>>> I added a Windows 2003 Server to an existing 2000 domain, and made
>>> it
>>> an
>>> additional domain controller. All ok, I restarted, I made GC, all
>>> worked
>>> fine.
>>> Then I restarted an other time... boom. Every crytical windows
>>> services
>>> don't start more. Only RPC works: others (COM+, network connections,
>>> shell
>>> hardware detection, etc) don't start.
>>> It seems as KB933994 describes: the old group policy didn't assign
>>> "impersonate a client after authentication" to Service and Network
>>> accounts,
>>> so I think that the replicated policy has blocked the 2003 system.
>>> Now? I've tried to update policy on the W2003 server, but it doesn't
>>> apply it. When I run a gpupdate, it reports that "there are no more
>>> available endpoints" and it doesn't load changed policy.
>>> Any idea? Please help.
>>>
>>> thanks
>>>

"Morgan che(MSFT)" <v-> wrote in message
news:...
> So, please check 'Impersonate a client after authentication policy' under
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\User Rights Assignment firstly. By default, Administrators and
> service has been assigned this privilege to impersonate a client. If this
> has been modified, please refer to the following KB to revert it:
>
> Error message when you modify the "Impersonate a client after
> authentication" policy setting in Windows Server 2003 with Service Pack 1:
> "There are no more endpoints available from the endpoint mapper"
> http://support.microsoft.com/kb/930220/en-us


The point 2 was what I tried last days, but it seems not loading new policy
so it didn't work.
However, point 3 solved! I was able to start core services, and load all
environment. Now gpupdate works, and I restored controller functionality
without any other problem.

thanks a lot!

I solved with Morgan's suggestion.

Thanks anyway!


"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Trapulo,
>
> On the 2003 disable DHCP and give it a fixed ip address. Additional
> disable the not used NIC's. Then reboot the server. After that check in
> all DNS servers that the 2003 server, also all other servers, is listed
> with the correct ip. Then ping one of the running DC's with ip address,
> computer name and FQDN(computername.mydomain.com).
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>> news: .com...
>>
>>> Hello Trapulo,
>>>
>>> Please post the complete error message.
>>>
>> This is the error when I try to run gpupdate:
>> 1053
>> Windows cannot determine the user or computer name. (There are no more
>> endpoints available from the endpoint mapper. ). Group Policy
>> processing
>> aborted.
>>> Additional post an unedited ipconfig /all from both DC's.
>>>
>> This is from the old Win2K controller:
>>
>> Windows 2000 IP Configuration
>>
>> Host Name . . . . . . . . . . . . : server01
>> Primary DNS Suffix . . . . . . . : mydomain.com
>> Node Type . . . . . . . . . . . . : Broadcast
>> IP Routing Enabled. . . . . . . . : No
>>
>> WINS Proxy Enabled. . . . . . . . : No
>>
>> DNS Suffix Search List. . . . . . : mydomain.com
>>
>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval
>> Gigabit
>> Adapter
>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78
>> DHCP Enabled. . . . . . . . . . . : No
>>
>> IP Address. . . . . . . . . . . . : 192.168.18.20
>>
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>
>> Default Gateway . . . . . . . . . : 192.168.18.6
>>
>> DNS Servers . . . . . . . . . . . : 192.168.18.20
>> 192.168.18.21
>> (18.21 is the other W2K domain controller, with same output)
>>
>> This is from the new W2K3 controller that doesn't run:
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : server08
>>
>> Primary Dns Suffix . . . . . . . : mydomain.com
>>
>> Node Type . . . . . . . . . . . . : Unknown
>>
>> IP Routing Enabled. . . . . . . . : No
>>
>> WINS Proxy Enabled. . . . . . . . : No
>>
>> DNS Suffix Search List. . . . . . : mydomain.com
>>
>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:
>>
>> Connection-specific DNS Suffix . :
>>
>> Description . . . . . . . . . . . : Microsoft Loopback Adapter
>>
>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
>>
>> DHCP Enabled. . . . . . . . . . . : Yes
>>
>> Autoconfiguration Enabled . . . . : Yes
>>
>> Autoconfiguration IP Address. . . : 169.254.25.129
>>
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>
>> Default Gateway . . . . . . . . . :
>>
>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:
>>
>> Connection-specific DNS Suffix . : mydomain.com
>>
>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
>> Ethernet
>>
>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4
>>
>> DHCP Enabled. . . . . . . . . . . : Yes
>>
>> Autoconfiguration Enabled . . . . : Yes
>>
>> IP Address. . . . . . . . . . . . : 192.168.18.140
>>
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>
>> Default Gateway . . . . . . . . . : 192.168.18.6
>>
>> DHCP Server . . . . . . . . . . . : 192.168.18.20
>>
>> DNS Servers . . . . . . . . . . . : 192.168.18.20
>>
>> 192.168.18.21
>>
>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20
>>
>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20
>>
>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:
>>
>> Connection-specific DNS Suffix . :
>>
>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>> GigE (NDIS VBD Client)
>>
>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB
>>
>> DHCP Enabled. . . . . . . . . . . : Yes
>>
>> Autoconfiguration Enabled . . . . : Yes
>>
>> Autoconfiguration IP Address. . . : 169.254.73.29
>>
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>
>> Default Gateway . . . . . . . . . :
>>
>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:
>>
>> Connection-specific DNS Suffix . :
>>
>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>> GigE (NDIS VBD Client) #2
>>
>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD
>>
>> DHCP Enabled. . . . . . . . . . . : Yes
>>
>> Autoconfiguration Enabled . . . . : Yes
>>
>> Autoconfiguration IP Address. . . : 169.254.113.88
>>
>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>
>> Default Gateway . . . . . . . . . :
>>
>> --------------------------------------------------------
>>
>>> Did you run dcdiag,
>>>
>> Domain Controller Diagnosis
>>
>> Performing initial setup:
>> [server08] Directory Binding Error 1753:
>> Win32 Error 1753
>> This may limit some of the tests that can be performed.
>> Done gathering initial info.
>> Doing initial required tests
>>
>> Testing server: Default-First-Site-Name\SERVER08
>> Starting test: Connectivity
>> The host
>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain
>> could not be resolved to an
>> IP address. Check the DNS server, DHCP, server name, etc
>> Although the Guid DNS name
>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)
>> couldn't
>>
>> be resolved, the server name (server08.mydomain.com) resolved
>> to the
>>
>> IP address (192.168.18.140) and was pingable. Check that the
>> IP
>>
>> address is registered correctly with the DNS server.
>> ......................... SERVER08 failed test Connectivity
>> Doing primary tests
>>
>> Testing server: Default-First-Site-Name\SERVER08
>> Skipping all tests, because server SERVER08 is
>> not responding to directory service requests
>> Running partition tests on : Schema
>> Starting test: CrossRefValidation
>> ......................... Schema passed test
>> CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... Schema passed test CheckSDRefDom
>> Running partition tests on : Configuration
>> Starting test: CrossRefValidation
>> ......................... Configuration passed test
>> CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... Configuration passed test
>> CheckSDRefDom
>> Running partition tests on : it
>> Starting test: CrossRefValidation
>> ......................... it passed test CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... it passed test CheckSDRefDom
>> Running enterprise tests on : mydomain.com
>> Starting test: Intersite
>> ......................... mydomain.com passed test Intersite
>> Starting test: FsmoCheck
>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
>> 2138
>> A Global Catalog Server could not be located - All GC's are
>> down.
>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138
>> A Primary Domain Controller could not be located.
>> The server holding the PDC role is down.
>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138
>> A Time Server could not be located.
>> The server holding the PDC role is down.
>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
>> error
>> 2138
>> A Good Time Server could not be located.
>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138
>> A KDC could not be located - All the KDCs are down.
>> ......................... mydomain.com failed test FsmoCheck
>> -----------------------------------------------------
>>
>>> netdiag and
>>>
>> this is very long: I attach only the interesting part:
>>
>> Global results:
>>
>> Domain membership test . . . . . . : Passed
>>
>> NetBT transports test. . . . . . . : Failed
>> List of NetBt transports currently configured:
>> [FATAL] Unable to retrieve transport list from Redir.
>> [NERR_WkstaNotStarted]
>> Autonet address test . . . . . . . : Passed
>>
>> IP loopback ping test. . . . . . . : Passed
>>
>> Default gateway test . . . . . . . : Failed
>>
>> [FATAL] NO GATEWAYS ARE REACHABLE.
>> You have no connectivity to other network segments.
>> If you configured the IP protocol manually then
>> you need to add at least one valid gateway.
>> NetBT name test. . . . . . . . . . : Passed
>> [WARNING] You don't have a single interface with the <00>
>> 'WorkStation
>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
>> Winsock test . . . . . . . . . . . : Passed
>>
>> DNS test . . . . . . . . . . . . . : Failed
>> [WARNING] Cannot find a primary authoritative DNS server for
>> the
>> name
>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>> The name 'server08.mydomain.com.' may not be registered in
>> DNS.
>> [WARNING] Cannot find a primary authoritative DNS server for
>> the
>> name
>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>> The name 'server08.mydomain.com.' may not be registered in
>> DNS.
>> [WARNING] Cannot find a primary authoritative DNS server for
>> the
>> name
>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>> The name 'server08mydomain.com.' may not be registered in
>> DNS.
>> [WARNING] Cannot find a primary authoritative DNS server for
>> the
>> name
>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>> The name 'server08.mydomain.com.' may not be registered in
>> DNS.
>> [WARNING] The DNS entries for this DC cannot be verified right
>> now on
>> DNS server 192.168.18.20, ERROR_TIMEOUT.
>> [WARNING] The DNS entries for this DC cannot be verified right
>> now on
>> DNS server 192.168.18.21, ERROR_TIMEOUT.
>> [FATAL] No DNS servers have the DNS records for this DC
>> registered.
>> Redir and Browser test . . . . . . : Passed
>> [FATAL] Workstation service is not running. [FFFFFFFF]
>> DC discovery test. . . . . . . . . : Failed
>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.
>> [NERR_NetNotStarted]
>> DC list test . . . . . . . . . . . : Failed
>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
>> Trust relationship test. . . . . . : Skipped
>>
>> Kerberos test. . . . . . . . . . . : Skipped
>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
>> LDAP test. . . . . . . . . . . . . : Failed
>> Cannot find DC to run LDAP tests on. The error occurred was: The
>> workstation driver is not installed.
>> [WARNING] Cannot find DC in domain MYDOMAIN.
>> [NERR_NetNotStarted]
>>
>> Bindings test. . . . . . . . . . . : Passed
>>
>> WAN configuration test . . . . . . : Skipped
>> No active remote access connections.
>> Modem diagnostics test . . . . . . : Failed
>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).
>> IP Security test . . . . . . . . . : Skipped
>>
>> Note: run "netsh ipsec dynamic show /?" for more detailed
>> information
>>
>> The command completed successfully
>>
>> ------------------------------------------------------ repadmin
>> /showrepl from
>>
>>> the support tools?
>>>
>> repadmin running command /showrepl against server localhost
>>
>> Default-First-Site-Name\SERVER08
>>
>> DC Options: IS_GC
>>
>> Site Options: (none)
>>
>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005
>>
>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a
>>
>> DsBindWithCred to localhost failed with status 1753 (0x6d9):
>>
>> Can't retrieve message string 1753 (0x6d9), error 1815.
>>
>> ---------------------------------------
>>
>> reports seem right, if we think that all core services are down
>>
>> thanks
>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hello,
>>>> I added a Windows 2003 Server to an existing 2000 domain, and made
>>>> it
>>>> an
>>>> additional domain controller. All ok, I restarted, I made GC, all
>>>> worked
>>>> fine.
>>>> Then I restarted an other time... boom. Every crytical windows
>>>> services
>>>> don't start more. Only RPC works: others (COM+, network connections,
>>>> shell
>>>> hardware detection, etc) don't start.
>>>> It seems as KB933994 describes: the old group policy didn't assign
>>>> "impersonate a client after authentication" to Service and Network
>>>> accounts,
>>>> so I think that the replicated policy has blocked the 2003 system.
>>>> Now? I've tried to update policy on the W2003 server, but it doesn't
>>>> apply it. When I run a gpupdate, it reports that "there are no more
>>>> available endpoints" and it doesn't load changed policy.
>>>> Any idea? Please help.
>>>>
>>>> thanks
>>>>
>
>

Hello Trapulo,

Thanks for the feedback.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I solved with Morgan's suggestion.
>
> Thanks anyway!
>
> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Trapulo,
>>
>> On the 2003 disable DHCP and give it a fixed ip address. Additional
>> disable the not used NIC's. Then reboot the server. After that check
>> in all DNS servers that the 2003 server, also all other servers, is
>> listed with the correct ip. Then ping one of the running DC's with ip
>> address, computer name and FQDN(computername.mydomain.com).
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>> news: .com...
>>>
>>>> Hello Trapulo,
>>>>
>>>> Please post the complete error message.
>>>>
>>> This is the error when I try to run gpupdate:
>>> 1053
>>> Windows cannot determine the user or computer name. (There are no
>>> more
>>> endpoints available from the endpoint mapper. ). Group Policy
>>> processing
>>> aborted.
>>>> Additional post an unedited ipconfig /all from both DC's.
>>>>
>>> This is from the old Win2K controller:
>>>
>>> Windows 2000 IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : server01
>>> Primary DNS Suffix . . . . . . . : mydomain.com
>>> Node Type . . . . . . . . . . . . : Broadcast
>>> IP Routing Enabled. . . . . . . . : No
>>> WINS Proxy Enabled. . . . . . . . : No
>>>
>>> DNS Suffix Search List. . . . . . : mydomain.com
>>>
>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval
>>> Gigabit
>>> Adapter
>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.18.20
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>
>>> Default Gateway . . . . . . . . . : 192.168.18.6
>>>
>>> DNS Servers . . . . . . . . . . . : 192.168.18.20
>>> 192.168.18.21
>>> (18.21 is the other W2K domain controller, with same output)
>>> This is from the new W2K3 controller that doesn't run:
>>>
>>> Windows IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : server08
>>>
>>> Primary Dns Suffix . . . . . . . : mydomain.com
>>>
>>> Node Type . . . . . . . . . . . . : Unknown
>>>
>>> IP Routing Enabled. . . . . . . . : No
>>>
>>> WINS Proxy Enabled. . . . . . . . : No
>>>
>>> DNS Suffix Search List. . . . . . : mydomain.com
>>>
>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:
>>>
>>> Connection-specific DNS Suffix . :
>>>
>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter
>>>
>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> Autoconfiguration IP Address. . . : 169.254.25.129
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>>
>>> Default Gateway . . . . . . . . . :
>>>
>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:
>>>
>>> Connection-specific DNS Suffix . : mydomain.com
>>>
>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
>>> Ethernet
>>>
>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> IP Address. . . . . . . . . . . . : 192.168.18.140
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>
>>> Default Gateway . . . . . . . . . : 192.168.18.6
>>>
>>> DHCP Server . . . . . . . . . . . : 192.168.18.20
>>>
>>> DNS Servers . . . . . . . . . . . : 192.168.18.20
>>>
>>> 192.168.18.21
>>>
>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20
>>>
>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20
>>>
>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:
>>>
>>> Connection-specific DNS Suffix . :
>>>
>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>>> GigE (NDIS VBD Client)
>>>
>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> Autoconfiguration IP Address. . . : 169.254.73.29
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>>
>>> Default Gateway . . . . . . . . . :
>>>
>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:
>>>
>>> Connection-specific DNS Suffix . :
>>>
>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>>> GigE (NDIS VBD Client) #2
>>>
>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> Autoconfiguration IP Address. . . : 169.254.113.88
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>>
>>> Default Gateway . . . . . . . . . :
>>>
>>> --------------------------------------------------------
>>>
>>>> Did you run dcdiag,
>>>>
>>> Domain Controller Diagnosis
>>>
>>> Performing initial setup:
>>> [server08] Directory Binding Error 1753:
>>> Win32 Error 1753
>>> This may limit some of the tests that can be performed.
>>> Done gathering initial info.
>>> Doing initial required tests
>>> Testing server: Default-First-Site-Name\SERVER08
>>> Starting test: Connectivity
>>> The host
>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain
>>> could not be resolved to an
>>> IP address. Check the DNS server, DHCP, server name, etc
>>> Although the Guid DNS name
>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)
>>> couldn't
>>> be resolved, the server name (server08.mydomain.com) resolved to the
>>>
>>> IP address (192.168.18.140) and was pingable. Check that the IP
>>>
>>> address is registered correctly with the DNS server.
>>> ......................... SERVER08 failed test Connectivity Doing
>>> primary tests
>>>
>>> Testing server: Default-First-Site-Name\SERVER08
>>> Skipping all tests, because server SERVER08 is
>>> not responding to directory service requests
>>> Running partition tests on : Schema
>>> Starting test: CrossRefValidation
>>> ......................... Schema passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Schema passed test CheckSDRefDom
>>> Running partition tests on : Configuration
>>> Starting test: CrossRefValidation
>>> ......................... Configuration passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Configuration passed test
>>> CheckSDRefDom
>>> Running partition tests on : it
>>> Starting test: CrossRefValidation
>>> ......................... it passed test CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... it passed test CheckSDRefDom
>>> Running enterprise tests on : mydomain.com
>>> Starting test: Intersite
>>> ......................... mydomain.com passed test Intersite
>>> Starting test: FsmoCheck
>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
>>> 2138
>>> A Global Catalog Server could not be located - All GC's are
>>> down.
>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138
>>> A Primary Domain Controller could not be located.
>>> The server holding the PDC role is down.
>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138
>>> A Time Server could not be located.
>>> The server holding the PDC role is down.
>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
>>> error
>>> 2138
>>> A Good Time Server could not be located.
>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138
>>> A KDC could not be located - All the KDCs are down.
>>> ......................... mydomain.com failed test FsmoCheck
>>> -----------------------------------------------------
>>>> netdiag and
>>>>
>>> this is very long: I attach only the interesting part:
>>>
>>> Global results:
>>>
>>> Domain membership test . . . . . . : Passed
>>>
>>> NetBT transports test. . . . . . . : Failed
>>> List of NetBt transports currently configured:
>>> [FATAL] Unable to retrieve transport list from Redir.
>>> [NERR_WkstaNotStarted]
>>> Autonet address test . . . . . . . : Passed
>>> IP loopback ping test. . . . . . . : Passed
>>>
>>> Default gateway test . . . . . . . : Failed
>>>
>>> [FATAL] NO GATEWAYS ARE REACHABLE.
>>> You have no connectivity to other network segments.
>>> If you configured the IP protocol manually then
>>> you need to add at least one valid gateway.
>>> NetBT name test. . . . . . . . . . : Passed
>>> [WARNING] You don't have a single interface with the <00>
>>> 'WorkStation
>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
>>> Winsock test . . . . . . . . . . . : Passed
>>> DNS test . . . . . . . . . . . . . : Failed
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08.mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08.mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08.mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] The DNS entries for this DC cannot be verified right
>>> now on
>>> DNS server 192.168.18.20, ERROR_TIMEOUT.
>>> [WARNING] The DNS entries for this DC cannot be verified right
>>> now on
>>> DNS server 192.168.18.21, ERROR_TIMEOUT.
>>> [FATAL] No DNS servers have the DNS records for this DC
>>> registered.
>>> Redir and Browser test . . . . . . : Passed
>>> [FATAL] Workstation service is not running. [FFFFFFFF]
>>> DC discovery test. . . . . . . . . : Failed
>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.
>>> [NERR_NetNotStarted]
>>> DC list test . . . . . . . . . . . : Failed
>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
>>> Trust relationship test. . . . . . : Skipped
>>> Kerberos test. . . . . . . . . . . : Skipped
>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
>>> LDAP test. . . . . . . . . . . . . : Failed
>>> Cannot find DC to run LDAP tests on. The error occurred was: The
>>> workstation driver is not installed.
>>> [WARNING] Cannot find DC in domain MYDOMAIN.
>>> [NERR_NetNotStarted]
>>> Bindings test. . . . . . . . . . . : Passed
>>>
>>> WAN configuration test . . . . . . : Skipped
>>> No active remote access connections.
>>> Modem diagnostics test . . . . . . : Failed
>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).
>>> IP Security test . . . . . . . . . : Skipped
>>> Note: run "netsh ipsec dynamic show /?" for more detailed
>>> information
>>>
>>> The command completed successfully
>>>
>>> ------------------------------------------------------ repadmin
>>> /showrepl from
>>>
>>>> the support tools?
>>>>
>>> repadmin running command /showrepl against server localhost
>>>
>>> Default-First-Site-Name\SERVER08
>>>
>>> DC Options: IS_GC
>>>
>>> Site Options: (none)
>>>
>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005
>>>
>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a
>>>
>>> DsBindWithCred to localhost failed with status 1753 (0x6d9):
>>>
>>> Can't retrieve message string 1753 (0x6d9), error 1815.
>>>
>>> ---------------------------------------
>>>
>>> reports seem right, if we think that all core services are down
>>>
>>> thanks
>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Hello,
>>>>> I added a Windows 2003 Server to an existing 2000 domain, and made
>>>>> it
>>>>> an
>>>>> additional domain controller. All ok, I restarted, I made GC, all
>>>>> worked
>>>>> fine.
>>>>> Then I restarted an other time... boom. Every crytical windows
>>>>> services
>>>>> don't start more. Only RPC works: others (COM+, network
>>>>> connections,
>>>>> shell
>>>>> hardware detection, etc) don't start.
>>>>> It seems as KB933994 describes: the old group policy didn't assign
>>>>> "impersonate a client after authentication" to Service and Network
>>>>> accounts,
>>>>> so I think that the replicated policy has blocked the 2003 system.
>>>>> Now? I've tried to update policy on the W2003 server, but it
>>>>> doesn't
>>>>> apply it. When I run a gpupdate, it reports that "there are no
>>>>> more
>>>>> available endpoints" and it doesn't load changed policy.
>>>>> Any idea? Please help.
>>>>> thanks
>>>>>

Hi,

Thanks for letting us know my suggestion works. I believe it will benefit
others who may experience the similar problem. If you encounter any other
issue, please be free to post here.

Have a nice day.

Sincerely
Morgan Che
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
================================================== ===
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
--->From: "Trapulo" <>
--->References: <Ow8A$>
<>
--->In-Reply-To: <>
--->Subject: Re: big trouble with Server - as KB933994
--->Date: Mon, 21 Jul 2008 20:11:11 +0200
--->Lines: 26
--->MIME-Version: 1.0
--->Content-Type: text/plain;
---> format=flowed;
---> charset="iso-8859-1";
---> reply-type=original
--->Content-Transfer-Encoding: 7bit
--->X-Priority: 3
--->X-MSMail-Priority: Normal
--->X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
--->X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18000
--->Message-ID: <>
--->Newsgroups: microsoft.public.windows.server.migration
--->NNTP-Posting-Host: 88-149-224-136.dynamic.ngi.it 88.149.224.136
--->Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSF TNGP06.phx.gbl
--->Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.migration:4063
--->X-Tomcat-NG: microsoft.public.windows.server.migration
--->
--->
--->"Morgan che(MSFT)" <v-> wrote in message
--->news:...
--->> So, please check 'Impersonate a client after authentication policy'
under
--->> Computer Configuration\Windows Settings\Security Settings\Local
--->> Policies\User Rights Assignment firstly. By default, Administrators
and
--->> service has been assigned this privilege to impersonate a client. If
this
--->> has been modified, please refer to the following KB to revert it:
--->>
--->> Error message when you modify the "Impersonate a client after
--->> authentication" policy setting in Windows Server 2003 with Service
Pack 1:
--->> "There are no more endpoints available from the endpoint mapper"
--->> http://support.microsoft.com/kb/930220/en-us
--->
--->
--->The point 2 was what I tried last days, but it seems not loading new
policy
--->so it didn't work.
--->However, point 3 solved! I was able to start core services, and load
all
--->environment. Now gpupdate works, and I restored controller
functionality
--->without any other problem.
--->
--->thanks a lot!
--->
--->
--->
--->
--->

Who is Morgan and what was his "fix"? I don't see any posting in the
thread from him. Were you talking about Meinolf?

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

Trapulo wrote:
> I solved with Morgan's suggestion.
>
> Thanks anyway!
>
>
> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>> Hello Trapulo,
>>
>> On the 2003 disable DHCP and give it a fixed ip address. Additional
>> disable the not used NIC's. Then reboot the server. After that check
>> in all DNS servers that the 2003 server, also all other servers, is
>> listed with the correct ip. Then ping one of the running DC's with ip
>> address, computer name and FQDN(computername.mydomain.com).
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
>>> news: .com...
>>>
>>>> Hello Trapulo,
>>>>
>>>> Please post the complete error message.
>>>>
>>> This is the error when I try to run gpupdate:
>>> 1053
>>> Windows cannot determine the user or computer name. (There are no more
>>> endpoints available from the endpoint mapper. ). Group Policy
>>> processing
>>> aborted.
>>>> Additional post an unedited ipconfig /all from both DC's.
>>>>
>>> This is from the old Win2K controller:
>>>
>>> Windows 2000 IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : server01
>>> Primary DNS Suffix . . . . . . . : mydomain.com
>>> Node Type . . . . . . . . . . . . : Broadcast
>>> IP Routing Enabled. . . . . . . . : No
>>>
>>> WINS Proxy Enabled. . . . . . . . : No
>>>
>>> DNS Suffix Search List. . . . . . : mydomain.com
>>>
>>> Ethernet adapter Intel 82544GC Based Network Connection - onboard:
>>>
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Intel 82544GC-based XT Eval
>>> Gigabit
>>> Adapter
>>> Physical Address. . . . . . . . . : 00-06-5B-8F-99-78
>>> DHCP Enabled. . . . . . . . . . . : No
>>>
>>> IP Address. . . . . . . . . . . . : 192.168.18.20
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>
>>> Default Gateway . . . . . . . . . : 192.168.18.6
>>>
>>> DNS Servers . . . . . . . . . . . : 192.168.18.20
>>> 192.168.18.21
>>> (18.21 is the other W2K domain controller, with same output)
>>>
>>> This is from the new W2K3 controller that doesn't run:
>>>
>>> Windows IP Configuration
>>>
>>> Host Name . . . . . . . . . . . . : server08
>>>
>>> Primary Dns Suffix . . . . . . . : mydomain.com
>>>
>>> Node Type . . . . . . . . . . . . : Unknown
>>>
>>> IP Routing Enabled. . . . . . . . : No
>>>
>>> WINS Proxy Enabled. . . . . . . . : No
>>>
>>> DNS Suffix Search List. . . . . . : mydomain.com
>>>
>>> Ethernet adapter {2C970B77-5941-42EE-AC30-0BDD2475466F}:
>>>
>>> Connection-specific DNS Suffix . :
>>>
>>> Description . . . . . . . . . . . : Microsoft Loopback Adapter
>>>
>>> Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> Autoconfiguration IP Address. . . : 169.254.25.129
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>>
>>> Default Gateway . . . . . . . . . :
>>>
>>> Ethernet adapter {51D91C03-047A-4BFF-881A-88291CAA6518}:
>>>
>>> Connection-specific DNS Suffix . : mydomain.com
>>>
>>> Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
>>> Ethernet
>>>
>>> Physical Address. . . . . . . . . : 00-10-18-33-9A-E4
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> IP Address. . . . . . . . . . . . : 192.168.18.140
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>
>>> Default Gateway . . . . . . . . . : 192.168.18.6
>>>
>>> DHCP Server . . . . . . . . . . . : 192.168.18.20
>>>
>>> DNS Servers . . . . . . . . . . . : 192.168.18.20
>>>
>>> 192.168.18.21
>>>
>>> Lease Obtained. . . . . . . . . . : lunedì 21 luglio 2008 9.28.20
>>>
>>> Lease Expires . . . . . . . . . . : martedì 29 luglio 2008 9.28.20
>>>
>>> Ethernet adapter {EC441192-2E5D-44DB-B2C6-F3405F52D5E6}:
>>>
>>> Connection-specific DNS Suffix . :
>>>
>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>>> GigE (NDIS VBD Client)
>>>
>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CB
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> Autoconfiguration IP Address. . . : 169.254.73.29
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>>
>>> Default Gateway . . . . . . . . . :
>>>
>>> Ethernet adapter {C68EEF3A-3405-4197-997D-7ACA3409BE38}:
>>>
>>> Connection-specific DNS Suffix . :
>>>
>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>>> GigE (NDIS VBD Client) #2
>>>
>>> Physical Address. . . . . . . . . : 00-1E-4F-3D-A1-CD
>>>
>>> DHCP Enabled. . . . . . . . . . . : Yes
>>>
>>> Autoconfiguration Enabled . . . . : Yes
>>>
>>> Autoconfiguration IP Address. . . : 169.254.113.88
>>>
>>> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>>>
>>> Default Gateway . . . . . . . . . :
>>>
>>> --------------------------------------------------------
>>>
>>>> Did you run dcdiag,
>>>>
>>> Domain Controller Diagnosis
>>>
>>> Performing initial setup:
>>> [server08] Directory Binding Error 1753:
>>> Win32 Error 1753
>>> This may limit some of the tests that can be performed.
>>> Done gathering initial info.
>>> Doing initial required tests
>>>
>>> Testing server: Default-First-Site-Name\SERVER08
>>> Starting test: Connectivity
>>> The host
>>> 7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain
>>> could not be resolved to an
>>> IP address. Check the DNS server, DHCP, server name, etc
>>> Although the Guid DNS name
>>> (7dca8c5b-84c8-4def-ae51-f1bf57dc0005._msdcs.com.mydomain)
>>> couldn't
>>>
>>> be resolved, the server name (server08.mydomain.com) resolved
>>> to the
>>>
>>> IP address (192.168.18.140) and was pingable. Check that the
>>> IP
>>>
>>> address is registered correctly with the DNS server.
>>> ......................... SERVER08 failed test Connectivity
>>> Doing primary tests
>>>
>>> Testing server: Default-First-Site-Name\SERVER08
>>> Skipping all tests, because server SERVER08 is
>>> not responding to directory service requests
>>> Running partition tests on : Schema
>>> Starting test: CrossRefValidation
>>> ......................... Schema passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Schema passed test CheckSDRefDom
>>> Running partition tests on : Configuration
>>> Starting test: CrossRefValidation
>>> ......................... Configuration passed test
>>> CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... Configuration passed test
>>> CheckSDRefDom
>>> Running partition tests on : it
>>> Starting test: CrossRefValidation
>>> ......................... it passed test CrossRefValidation
>>> Starting test: CheckSDRefDom
>>> ......................... it passed test CheckSDRefDom
>>> Running enterprise tests on : mydomain.com
>>> Starting test: Intersite
>>> ......................... mydomain.com passed test Intersite
>>> Starting test: FsmoCheck
>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
>>> 2138
>>> A Global Catalog Server could not be located - All GC's are
>>> down.
>>> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 2138
>>> A Primary Domain Controller could not be located.
>>> The server holding the PDC role is down.
>>> Warning: DcGetDcName(TIME_SERVER) call failed, error 2138
>>> A Time Server could not be located.
>>> The server holding the PDC role is down.
>>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
>>> error
>>> 2138
>>> A Good Time Server could not be located.
>>> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 2138
>>> A KDC could not be located - All the KDCs are down.
>>> ......................... mydomain.com failed test FsmoCheck
>>> -----------------------------------------------------
>>>
>>>> netdiag and
>>>>
>>> this is very long: I attach only the interesting part:
>>>
>>> Global results:
>>>
>>> Domain membership test . . . . . . : Passed
>>>
>>> NetBT transports test. . . . . . . : Failed
>>> List of NetBt transports currently configured:
>>> [FATAL] Unable to retrieve transport list from Redir.
>>> [NERR_WkstaNotStarted]
>>> Autonet address test . . . . . . . : Passed
>>>
>>> IP loopback ping test. . . . . . . : Passed
>>>
>>> Default gateway test . . . . . . . : Failed
>>>
>>> [FATAL] NO GATEWAYS ARE REACHABLE.
>>> You have no connectivity to other network segments.
>>> If you configured the IP protocol manually then
>>> you need to add at least one valid gateway.
>>> NetBT name test. . . . . . . . . . : Passed
>>> [WARNING] You don't have a single interface with the <00>
>>> 'WorkStation
>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
>>> Winsock test . . . . . . . . . . . : Passed
>>>
>>> DNS test . . . . . . . . . . . . . : Failed
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08.mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08.mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'server08.mydomain.com.'. [ERROR_TIMEOUT]
>>> The name 'server08.mydomain.com.' may not be registered in
>>> DNS.
>>> [WARNING] The DNS entries for this DC cannot be verified right
>>> now on
>>> DNS server 192.168.18.20, ERROR_TIMEOUT.
>>> [WARNING] The DNS entries for this DC cannot be verified right
>>> now on
>>> DNS server 192.168.18.21, ERROR_TIMEOUT.
>>> [FATAL] No DNS servers have the DNS records for this DC
>>> registered.
>>> Redir and Browser test . . . . . . : Passed
>>> [FATAL] Workstation service is not running. [FFFFFFFF]
>>> DC discovery test. . . . . . . . . : Failed
>>> [FATAL] Cannot find DC in domain 'MYDOMAIN'.
>>> [NERR_NetNotStarted]
>>> DC list test . . . . . . . . . . . : Failed
>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
>>> Trust relationship test. . . . . . : Skipped
>>>
>>> Kerberos test. . . . . . . . . . . : Skipped
>>> 'MYDOMAIN': Cannot find DC to get DC list from [test skipped].
>>> LDAP test. . . . . . . . . . . . . : Failed
>>> Cannot find DC to run LDAP tests on. The error occurred was: The
>>> workstation driver is not installed.
>>> [WARNING] Cannot find DC in domain MYDOMAIN.
>>> [NERR_NetNotStarted]
>>>
>>> Bindings test. . . . . . . . . . . : Passed
>>>
>>> WAN configuration test . . . . . . : Skipped
>>> No active remote access connections.
>>> Modem diagnostics test . . . . . . : Failed
>>> [FATAL] Cannot initialize TAPI. Failed with error(0x80000048).
>>> IP Security test . . . . . . . . . : Skipped
>>>
>>> Note: run "netsh ipsec dynamic show /?" for more detailed
>>> information
>>>
>>> The command completed successfully
>>>
>>> ------------------------------------------------------ repadmin
>>> /showrepl from
>>>
>>>> the support tools?
>>>>
>>> repadmin running command /showrepl against server localhost
>>>
>>> Default-First-Site-Name\SERVER08
>>>
>>> DC Options: IS_GC
>>>
>>> Site Options: (none)
>>>
>>> DC object GUID: 7dca8c5b-84c8-4def-ae51-f1bf57dc0005
>>>
>>> DC invocationID: 4c4b35f2-9dc3-45e5-8694-a5c05734319a
>>>
>>> DsBindWithCred to localhost failed with status 1753 (0x6d9):
>>>
>>> Can't retrieve message string 1753 (0x6d9), error 1815.
>>>
>>> ---------------------------------------
>>>
>>> reports seem right, if we think that all core services are down
>>>
>>> thanks
>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Hello,
>>>>> I added a Windows 2003 Server to an existing 2000 domain, and made
>>>>> it
>>>>> an
>>>>> additional domain controller. All ok, I restarted, I made GC, all
>>>>> worked
>>>>> fine.
>>>>> Then I restarted an other time... boom. Every crytical windows
>>>>> services
>>>>> don't start more. Only RPC works: others (COM+, network connections,
>>>>> shell
>>>>> hardware detection, etc) don't start.
>>>>> It seems as KB933994 describes: the old group policy didn't assign
>>>>> "impersonate a client after authentication" to Service and Network
>>>>> accounts,
>>>>> so I think that the replicated policy has blocked the 2003 system.
>>>>> Now? I've tried to update policy on the W2003 server, but it doesn't
>>>>> apply it. When I run a gpupdate, it reports that "there are no more
>>>>> available endpoints" and it doesn't load changed policy.
>>>>> Any idea? Please help.
>>>>>
>>>>> thanks
>>>>>
>>
>>
>