DC error?

Discussion in 'Server Setup' started by Miha, Feb 4, 2010.

  1. Miha

    Miha Guest


    We're dealing with the folloving event on some of the domain servers

    Windows cannot determine the user or computer name. (The system detected a
    possible attempt to compromise security. Please ensure that you can contact
    the server that authenticated you. ). Group Policy processing aborted.

    We have 3 Win2003 DC's, one of them has been disconected from LAN for 4
    days, now it's back on. Since then tihs error apperas. Can anyone please
    help or instruct me what to do? No changes have been made to all of the DC.
    Do I need to re-sinchronize all DC or sometnig like that?


    Miha, Feb 4, 2010
    1. Advertisements

  2. Hello Miha,

    To better assist, we will need additional info.

    Please post an ipconfig /all from each DC. This will allow use to evaluate
    any basic configuration issues.

    Also post any EventID# errors you see in the event logs of any of the DCs or
    other machines you are seeing errors regarding what you posted, or any other
    AD communication errors.

    Thank you,


    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among
    responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
    MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please
    contact Microsoft PSS directly. Please check http://support.microsoft.com
    for regional support phone numbers.
    Ace Fekay [MVP-DS, MCT], Feb 4, 2010
    1. Advertisements

  3. Run diagnostics against your Active Directory domain.

    If you don't have the support tools installed, install them from your server
    install disk.

    Run dcdiag, netdiag and repadmin in verbose mode.
    -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
    -> netdiag.exe /v > c:\netdiag.log (On each dc)
    -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
    -> ntfrsutl ds your_dc_name > c:\sysvol.log
    -> dnslint /ad /s "ip address of your dc"

    **Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
    in the forest. If you have significant numbers of DC's this test could
    generate significant detail and take a long time. You also want to take into
    account slow links to dc's will also add to the testing time.

    If you download a gui script I wrote it should be simple to set and run
    (DCDiag and NetDiag). It also has the option to run individual tests without
    having to learn all the switch options. The details will be output in
    notepad text files that pop up automagically.

    The script is located on my website at

    Just select both dcdiag and netdiag make sure verbose is set. (Leave the
    default settings for dcdiag as set when selected)

    When complete search for fail, error and warning messages.

    Description and download for dnslint

    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009


    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
    Paul Bergson [MVP-DS], Feb 5, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.