Setting Timing for PDC 2003r? Errors 1058 and 1030

Discussion in 'Active Directory' started by Dole Bludger, Mar 31, 2009.

  1. Dole Bludger

    Dole Bludger Guest

    I had only one DC 2003. Then I created second DC 2003. Moved operation
    masters etc PDC.. Schema etc.. and Global catalog from the first to second
    one - new server. Everything was fine. Then after one week every 5 minutes. I
    had noticed this issue in event viewer on the old DC it was always 1058
    followed by 1030 event ids.

    "Windows cannot access the file gpt.ini for GPO… Windows cannot query for
    the list of Group Policy objects. Check the event log for possible messages
    previously logged by the policy engine that describes the reason for this.

    However, I was able to access that file gpt.ini and as well to see policy.
    Somehow I have applied the procedure for time synchronisation. PDC and old DC
    are both setting up to synch with internet clock time.windows.com as
    described in:

    http://support.microsoft.com/kb/816042

    I do not know whether timing set up should be the same with PDC as with SDC?
    The errors dissapeared for 2 weeks, but they are again back. Obviously
    something is wrong with timing configuration.

    http://support.microsoft.com/kb/842804

    I have tried with setting up WaitForNetwork as was recomended from the above
    web site, but it is the same. After two weeks same errors every 5 minutes on
    the old DC.
     
    Dole Bludger, Mar 31, 2009
    #1
    1. Advertisements

  2. Hello Dole,

    Can you post an unedited ipconfig /all from both DCs, please? This will help
    us diagnose the issue better.

    Also, check the domain.com and the _msdcs.domain.com zones in DNS. See if
    the new DC registered for the following:
    (same as parent) A <new DC's IP address>
    dcname A <new DC's IP address>

    If you made this a GC, check the _gc.msdcs.domain.com zone and see if it got
    registered.

    Also check the _sites folder and look in there if both DCs are registered.


    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer


    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Thanks,

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer


    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [Microsoft Certified Trainer], Mar 31, 2009
    #2
    1. Advertisements

  3. Hello Dole,

    If you move the FSMO roles to the new DC you have also to do some changes
    for the time configuration on the PDCEmulator:
    http://technet.microsoft.com/en-us/library/cc738042.aspx

    http://technet.microsoft.com/en-us/library/cc786897.aspx


    Additional please post an unedited ipconfig /all from both DC's as Ace requested.
    That can be one reason for the event id's.

    Also have a look here:
    http://support.microsoft.com/kb/314494/en-us

    http://support.microsoft.com/kb/887303/en-us

    http://support.microsoft.com/kb/883271/en-us

    http://support.microsoft.com/kb/842804/en-us

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 31, 2009
    #3
  4. Dole Bludger

    Dole Bludger Guest

    Here is:"
    Windows IP Configuration

    Host Name . . . . . . . . . . . . : fpdc
    Primary Dns Suffix . . . . . . . : fplus.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : fplus.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-11-11-0E-21-E6
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.4.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    IP Address. . . . . . . . . . . . : 192.168.0.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    192.168.4.1
    DNS Servers . . . . . . . . . . . : 192.168.0.2
    212.200.191.150
    127.0.0.1"
     
    Dole Bludger, Apr 1, 2009
    #4
  5. Hello Dole,

    Your DC should have only one ip address, for what is the second one192.168.4.x?
    Also using the ISP's DNS server, i assume 212.200.191.150, on the NIC is
    a not wanted configuration and can result exact in your problems. Remove
    it form the NIC and configure it as a FORWARDER on the DNS server properties
    in the DNS management console.

    Also 127.0.0.1 is not necessary, use the real ip address of the server 192.168.0.2

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Apr 1, 2009
    #5
  6. Dole Bludger

    Dole Bludger Guest

    That is OK and fine. I have forest with one domain only. I have 2 GC. Can I
    have only one? Maybe having GC might have impact on the networks bandwidth
    due to much replications?
     
    Dole Bludger, Apr 1, 2009
    #6
  7. No, with a single forest domain, both DCs must be GCs. That is one of the
    rules.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 1, 2009
    #7
  8. I agree with Meionolf's assesment. A DC can only have ONE ip address or one
    NIC. Also, you cannot use an external DNS in IP properties. Also remove the
    127.0.0.1 loopback address. The only address this DC should have is
    192.168.0.2, and the only DNS address should be 192.168.0.2. Everytihng else
    needs to be removed and I guarantee the DC will function afterwards.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 1, 2009
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.