Unable to login into SBS 2003 Domain server

Discussion in 'Active Directory' started by Jeff, Apr 17, 2009.

  1. Jeff

    Jeff Guest

    Hi Ace,
    I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I
    haven’t done anything more in relation to DNS on it. In networking, I
    updated the DNS so that it points to itself and has the SBSDC as the
    alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On
    workstations I added the FS as the alternate DNS.

    In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s
    servers are listed.

    Again when confirming the 192.168.0.2 address, I received the error that the
    IP was allocated to a NIC that was no longer installed in that PC. The
    message popped up previously when I removed the ISP’s IPS from the DNS server
    list and responded to accept the IP. It is odd because I cannot recall a NIC
    referred to a Compaq Model and our servers are all IBM Series. Anyway I used
    the MS procedure to attempt to remove it (viz: set
    devmgr_show_nonpresent_devices=1 and ran DEVMGMT.MSC, clicked View to Show
    Hidden Devices, expanded the Network Adapters tree) but the hidden NIC device
    as per the error message was not listed. Could this be causing a problem?

    Here is the current IPConfig from JSRfs01

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : abcfs01
    Primary Dns Suffix . . . . . . . : abc.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : abc.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.3
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 192.168.0.3
    192.168.0.2

    Windows firewall is turned off and I looked at Group Policies on the SBS.
    None were enforced or configured, but I disabled SBS firewall in the GP
    Management on the SBSDC.

    Would the DNS be affecting the ability to remote desktop to the SBSDC?

    The SBS-DC has connectivity but to the network (evidenced by the network
    security and SBS being able to ping other PCs and receive ISP email, but why
    else couldn’t we ping the SBS?
     
    Jeff, Apr 20, 2009
    #21
    1. Advertisements

  2. Jeff

    Jeff Guest

    Hi Ace,
    I’ve installed DNS on the abcfs01 (192.168.0.3). DNS propagated so I
    haven’t done anything more in relation to DNS on it. In networking, I
    updated the DNS so that it points to itself and has the SBSDC as the
    alternate DNS server. On the SBSDC I made the F/S the alternate DNS. On
    workstations I added the FS as the alternate DNS.

    In DHCP on the SBSDC, I added 192.168.0.3 to the 006 scope so both DNS’s
    servers are listed. I’ve changed the scope address range for addresses to
    distribute to 192.168.0.10 - 192.168.0.10.254 so there is no overlap. Wins
    was already active on SBSDC

    Other DHCP scope options are as you recommend, viz
    Option 003 = 192.168.0.1
    Option 006 = 192.168.0.2 and 192.168.0.3 (after installing DNS on F/S)
    Option 015 = abc.local


    Again when confirming the 192.168.0.2 address in Network setup, IP
    properties, I received the error that the IP was allocated to a NIC that was
    no longer installed in that PC. The message popped up previously when I
    removed the ISP’s IPs from the DNS server list and responded to accept the
    IP. It is odd because I cannot recall a NIC referred to a Compaq Model and
    our servers are all IBM Servers with intel NICs. Anyway I used the MS
    procedure to attempt to remove it (viz: set devmgr_show_nonpresent_devices=1
    and ran DEVMGMT.MSC, clicked View to Show Hidden Devices, expanded the
    Network Adapters tree) but the hidden NIC device as per the error message was
    not listed. Could this be causing a problem?

    Here is the current IPConfig from JSRfs01

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : abcfs01
    Primary Dns Suffix . . . . . . . : abc.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : abc.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.3
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 192.168.0.3
    192.168.0.2

    Here is the current Ipconfig from SBSDC

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : abcsbs01
    Primary Dns Suffix . . . . . . . : abc.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : abc.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
    Physical Address. . . . . . . . . : 00-04-23-B9-AF-15
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 192.168.0.2
    192.168.0.3

    Windows firewall is turned off and I looked at Group Policies on the SBS.
    None were enforced or configured, but I disabled SBS firewall in the GP
    Management on the SBSDC.


    Would the DNS be affecting the ability to remote desktop or ping to the SBSDC?

    The SBS-DC has connectivity but to the network (evidenced by the network
    security and SBS being able to ping other PCs and receive ISP email, but why
    else couldn’t we ping the SBS?

    Jeff
     
    Jeff, Apr 20, 2009
    #22
    1. Advertisements

  3. Hmm, it could be a problem. How are you answering the error message? To use
    the IP or not use the IP, or is it not allowing you to use it?

    As for RDP to the SBS, how are you connecting to it? Are you connecting to
    it from within the office, or from home? What name aer you using? Does it
    work if you connect by the fqdn (sbsdc.abc.local) or the IP address? Does it
    work if you use the companyweb site, choosing Remote WebWorkplace to
    remotely connect to your desktop then choosing the SBSDC?

    If you run a gpresults at a command prompt, what GPOs are being applied to
    the SBS? Maybe there is a group policy on it controlling the firewall that
    is blocking ICMP Echos (ping responses). Go into control panel, Windows
    Firewall, is the setting grayed out?

    Did you adjust the DHCP Scope's IP range?

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 20, 2009
    #23
  4. The ipconfigs look good.

    As for that NIC IP error, if continues to be an issue, IF you want, choose
    another IP, 192.168.0.4. Make sure you change it for the DNS address, too.
    Then go into Advanced, WINS tab, and make sure the WINS address is updated,
    but I don;t see it in ipconfig, so it appears you;ve never set the WINS
    address on the SBS. You still have to tell a server to use itself for WINS.
    Then go to the other DC and reflect that change, too for both DNS and WINS.

    Once you do that, go into a command prompt:
    ipconfig /registerdns
    net stop netlogon
    net start netlogon

    Then change the DHCP options to reflect the new IP for DNS and WINS.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 20, 2009
    #24
  5. Jeff

    Jeff Guest

    Hi Ace,

    re: the NIC Error message - I respond to accept the IP and I dont get any
    different errors. The error/warning only appears when changing the DNS
    server Ips in network configuration. That IP is returned when pinging the
    SBS name (abcsbs01) on the sbs box so Im assuming it works. On reflection, I
    beleive it is why the additional IP (192.168.0.8) was also setup for this NIC
    in the event the current one (with a ghost) was problematic.

    Re: WINS - Probably never used since Win 2003. But I've now added the IP
    of the SBS in SBS network configuration so it points to itself with the other
    server IP second. Done similar on the file server pointing to itself first,
    then the SBS as the second WINS address. Enable LMHosts is selected, but
    there is no LMHosts file in system32\drivers\etc.

    But I'm not sure where to change/setup the WINS in DNS? I've just done it
    on the WINS tab in networking. and added ther Ip to the WINS list in DHCP
    Scope 044 after net IPconfig /registerdns, net stop/start.

    When looking at the newly setup DNS for ancfs01, I noticed a few
    error/warning messages in the DNS log.

    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 4015
    Date: 20/04/2009
    Time: 10:57:54 PM
    User: N/A
    Computer: JSRFS01
    Description:
    The DNS server has encountered a critical error from the Active Directory.
    Check that the Active Directory is functioning properly. The extended error
    debug information (which may be empty) is "". The event data contains the
    error.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 51 00 00 00 Q...


    and


    Event Type: Information
    Event Source: DNS
    Event Category: None
    Event ID: 4514
    Date: 20/04/2009
    Time: 10:56:23 PM
    User: N/A
    Computer: JSRFS01
    Description:
    The DNS server detected that it is not enlisted in the replication scope of
    the directory partition DomainDnsZones.jsr.local. This prevents the zones
    that should be replicated to all DNS servers in the jsr.local domain from
    replicating to this DNS server. For information on how to add a DNS server to
    the replication scope of an application directory partition, please see Help
    and Support.

    To create or repair the domain-wide DNS directory partition, open the the
    DNS console. Right-click the applicable DNS server, and then click 'Create
    Default Application Directory Partitions'. Follow the instructions to create
    the default DNS application directory partitions. For more information, see
    'To create the default DNS application directory partitions' in Help and
    Support.
    The error was 8367.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: af 20 00 00 ¯ ..


    On SBSDC I selected the DNS Server, right button moused and selected ..
    Create ..
    I then got a message "The partition to replicate zone data to all DNS
    servers in the Active Directory domain was not created. The specified
    directory partitin already exists. So not sure what to in relation to this
    error message.

    Thanks,

    Jeff
     
    Jeff, Apr 20, 2009
    #25
  6. Jeff

    Jeff Guest

    Hi Ace,

    I've responded to use the IP. Otherwise it prompts for a new IP.

    re: RDP - im connecting to it int he office - same LAN - just with abcsbs01
    which I've previously always used successfully. I've also tried 192.168.0.2
    unsucessfully.
    But I can connect from SBS to f/s using abcfs01 successfully.

    Remote Web Workplace isnt setup, but I can do so later. Could OWA
    internally be not functioning (apart from directly on the SBS/Exchange box)
    because of a routing issue?

    Here is GPResult:
    C:\>gpresult

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001

    Created On 4/21/2009 at 1:36:14 AM


    RSOP data for ABC\jeffr on ABCSBS01 : Logging Mode
    ---------------------------------------------------

    OS Type: Microsoft(R) Windows(R) Server 2003 for Small
    Busin
    ess Server
    OS Configuration: Primary Domain Controller
    OS Version: 5.2.3790
    Terminal Server Mode: Remote Administration
    Site Name: Default-First-Site-Name
    Roaming Profile:
    Local Profile: C:\Documents and Settings\jeffr
    Connected over a slow link?: No


    COMPUTER SETTINGS
    ------------------
    CN=ABCSBS01,OU=Domain Controllers,DC=abc,DC=local
    Last time Group Policy was applied: 4/21/2009 at 1:33:24 AM
    Group Policy was applied from: abcsbs01.abc.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: abc
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    Small Business Server Auditing Policy
    Default Domain Controllers Policy
    Windows Update Server
    Small Business Server Client Computer
    Small Business Server Remote Assistance Policy
    Small Business Server Lockout Policy
    Small Business Server Domain Password Policy
    Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Small Business Server Windows Firewall
    Filtering: Disabled (GPO)

    Small Business Server Internet Connection Firewall
    Filtering: Denied (WMI Filter)
    WMI Filter: PreSP2

    Windows Client Firewall Policy ITM & Etrust
    Filtering: Disabled (GPO)

    Local Group Policy
    Filtering: Not Applied (Empty)

    Small Business Server - Windows Vista policy
    Filtering: Denied (WMI Filter)
    WMI Filter: Vista

    The computer is a part of the following security groups
    -------------------------------------------------------
    BUILTIN\Administrators
    Everyone
    BUILTIN\Users
    BUILTIN\Pre-Windows 2000 Compatible Access
    Windows Authorization Access Group
    NT AUTHORITY\NETWORK
    NT AUTHORITY\Authenticated Users
    This Organization
    ABCSBS01$
    Domain Controllers
    Exchange Domain Servers
    NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
    RAS and IAS Servers
    Exchange Enterprise Servers


    USER SETTINGS
    --------------
    CN=Jeff B,CN=Users,DC=abc,DC=local
    Last time Group Policy was applied: 4/21/2009 at 12:13:16 AM
    Group Policy was applied from: abcsbs01.abc.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: ABC
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Small Business Server Lockout Policy
    Filtering: Disabled (GPO)

    Small Business Server Windows Firewall
    Filtering: Disabled (GPO)

    Small Business Server Internet Connection Firewall
    Filtering: Denied (WMI Filter)
    WMI Filter: PreSP2

    Windows Client Firewall Policy ITM & Etrust
    Filtering: Denied (WMI Filter)
    WMI Filter: PostSP2

    Small Business Server Client Computer
    Filtering: Not Applied (Empty)

    Local Group Policy
    Filtering: Not Applied (Empty)

    Small Business Server Remote Assistance Policy
    Filtering: Disabled (GPO)

    Small Business Server - Windows Vista policy
    Filtering: Denied (WMI Filter)
    WMI Filter: Vista

    Small Business Server Domain Password Policy
    Filtering: Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
    Domain Users
    Everyone
    BUILTIN\Administrators
    BUILTIN\Users
    NT AUTHORITY\INTERACTIVE
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    Domain Admins
    SBS Internet Users
    SBS Mobile Users
    SBS Report Users
    Offer Remote Assistance Helpers


    re: DHCP Scope - Yes adjusted . the scope for availalbe handout is
    192.168.0.10 to 192.168.0.254. Not availalbe is 192.168.0.1 to 192.168.0.9

    re: Firewall - When I selected Control Panel Windows Firewall, I got the
    message Windows Firewall cannot run because another program or service is
    running that might use the network address translation component (IPNat.sys).

    Jeff
     
    Jeff, Apr 20, 2009
    #26

  7. Jeff,

    The IPNAT error is an indication the machine is setup to share a connection.
    Since you are using a separate router, and this machine only has a single
    NIC enabled, it should be disabled. Apparently this error is RAS is causing
    the issue with not being able to RDP into it. How did you configure RRAS?
    Did you use the SBS Console? Did you setup it up to share a connection? I
    suggest to disable RRAS. If you only need RRAS for VPNs, it must be setup
    manually to be a VPN server, but not to share the connection. See if the
    following will help you configure a VP (similar to 2003).

    HOW TO: Turn On and Configure Inbound VPN Access in Small Business Server
    2000
    http://support.microsoft.com/kb/320697

    I also cross posted this to the SBS group to see if the SBS experts can
    offer anything I am not seeing.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 21, 2009
    #27

  8. WINS is not setup in DNS. Simply install WINS (already installed in your
    case), then in IP properties, Advance, WINS tab, make sure the IP address of
    the WINS server (this server) is in the WINS server IP list, which you did.
    That;s all you need to do. This, along with DHCP set to give it out, will
    allow all machines to use it, including your VPN clients.

    The replication error may be a sign of the IPNAT error causing an issue with
    communication wtih this server. See my other post, which I cross posted to
    the SBS group to see if they can offer anything additional I am not seeing.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 21, 2009
    #28
  9. Jeff

    Jeff Guest

    OK thanks - appreciated. I'll reply in your other post above.
     
    Jeff, Apr 21, 2009
    #29
  10. Jeff

    Jeff Guest

    Hi Ace,
    I've disabled the RAS service. Actually it has never been configured and
    tthe other day was the first time I looked at it in reponse to your
    questions. RDP has always previously worked. I've only ever used RDP from
    inside our LAN, not externally accessed.

    I''lm currently lokoing at the DNS errors on both servers. I've checked FRS
    is running on both. Have run ntfrsut1 version.

    On SBSDC dcdiag /testdns abc.local passed all. But when running the same
    test on the DNS installed last night, I got a few errors when it was
    validating back to the SBSDC

    Here is the DCDiag from abcfs01

    Doing initial required tests

    Testing server: Default-First-Site-Name\abcFS01
    Starting test: Connectivity
    ......................... abcFS01 passed test Connectivity

    Doing primary tests
    Testing server: Default-First-Site-Name\abcFS01

    DNS Tests are running and not hung. Please wait a few minutes...
    Running partition tests on : Schema
    Running partition tests on : Configuration
    Running partition tests on : abc
    Running enterprise tests on : abc.local
    Starting test: DNS
    Test results for domain controllers:

    DC: abcfs01.abc.local
    Domain: abc.local

    TEST: Basic (Basc)
    Warning: adapter [00000001] Broadcom NetXtreme Gigabit
    Ethernet has invalid DNS server: 192.168.0.2 (<name unavailable>)

    Summary of test results for DNS servers used by the above domain controllers:

    DNS server: 192.168.0.2 (<name unavailable>)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the
    1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.2
    Name resolution is not functional. _ldap._tcp.abc.local.
    failed on the DNS server 192.168.0.2

    Summary of DNS test results:
    Auth Basc Forw Del Dyn RReg Ext
    ________________________________________________________________
    Domain: abc.local
    abcfs01 PASS WARN PASS PASS PASS PASS
    n/a

    ......................... abc.local passed test DNS

    Can you please let me know what I should do about the PTR record error
    reported on trhe file server diag?

    Here is a curent ipconfig from SBSDC

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : abcsbs01
    Primary Dns Suffix . . . . . . . : abc.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : abc.local

    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Server Adapter
    Physical Address. . . . . . . . . : 00-04-23-B9-AF-15
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 192.168.0.2
    192.168.0.3
    Primary WINS Server . . . . . . . : 192.168.0.2
    Secondary WINS Server . . . . . . : 192.168.0.3


    Here is the IPconfig from file server abcfs01 (with new DNS that shows
    problems)

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : abcfs01
    Primary Dns Suffix . . . . . . . : abc.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : abc.local

    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-0C-76-A0-0B-12
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.3
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1
    DNS Servers . . . . . . . . . . . : 192.168.0.3
    192.168.0.2
    Primary WINS Server . . . . . . . : 192.168.0.3
    Secondary WINS Server . . . . . . : 192.168.0.2


    Thanks.
    Jeff
     
    Jeff, Apr 21, 2009
    #30
  11. The 127.0.0.1 PTR error may be coming from that hidden interface you were
    talking about in an earlier post. Go into Services, and make sure RRAS is
    disabled. Go into Computer Management, and make sure it is disabled there as
    well.

    The connection issue to the SBS from the second machine appears to be
    related to the RRAS IPNAT issue.

    Run the SBS BPA on the SBS:
    Microsoft Windows Small Business Server 2003 Best Practices Analyzer
    http://207.46.19.190/downloads/deta...7A-DE19-49BB-800F-352F3B6F2922&displaylang=en

    Small Business Server 2003 Best Practices Analyzer Updated
    http://blogs.technet.com/sbs/archiv...ver-2003-best-practices-analyzer-updated.aspx

    How to Use the Windows SBS 2003 BPA
    http://blogs.technet.com/sbs/archive/2007/10/22/how-to-use-the-windows-sbs-2003-bpa.aspx

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 21, 2009
    #31
  12. Jeff

    Jeff Guest

    Hi Ace,

    Thanks a lot for your help. I ran the SBS best practices and worked through
    one article that helped me identify the rogue NIC that I couldnt remove
    earlier (documented in MS KB875422 method 3). I think that has helped
    overcome the problem however it is curious as to why I that server all of a
    sudden lost connectivity.

    Anyway SBS is almost back on track and I now just have these DCDIAG problems
    to sort out.

    Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... JSRFS01 failed test frsevent
    Starting test: systemlog
    An Error Event occured. EventID: 0x00000457
    Time Generated: 04/22/2009 01:03:55
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 04/22/2009 01:03:55
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 04/22/2009 01:03:56
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 04/22/2009 01:04:04
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x00000457
    Time Generated: 04/22/2009 01:04:05
    (Event String could not be retrieved)
    ......................... ABCFS01 failed test systemlog


    Thanks,
    Jeff


     
    Jeff, Apr 21, 2009
    #32
  13. Jeff,

    Glad you got the hidden NIC taken care of, but reading that article, didn't
    make sense. But I guess it could if you had the scope range not on the same
    subnet as the internal NIC that you want DHCP to give out addresses for.

    As for the errors, the EventID: 0x00000457 indicates there is an Event log
    error associated with it. Can you post any errors you see, please?

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 21, 2009
    #33
  14. Jeff

    Jeff Guest

    Hi Ace,

    I now have the DCDAIG test on the file server passing all tests after
    creating "Enable Journal Wrap Automatic Restore" registry parameter to 1 in
    "System\CurrentControlSet\Services\NtFrs\Parameters". Replication messages
    indicate replicatonis working from SBS to FS.

    DCDIAG /test:dns passes on the SBS, but a couple of errors are reported
    with a standard DCDIAG on the SBS indicating replication is not working from
    FS to SBS.

    An Error Event occured. EventID: 0x00000457
    Time Generated: 04/22/2009 16:08:12
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 04/22/2009 16:08:45
    (Event String could not be retrieved)

    FRS service is running on both. I've looked at AD Sites & Servers. The
    servers leaf has both servers designated to replaicate from eachother (same
    as F/S).

    Event Type: Warning
    Event Source: NtFrs
    Event Category: None
    Event ID: 13508
    Date: 4/22/2009
    Time: 12:15:16 AM
    User: N/A
    Computer: JSRSBS01
    Description:
    The File Replication Service is having trouble enabling replication from
    JSRFS01 to JSRSBS01 for c:\windows\sysvol\domain using the DNS name
    jsrfs01.jsr.local. FRS will keep retrying.
    Following are some of the reasons you would see this warning.

    [1] FRS can not correctly resolve the DNS name jsrfs01.jsr.local from this
    computer.
    [2] FRS is not running on jsrfs01.jsr.local.
    [3] The topology information in the Active Directory for this replica has
    not yet replicated to all the Domain Controllers.

    This event log message will appear once per connection, After the problem is
    fixed you will see another event log message indicating that the connection
    has been established.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: d5 04 00 00 Õ...

    When I looked through the system event log, I noticed some DCOM errors
    communicating with ISP IPs that I think is ominous. These IPs were formerly
    in the list of DNS Servers that I previously removed and flushed.

    Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10009
    Date: 4/22/2009
    Time: 4:08:45 PM
    User: N/A
    Computer: JSRSBS01
    Description:
    DCOM was unable to communicate with the computer 61.9.194.49 using any of
    the configured protocols.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    I'm wondering if these 2 errors are related?

    Thanks,
    Jeff
     
    Jeff, Apr 22, 2009
    #34
  15. Jeff

    Jeff Guest

    Sorry i forgot that the above errors were part of these errors


    IsmServ Service is stopped on [JSRSBS01]
    ......................... JSRSBS01 failed test Services

    Starting test: frsevent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may
    cause
    Group Policy problems.
    ......................... JSRSBS01 failed test frsevent

    And this error in the event log in addition to 13508

    Event Type: Warning
    Event Source: NtFrs
    Event Category: None
    Event ID: 13509
    Date: 4/22/2009
    Time: 3:56:53 PM
    User: N/A
    Computer: JSRSBS01
    Description:
    The File Replication Service has enabled replication from JSRFS01 to
    JSRSBS01 for c:\windows\sysvol\domain after repeated retries.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    Netdiag on both servers passed.


     
    Jeff, Apr 22, 2009
    #35
  16. This comes back to something on the SBS is blocking the ability for the FS
    machine to communicate with it. We've went over numerous points, and I think
    something is still blocking it. I would hate to say go ahead and enable
    Journal Wrap on the FS, because now I would be guessing. If this is
    production critical, and business is being affected, and you've been trying
    to fix this since Thursday or Friday, I think it may be worth a call to
    Microsoft Support. What do you think?

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 22, 2009
    #36
  17. Jeff

    kj [SBS MVP] Guest

    It's a little difficult to follow the partial dcdiag errors and while some
    test may be 'passing' imporant information may be missing from your posts.

    ISMServ - the intersite messenging service is by default configured to
    'disabled' on SBS as it's not expecting to have additional domain
    controllers let alone additional AD sites. It appears that you have added a
    domain controller perhaps in a second site at some point. If this is the
    case then you should configure the ismserv service to "automatic" and either
    manually start the service or reboot the sbs server.

    Also (if this is the case) you should make sure that the branch offiice AD
    site and subnet(s) are properly configured. Then you need to make sure that
    DNS is configured (initially) to resolve the name of the branch office DC.
    Also both the SBS and branch office DC's should only be using themselves for
    client DNS and either root hints or ISP forwarders for external resolution.

    How long ago was it that the branch office DC was added?
     
    kj [SBS MVP], Apr 22, 2009
    #37
  18. KJ,

    That I didn't know about the ISM on SBS being disabled by default. Good
    info. I'm not familiar with all the nuances of SBS. I'm glad I cross posted
    it to the SBS group.

    As for DNS, it was initially a mess, but we've spent some time making sure
    his DNS settings are configured. Maybe an updated ipconfig /all from both
    DCs by Jeff would be prudent to update you and the others in the SBS group.

    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 22, 2009
    #38
  19. Jeff

    kj [SBS MVP] Guest

    In fairness the ISM handles SMTP configured site links and likely it was
    configured for IP so, probably not the cause. But as a practice I turn it on
    (auto) as is the Standard window configuration for multi-site AD
    configurations.

    Agreed on the ipconfig/all
     
    kj [SBS MVP], Apr 22, 2009
    #39
  20. Good point about ISM for SMTP site links. Since the two DCs are on the same
    subnet, I would imagine this wouldn't have a factor.

    What I can say is previously there was an error with IPNAT.sys, which
    indicated to me a RRAS issue and the firewall, essentially blocking internal
    LAN communications. I do not know if this was resolved. I've seen this in
    the past with SBS and non-SBS, and simply disabling RRAS and reconfiguring
    it manually for VPN access (in the two cases that I've previously seen is
    all RRAS was meant for), cleared up the problem. There are a lot of factors
    going on with Jeff's system that is difficult to pinpoint where it is. It
    started with a dual homed SBS, then an IP change, then more... The complete
    thread is in the AD group. I see you responded earlier, but there are so
    many posts, it will take time to go through them all.

    From: =?Utf-8?B?SmVmZg==?= <>
    Subject: Unable to login into SBS 2003 Domain server
    Date: Fri, 17 Apr 2009 09:47:01 -0700
    Message-ID: <>


    Ace
     
    Ace Fekay [Microsoft Certified Trainer], Apr 22, 2009
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.