Event Type: Error
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1126
Date: 9/6/2004
Time: 12:41:50 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: DC01
Description:
Active Directory was unable to establish a connection with the global
catalog.
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200caf
User Action:
Make sure a global catalog is available in the forest, and is reachable from
this domain controller. You may use the nltest utility to diagnose this
problem.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
-----------------------------------------------------------------------------------
But 2 second later, I got these.
Event Type: Information
Event Source: NTDS General
Event Category: Service Control
Event ID: 1394
Date: 9/6/2004
Time: 12:41:52 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: DC01
Description:
Attempts to update the Active Directory database are succeeding. The Net
Logon service has restarted.
Event Type: Information
Event Source: NTDS General
Event Category: Global Catalog
Event ID: 1869
Date: 9/6/2004
Time: 12:41:52 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: DC01
Description:
Active Directory has located a global catalog in the following site.
Global catalog:
\\dc01.SC.ESILICON.COM
Site:
Default-First-Site-Name
----------------------------------------------------------------------------------
When I run Netdiag, I got
[FATAL] Secure channel to domain 'SC' is broken. [ERROR_NO_LOGON_SERVERS]
When I run nltest /server:dc01 /query, I got more errors
C:\Documents and Settings\elau>nltest /server:dc01 /query
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
C:\Documents and Settings\elau>nltest /server:dc00 /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
C:\Documents and Settings\elau>nltest /server:dc02 /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
C:\Documents and Settings\elau>nltest /server:dc00 /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
C:\Documents and Settings\elau>nltest /server:dc01 /query
Flags: 0
Connection Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
C:\Documents and Settings\elau>nltest /server:dc01 /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
C:\Documents and Settings\elau>nltest /server:dc00 /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
C:\Documents and Settings\elau>nltest /server:dc02 /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
-----------------------------------------------------------------------
After all these, 15-30 minutes later if I run the same commands again
everything would pass.
Netdiag would say "Trust relationship test. . . . . . : Passed
Secure channel for domain 'SC' is to '\\dc00.SC.ESILICON.COM'
C:\Documents and Settings\elau>nltest /server:dc01 /query
Flags: 0
Connection Status = 0 0x0 NERR_Success
The command completed successfully
Can anyone tell me what's wrong with Active Directory or DNS?
I seems to me everything works fine except I got these messages at the
beginning. But the error went away if I try these later.
Thanks.
Eric
Is this DC overworked? Any other services/apps running on it? Older machine?
Network cable in good shape? Switch settings altered from default? Pointing
only to the internal DNS server?
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc01
Primary Dns Suffix . . . . . . . : SC.ESILICON.COM
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : SC.ESILICON.COM
ESILICON.COM
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection #6
Physical Address. . . . . . . . . : 00-B0-D0-B0-21-D1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.5.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.5.1
DNS Servers . . . . . . . . . . . : 10.1.5.22
Primary WINS Server . . . . . . . : 10.1.5.22
Thanks.
Eric
With the information provided I can't say with any confidence that this is
your issue, but you might want to consider the possibility of an effect known
as DNS islanding. This happens when you have multiple internal DNS servers
and each one only points to themself for name resolution (i.e. DNS1 points to
DNS1 and DNS2 points to DNS2). What happens is that a resource updates its
record on DNS1 which should replicate over to DNS2. However, DNS1 doesn't
know about DNS2 so replication never occurs. Other resources update their
records on DNS2 which never get back to DNS1. After awhile you'll see that
some resources have records on both DNS servers with different information
because DHCP leases have been expired and regenerated. As you can imagine,
this leads to some very weird responses.
The way you correct this is by point DNS1 to DNS2 for name resolution and
vice versa.
Wouldn't the effects of DNS islanding be mitigated (or eliminated) through
enabling zone transfers?
"Chad A. Lacy" <cl...@nospam.familydollar.com> wrote in message
news:1EE5FDA7-6B62-48DA...@microsoft.com...
1) Zones are AD-integrated or,
2) Zone transfers are enabled if DNS is setup in the standard
primary/secondary configuration
Am I missing something? :)
"Chad A. Lacy" <cl...@nospam.familydollar.com> wrote in message
news:5569C1C8-6366-4306...@microsoft.com...
However, from what you have described, I do not think this is your issue.
--
Paul Williams
_________________________________________
http://www.msresource.net
Join us in our new forums!
http://forums.msresource.net
_________________________________________
"Chad A. Lacy" <cl...@nospam.familydollar.com> wrote in message
news:EDC09C07-63B6-4885...@microsoft.com...
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine dc01, is a DC.
* Connecting to directory service on server dc01.
[dc01] Directory Binding Error 1753:
There are no more endpoints available from the endpoint mapper.
This may limit some of the tests that can be performed.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 6 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC01
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
[DC01] DsBindWithSpnEx() failed with error 1753,
There are no more endpoints available from the endpoint mapper..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 2936 (DcDiag)
System Time is: 9/12/2004 0:54:6:37
Generating component is 2 (RPC runtime)
Status is 1753: There are no more endpoints available from the
endpoint mapper.
Detection location is 500
NumberOfParameters is 4
Unicode string: ncacn_ip_tcp
Unicode string:
e1a7405f-2296-4b89-9e3c-a39b4805e807._msdcs.SC.ESILICON.com
Long val: -481213899
Long val: 65537
Error Record 2, ProcessID is 2936 (DcDiag)
System Time is: 9/12/2004 0:54:6:37
Generating component is 2 (RPC runtime)
Status is 1722: The RPC server is unavailable.
Detection location is 761
NumberOfParameters is 1
Unicode string: 1025
Error Record 3, ProcessID is 2936 (DcDiag)
System Time is: 9/12/2004 0:54:6:37
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 313
Error Record 4, ProcessID is 2936 (DcDiag)
System Time is: 9/12/2004 0:54:6:37
Generating component is 8 (winsock)
Status is 10048: Only one usage of each socket address
(protocol/network address/port) is normally permitted.
Detection location is 311
NumberOfParameters is 3
Long val: 1025
Pointer val: 0
Pointer val: 0
Error Record 5, ProcessID is 2936 (DcDiag)
System Time is: 9/12/2004 0:54:6:37
Generating component is 8 (winsock)
Status is 10048: Only one usage of each socket address
(protocol/network address/port) is normally permitted.
Detection location is 318
......................... DC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC01
Skipping all tests, because server DC01 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : SC
Starting test: CrossRefValidation
......................... SC passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... SC passed test CheckSDRefDom
Running enterprise tests on : SC.ESILICON.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... SC.ESILICON.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\dc01.SC.ESILICON.COM
Locator Flags: 0xe00001bc
Warning: Couldn't verify this server as a PDC using DsListRoles()
PDC Name: \\dc00.SC.ESILICON.COM
Locator Flags: 0xe00001b9
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
KDC Name: \\dc01.SC.ESILICON.COM
Locator Flags: 0xe00001bc
......................... SC.ESILICON.com failed test FsmoCheck
Eric