DCDiag Directory Binding Error -2146892976:
Arthur Larson
Directory Domain Controller:
-----------------------------------------------------------------------------------------------
DCDiag
Domain Controller Diagnosis
Performing initial setup:
[MyDomainControllerServer] Directory Binding Error -2146892976:
The system detected a possible attempt to compromise security. Please
ensur
that you can contact the server that authenticated you.
This may limit some of the tests that can be performed.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MyDomainControllerServer
Starting test: Connectivity
[MyDomainControllerServer] DsBindWithSpnEx() failed with error
-2146892976,
The system detected a possible attempt to compromise security.
Please
ensure that you can contact the server that authenticated you..
......................... MyDomainControllerServer failed test
Connectivity
------------------------------------------------------------------------------------------------
The event log shows no errors, however my Exchange Server 2003 (differnt
server) is getting thousands of Error 8026 on a apparantly random bases
(every 2 to 12 hours). This goes on for between 10 to 30 minutes, then
everything returns to normal.
nslookup "domainname" resolves correctly
nslookup "servername" resolves correctly
all Windows clients log onto domain with no problems.
--
Any ideas would be greatly appreciated.
Thanks in advance,
Arthur Larson
Harj
Where is this domain controller pointed to for DNS? Were there Domain
controllers in the environment that are not around anymore?
I would look at DNS first, point all Domain controllers to the PDC for
primary DNS and the ipconfig /flushdns & ipconfig /registerdns & net
stop netlogon & net start netlogon on all domain controllers.
Nslookup is excellent for name resolution but when we deal with domain
controllers, there are SRV records that are required to be resolved as
well.
In regards to your Exchange errors, these errors are not Exchange
errors. There is something wrong with your Active Directory so verify
that AD is functioning correctly.
If the RUS is configured to point to a DC that does not have the FSMO
role of "Infrastructure Master", then the RUS cannot update AD.
Good luck
Harj Singh
Power Your Active Directory Investment
www.specopssoft.com
Arthur Larson
2003 Server sp1). I only have one Domain Controller and One DNS Server. I
verified that the FMSO role is "Infrastructure Master".
I was thinking the Exchange Server problems were Active Directory related
too, so I am focusing on the Domain Controller
I tried the following:
nslookup
set q=srv
_ldap._tcp.dc_msdcs.myActive_Directory_Domain_Name
and get:
Server: the_correct_servername.Domainname.com
Address: the correct IP of the DC
*** servername.domainname.com can't find _ldap.tcp.dc._nsdcs.domainname:
Non-existent domain
That does not sound good, any ideas on why I am getting those results?
Note that all cleints in this network are working fine and can map network
drives, login, etc.
Thanks again for the help.
Arthur Larson
--
Arthur Larson
I get:
> _ldap._tcp.dc._msdcs.mydomainname.com
Server: my_domain_controller_dns_server.mydomainname.com
Address: 192.168.2.10 (This is the DC/DNS server IP)
_ldap._tcp.dc._msdcs.mydomainname.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = my_domain_controller_dns_server.mydomainname.com
_ldap._tcp.dc._msdcs.mydomainname.com SRV service location:
priority = 0
weight = 0
port = 389
svr hostname = my_domain_controller_dns_server.mydomainname.com
my_domain_controller_dns_server.mydomainname.com internet address=
192.168.2.10
my_domain_controller_dns_server.mydomainname.com internet address =
192.168.2.10
>
The last time I fat fingured it!
Thanks,
Arthur Larson
--
Arthur Larson