Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

NTFRSUTIL error 1753

1,423 views
Skip to first unread message

Thomas R Grassi Jr

unread,
Mar 7, 2009, 9:47:43 AM3/7/09
to
I have two Windows 2003 R2 Standard DC servers SP2
trying to get file replication sysvol netlogon shares working.

ran this command on DC1 ntfrsutil ds dc1
results
ERROR cannot bind w/authentication to computer, dc1 000006d9 (1753)
ERROR Cannot bind w/o authentication to computer dc1 000006d9 (1753)
ERROR Cannot RPC to computer dc1 000006d9 (1753)

I turned off my windows firewall services and get the same results

On DC2 I issue the same command and get the same results

When I issue ntfrsutl dc dc2 the results are what I would expect.

Also I can run ntfrsutl dc dc2 from dc1 and it reports good informatuion.

So My DC1 has a problem which I am not sure where to look at this point

I have been following a KB257338 article for my SYSVOL and NETLOGON shares
issue which happens to be on DC2

DC2 has been recently added to the network.
The shares for SYSVOlL and NETLOGON were not created.

This is why I was running ntfrsutl dc dc1 and then I discovered this problem


Any ideas or help thanks

Tom


Isaac Oben -MCSE, MCITP

unread,
Mar 7, 2009, 11:32:07 AM3/7/09
to
Hello Thomas,

How long ago did you add DC2 to the network as a domain controller? I am
msking this because, it might just be that DC2 have not completed
initialization of sysvol . Please do an ipconfig /all and a dcdiag /v on
both dc1 and dc 2 respectively and post to the forum.

Isaac

"Thomas R Grassi Jr" <thomas...@hotmail.com> wrote in message
news:Oc$FtOznJ...@TK2MSFTNGP03.phx.gbl...

Thomas R Grassi Jr

unread,
Mar 7, 2009, 9:04:49 PM3/7/09
to
Isaac

It was about 1 week ago I brought it online
Yes DC2 did not complete initialzation of sysvol

I turned off windows firewall on both dc's

made some changes to the registry per kb319553 kb224196

I was at work today and when I came home I saw that SYSVOL and NETLOGON was
created as shares and now when I run
ntfrsutl dc dc1 it shows valid info

now the big test will be turning on the firewalls on both dcs to see what
happens

Thanks

tom

"Isaac Oben -MCSE, MCITP" <isaac...@nospam.gmail.com> wrote in message
news:uJKOFJ0n...@TK2MSFTNGP06.phx.gbl...

Ace Fekay [Microsoft Certified Trainer]

unread,
Mar 8, 2009, 3:27:32 AM3/8/09
to
In news:OMemEJ5n...@TK2MSFTNGP05.phx.gbl,
Thomas R Grassi Jr <thomas...@hotmail.com>, posted the following:

> Isaac
>
> It was about 1 week ago I brought it online
> Yes DC2 did not complete initialzation of sysvol
>
> I turned off windows firewall on both dc's
>
> made some changes to the registry per kb319553 kb224196
>
> I was at work today and when I came home I saw that SYSVOL and
> NETLOGON was created as shares and now when I run
> ntfrsutl dc dc1 it shows valid info
>
> now the big test will be turning on the firewalls on both dcs to see
> what happens
>
> Thanks
>
> tom

Tom,

AD communication between DCs requires 29 ports opened and free and clear,
including the dynamic ephemeral response ports (UDP > 1023). I recommend
there are no firewalls (whether local or on a VPN/router) between domain
controllers in a forest blocking ports. This will insure DCs can communicate
with each other, as well as clients can communicate with the DCs.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
ace...@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.


Meinolf Weber [MVP-DS]

unread,
Mar 8, 2009, 10:27:50 AM3/8/09
to
Hello Thomas,

Please try to stick to one posting and do not post that much different one's
all belonging to the same problem.

You should think about using a newsreader where you can use crossposting
and have all answers readable for anybody.
http://www.blakjak.demon.co.uk/mul_crss.htm

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Thomas R Grassi Jr

unread,
Mar 8, 2009, 10:38:11 AM3/8/09
to
Ace

So what you are suggesting is that I do not start the windows firewall
service on both my dcs.

I have a linksys broadband router that gets everyone on the internet use it
firewall instead?

Cause currently thats how I am running but I thougt I would be able to open
the port neccessary for AD to work but I think the dynamic ports is the
issue even when I hard code the ports in the registry it seems not to work

right now on DC2 it takes about 6 minutes for the server to start at the
point of network services thats seems to be a long time

also I am getting event 3096 netlogon and event 40960 lsasrv at startup

when I issue nltest /query
1311 ERROR_NO_LOGON_SERVERS


not sure what that is at this point but that happend last night and after a
while it went away. very starange something is still not setup right

any ideas or help

Thanks

tom


"Ace Fekay [Microsoft Certified Trainer]" <firstnam...@hotmail.com>
wrote in message news:%23$XUR%237nJH...@TK2MSFTNGP03.phx.gbl...

Ace Fekay [Microsoft Certified Trainer]

unread,
Mar 9, 2009, 3:50:59 AM3/9/09
to
In news:uaXaCu$nJHA...@TK2MSFTNGP06.phx.gbl,

Thomas R Grassi Jr <thomas...@hotmail.com>, posted the following:
> Ace
>
> So what you are suggesting is that I do not start the windows firewall
> service on both my dcs.
>
> I have a linksys broadband router that gets everyone on the internet
> use it firewall instead?
>
> Cause currently thats how I am running but I thougt I would be able
> to open the port neccessary for AD to work but I think the dynamic
> ports is the issue even when I hard code the ports in the registry it
> seems not to work
> right now on DC2 it takes about 6 minutes for the server to start at
> the point of network services thats seems to be a long time
>
> also I am getting event 3096 netlogon and event 40960 lsasrv at
> startup
> when I issue nltest /query
> 1311 ERROR_NO_LOGON_SERVERS
>
>
> not sure what that is at this point but that happend last night and
> after a while it went away. very starange something is still not
> setup right
> any ideas or help
>
> Thanks
>
> tom

Tom, this appears to be a continuation of your previous threads. Try to
stick to one thread for a problem, please. It's starting to get confusing
keeping track.

Yes, do not use any firewall on a DC.

I still think this has to do with the VLAN subnet definitions. But then
again, at this point it may be best for you to call Microsoft PSS for this
issue, especially if these are production machines. This has been going on
some time, and without a hands-on, remoted in look by myself or a competent
engineer, it is getting difficult to diagnose. The longer this goes on, a DC
may pass the 60 day AD object lifetime point and the DC will be pretty much
useless. There is a way to force it past the 60 day point, however because
replication is not working, it would be a moot point.

Ace

0 new messages