Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ADAM - install replication

259 views
Skip to first unread message

Dmitri Gavrilov [MSFT]

unread,
Sep 30, 2003, 11:45:26 AM9/30/03
to
Adamsetup.log in %windir%\debug may have some clues.

And here's a whole bunch of questions:

What is your setup like: Is ADAM machine joined to a domain? What type of
domain (nt4, w2k, w2k3)? Which service account are you setting -- is it a
domain account or local account?

What about the source ADAM instance? Is it in the same domain? Which service
account is it using? Is it up? What is the msDS-replAuthenticationMode (read
it off configuration partition head)?

Did you recently rename source ADAM machine, change ADAM ports or change its
service account? Do you see any errors or warnings in its event log?

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Aaron Collins" <col...@so-net.net.tw> wrote in message
news:49a14bb8.03092...@posting.google.com...
> Hi:
>
> I encountered one strange problem when installing
> a replication of an ADAM instance.
>
> The error message is as follows :
>
> The service account for this instance of ADAM cannot be used
> with the selected configuration set. The account failed validation
> whih the fllowing error:
> Error 0x80070057
> The parameter is incorrect.
>
> Select a different service account, and then try again. For more
> inofmration about ADAM service accounts, see "Selecting a service
> account" in ADAM Help.
>
> The service account I chose have been granted "Logon as
> a service" and "Generate security audits" user rights.
>
> I've read the ADAM help and couldn't find any clue regarding how
> to correct this error.
> (what does the phrase - "parameters is incorrect" - mean??)
>
> Can someone give me any hint or advice?
>
> Any help is greatly appreciated.
>
> Aaron Collins.


Aaron Collins

unread,
Sep 30, 2003, 11:24:17 PM9/30/03
to
The evnironment I set up is really simple. My ADAM machines did not join to a
domain, so I set a local account to run these two ADAM instances. And the
replication authetication mode is set to Negotiated pass-through by default.

I neither rename source ADAM machine nor change its port and service
account. BTW, I see some logs in Adamsetup.log which might be the
cause of this problem. It seems that this service account failed to pass
validation process( info.eValidationResult = 0). Is there any
other user rights that should be assigned to this service account?

Here is the logs found in Adamsetup.log:

Enter CheckServiceSecurity
Enter InitSecWinntAuthIdentity
Enter State::GetOperation REPLICA
Enter State::GetServerName xx.xx.xx.xx
Enter State::GetServerPort 389
Enter State::UseRemoteCreds false
Enter State::GetOperation REPLICA
NtdsAdamValidateServiceAccount() => 87
info.eValidationResult = 0
Enter GetErrorMessage 80070057
ADAMERR_SERVICE_INVALID


The service account for this instance of ADAM cannot be used with the selected

configuration set. The account failed validation with the following error:
Error 0x80070057

Any help is highly appreciated.

Aaron Collins.

"Dmitri Gavrilov [MSFT]" <dmi...@online.microsoft.com> wrote in message news:<OwHMjn2h...@TK2MSFTNGP11.phx.gbl>...

Dmitri Gavrilov [MSFT]

unread,
Oct 1, 2003, 4:09:23 PM10/1/03
to
For non-member machines, all ADAM instances MUST use local service accounts
with the same name and password. Or do they run on the same machine?

Also, make sure you provide correct creds to connect to the source instance.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Aaron Collins" <col...@so-net.net.tw> wrote in message

news:49a14bb8.03093...@posting.google.com...

Aaron Collins

unread,
Oct 2, 2003, 1:29:10 AM10/2/03
to
Yes, I use local service accounts with the same name and password.
(the setup wizard will complain if they are different.)

I also tried to run them either on different or the same machine,
but the result remained the same.

What really makes me confused is the validation process. It only
tells me that the parameter is incorrect and nothing more.

"Dmitri Gavrilov [MSFT]" <dmi...@online.microsoft.com> wrote in message news:<uAIBofFi...@TK2MSFTNGP10.phx.gbl>...

Dmitri Gavrilov [MSFT]

unread,
Oct 2, 2003, 1:56:51 AM10/2/03
to
The error is unexpected, something we did not hit in tests. That's why the
error is pretty useless. There should be something unusual in your setup.
Can you retry on a freshly built pair of machines? BTW, is this XP or WS2k3?

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Aaron Collins" <col...@so-net.net.tw> wrote in message

news:49a14bb8.03100...@posting.google.com...

Aaron Collins

unread,
Oct 2, 2003, 9:18:32 PM10/2/03
to
It is WS2k3 and I only installed some necessary hotfixs and Trend server
protect. I'll retry on a freshly built machines and see if it works
correctly.

Thanks for your reply :)

Aaron Collins.

"Dmitri Gavrilov [MSFT]" <dmi...@online.microsoft.com> wrote in message news:<uupDUpKi...@TK2MSFTNGP12.phx.gbl>...

0 new messages