Re: netlogon error

• Previous message: Bodger: "Re: User Memory Quotas"
• In reply to: Roger Abell: "Re: netlogon error"
• Next in thread: Roger Abell: "Re: netlogon error"
• Reply: Roger Abell: "Re: netlogon error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 24 Dec 2004 16:27:41 -0600

Roger, Thanks for the help. I have run the netdiag /fix and it looks like
it has cleared up some of the problems. I am back home working via the SBS
remote access. The 2K3 machine is not available (part of the problem) so I
will have to try to get back in to the office to do it. I will be out of
touch for several days, and may not be able to get back to it until then. I
have your suggestions, and will see if that takes care of me when I can get
back on the machine.

I want to make sure you Steven know how much I appreciate your patience and
assistance.

Frank Brown

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%23v0SqWf6EHA.1392@tk2msftngp13.phx.gbl...
> On the SBS first run
> netdiag /fix
> Verify that the zones supporting the AD are configured for
> secured dynamic updates allowed. For this, run the DNS
> mgmt UI and highlight each forward zone then rclick into
> its properties. They should be AD integrated and allowing
> secured dynamic updates.
>
> On the failing W2k3 check that
> - in tcp/ip settings the DNS server is the SBS machine
> - in System properties (rclick my computer, properties)
> the full computer name is correct, right domain
> at cmd prompt run
> net stop netlogon
> net start netlogon
> then rerun netdiag to see if it is clean.
>
> Once clean, you will want to install DNS on the
> second DC (if not already) and have it host the same
> AD integrated zones as are on the other DNS service.
>
> optional/advised:
> After you have DNS fault tolerance, you could/should
> configure each DC to point first to the other and then
> to itself for DNS services in the Tcp/Ip config.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Brown" <fbrown@mta-inc.com> wrote in message
> news:OKNECGf6EHA.1204@TK2MSFTNGP10.phx.gbl...
>> OK, I ran dcdiag and netdiag on the 2K3 machine errors abound ----
>> First: dcdiag > "Although the Guid name <string of stuff here> couldn't
> be
>> resolved, the server name (server02.domain.local) resolved to the IP
> address
>> (192.168.1.98) and was pingable. Check that the IP address is registered
>> correctly with the DNS Server."
>> The other tests in dcdiag passed
>> Then: netdiag:> Domain membership test: Failed "[WARNING] The system
>> volumehas not been completely replicated to the local machine. This
>> machine is not working properly as a DC."
>> DC test: failed "[WARNING] The DNS entries for this DC are not
>> registered
>> correctly on the DNS server '192.168.1.99'. Please wait for 30 minutes
> for
>> DNS serfver replication. [FATAL] No DNS servers have the DNS records for
>> this DC registered."
>> DC list test: Failed [WARNING] Cannot call DsBind to main.domain.local
>> (192.168.1.99). [SEC_E_WRONG_PRINCIPAL]
>> Trust Relationship test: Failed ....
>> Kerberos test: Failed........
>>
>> OK, HELP!! Where do I start??
>>
>> Brown
>>
>>
>> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
>> news:Oql3Ced6EHA.3124@TK2MSFTNGP11.phx.gbl...
>> > and netdiag and dcdiag have told you . . . ?
>> >
>> > --
>> > Roger
>> > "Brown" <fbrown@knology.net> wrote in message
>> > news:OEn0igV6EHA.2568@TK2MSFTNGP11.phx.gbl...
>> > > The SBS machine has 2 NICs but only one is active. The Win2K3 has one
>> NIC.
>> > > DHCP is running on an external router.
>> > >
>> > > Brown
>> > >
>> > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
>> > > news:uZpd85T6EHA.2192@TK2MSFTNGP14.phx.gbl...
>> > > > For DC communications issues your first stop shop to
>> > > > get hints of what may be amiss is by running on each DC
>> > > > netdiag and dcdiag utilities (depending on versions, you
>> > > > may need to install the optional support tools from the CD).
>> > > >
>> > > > Which, if any, of these machines are multihomed (>1 nic)?
>> > > >
>> > > > --
>> > > > Roger Abell
>> > > >
>> > > > "Brown" <fbrown@mta-inc.com> wrote in message
>> > > > news:O5OJURP6EHA.4008@TK2MSFTNGP15.phx.gbl...
>> > > >> I tried that, but since it is a DC (backup) it will not allow
>> > > >> this.
>> Is
>> > > >> there any other way to get them to shake hands?
>> > > >> Brown
>> > > >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
>> > > >> news:%23deks%23L6EHA.3124@TK2MSFTNGP11.phx.gbl...
>> > > >> > did I actually forget to mention that you could try resetting
>> > > >> > the machine account (in AD Users and Comps) . . .
>> > > >> >
>> > > >> > --
>> > > >> > Roger Abell
>> > > >> >
>> > > >> > "Brown" <fbrown@mta-inc.com> wrote in message
>> > > >> > news:O2$c8m55EHA.2624@TK2MSFTNGP11.phx.gbl...
>> > > >> >> I am running SBS 2003 Pro (MAIN), with a Win2K3 Standard server
>> > > >> >> (SERVER02)
>> > > >> >> which is providing file server and AD Backup tasks.
>> > > >> >> I am getting an error messaage in the System Event Viewer,
> source
>> > > >> > Netlogon:
>> > > >> >> "The session setup from the computer SERVER02 failed to
>> > authenticate.
>> > > >> >> The
>> > > >> >> name(s) of the account(s) referenced in the security database
>> > > >> >> is
>> > > >> > SERVER02$.
>> > > >> >> The following error occured: Access denied."
>> > > >> >>
>> > > >> >> What do I need to do to correct this?
>> > > >> >>
>> > > >> >> Brown
>> > > >> >>
>> > > >> >>
>> > > >> >
>> > > >> >
>> > > >>
>> > > >>
>> > > >
>> > > >
>> > >
>> > >
>> >
>> >
>>
>>
>
>

• Previous message: Bodger: "Re: User Memory Quotas"
• In reply to: Roger Abell: "Re: netlogon error"
• Next in thread: Roger Abell: "Re: netlogon error"
• Reply: Roger Abell: "Re: netlogon error"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]