If you have not already, have you run dcdiag on those machines? I'm curious what it says about dns and updating records etc....
Al
On 5/31/06, Al Lilianstrom <[EMAIL PROTECTED]> wrote:
steve patrick wrote:
> So after you boot and wait for a bit- if you run gpudate /force , it
> comes back successful yes?
Yes.
New policies apply without a /force.
> And netlogon is only paused for a time. Do the DC's point to themselves
> for DNS?
No. External DNS.
al
> If so - you probably are hitting the behavior where we have some delay
> due to waiting for an initial AD sync...
> Im sure there are many others who can comment on the specific behavior -
> but it is important to note that it is by design
>
> steve
>
> ----- Original Message ----- From: "Al Lilianstrom"
> <[EMAIL PROTECTED]>
> To: <[email protected] >
> Sent: Wednesday, May 31, 2006 8:41 AM
> Subject: Re: [ActiveDir] New DC can't find the machine account
>
>
>> Almeida Pinto, Jorge de wrote:
>>>>>>> Netlogon is paused on the server. 0x14
>>> please check the following:
>>> * sc query netlogon -> is it paused?
>>
>> No.
>>
>> C:\>sc query netlogon
>>
>> SERVICE_NAME: netlogon
>> TYPE : 20 WIN32_SHARE_PROCESS
>> STATE : 4 RUNNING
>> ...
>>
>> It only shows paused in the netlogon.log file for ~30 seconds while
>> the server is booting.
>>
>>> * repadmin /options <FQDN DC> -> are the options
>>> "DISABLE_INBOUND_REPL" and "DISABLE_OUTBOUND_REPL" shown?
>>
>> No.
>>
>>> if both answer = YES -> see directory services event log for event ID
>>> 2095 and 2103 -> if available -> issue = USN rollback ->
>>> http://support.microsoft.com/?id=875495
>>
>> Just for grins I looked to make sure those events weren't there and
>> they are not.
>>
>> al
>>
>>> Met vriendelijke groeten / Kind regards,
>>> Ing. Jorge de Almeida Pinto
>>> Senior Infrastructure Consultant
>>> MVP Windows Server - Directory Services
>>> LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
>>> ( Tel : +31-(0)40- 29.57.777
>>> ( Mobile : +31-(0)6-26.26.62.80
>>> * E-mail : <see sender address>
>>>
>>> ________________________________
>>>
>>> From: [EMAIL PROTECTED] on behalf of Al Lilianstrom
>>> Sent: Wed 2006-05-31 16:53
>>> To: [email protected]
>>> Subject: Re: [ActiveDir] New DC can't find the machine account
>>>
>>>
>>>
>>> Almeida Pinto, Jorge de wrote:
>>>> see if the following helps:
>>>> http://www.eventid.net/display.asp?eventid=1097&eventno=2126&source=Userenv&phase=1
>>>>
>>>
>>> I had run across that page last night.
>>>
>>> Time is ok (ntp to local time source)
>>> I don't think that both computer accounts are corrupt as they were ok as
>>> simple servers
>>> I enabled debug logging for the netlogon service and at the same time I
>>> get the userenv events I get
>>>
>>> 05/31 09:48:22 [CRITICAL] NetpDcHandlePingResponse: test.fnal.gov.:
>>> Netlogon is paused on the server. 0x14
>>>
>>> al
>>>
>>>> Met vriendelijke groeten / Kind regards,
>>>> Ing. Jorge de Almeida Pinto
>>>> Senior Infrastructure Consultant
>>>> MVP Windows Server - Directory Services
>>>>
>>>> LogicaCMG Nederland B.V. (BU RTINC Eindhoven)
>>>> ( Tel : +31-(0)40-29.57.777
>>>> ( Mobile : +31-(0)6-26.26.62.80
>>>> * E-mail : <see sender address>
>>>>
>>>> ________________________________
>>>>
>>>> From: [EMAIL PROTECTED] on behalf of Al Lilianstrom
>>>> Sent: Wed 2006-05-31 15:37
>>>> To: [email protected]
>>>> Subject: [ActiveDir] New DC can't find the machine account
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> I have a Windows 2000 based AD (empty root with 1 child domain) that
>>>> I'm
>>>> in the process of upgrading to w2003r2 as a test for our production
>>>> domain (same configuration). The adprep went fine as well as the
>>>> dcpromo
>>>> of the new DC. However when the new DC reboots I get the following
>>>> messages in the application log:
>>>>
>>>> EVENT TYPE Error
>>>> SOURCE Userenv
>>>> EVENT ID 1097
>>>> Windows cannot find the machine account, The Local Security Authority
>>>> cannot be contacted .
>>>>
>>>> and
>>>>
>>>> EVENT TYPE Error
>>>> SOURCE Userenv
>>>> EVENT ID 1030
>>>> Windows cannot query for the list of Group Policy objects. Check the
>>>> event log for possible messages previously logged by the policy engine
>>>> that describes the reason for this.
>>>>
>>>> Neither system has these messages when they were simple servers in the
>>>> domain. They were rebooted several times before becoming DCs to make
>>>> sure the event logs were clean.
>>>>
>>>> They seem to be functioning as DCs. File replication with the orginal
>>>> w2k dc took a long time to start up.
>>>>
>>>> I added a second w2k3 r2 DC and it is showing the exact same messages.
>>>> Both machines were created from the same sysprep image - the machine
>>>> that was built as the basis for the sysprep image was never in the
>>>> domain.
>>>>
>>>> I've been searching Microsoft and came up with one or two applicable
>>>> docs. One said to make sure that services like netlogon were set to
>>>> automatic (it is). Another had settings for enabling debug on the
>>>> netlogon service which I implemented. All that I see in there is
>>>> netlogon pausing.
>>>>
>>>> Any ideas?
>>>>
>>>> al
>>>> --
>>> --
>>>
>>> Al Lilianstrom
>>> CD/CSS/CSI
>>> [EMAIL PROTECTED]
>>> List info : http://www.activedir.org/List.aspx
>>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>>> List archive: http://www.activedir.org/ml/threads.aspx
>>>
>>>
>>>
>>>
>>> This e-mail and any attachment is for authorised use by the intended
>>> recipient(s) only. It may contain proprietary material, confidential
>>> information and/or be subject to legal privilege. It should not be
>>> copied, disclosed to, retained or used by, any other party. If you
>>> are not an intended recipient then please promptly delete this e-mail
>>> and any attachment and all copies and inform the sender. Thank you.
>>
>> --
>>
>> Al Lilianstrom
>> CD/CSS/CSI
>> [EMAIL PROTECTED]
>> List info : http://www.activedir.org/List.aspx
>> List FAQ : http://www.activedir.org/ListFAQ.aspx
>> List archive: http://www.activedir.org/ml/threads.aspx
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
--
Al Lilianstrom
CD/CSS/CSI
[EMAIL PROTECTED]
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
