Reading the last paragraph this is expected behaviour (feature). Mark
SNIP/ 832215 You receive event ID 1097 and event ID 1030 error events when you restart a Windows Server 2003-based domain controller This issue may occur if one or more of the following conditions are true: Only one other domain controller is available in the domain, and that domain controller is starting up, but is not completely started. This is the only domain controller in the domain. The error events that are described in the "Symptoms" section of this article are logged while the domain controller is starting up. A program sends a request that requires a domain controller role, and the domain controller is still starting up. The Net Logon service on a domain controller is set to Manual and is not started. This behavior occurs because, during startup, the Net Logon service enters a paused state together with Directory Services startup. During this time, the domain controller responds to netlogon ping requests with a "netlogon paused" response. Note These netlogon ping requests may also originate from the local computer. In this scenario, domain controller locator requests are unsuccessful. Therefore, the program or service that sends the request cannot locate a domain controller. Typically, this error only occurs while the domain controller starts. The error stops when the services are available. When the Net Logon service resumes from the paused state, other programs and services can again contact the domain controller. /END SNIP -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Lilianstrom Sent: 31 May 2006 13:38 To: [email protected] Subject: [ActiveDir] New DC can't find the machine account Hi, I have a Windows 2000 based AD (empty root with 1 child domain) that I'm in the process of upgrading to w2003r2 as a test for our production domain (same configuration). The adprep went fine as well as the dcpromo of the new DC. However when the new DC reboots I get the following messages in the application log: EVENT TYPE Error SOURCE Userenv EVENT ID 1097 Windows cannot find the machine account, The Local Security Authority cannot be contacted . and EVENT TYPE Error SOURCE Userenv EVENT ID 1030 Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. Neither system has these messages when they were simple servers in the domain. They were rebooted several times before becoming DCs to make sure the event logs were clean. They seem to be functioning as DCs. File replication with the orginal w2k dc took a long time to start up. I added a second w2k3 r2 DC and it is showing the exact same messages. Both machines were created from the same sysprep image - the machine that was built as the basis for the sysprep image was never in the domain. I've been searching Microsoft and came up with one or two applicable docs. One said to make sure that services like netlogon were set to automatic (it is). Another had settings for enabling debug on the netlogon service which I implemented. All that I see in there is netlogon pausing. Any ideas? al -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
