I had the similar catch 22 a couple of months ago on a heavily utilised DC but it was DNS related where AD was dependant on DNS and DNS had not started fully. As the DC pointed to itself for DNS there was nothing else I could but accept the error. Or cross point the DNS servers but did not want to do that.
But if your DC points at it self how will a rebuild fix the issue? -----Original Message----- From: Al Lilianstrom <[EMAIL PROTECTED]> Date: Thu, 01 Jun 2006 10:19:43 To:[email protected] Subject: Re: [ActiveDir] New DC can't find the machine account Mark Parris wrote: > Did you see my post last night - this is expected behaviour? Yes I did. There are other DCs that are alive and responding. Unless the DC is only willing to talk to itself then it should talk to the other dc. We'll see if anything changes after the DNS server gets replaced. al > -----Original Message----- > From: Al Lilianstrom <[EMAIL PROTECTED]> > Date: Thu, 01 Jun 2006 08:13:20 > To:[email protected] > Subject: Re: [ActiveDir] New DC can't find the machine account > > [EMAIL PROTECTED] wrote: >> I bet you one crate to a bottle of German beer that your DNS is out to lunch. >> Every time when I've seen this, it always goes away by kicking a DNS server >> somewhere. Check your DNS servers. > > I talked to the networking people and the DNS server that is used for > our test domains is a couple of major releases out of date and running > on really crap hardware. > > Building him a new server... > > Thanks for all the help. > > al > >> Sincerely, >> _____ >> (, / | /) /) /) >> /---| (/_ ______ ___// _ // _ >> ) / |_/(__(_) // (_(_)(/_(_(_/(__(/_ >> (_/ /) >> (/ >> Microsoft MVP - Directory Services >> www.readymaids.com <http://www.readymaids.com> - we know IT >> www.akomolafe.com <http://www.akomolafe.com> >> Do you now realize that Today is the Tomorrow you were worried about >> Yesterday? -anon >> >> >> ________________________________ >> >> From: [EMAIL PROTECTED] on behalf of Al Lilianstrom >> Sent: Wed 5/31/2006 7:53 AM >> To: [email protected] >> Subject: Re: [ActiveDir] New DC can't find the machine account >> >> >> >> Almeida Pinto, Jorge de wrote: >>> see if the following helps: >>> >> http://www.eventid.net/display.asp?eventid=1097&eventno=2126&source=Userenv&p >> hase=1 >> >> I had run across that page last night. >> >> Time is ok (ntp to local time source) >> I don't think that both computer accounts are corrupt as they were ok as >> simple servers >> I enabled debug logging for the netlogon service and at the same time I >> get the userenv events I get >> >> 05/31 09:48:22 [CRITICAL] NetpDcHandlePingResponse: test.fnal.gov.: >> Netlogon is paused on the server. 0x14 >> >> al >> >>> Met vriendelijke groeten / Kind regards, >>> Ing. Jorge de Almeida Pinto >>> Senior Infrastructure Consultant >>> MVP Windows Server - Directory Services >>> >>> LogicaCMG Nederland B.V. (BU RTINC Eindhoven) >>> ( Tel : +31-(0)40-29.57.777 >>> ( Mobile : +31-(0)6-26.26.62.80 >>> * E-mail : <see sender address> >>> >>> ________________________________ >>> >>> From: [EMAIL PROTECTED] on behalf of Al Lilianstrom >>> Sent: Wed 2006-05-31 15:37 >>> To: [email protected] >>> Subject: [ActiveDir] New DC can't find the machine account >>> >>> >>> >>> Hi, >>> >>> I have a Windows 2000 based AD (empty root with 1 child domain) that I'm >>> in the process of upgrading to w2003r2 as a test for our production >>> domain (same configuration). The adprep went fine as well as the dcpromo >>> of the new DC. However when the new DC reboots I get the following >>> messages in the application log: >>> >>> EVENT TYPE Error >>> SOURCE Userenv >>> EVENT ID 1097 >>> Windows cannot find the machine account, The Local Security Authority >>> cannot be contacted . >>> >>> and >>> >>> EVENT TYPE Error >>> SOURCE Userenv >>> EVENT ID 1030 >>> Windows cannot query for the list of Group Policy objects. Check the >>> event log for possible messages previously logged by the policy engine >>> that describes the reason for this. >>> >>> Neither system has these messages when they were simple servers in the >>> domain. They were rebooted several times before becoming DCs to make >>> sure the event logs were clean. >>> >>> They seem to be functioning as DCs. File replication with the orginal >>> w2k dc took a long time to start up. >>> >>> I added a second w2k3 r2 DC and it is showing the exact same messages. >>> Both machines were created from the same sysprep image - the machine >>> that was built as the basis for the sysprep image was never in the domain. >>> >>> I've been searching Microsoft and came up with one or two applicable >>> docs. One said to make sure that services like netlogon were set to >>> automatic (it is). Another had settings for enabling debug on the >>> netlogon service which I implemented. All that I see in there is >>> netlogon pausing. >>> >>> Any ideas? >>> >>> al >>> -- >> -- >> >> Al Lilianstrom >> CD/CSS/CSI >> [EMAIL PROTECTED] >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx >> >> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: http://www.activedir.org/ml/threads.aspx > -- Al Lilianstrom CD/CSS/CSI [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
