Just to add another wrench, i get this DNS error from phmaindc1 when tryin gto registerdns.
C:\>ipconfig /registerdns Windows IP Configuration Registration of DNS records failed: The RPC server is unavailable. =) On 11/16/06, hboogz <[EMAIL PROTECTED]> wrote:
This is my kerbtry output, i really don't know how to determine if the ticket is forwarable. On 11/16/06, hboogz < [EMAIL PROTECTED]> wrote: > > As a result of the above , i get the following issue when trying to run > a repadmin /showreps from the phmaindc1 DC. > > Source: MainOffice\PHPRINT1 > ******* 194 CONSECUTIVE FAILURES since 2006-11-15 12:39:33 > Last error: 8453 (0x2105): > Replication access was denied. > > Source: jacwf\PHJACDC1 > ******* 110 CONSECUTIVE FAILURES since 2006-11-15 12:38:34 > Last error: 8453 (0x2105): > Replication access was denied. > > > but from phprint ( another DC in the same domain ) and PHJACDC1 ( child > DC in child domain: jacwf.phippsny.org ) i get succesfully replication > entries when running repadmin /showreps. > > > I've reset the local machine acount password about 3 times today on all > DC's. > > > > On 11/16/06, hboogz < [EMAIL PROTECTED]> wrote: > > > > This is the output from the child domain controller. > > > > C:\Tools\AdFind>adfind -default -f > > (servicePrincipalName=host/phjacdc1.jacwf.p > > ppsny.org) cn > > > > AdFind V01.34.00cpp Joe Richards ( [EMAIL PROTECTED]) November 2006 > > > > Using server: phjacdc1.jacwf.phippsny.org:389 > > Directory: Windows Server 2003 > > Base DN: DC=jacwf,DC=phippsny,DC=org > > > > dn:CN=PHJACDC1,OU=Domain Controllers,DC=jacwf,DC=phippsny,DC=org > > >cn: PHJACDC1 > > > > > > 1 Objects returned > > > > On 11/16/06, hboogz < [EMAIL PROTECTED]> wrote: > > > > > > This is the output i received from adfind. > > > > > > C:\Tools\AdFind>adfind -default -f > > > (servicePrincipalName=host/phmaindc1.phippsny > > > .org) cn > > > > > > AdFind V01.34.00cpp Joe Richards ([EMAIL PROTECTED] ) November 2006 > > > > > > Using server: PHMAINDC1.phippsny.org:389 > > > Directory: Windows Server 2003 > > > Base DN: DC=phippsny,DC=org > > > > > > dn:CN=PHMAINDC1,OU=Domain Controllers,DC=phippsny,DC=org > > > >cn: PHMAINDC1 > > > > > > > > > 1 Objects returned > > > > > > C:\Tools\AdFind>adfind -default -f > > > (servicePrincipalName=host/phprint1.phippsny. > > > org) cn > > > > > > AdFind V01.34.00cpp Joe Richards ( [EMAIL PROTECTED]) November 2006 > > > > > > Using server: PHMAINDC1.phippsny.org:389 > > > Directory: Windows Server 2003 > > > Base DN: DC=phippsny,DC=org > > > > > > dn:CN=PHPRINT1,OU=Domain Controllers,DC=phippsny,DC=org > > > >cn: PHPRINT1 > > > > > > > > > 1 Objects returned > > > > > > > > > Those are my two domain controllers in the forest root domain ( > > > phippsny.org) > > > > > > i have a child domain and will run it against that child domain > > > controller as well. > > > > > > > > > > > > > > > On 11/16/06, hboogz < [EMAIL PROTECTED]> wrote: > > > > > > > > I need to be able to find the SPN as the dsquery given didn't work > > > > for me. > > > > > > > > the host name without the dns suffix -- netbios name is phmaindc1 > > > > > > > > on top the issues i have now, replication from phmaindc1 doesn't > > > > work to the other dc's, but when i run a repadmin /showreps from the other > > > > domain contollers, replication TO phmaindc1 reports successfully. > > > > > > > > i don't have identically named hosts, never did but it sounds like > > > > it could be the issue. > > > > > > > > DNS is setup as AD-INT right now on all servers, reverse and > > > > forward zones. > > > > > > > > I need insight on how to find duplicate SPN's. > > > > > > > > > > > > > > > > On 11/16/06, Al Mulnick < [EMAIL PROTECTED]> wrote: > > > > > > > > > > Do you have identically named hosts? Maybe nic teaming gone > > > > > wrong? Clustering? > > > > > > > > > > Strange DNS? > > > > > > > > > > What exactly is the hostname supposed to be? host/phprint1? > > > > > That's not the same as the host name you're reporting from (SPN?) > > > > > > > > > > Al > > > > > > > > > > On 11/16/06, hboogz < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > I am having continued issues with Kerberos. I tried running > > > > > > tokensz against the problem server and i get this error message.. > > > > > > > > > > > > C:\Tools>tokensz /compute_tokensize /package:negotiate > > > > > > /use_delegation /target_s > > > > > > erver:host/phmaindc1 > > > > > > > > > > > > Name: Negotiate Comment: Microsoft Package Negotiator > > > > > > Current PackageInfo->MaxToken: 12128 > > > > > > > > > > > > Asked for delegate, but didn't get it. > > > > > > Check if server is trusted for delegation. > > > > > > > > > > > > QueryKeyInfo: > > > > > > Signature algorithm = > > > > > > Encrypt algorithm = RSADSI RC4 > > > > > > KeySize = 128 > > > > > > Flags = 2001c > > > > > > Signature Algorithm = -138 > > > > > > Encrypt Algorithm = 26625 > > > > > > QueryContextAttributes (lifespan): Status = 21480742420x80090302 SEC_E_NOT_SUPP > > > > > > ORTED > > > > > > > > > > > > > > > > > > any ideas ? > > > > > > > > > > > > I keep getting the following event log message on a domain > > > > > > controller which prevents users from accessing it and authenticating to it. > > > > > > > > > > > > Event Type: Error > > > > > > Event Source: Kerberos > > > > > > Event Category: None > > > > > > Event ID: 4 > > > > > > Date: 11/16/2006 > > > > > > Time: 12:02:37 PM > > > > > > User: N/A > > > > > > Computer: PHMAINDC1 > > > > > > Description: > > > > > > The kerberos client received a KRB_AP_ERR_MODIFIED error from > > > > > > the server host/phmaindc1.phippsny.org. The target name used was > > > > > > host/phprint1. This indicates that the password used to encrypt the kerberos > > > > > > service ticket is different than that on the target server. Commonly, this > > > > > > is due to identically named machine accounts in the target realm ( > > > > > > PHIPPSNY.ORG), and the client realm. Please contact your > > > > > > system administrator. > > > > > > > > > > > > For more information, see Help and Support Center at > > > > > > http://go.microsoft.com/fwlink/events.asp. > > > > > > > > > > > > > > > > > > Help! > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > HBooGz:\> > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > HBooGz:\> > > > > > > > > > > > > > > > -- > > > HBooGz:\> > > > > > > > > > > -- > > HBooGz:\> > > > > > -- > HBooGz:\> -- HBooGz:\>
-- HBooGz:\>
