And all that kerfuffle makes me happy we have a GPS-based time source in our server room...
Kurt On Tue, Nov 27, 2012 at 9:39 AM, Dan Bartley <[email protected]> wrote: > > And it was right on the money. This is exactly what happened. There were > no lingering objects and no fancy footwork was required to get things back > on track. Just a single registry change, replicate manually, then return > registry to previous state. This post was very appreciated Hunter. > > > > Best Regards, > > Dan Bartley > > > > > From: Coleman, Hunter [mailto:[email protected]] > Sent: Tuesday, November 27, 2012 12:19 > > > To: NT System Admin Issues > Subject: RE: AD Washout > > > > Lucky timing. I’m subscribed to the RSS feed for the AskPFE blog, and > happened to see the posting not too long after Dan sent out his message. > > > > From: David Lum [mailto:[email protected]] > Sent: Tuesday, November 27, 2012 10:08 AM > To: NT System Admin Issues > Subject: RE: AD Washout > > > > This was a good thread for me, even though I wasn’t affected it has been > added to my brain as a “wow, I would have never thought of that” item. > > > > Hunter, how did you find that article? > > > > From: Coleman, Hunter [mailto:[email protected]] > Sent: Tuesday, November 20, 2012 1:41 PM > To: NT System Admin Issues > Subject: RE: AD Washout > > > > Maybe a long shot, but check > http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx > > > > > > From: Dan Bartley [mailto:[email protected]] > Sent: Tuesday, November 20, 2012 9:04 AM > To: NT System Admin Issues > Subject: RE: AD Washout > > > > No to these questions. > > > > Actually it all seems centered around time sync problem that I have no > idea the cause of. It seems the 2003 PDCe server developed a problem with > access denied issues and that cascaded time sync errors to everything else. > The 2 2000 DCs show the correct amount of uptime based on them being > rebooted yesterday. The 2003 DCs however show correct time and date, but say > uptime 4300+ days after their reboot. They are syncing with time server now, > but clearly still have an issue. That is probably what is causing the one > way replicate problem between just the 2 2003 DCs. I can actually replicate > either one to a 2000 DC and then replicate that to the server that won?t > replicate from the PDCe and changes show up. Still haven?t figured the best > way to rectify the issue. I definitely do not favor a transfer of roles and > dcpromo to demote and then promote again. > > > > Best Regards, > > Dan Bartley > > > > From: Christopher Bodnar [mailto:[email protected]] > Sent: Tuesday, November 20, 2012 07:54 > To: NT System Admin Issues > Subject: RE: AD Washout > > > > Tombstonelifetime error makes me think this might be an issues with > lingering objects. Were any of the domain controllers migrated from physical > to virtual recently? Or restored from a backup? > > Christopher Bodnar > Enterprise Architect I, Corporate Office of Technology:Enterprise > Architecture and Engineering Services > > Tel 610-807-6459 > 3900 Burgess Place, Bethlehem, PA 18017 > [email protected] > > > > The Guardian Life Insurance Company of America > > www.guardianlife.com > > > > > > > From: "Dan Bartley" <[email protected]> > To: "NT System Admin Issues" > <[email protected]> > Date: 11/19/2012 09:51 PM > Subject: RE: AD Washout > > ________________________________ > > > > > No. > > However, I just discovered that when I try to do a manual replication on > one 2003 DC from the PDCe 2003 DC, I get an error that it can?t replicate > due to tombstone lifetime being exceeded. It does replicate the other > direction. I am not getting any Event errors in the Directory Service event > log of either DC when I try the manual replication (such as 2042-which I did > find references on). > > Best Regards, > > Dan Bartley > Director - Security, IT, Billing, A-R > NetCarrier Telecom > Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310 > > > From: Jon Harris [mailto:[email protected]] > Sent: Monday, November 19, 2012 21:37 > To: NT System Admin Issues > Subject: RE: AD Washout > > Any new patches added just prior to this. > > Jon > > > > ________________________________ > > > Subject: AD Washout > Date: Mon, 19 Nov 2012 21:31:10 -0500 > From: [email protected] > To: [email protected] > I mostly watch and learn, but today a question. Today I had an issue I > can?t find any reason for. > > Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the > 2003 DCs, except time server. Fully patched. > > Out of nowhere I started getting SCOM alerts from 2 of the DCs that > various DC functions were failing when contacting one of the 2003 DCs. The 2 > 2000 servers could be RDP, but not accessed via MMC for services, etc. from > a Win7 workstation. I saw various KCC NTDS Replication related errors on one > of the 2003 DCs. I could attach to them via RPC (MMC) though. One of the > 2000 DCs is still the time server. Neither of the 2003 DCs could update time > with it having a server error 5, access denied error. The other 2000 DC > could update time fine. Logins to various internal systems and DFS links > started to fail with access denied errors. > > Eventually I rebooted the 2003 DC with the PDCe role and everything > started to come back. There were no Directory Service errors or warnings in > the event log at or before this happened. At the time this started this DC > had system errors that the other 2003 DC had a time in the future, however > it did not. In the application log there were errors when it started for ID > 1058, Windows cannot access the file gpt.ini for GPO?? and ending with > ?(There is a time and/or date difference between the client and server. ). > Group Policy processing aborted.? > > All of the other DCs showed nothing other than the breakdown between them > and this server. After the reboot all was well again. No performance issues > for CPU, HDD or memory while it was going on. No services stopped. > > Anybody have any thoughts on what might have caused this? > > Best Regards, > > Dan Bartley > > ________________________________ > > CONFIDENTIALITY NOTICE***The information contained in this message may be > privileged, confidential, and protected from disclosure. If the reader of > this message is not the intended recipient, or any employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that any dissemination, distribution, or copying of this > communication is strictly prohibited. If you have received this > communication in error, please notify us immediately by replying to the > message and deleting it from your computer. Thank you. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > CONFIDENTIALITY NOTICE***The information contained in this message may be > privileged, confidential, and protected from disclosure. If the reader of > this message is not the intended recipient, or any employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that any dissemination, distribution, or copying of this > communication is strictly prohibited. If you have received this > communication in error, please notify us immediately by replying to the > message and deleting it from your computer. Thank you. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ----------------------------------------- This message, and any > attachments to it, may contain information that is privileged, confidential, > and exempt from disclosure under applicable law. If the reader of this > message is not the intended recipient, you are notified that any use, > dissemination, distribution, copying, or communication of this message is > strictly prohibited. If you have received this message in error, please > notify the sender immediately by return e-mail and delete the message and > any attachments. Thank you. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > CONFIDENTIALITY NOTICE***The information contained in this message may be > privileged, confidential, and protected from disclosure. If the reader of > this message is not the intended recipient, or any employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that any dissemination, distribution, or copying of this > communication is strictly prohibited. If you have received this > communication in error, please notify us immediately by replying to the > message and deleting it from your computer. Thank you. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > CONFIDENTIALITY NOTICE***The information contained in this message may be > privileged, confidential, and protected from disclosure. If the reader of > this message is not the intended recipient, or any employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that any dissemination, distribution, or copying of this > communication is strictly prohibited. If you have received this > communication in error, please notify us immediately by replying to the > message and deleting it from your computer. Thank you. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
