I am amazed at how many times the "lucky timing" things hits me. There has to be dozens of times over the years I have just learned something and a month or less later it's info I really needed or at minimum was able to share with someone else that wanted it.
On a "help someone" front, yesterday in the space of 5 minutes I received 2 e-mails regarding my ADFS/SAML solution for Concur from months ago, both found me based on my posts about it to *this* list. "Here's your post, do you happen to have this document?". Reminds me, MBS was there a potential blog post on this I needed to edit once again? I can't remember whose court that was in... From: Coleman, Hunter [mailto:[email protected]] Sent: Tuesday, November 27, 2012 9:19 AM To: NT System Admin Issues Subject: RE: AD Washout Lucky timing. I'm subscribed to the RSS feed for the AskPFE blog, and happened to see the posting not too long after Dan sent out his message. From: David Lum [mailto:[email protected]] Sent: Tuesday, November 27, 2012 10:08 AM To: NT System Admin Issues Subject: RE: AD Washout This was a good thread for me, even though I wasn't affected it has been added to my brain as a "wow, I would have never thought of that" item. Hunter, how did you find that article? From: Coleman, Hunter [mailto:[email protected]] Sent: Tuesday, November 20, 2012 1:41 PM To: NT System Admin Issues Subject: RE: AD Washout Maybe a long shot, but check http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx From: Dan Bartley [mailto:[email protected]] Sent: Tuesday, November 20, 2012 9:04 AM To: NT System Admin Issues Subject: RE: AD Washout No to these questions. Actually it all seems centered around time sync problem that I have no idea the cause of. It seems the 2003 PDCe server developed a problem with access denied issues and that cascaded time sync errors to everything else. The 2 2000 DCs show the correct amount of uptime based on them being rebooted yesterday. The 2003 DCs however show correct time and date, but say uptime 4300+ days after their reboot. They are syncing with time server now, but clearly still have an issue. That is probably what is causing the one way replicate problem between just the 2 2003 DCs. I can actually replicate either one to a 2000 DC and then replicate that to the server that won?t replicate from the PDCe and changes show up. Still haven?t figured the best way to rectify the issue. I definitely do not favor a transfer of roles and dcpromo to demote and then promote again. Best Regards, Dan Bartley From: Christopher Bodnar [mailto:[email protected]] Sent: Tuesday, November 20, 2012 07:54 To: NT System Admin Issues Subject: RE: AD Washout Tombstonelifetime error makes me think this might be an issues with lingering objects. Were any of the domain controllers migrated from physical to virtual recently? Or restored from a backup? Christopher Bodnar Enterprise Architect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> From: "Dan Bartley" <[email protected]<mailto:[email protected]>> To: "NT System Admin Issues" <[email protected]<mailto:[email protected]>> Date: 11/19/2012 09:51 PM Subject: RE: AD Washout ________________________________ No. However, I just discovered that when I try to do a manual replication on one 2003 DC from the PDCe 2003 DC, I get an error that it can?t replicate due to tombstone lifetime being exceeded. It does replicate the other direction. I am not getting any Event errors in the Directory Service event log of either DC when I try the manual replication (such as 2042-which I did find references on). Best Regards, Dan Bartley Director - Security, IT, Billing, A-R NetCarrier Telecom Phone: (877) 255-7733; Fax: (267) 638-0317; Direct: (215) 966-3310 From: Jon Harris [mailto:[email protected]] Sent: Monday, November 19, 2012 21:37 To: NT System Admin Issues Subject: RE: AD Washout Any new patches added just prior to this. Jon ________________________________ Subject: AD Washout Date: Mon, 19 Nov 2012 21:31:10 -0500 From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> I mostly watch and learn, but today a question. Today I had an issue I can?t find any reason for. Mixed 2000-2003 domain. 2 of each. All the roles have been moved to the 2003 DCs, except time server. Fully patched. Out of nowhere I started getting SCOM alerts from 2 of the DCs that various DC functions were failing when contacting one of the 2003 DCs. The 2 2000 servers could be RDP, but not accessed via MMC for services, etc. from a Win7 workstation. I saw various KCC NTDS Replication related errors on one of the 2003 DCs. I could attach to them via RPC (MMC) though. One of the 2000 DCs is still the time server. Neither of the 2003 DCs could update time with it having a server error 5, access denied error. The other 2000 DC could update time fine. Logins to various internal systems and DFS links started to fail with access denied errors. Eventually I rebooted the 2003 DC with the PDCe role and everything started to come back. There were no Directory Service errors or warnings in the event log at or before this happened. At the time this started this DC had system errors that the other 2003 DC had a time in the future, however it did not. In the application log there were errors when it started for ID 1058, Windows cannot access the file gpt.ini for GPO?? and ending with ?(There is a time and/or date difference between the client and server. ). Group Policy processing aborted.? All of the other DCs showed nothing other than the breakdown between them and this server. After the reboot all was well again. No performance issues for CPU, HDD or memory while it was going on. No services stopped. Anybody have any thoughts on what might have caused this? Best Regards, Dan Bartley ________________________________ CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin CONFIDENTIALITY NOTICE***The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
