Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Hi Jorge, below is the Dcdiag /v results from DC01 & DC02. Thanks for your
help.
[Replications Check,DC01] A recent replication attempt failed:
From DC02 to DC01
The replication generated an error (1908):
Win32 Error 1908
The failure occurred at 2005-09-21 14:50.17.
The last success occurred at 2005-09-20 09:56.03.
Kerberos Error.
A KDC was not found to authenticate the call.
[DC02] DsBind() failed with error -2146893022,
Win32 Error -2146893022.
Warning: DC01 is not advertising as a time server.
w32time Service is stopped on [DC01]
Starting test: frssysvol
* The File Replication Service Event log test
An Warning Event occured. EventID: 0x800034C4
Time Generated: 09/20/2005 17:07:48
enabling replication from DC02 to DC01 for c:\winnt\sysvol\domain using the
DNS name DC02.ssict.org.au. FRS will keep retrying.
[1] FRS can not correctly resolve the DNS name DC02.ssict.org.au from this
computer.
[2] FRS is not running on DC02.ssict.org.au.
[3] The topology information in the Active Directory for this replica has
not yet replicated to all the Domain Controllers.
Starting test: FsmoCheck
GC Name: \\DC01.ssict.org.au
Locator Flags: 0xe00001bd
PDC Name: \\DC01.ssict.org.au
Locator Flags: 0xe00001bd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
KDC Name: \\DC01.ssict.org.au
Locator Flags: 0xe00001bd......... ssict.org.au failed test FsmoCheck
=========================
[Replications Check,DC02] A recent replication attempt failed:
From DC01 to DC02
The replication generated an error (1326):
Logon failure: unknown user name or bad password.
The failure occurred at 2005-09-21 14:46.52.
The last success occurred at 2005-08-01 16:59.20.
Kerberos Error.
The machine account is not present, or does not match on the.
destination, source or KDC servers.
[DC01] DsBind() failed with error -2146893022,
The target principal name is incorrect..
Warning: DsGetDcName returned information for \\DC01.ssict.org.au, when we
were trying to reach DC02.
Server is not responding or is not considered suitable.
Warning: DC02 is not advertising as a time server.
Warning: DC01 is the Schema Owner, but is not responding to DS RPC Bind.
[DC01] LDAP bind failed with error 31,
A device attached to the system is not functioning..
DC01 is the Schema Owner, but is not responding to LDAP Bind.
DC01 is the Domain Owner, but is not responding to DS RPC & LDAP Bind.
DC01 is the PDC Owner, but is not responding to DS RPC & LDAP Bind.
DC01 is the Rid Owner, but is not responding to DS RPC & LDAP Bind
DC01 is the Infrastructure Update Owner, but is not responding to DS RPC &
LDAP Bind.
Starting test: RidManager
[DC02] DsBindWithCred() failed with error -2146893022. The target principal
name is incorrect.
* The File Replication Service Event log test
Error: No record of File Replication System, SYSVOL started.
An Warning Event occured. EventID: 0x800034FD
Time Generated: 09/20/2005 16:50:11
An Warning Event occured. EventID: 0x800034D0
Time Generated: 09/20/2005 16:50:11
Event String: The File Replication Service moved the preexisting files in
c:\winnt\sysvol\domain to
c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog.
The File Replication Service may delete the files in
c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog
at any time. Files can be saved from deletion by copying them out of
c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog.
Copying the files into c:\winnt\sysvol\domain may lead to name conflicts if
the files already exist on some other replicating partner.
In some cases, the File Replication Service may copy a file from
c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog into
c:\winnt\sysvol\domain instead of replicating the file from some other
replicating partner.
Space can be recovered at any time by deleting the files in
c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 09/20/2005 16:51:52
Event String: The File Replication Service is having trouble
enabling replication from DC01 to DC02 for c:\winnt\sysvol\domain using the
DNS name DC01.ssict.org.au. FRS will keep retrying.
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000410A
Time Generated: 09/21/2005 14:38:20
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000C8A
Time Generated: 09/21/2005 14:52:45
Event String: Failed to authenticate with \\DC01.ssict.org.au, a Windows NT
or Windows 2000 domain controller for domain SSICT.
An Error Event occured. EventID: 0xC0000021
Starting test: FsmoCheck
Warning: Couldn't verify this server as a GC in this servers AD.
GC Name: \\DC01.ssict.org.au
Locator Flags: 0xe00001bd
PDC Name: \\DC01.ssict.org.au
Locator Flags: 0xe00001bd
DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
KDC Name: \\DC01.ssict.org.au
Locator Flags: 0xe00001bd ........ ssict.org.au failed test FsmoCheck
"Jorge_de_Almeida_Pinto" wrote:
> "" wrote:
> > Oh yes, I got this error on DC02 server, "Failed to
> > authenticate with
> > \DC01.ssict.org.au, a Windows NT or Windows 2000 domain
> > controller for
> > domain "XYZ". I am so scared to make more changes because
> > that may break
> > certificate service cant do new certificate. I am very
> > desperate to hear
> > anyone that knew why. Thanks muchly.
> >
> > "seeker01" wrote:
> >
> > > current environment: 2 x Windows 2000 Domain Controllers
> > with CA services
> > > running.
> > >
> > > This morning, I have performed the non-authoritative system
> > state restore on
> > > DC2 because no users can request new certificate. The system
> > state restore
> > > solved the CA problem but introduced other new non-trusted
> > errors & DNS
> > > errors . DC1 complaint "The session setup from the computer
> > DC02 failed to
> > > authenticate. The name of the account referenced in the
> > security database is
> > > SSRADCERT02$. The following error occurred: Access is
> > denied." I can ping the
> > > DC by host & fqdn but why cant I do net time
> > \DC02computername /set /y from
> > > ssradcert02 encounters errors “access deniedâ€Â. I have to
> > run "net time
> > > \DC02IPaddress /set /y.
> > >
> > > Any clues why? I have coldfeet really. Thanks !
> > >
>
> what does DCDIAG /V say?
>
> --
> Posted using the
http://www.windowsforumz.com interface, at author's request
> Articles individually checked for conformance to usenet standards
> Topic URL:
http://www.windowsforumz.com/Active-Directory-Problems-Restore-System-State-ftopict423569.html
> Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1417532
>