coling Posted October 20, 2006 Posted October 20, 2006 Windows 2003 Native mode AD - 2 DCs standard config.Issue is cant browse network neighbourhood"The specified network name is no longer available"Workaround: restart netlogon service on DCbrowsing returns for a period of time approx 1dayLogon to DCs gives errors:Generic Host Process for Win32 Servicesapplied following fix:http://support.microsoft.com/kb/894391All DCS fully patched.DCDIAG RESULTS:Testing server: <SERVER NAME> Starting test: Replications <SERVER NAME> passed test Replications Starting test: NCSecDesc <SERVER NAME> passed test NCSecDesc Starting test: NetLogons [<SERVER NAME>] An net use or LsaPolicy operation failed with error 1203, Win32 Error 1203. SERVER NAME> failed test NetLogons Starting test: Advertising Warning: <SERVER NAME> is not advertising as a time server. <SERVER NAME> failed test Advertising Starting test: KnowsOfRoleHolders <SERVER NAME> passed test KnowsOfRoleHolders Starting test: RidManager <SERVER NAME> passed test RidManager Starting test: MachineAccount Could not open pipe with [<SERVER NAME>]:failed with 1203: Win32 Error 1203 Could not get NetBIOSDomainName Failed can not test for HOST SPN Failed can not test for HOST SPN * Missing SPN :(null) * Missing SPN :(null) <SERVER NAME> failed test MachineAccount Starting test: Services Could not open Remote ipc to [<SERVER NAME>]:failed with 1203: Win32 Error 1203 <SERVER NAME> failed test Services Starting test: ObjectsReplicated <SERVER NAME> passed test ObjectsReplicated Starting test: frssysvol [<SERVER NAME>] An net use or LsaPolicy operation failed with error 1203, Win32 Error 1203. <SERVER NAME> failed test frssysvol Starting test: frsevent <SERVER NAME> failed test frsevent Starting test: kccevent Failed to enumerate event log records, error Win32 Error 1203 <SERVER NAME> failed test kccevent Starting test: systemlog Failed to enumerate event log records, error Win32 Error 1203 <SERVER NAME> failed test systemlog Starting test: VerifyReferences <SERVER NAME> passed test VerifyReferences
fizban2 Posted October 20, 2006 Posted October 20, 2006 was one of these DCs recently added?? if so how long ago, on the newer DC is there a SYSvol folder and netlogon folder shared?please run dcdiag /test:netlogons and let us know the results from thatalternately you could also try to run the following from the cmd prompt - net stop netlogon and then net start netlogon to try to reregister the SRV records.
coling Posted October 23, 2006 Author Posted October 23, 2006 Hi,I removed one DC and added another 2 weeks ago, but the problem has been ongoing for 4 weeks.There are no browsing issues with the new DC.Yes, there is a SYSvol folder and netlogon folder that is shared.Results from dcdiag /test:netlogons below:Domain Controller DiagnosisPerforming initial setup: Done gathering initial info.Doing initial required tests Testing server: <AD SITE>\<SERVER NAME> Starting test: Connectivity ......................... <SERVER NAME> passed test ConnectivityDoing primary tests Testing server: <AD SITE>\<SERVER NAME> Starting test: NetLogons ......................... <SERVER NAME> passed test NetLogons Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on :<DOMAIN NAME> Running enterprise tests on :<DOMAIN NAME>.comI am currently restarting the NetLogon service each day to resolve the problem....but I am hoping to find a permanent fix.Thanks in advance.Colin.
cluberti Posted October 23, 2006 Posted October 23, 2006 (edited) On the new DCs, does the "policies" folder appear in SYSVOL, and is it populated with the same data as the original DC(s)?These errors are consistent with jrnl_wrap_error errors or "No network provider accepted the given network path" thrown by the FRS dealing with being unable to replicate some or all of the SYSVOL folder and it's contents. I'm not saying this is the case, but please check the SYSVOL folders on all your DCs and make sure they are identical, because the errors indicate that this may not be the case.You also need to run ntdsutil to make sure that your FSMO roles are all on valid DCs, and that none of the FSMO roles is still attached to the downed DC - these errors can also begin due to being unable to contact the PDCe. Edited October 23, 2006 by cluberti
coling Posted October 23, 2006 Author Posted October 23, 2006 Hi,Yes, the "policies" folder does appear in SYSVOL, and has the same data as the original DC.There is also a folder called "DO_NOT_REMOVE_NtFrs_Preinstall_Directory" on each DC which I'm not sure about.All FSMO roles are on the 2 live DC's, the old DC was demoted correctly and removed from the network.This problem has been happening since before promoting / demoting DC's.Thanks,Colin.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now