Jump to content

"Win32 Error 1203" errors on Server 2003 DC


coling

Recommended Posts

Windows 2003 Native mode AD - 2 DCs standard config.

Issue is cant browse network neighbourhood

"The specified network name is no longer available"

Workaround: restart netlogon service on DC

browsing returns for a period of time approx 1day

Logon to DCs gives errors:

Generic Host Process for Win32 Services

applied following fix:

http://support.microsoft.com/kb/894391

All DCS fully patched.

DCDIAG RESULTS:

Testing server: <SERVER NAME>

Starting test: Replications <SERVER NAME> passed test Replications

Starting test: NCSecDesc <SERVER NAME> passed test NCSecDesc

Starting test: NetLogons [<SERVER NAME>] An net use or LsaPolicy operation failed with error 1203, Win32 Error 1203. SERVER NAME> failed test NetLogons

Starting test: Advertising

Warning: <SERVER NAME> is not advertising as a time server.

<SERVER NAME> failed test Advertising

Starting test: KnowsOfRoleHolders <SERVER NAME> passed test KnowsOfRoleHolders

Starting test: RidManager <SERVER NAME> passed test RidManager

Starting test: MachineAccount

Could not open pipe with [<SERVER NAME>]:failed with 1203: Win32 Error 1203

Could not get NetBIOSDomainName

Failed can not test for HOST SPN

Failed can not test for HOST SPN

* Missing SPN :(null)

* Missing SPN :(null)

<SERVER NAME> failed test MachineAccount

Starting test: Services

Could not open Remote ipc to [<SERVER NAME>]:failed with 1203: Win32 Error 1203

<SERVER NAME> failed test Services

Starting test: ObjectsReplicated

<SERVER NAME> passed test ObjectsReplicated

Starting test: frssysvol

[<SERVER NAME>] An net use or LsaPolicy operation failed with error 1203,

Win32 Error 1203.

<SERVER NAME> failed test frssysvol

Starting test: frsevent

<SERVER NAME> failed test frsevent

Starting test: kccevent

Failed to enumerate event log records, error Win32 Error 1203

<SERVER NAME> failed test kccevent

Starting test: systemlog

Failed to enumerate event log records, error Win32 Error 1203

<SERVER NAME> failed test systemlog

Starting test: VerifyReferences

<SERVER NAME> passed test VerifyReferences

Link to comment
Share on other sites


was one of these DCs recently added?? if so how long ago, on the newer DC is there a SYSvol folder and netlogon folder shared?

please run dcdiag /test:netlogons

and let us know the results from that

alternately you could also try to run the following from the cmd prompt - net stop netlogon and then net start netlogon to try to reregister the SRV records.

Link to comment
Share on other sites

Hi,

I removed one DC and added another 2 weeks ago, but the problem has been ongoing for 4 weeks.

There are no browsing issues with the new DC.

Yes, there is a SYSvol folder and netlogon folder that is shared.

Results from dcdiag /test:netlogons below:

Domain Controller Diagnosis

Performing initial setup:

Done gathering initial info.

Doing initial required tests

Testing server: <AD SITE>\<SERVER NAME>

Starting test: Connectivity

......................... <SERVER NAME> passed test Connectivity

Doing primary tests

Testing server: <AD SITE>\<SERVER NAME>

Starting test: NetLogons

......................... <SERVER NAME> passed test NetLogons

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on :<DOMAIN NAME>

Running enterprise tests on :<DOMAIN NAME>.com

I am currently restarting the NetLogon service each day to resolve the problem....but I am hoping to find a permanent fix.

Thanks in advance.

Colin.

Link to comment
Share on other sites

On the new DCs, does the "policies" folder appear in SYSVOL, and is it populated with the same data as the original DC(s)?

These errors are consistent with jrnl_wrap_error errors or "No network provider accepted the given network path" thrown by the FRS dealing with being unable to replicate some or all of the SYSVOL folder and it's contents. I'm not saying this is the case, but please check the SYSVOL folders on all your DCs and make sure they are identical, because the errors indicate that this may not be the case.

You also need to run ntdsutil to make sure that your FSMO roles are all on valid DCs, and that none of the FSMO roles is still attached to the downed DC - these errors can also begin due to being unable to contact the PDCe.

Edited by cluberti
Link to comment
Share on other sites

Hi,

Yes, the "policies" folder does appear in SYSVOL, and has the same data as the original DC.

There is also a folder called "DO_NOT_REMOVE_NtFrs_Preinstall_Directory" on each DC which I'm not sure about.

All FSMO roles are on the 2 live DC's, the old DC was demoted correctly and removed from the network.

This problem has been happening since before promoting / demoting DC's.

Thanks,

Colin.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...