Возникла ошибка код события eventid 0x0000165b - Ремонт и установка крупной бытовой техники

Здравствуйте!

Купили новые сервера решили перенести DC на новые физ. сервера, начал с сервера с именем DC1, поднял на новый сервер с именем DC2 после того
как поднял, понизил контроллер домена DC1 и удалил с него роли согласно этой статьи

https://technet.microsoft.com/en-us/library/jj574104.aspx

Теперь решил провести тесты dcdiag /e вот результат помогите пожалуйста.

Диагностика сервера каталогов

Выполнение начальной настройки:
Выполняется попытка поиска основного сервера…
Основной сервер = dc
* Определен лес AD.
Сбор начальных данных завершен.

Выполнение обязательных начальных проверок

Сервер проверки: Default-First-Site-NameDC
Запуск проверки: Connectivity
……………………. DC — пройдена проверка Connectivity

Сервер проверки: Default-First-Site-NameDC2
Запуск проверки: Connectivity
……………………. DC2 — пройдена проверка Connectivity

Выполнение основных проверок

Сервер проверки: Default-First-Site-NameDC
Запуск проверки: Advertising
……………………. DC — пройдена проверка Advertising
Запуск проверки: FrsEvent
……………………. DC — пройдена проверка FrsEvent
Запуск проверки: DFSREvent
За последние 24 часа после предоставления SYSVOL в общий доступ зафиксированы предупреждения или сообщения об
ошибках. Сбои при репликации SYSVOL могут стать причиной проблем групповой политики.
……………………. DC — не пройдена проверка DFSREvent
Запуск проверки: SysVolCheck
……………………. DC — пройдена проверка SysVolCheck
Запуск проверки: KccEvent
……………………. DC — пройдена проверка KccEvent
Запуск проверки: KnowsOfRoleHolders
……………………. DC — пройдена проверка KnowsOfRoleHolders
Запуск проверки: MachineAccount
……………………. DC — пройдена проверка MachineAccount
Запуск проверки: NCSecDesc
……………………. DC — пройдена проверка NCSecDesc
Запуск проверки: NetLogons
[DC] В учетных данных пользователя отсутствует разрешение на выполнение данной операции.
Учетная запись, используемая для этой проверки, должна иметь права на вход в сеть
для домена данного компьютера.
……………………. DC — не пройдена проверка NetLogons
Запуск проверки: ObjectsReplicated
……………………. DC — пройдена проверка ObjectsReplicated
Запуск проверки: Replications
[Проверка репликации,DC] Сбой функции DsReplicaGetInfo(PENDING_OPS, NULL), ошибка 0x2105
«Доступ к репликации отвергнут.»
……………………. DC — не пройдена проверка Replications
Запуск проверки: RidManager
……………………. DC — пройдена проверка RidManager
Запуск проверки: Services
Не удалось открыть службу NTDS в DC, ошибка 0x5 «Отказано в доступе.»
……………………. DC — не пройдена проверка Services
Запуск проверки: SystemLog
Возникла ошибка. Код события (EventID): 0x000016AD
Время создания: 05/26/2015 08:17:01
Строка события:
Не удалось выполнить проверку подлинности для сеанса компьютера FARHADSHIN_DR. Произошла следующая ошибка:
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000272C
Время создания: 05/26/2015 08:17:41
Строка события:
Не удалось установить связь DCOM с компьютером DC2.smpng.ru через какой-либо из настроенных протоколов; запр
ос от PID 1238 (C:Windowssystem32ServerManager.exe).
Возникла ошибка. Код события (EventID): 0x0000165B
Время создания: 05/26/2015 08:40:55
Строка события:
Не удалось установить сеанс с компьютера «FARHUTDINOV_AV», так как указанная компьютером учетная запись дове
рия «FARHUTDINOV_AV$» отсутствует в базе данных безопасности.
Возникла ошибка. Код события (EventID): 0x000016AD
Время создания: 05/26/2015 08:43:00
Строка события:
Не удалось выполнить проверку подлинности для сеанса компьютера FARHUTDINOV_AV. Произошла следующая ошибка:

Возникла ошибка. Код события (EventID): 0x00009018
Время создания: 05/26/2015 09:00:47
Строка события:
Оповещение о неустранимой ошибке было создано и отправлено удаленной конечной точке. Это может привести к ра
зрыву соединения. Определенный в протоколе TLS код оповещения о неустранимой ошибке: 10. Состояние ошибки Windows SChann
el: 1203.
Возникла ошибка. Код события (EventID): 0x00009018
Время создания: 05/26/2015 09:00:52
Строка события:
Оповещение о неустранимой ошибке было создано и отправлено удаленной конечной точке. Это может привести к ра
зрыву соединения. Определенный в протоколе TLS код оповещения о неустранимой ошибке: 10. Состояние ошибки Windows SChann
el: 1203.
……………………. DC — не пройдена проверка SystemLog
Запуск проверки: VerifyReferences
……………………. DC — пройдена проверка VerifyReferences

Сервер проверки: Default-First-Site-NameDC2
Запуск проверки: Advertising
……………………. DC2 — пройдена проверка Advertising
Запуск проверки: FrsEvent
……………………. DC2 — пройдена проверка FrsEvent
Запуск проверки: DFSREvent
Не удалось запросить журнал событий DFS Replication на сервере DC2.smpng.ru, ошибка 0x6ba
«Сервер RPC недоступен.»
……………………. DC2 — не пройдена проверка DFSREvent
Запуск проверки: SysVolCheck
……………………. DC2 — пройдена проверка SysVolCheck
Запуск проверки: KccEvent
Не удалось запросить журнал событий Directory Service на сервере DC2.smpng.ru, ошибка 0x6ba
«Сервер RPC недоступен.»
……………………. DC2 — не пройдена проверка KccEvent
Запуск проверки: KnowsOfRoleHolders
……………………. DC2 — пройдена проверка KnowsOfRoleHolders
Запуск проверки: MachineAccount
……………………. DC2 — пройдена проверка MachineAccount
Запуск проверки: NCSecDesc
……………………. DC2 — пройдена проверка NCSecDesc
Запуск проверки: NetLogons
……………………. DC2 — пройдена проверка NetLogons
Запуск проверки: ObjectsReplicated
……………………. DC2 — пройдена проверка ObjectsReplicated
Запуск проверки: Replications
……………………. DC2 — пройдена проверка Replications
Запуск проверки: RidManager
……………………. DC2 — пройдена проверка RidManager
Запуск проверки: Services
……………………. DC2 — пройдена проверка Services
Запуск проверки: SystemLog
Не удалось запросить журнал событий System на сервере DC2.smpng.ru, ошибка 0x6ba «Сервер RPC недоступен.»
……………………. DC2 — не пройдена проверка SystemLog
Запуск проверки: VerifyReferences
……………………. DC2 — пройдена проверка VerifyReferences

Выполнение проверок разделов на: ForestDnsZones
Запуск проверки: CheckSDRefDom
……………………. ForestDnsZones — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. ForestDnsZones — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: DomainDnsZones
Запуск проверки: CheckSDRefDom
……………………. DomainDnsZones — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. DomainDnsZones — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: Schema
Запуск проверки: CheckSDRefDom
……………………. Schema — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. Schema — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: Configuration
Запуск проверки: CheckSDRefDom
……………………. Configuration — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. Configuration — пройдена проверка CrossRefValidation

Выполнение проверок разделов на: smpng
Запуск проверки: CheckSDRefDom
……………………. smpng — пройдена проверка CheckSDRefDom
Запуск проверки: CrossRefValidation
……………………. smpng — пройдена проверка CrossRefValidation

Выполнение проверок предприятия на: smpng.ru
Запуск проверки: LocatorCheck
……………………. smpng.ru — пройдена проверка LocatorCheck
Запуск проверки: Intersite
……………………. smpng.ru — пройдена проверка Intersite

Источник

ошибка репликации файлов на контроллерах домена

Правила форума
Убедительная просьба юзать теги [cоde] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.

alexkg1: рядовой; Сообщения: 27; Зарегистрирован: 2010-04-20 6:35:41

ошибка репликации файлов на контроллерах домена

помеогите советом, как решить эту проблему:
есть два контроллера домена win2003, в событиях пишет что произошла ошибка реплекации файлов.
» Службе репликации файлов не удалось выполнить репликацию с компьютером, являющимся партнером репликации, поскольку разница в показаниях часов превышает 30 мин. »
Код 13548
Проверил, все службы запущены и нормально работают
что нужно сделать на котроллерах чтобы восстановить репликацию.

Код: Выделить всё

первый контроллер 

C:Documents and Settingsadmin>dcdiag 

Domain Controller Diagnosis 

Performing initial setup: 
   Done gathering initial info. 

Doing initial required tests 

   Testing server: Default-First-Site-NameDC 
      Starting test: Connectivity 
         ......................... DC passed test Connectivity 

Doing primary tests 

   Testing server: Default-First-Site-NameDC 
      Starting test: Replications 
         ......................... DC passed test Replications 
      Starting test: NCSecDesc 
         ......................... DC passed test NCSecDesc 
      Starting test: NetLogons 
         ......................... DC passed test NetLogons 
      Starting test: Advertising 
         ......................... DC passed test Advertising 
      Starting test: KnowsOfRoleHolders 
         ......................... DC passed test KnowsOfRoleHolders 
      Starting test: RidManager 
         ......................... DC passed test RidManager 
      Starting test: MachineAccount 
         ......................... DC passed test MachineAccount 
      Starting test: Services 
         ......................... DC passed test Services 
      Starting test: ObjectsReplicated 
         ......................... DC passed test ObjectsReplicated 
      Starting test: frssysvol 
         ......................... DC passed test frssysvol 
      Starting test: frsevent 
         There are warning or error events within the last 24 hours after the 
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause 
         Group Policy problems. 
         ......................... DC failed test frsevent 
      Starting test: kccevent 
         ......................... DC passed test kccevent 
      Starting test: systemlog 
         ......................... DC passed test systemlog 
      Starting test: VerifyReferences 
         ......................... DC passed test VerifyReferences 

   Running partition tests on : ForestDnsZones 
      Starting test: CrossRefValidation 
         ......................... ForestDnsZones passed test CrossRefValidation 

      Starting test: CheckSDRefDom 
         ......................... ForestDnsZones passed test CheckSDRefDom 

   Running partition tests on : DomainDnsZones 
      Starting test: CrossRefValidation 
         ......................... DomainDnsZones passed test CrossRefValidation 

      Starting test: CheckSDRefDom 
         ......................... DomainDnsZones passed test CheckSDRefDom 

   Running partition tests on : Schema 
      Starting test: CrossRefValidation 
         ......................... Schema passed test CrossRefValidation 
      Starting test: CheckSDRefDom 
         ......................... Schema passed test CheckSDRefDom 

   Running partition tests on : Configuration 
      Starting test: CrossRefValidation 
         ......................... Configuration passed test CrossRefValidation 
      Starting test: CheckSDRefDom 
         ......................... Configuration passed test CheckSDRefDom 

   Running partition tests on : amanbank 
      Starting test: CrossRefValidation 
         ......................... amanbank passed test CrossRefValidation 
      Starting test: CheckSDRefDom 
         ......................... amanbank passed test CheckSDRefDom 

   Running enterprise tests on : domen.local 
      Starting test: Intersite 
         ......................... domen.local passed test Intersite 
      Starting test: FsmoCheck 
         ......................... domen.local passed test FsmoCheck 

C:Documents and Settingsadmin> 


второй контроллер 

C:Documents and Settingsadmin>dcdiag 

Domain Controller Diagnosis 

Performing initial setup: 
   Done gathering initial info. 

Doing initial required tests 

   Testing server: Default-First-Site-NameDCRESERVE 
      Starting test: Connectivity 
         ......................... DCRESERVE passed test Connectivity 

Doing primary tests 

   Testing server: Default-First-Site-NameDCRESERVE 
      Starting test: Replications 
         ......................... DCRESERVE passed test Replications 
      Starting test: NCSecDesc 
         ......................... DCRESERVE passed test NCSecDesc 
      Starting test: NetLogons 
         ......................... DCRESERVE passed test NetLogons 
      Starting test: Advertising 
         ......................... DCRESERVE passed test Advertising 
      Starting test: KnowsOfRoleHolders 
         ......................... DCRESERVE passed test KnowsOfRoleHolders 
      Starting test: RidManager 
         ......................... DCRESERVE passed test RidManager 
      Starting test: MachineAccount 
         ......................... DCRESERVE passed test MachineAccount 
      Starting test: Services 
         ......................... DCRESERVE passed test Services 
      Starting test: ObjectsReplicated 
         ......................... DCRESERVE passed test ObjectsReplicated 
      Starting test: frssysvol 
         ......................... DCRESERVE passed test frssysvol 
      Starting test: frsevent 
         There are warning or error events within the last 24 hours after the 
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause 
         Group Policy problems. 
         ......................... DCRESERVE failed test frsevent 
      Starting test: kccevent 
         ......................... DCRESERVE passed test kccevent 
      Starting test: systemlog 
         An Error Event occured.  EventID: 0x0000165B 
            Time Generated: 08/29/2011   09:58:27 
            (Event String could not be retrieved) 
         An Error Event occured.  EventID: 0x000016AD 
            Time Generated: 08/29/2011   10:00:35 
            (Event String could not be retrieved) 
         An Error Event occured.  EventID: 0x0000165B 
            Time Generated: 08/29/2011   10:05:51 
            (Event String could not be retrieved) 
         An Error Event occured.  EventID: 0x000016AD 
            Time Generated: 08/29/2011   10:08:10 
            (Event String could not be retrieved) 
         An Error Event occured.  EventID: 0x0000165B 
            Time Generated: 08/29/2011   10:20:54 
            (Event String could not be retrieved) 
         An Error Event occured.  EventID: 0x000016AD 
            Time Generated: 08/29/2011   10:23:13 
            (Event String could not be retrieved) 
         ......................... DCRESERVE failed test systemlog 
      Starting test: VerifyReferences 
         ......................... DCRESERVE passed test VerifyReferences 

   Running partition tests on : ForestDnsZones 
      Starting test: CrossRefValidation 
         ......................... ForestDnsZones passed test CrossRefValidation 

      Starting test: CheckSDRefDom 
         ......................... ForestDnsZones passed test CheckSDRefDom 

   Running partition tests on : DomainDnsZones 
      Starting test: CrossRefValidation 
         ......................... DomainDnsZones passed test CrossRefValidation 

      Starting test: CheckSDRefDom 
         ......................... DomainDnsZones passed test CheckSDRefDom 

   Running partition tests on : Schema 
      Starting test: CrossRefValidation 
         ......................... Schema passed test CrossRefValidation 
      Starting test: CheckSDRefDom 
         ......................... Schema passed test CheckSDRefDom 

   Running partition tests on : Configuration 
      Starting test: CrossRefValidation 
         ......................... Configuration passed test CrossRefValidation 
      Starting test: CheckSDRefDom 
         ......................... Configuration passed test CheckSDRefDom 

   Running partition tests on : amanbank 
      Starting test: CrossRefValidation 
         ......................... amanbank passed test CrossRefValidation 
      Starting test: CheckSDRefDom 
         ......................... amanbank passed test CheckSDRefDom 

   Running enterprise tests on : domen.local 
      Starting test: Intersite 
         ......................... domen.local passed test Intersite 
      Starting test: FsmoCheck 
         ......................... domen.local passed test FsmoCheck 

C:Documents and Settingsadmin>

Хостинг HostFood.ru

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

alexkg1: рядовой; Сообщения: 27; Зарегистрирован: 2010-04-20 6:35:41

Re: ошибка репликации файлов на контроллерах домена

Непрочитанное сообщение

alexkg1 » 2011-08-29 8:55:41

заметил странную вещь, в событиях на втором контроллере время отображается не правильно, на первом событие реплекации в логах 11-29, а на втором событие реплекации 17-59, хотя на обоих контроллерах время выставленно одинаково. В чем дело не пойму

snorlov: подполковник; Сообщения: 3923; Зарегистрирован: 2008-09-04 11:51:25; Откуда: Санкт-Петербург

Re: ошибка репликации файлов на контроллерах домена

Непрочитанное сообщение

snorlov » 2011-08-29 10:48:07

Часовой пояс проверьте, время у них у всех всемирное, а отображать они могут какое угодно…

alexkg1: рядовой; Сообщения: 27; Зарегистрирован: 2010-04-20 6:35:41

Re: ошибка репликации файлов на контроллерах домена

Непрочитанное сообщение

alexkg1 » 2011-08-29 14:14:41

вобще какой в общем порядок исправления ошибок на контроллере домена, если в dcdiag ошибки …
сразу сомтрим код ошибки и лезем в интернет, либо есть какие-то общие команды для исправления ошибок?
Оба контроллера ребутил по очереди, и они по отдельности работают, также данные реплицируются (проверял создав пользователя)
Вобщем не понял, что ему нужно

Источник

Remove From My Forums

Question
Hi,

Can someone tell me what these errors mean ? I go them when I ran DCdiag on my domain controller.

Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 10/04/2018 09:40:11
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
A warning event occurred. EventID: 0x0000053C
Time Generated: 10/04/2018 09:48:20
Event String:
The DNS registration for DHCPv4 Client IP address 172.16.180.17 , FQDN iMac-7695.lionsclubs.local and DHCID AAEBgrW0ThPMplsI5MTZEDvh9psAvKTigrPF6Mxq5H+SuIQ= has been denied as there is probably an existing client
with same FQDN already registered with DNS.
An error event occurred. EventID: 0x0000165B
Time Generated: 10/04/2018 09:53:14
Event String:
The session setup from computer ‘SRVPFS08’ failed because the security database does not contain a trust account ‘SRVPFS08$’ referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 10/04/2018 09:55:25
Event String:
The session setup from the computer SRVPFS08 failed to authenticate. The following error occurred:
An error event occurred. EventID: 0x00002720
Time Generated: 10/04/2018 10:37:51
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 10/04/2018 10:38:56
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

Источник

Posted by ZooM_00 2019-03-03T11:52:24Z

Hi,

I have AD installed on
two DCs, running Server 2016,

I faced issues with
GPOs replication, and when trouble shooting it, I found that the location for SysVol
on one of the DCs is not defined, I wasn’t the one who did the installation, so
I’m not sure if that is really the case,

When running repadmin
/Syncall, I get no errors

Screen shots
attached,

Image: post content

Zoom,

27 Replies

Interesting topic. Subscribed so I too can learn from it.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

I Wonder if there’s a way to delete this replication group and re-create it, and if that would actually solve the issue,

However, I can’t seem to find a way to delete it

Was this post helpful?
thumb_up
thumb_down
You won’t be be able to manage Sysvol with the dfsrdiag command or the DFS console. It is a protected replication group.

For troubleshooting please post the output this. From a known good DC and the one that is not working. You can obfuscate the DC names as you see fit.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

You won’t be be able to manage Sysvol with the dfsrdiag command or the DFS console. It is a protected replication group.

For troubleshooting please post the output this. From a known good DC and the one that is not working. You can obfuscate the DC names as you see fit.

Hi Justin,

Thank you for your reply,

output below, I believe that FRS is not configured and supposed not to be working, I don’t understand why it’s flagged as an error,

Can you advise on next step?

Zoom,

Was this post helpful?
thumb_up
thumb_down
Have you migrated from FRS to DFSR and did the migration succeed? One of the errors above is the FRS service being disabled which it shouldn’t be unless your DFSR migration was done and was successful.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

This is the output when running the command on AD02

Was this post helpful?
thumb_up
thumb_down
Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

Was this post helpful?
thumb_up
thumb_down

Author Zoom S

OP
ZooM_00

This person is a Verified Professional

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

Setting DC1 DNS to: DC2 then DC1

and DC2 to: DC1 then DC2 seems to have caused me many issues,

My DC1 was set to 127.0.0.1 only, DC2 was DC1 then DC2

Forwarder was configured to 8.8.8.8 on both DNS servers

below is output of dcdiag /v /c /e /q after the modification of DNS

Text

C:UsersUser.MYDOMAIN>dcdiag /v /c /e /q
[MYDOMAIN-AD01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
** Did not run Outbound Secure Channels test because /testdomain: was not entered
Invalid service startup type: NtFrs on MYDOMAIN-AD01, current value DISABLED, expected value AUTO_START
NtFrs Service is stopped on [MYDOMAIN-AD01]
......................... MYDOMAIN-AD01 failed test Services
An error event occurred. EventID: 0x80001778
Time Generated: 03/03/2019 20:49:08
Event String: The previous system shutdown at 8:42:23 PM on 3/3/2019 was unexpected.
An error event occurred. EventID: 0xC004002E
Time Generated: 03/03/2019 20:47:45
Event String: Crash dump initialization failed!
An error event occurred. EventID: 0x00000029
Time Generated: 03/03/2019 20:47:47
Event String:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
An error event occurred. EventID: 0x0000410B
Time Generated: 03/03/2019 20:49:45
Event String:
The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:51:00
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 20:55:37
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1b0c (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:58:14
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 21:03:43
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:05:06
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1adc (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:05:06
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1adc (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:16:30
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1940 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:16:30
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1940 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 21:25:05
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/03/2019 21:27:29
Event String:
The session setup from the computer PC1-A213 failed to authenticate. The following error occurred:
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:32:54
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1870 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:32:54
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1870 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:36:40
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1aa0 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:36:40
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1aa0 (C:Windowssystem32dcdiag.exe).
......................... MYDOMAIN-AD01 failed test SystemLog
Some objects relating to the DC MYDOMAIN-AD01 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MYDOMAIN-AD01,OU=Domain Controllers,DC=ad,DC=MYDOMAIN,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

......................... MYDOMAIN-AD01 failed test VerifyReferences
[MYDOMAIN-AD02] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... MYDOMAIN-AD02 failed test DFSREvent
** Did not run Outbound Secure Channels test because /testdomain: was not entered
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:46:51
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:46:52
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:46:52
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:49:00
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:49:02
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000410B
Time Generated: 03/03/2019 20:49:50
Event String:
The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:49:56
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:49:58
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000168E
Time Generated: 03/03/2019 20:50:13
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Azure._sites.ad.MYDOMAIN.com. 600 IN SRV 0 100 389 MYDOMAIN-AD02.ad.MYDOMAIN.com.' failed on the following DNS server:
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 20:54:52
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 20:56:32
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1ba8 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:58:13
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 20:58:14
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 20:59:25
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:59:31
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x00000469
Time Generated: 03/03/2019 20:59:34
Event String:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 21:00:48
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1a28 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 21:01:14
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 21:01:35
Event String:
The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000165B
Time Generated: 03/03/2019 21:09:57
Event String:
The session setup from computer 'PC1-A213' failed because the security database does not contain a trust account 'PC1-A213$' referenced by the specified computer.
An error event occurred. EventID: 0x000016AD
Time Generated: 03/03/2019 21:12:07
Event String:
The session setup from the computer PC1-A213 failed to authenticate. The following error occurred:
......................... MYDOMAIN-AD02 failed test SystemLog

Do you have any handy tutorial on how to troubleshoot and fix DNS in such cases?

I feel like things are getting more and more complicated!

Zoom,

Was this post helpful?
thumb_up
thumb_down

OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Have you migrated from FRS to DFSR and did the migration succeed? One of the errors above is the FRS service being disabled which it shouldn’t be unless your DFSR migration was done and was successful.

This is a recent setup, I believe FRS was never configured here, they went directly to DFSR

Was this post helpful?
thumb_up
thumb_down
I still think you have external DNS set on the DC’s — DCDiag is complaining about 8.8.8.8 and another external address. It shouldn’t be doing that unless those addresses are configured somewhere outside of the Forwarder’s tab.

It’s also complaining that the FRS service is disabled. If you really are using DFSR it shouldn’t complain about that service being disabled.

See what

Dfsrmig /getmigrationstate shows.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim
Da_Schmoo wrote:

Also looks like your DNS settings are incorrect. Ensure that DC1 points to DC2 for its primary DNS and itself as secondary. Ensure that DC2 points to DC1 for its primary and itself as secondary. Ensure that external DNS servers, including your router, are defined nowhere except in the forwarders tab of the DNS management tool.

It’s mentioned here Opens a new window, that :
Text
```
If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.
```
I found that loopback ip is the only DNS server for my DC01, I’ll put more time into DNS tomorrow, I’m done for today!!

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

I still think you have external DNS set on the DC’s — DCDiag is complaining about 8.8.8.8 and another external address. It shouldn’t be doing that unless those addresses are configured somewhere outside of the Forwarder’s tab.

It’s also complaining that the FRS service is disabled. If you really are using DFSR it shouldn’t complain about that service being disabled.

See what

Dfsrmig /getmigrationstate shows.

I get your point, Migstate indicates that AD is in Start state, yet globalstate indicates that it’s in eliminated state:

Was this post helpful?
thumb_up
thumb_down
The results on any of the diagnostic tools are suspect until your get your DNS in order.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

The results on any of the diagnostic tools are suspect until your get your DNS in order.

I Agree,

To Sum it up:

DC1 DNS should be: DC2 then Loopback IP

DC2 DNS: DC1 then Loopback IP

8.8.8.8 should only be configured like this:

A restart for both DCs then? anything else?

I really appreciate you support, thank you,

Zoom,

Was this post helpful?
thumb_up
thumb_down
That looks right.

Was this post helpful?
thumb_up
thumb_down

Author Zoom S

OP
ZooM_00

This person is a Verified Professional

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

So I revised my DNS configs:

output:

Text

C:UsersUser>dcdiag /v /c /e /q
[MYDOMAIN-AD01] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
An error event occurred. EventID: 0xC0000827
Time Generated: 03/03/2019 22:30:04
Event String:
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
......................... MYDOMAIN-AD01 failed test KccEvent
** Did not run Outbound Secure Channels test because /testdomain: was not entered
Invalid service startup type: NtFrs on MYDOMAIN-AD01, current value DISABLED, expected value AUTO_START
NtFrs Service is stopped on [MYDOMAIN-AD01]
......................... MYDOMAIN-AD01 failed test Services
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:28:28
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x0000271A
Time Generated: 03/03/2019 22:28:28
Event String: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
An error event occurred. EventID: 0x00002720
Time Generated: 03/03/2019 22:34:07
Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:39:17
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 1244 (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 03/03/2019 22:39:17
Event String:
DCOM was unable to communicate with the computer 168.63.129.16 using any of the configured protocols; requested by PID 1244 (C:Windowssystem32dcdiag.exe).
......................... MYDOMAIN-AD01 failed test SystemLog
Some objects relating to the DC MYDOMAIN-AD01 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MYDOMAIN-AD01,OU=Domain Controllers,DC=ad,DC=MYDOMAIN,DC=com
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

DC: MYDOMAIN-AD01.ad.MYDOMAIN.com
Domain: ad.MYDOMAIN.com

TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network adapters

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: ad.MYDOMAIN.com
MYDOMAIN-AD01 PASS WARN PASS PASS PASS FAIL n/a

......................... ad.MYDOMAIN.com failed test DNS

Dfsrmig /getmigrationstate still reports AD01 to be in «start» State,

@Da_schmoo

Could you please let me know if there’s anything dangerous that might cause my DC to cease working?

Zoom,

Was this post helpful?
thumb_up
thumb_down

Set the startup type of the File Replication Service to Automatic and start it. Some of your errors are because of that.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Running: Repadmin /Syncall and Repadmin /Syncall /AdeP returned no errors

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

Set the startup type of the File Replication Service to Automatic and start it. Some of your errors are because of that.

It won’t start

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Missing with the «CN=DFSR-LocalSettings» led the following:

Is there a way to set up DFSR from scratch? or is it time to buy a Microsoft Incident Support ticket?

Was this post helpful?
thumb_up
thumb_down
adam344

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

New contributor
sonora

I am actually having the very same issue. We had an existing 2012 server, implemented a 2019 server, dcpromo and sysvol is having issues. Almost identical to what you’re experiencing.

1 found this helpful
thumb_up
thumb_down
I think your issue is your FRS to DFSR migration didn’t complete. One server thinks it’s done, the other doesn’t. This is likely due to your DNS not being configured properly. Getting the file replication service running on the server it isn’t may let the process complete or you might be able to restart the process.

I’d focus on seeing why you can’t start the service — System Event Log may give an answer to that.

As far as dropping the $500 to have Microsoft fix the issue — I think you’re past the point where I would have done that but I’d try to fix the FRS service issue myself first.

1 found this helpful
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

adam344 wrote:

I am actually having the very same issue. We had an existing 2012 server, implemented a 2019 server, dcpromo and sysvol is having issues. Almost identical to what you’re experiencing.

The case for me is different, the setup is new, implemented immediately on W2k16, no upgrades, nothing. It was done for my client by an IT service provider, signed off, and considered operational, I just took over the project.

I have no idea if FRS was ever configured or no, replication never actually worked. But I just found out now after joining 2k+ pcs, I found out when we started creating GPOs.

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Da_Schmoo wrote:

I think your issue is your FRS to DFSR migration didn’t complete. One server thinks it’s done, the other doesn’t. This is likely due to your DNS not being configured properly. Getting the file replication service running on the server it isn’t may let the process complete or you might be able to restart the process.

I’d focus on seeing why you can’t start the service — System Event Log may give an answer to that.

As far as dropping the $500 to have Microsoft fix the issue — I think you’re past the point where I would have done that but I’d try to fix the FRS service issue myself first.

I tried going through the migration, set state to 1,2,3. but always returning that the selected state is invalid.

I don’t know how to troubleshoot the DNS, or how to start, I did exactly as you recommended, can you recommend any articles for that?

As I said earlier, I doubt that the FRS service ever worked.

What is the worst case scenario here? would demoting a DC, cleaning it up, and promoting it again solve the issue?

Zoom,

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Microsoft has been working on this for two days now, and it doesn’t seem that they are close to solve it

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Finally I received a procedure from MS to fix this, tested it on my lab environment, it worked fine,

Gonna do it during weekend, and will post the method and result after that

Was this post helpful?
thumb_up
thumb_down
OP
ZooM_00

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

anaheim

Hello,

Finally I got this solved with Microsoft support,

I’ve published a «How-To» to explain the solution, find it here:

https://community.spiceworks.com/how_to/160786-how-to-re-build-sysvol-dfsr-replication-group-without…

Was this post helpful?
thumb_up
thumb_down

Read these next…

Replacing dynamic mirrored drives

Windows

Hey everyone,Just wanted to double check my understanding on the steps I’m going to have to through with a workstation.So here’s the run down on what I’m facing, as I haven’t dealt with dynamic drives before:Its a Lenovo Workstation, can’t remember the ex…
Restrict installs – Windows 10 Pro

Windows

Hi All,

Question that I’d love to get a few ideas on.I have a user, my kid, who has the following Windows 10 Pro setup
Standard Account – by default cannot install apps. Created to facilitate game playing and …
Warranty Phone repairs — security of your data

Security

this one is personal as it’s my mother-in-laws phone, but TBH, it could equally be one of the business units. The phone battery has failed in a couple of months (refurb unit from major phone network in UK) — contact the company, no problem, send it back f…
Snap! — Otherworldly Jumps, CAI/Big Brother, Removable Batteries, Chromebook X

Spiceworks Originals

Your daily dose of tech news, in brief.

Welcome to the Snap!

Flashback: June 21, 1981: The last STRETCH Supercomputer is retired (Read more HERE.)

Bonus Flashback: June 21, 2004: First private manned spaceflight (Read more HERE.)

You n…
Company logos in email signatures — Embed, Link, or Evil?

Collaboration

I’m wondering what the current «best practice» is regarding company logos in email signatures. I did find this post from ten years ago, but what do you do nowadays? Both embedded and linked options have pluses and minuses.