A
amitstei
Hi to all!
I'm desperate on this wierd problem. I have a windows 2003 server which
has AD installed and is working as a primary DC (this is an unfortunate
consequence, as Veritas Backup Exec requires a DC and we don't have any
coordination regarding this in my organization). DNS server is also
installed and I get the IP through DHCP but it never occurs to change.
SQL Server 2000 is installed on the same server.
Everything seemed to work fine once, but time passed and many problems
seem to be occuring:
1. I can't log on to my primary WS with the built-in administrator
account of the server, only with another account defined also as a
domain administrator.
2. The shares are mostly available, but as time goes on they become
unavailable and I have to restart this WS.
3. I frequently receive 'Unable to connect to server... cannot generate
SSPI context'. I have walked all through the MS troubleshooting. I
found two problems - one with dcdiag and one with getspn.
4. Clock synchronization doesn't work.
And finally, I don't know what to do. If anyone can give a clue, I will
be much grateful.
Attached Here are some diagnostic outputs I have (command line from the
server). Domain name is goshen.tau.ac.il, computer name is CROWDER.
Thanks a lot in advance!
Amit
---------------------------------------------------------------------
C:\Program Files\Resource Kit>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CROWDER
Starting test: Connectivity
The host
45e87fb1-7225-42c7-8c7e-c18467177d47._msdcs.goshen.tau.
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(45e87fb1-7225-42c7-8c7e-c18467177d47._msdcs.goshen.tau.ac.il)
couldn't be resolved, the server name
(crowder.goshen.tau.ac.il)
resolved to the IP address (132.66.156.44) and was pingable.
Ch
that the IP address is registered correctly with the DNS
server.
.......................... CROWDER failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CROWDER
Skipping all tests, because server CROWDER is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
.......................... ForestDnsZones passed test
CrossRefVal
Starting test: CheckSDRefDom
.......................... ForestDnsZones passed test
CheckSDRefD
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
.......................... DomainDnsZones passed test
CrossRefVal
Starting test: CheckSDRefDom
.......................... DomainDnsZones passed test
CheckSDRefD
Running partition tests on : Schema
Starting test: CrossRefValidation
.......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
.......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
.......................... Configuration passed test
CrossRefVali
Starting test: CheckSDRefDom
.......................... Configuration passed test
CheckSDRefDo
Running partition tests on : goshen
Starting test: CrossRefValidation
.......................... goshen passed test
CrossRefValidation
Starting test: CheckSDRefDom
.......................... goshen passed test CheckSDRefDom
Running enterprise tests on : goshen.tau.ac.il
Starting test: Intersite
.......................... goshen.tau.ac.il passed test
Intersite
Starting test: FsmoCheck
.......................... goshen.tau.ac.il passed test
FsmoCheck
-------------------------------------------------------------------------------------
C:\Program Files\Resource Kit>setspn -L crowder
Registered ServicePrincipalNames for CN=CROWDER,OU=Domain
Controllers,DC=goshen,
DC=tau,DC=ac,DC=il:
MSSQLSvc/crowder.goshen.tau.ac.il:1433
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/crowder.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/ForestDnsZones.goshen.tau.ac.il
GC/crowder.goshen.tau.ac.il/goshen.tau.ac.il
HOST/crowder.goshen.tau.ac.il/GOSHEN
HOST/CROWDER
HOST/crowder.goshen.tau.ac.il
HOST/crowder.goshen.tau.ac.il/goshen.tau.ac.il
E3514235-4B06-11D1-AB04-00C04FC2DCD2/45e87fb1-7225-42c7-8c7e-c18467177d47/go
shen.tau.ac.il
ldap/45e87fb1-7225-42c7-8c7e-c18467177d47._msdcs.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/GOSHEN
ldap/CROWDER
ldap/crowder.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/DomainDnsZones.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/goshen.tau.ac.il
DNS/crowder.goshen.tau.ac.il
-------------------------------------------------------------------------------------
Event log error I get frequently:
The dynamic registration of the DNS record
'_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.goshen.tau.ac.il.
600 IN SRV 0 100 389 crowder.goshen.tau.ac.il.' failed on the following
DNS server:
DNS server IP address: 132.66.32.10
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record
must be registered in DNS.
------------------------------------------------------------------------------------
Event log warning I get frequently:
Time Provider NtpClient: This machine is configured to use the domain
hierarchy to determine its time source, but it is the PDC emulator for
the domain at the root of the forest, so there is no machine above it
in the domain hierarchy to use as a time source. It is recommended
that you either configure a reliable time service in the root domain,
or manually configure the PDC to synchronize with an external time
source. Otherwise, this machine will function as the authoritative
time source in the domain hierarchy. If an external time source is
not configured or used for this computer, you may choose to disable
the NtpClient.
For more information, see Help and Support Center at
-----------------------------------------------------------------------------------------
I'm desperate on this wierd problem. I have a windows 2003 server which
has AD installed and is working as a primary DC (this is an unfortunate
consequence, as Veritas Backup Exec requires a DC and we don't have any
coordination regarding this in my organization). DNS server is also
installed and I get the IP through DHCP but it never occurs to change.
SQL Server 2000 is installed on the same server.
Everything seemed to work fine once, but time passed and many problems
seem to be occuring:
1. I can't log on to my primary WS with the built-in administrator
account of the server, only with another account defined also as a
domain administrator.
2. The shares are mostly available, but as time goes on they become
unavailable and I have to restart this WS.
3. I frequently receive 'Unable to connect to server... cannot generate
SSPI context'. I have walked all through the MS troubleshooting. I
found two problems - one with dcdiag and one with getspn.
4. Clock synchronization doesn't work.
And finally, I don't know what to do. If anyone can give a clue, I will
be much grateful.
Attached Here are some diagnostic outputs I have (command line from the
server). Domain name is goshen.tau.ac.il, computer name is CROWDER.
Thanks a lot in advance!
Amit
---------------------------------------------------------------------
C:\Program Files\Resource Kit>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CROWDER
Starting test: Connectivity
The host
45e87fb1-7225-42c7-8c7e-c18467177d47._msdcs.goshen.tau.
ould not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(45e87fb1-7225-42c7-8c7e-c18467177d47._msdcs.goshen.tau.ac.il)
couldn't be resolved, the server name
(crowder.goshen.tau.ac.il)
resolved to the IP address (132.66.156.44) and was pingable.
Ch
that the IP address is registered correctly with the DNS
server.
.......................... CROWDER failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CROWDER
Skipping all tests, because server CROWDER is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
.......................... ForestDnsZones passed test
CrossRefVal
Starting test: CheckSDRefDom
.......................... ForestDnsZones passed test
CheckSDRefD
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
.......................... DomainDnsZones passed test
CrossRefVal
Starting test: CheckSDRefDom
.......................... DomainDnsZones passed test
CheckSDRefD
Running partition tests on : Schema
Starting test: CrossRefValidation
.......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
.......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
.......................... Configuration passed test
CrossRefVali
Starting test: CheckSDRefDom
.......................... Configuration passed test
CheckSDRefDo
Running partition tests on : goshen
Starting test: CrossRefValidation
.......................... goshen passed test
CrossRefValidation
Starting test: CheckSDRefDom
.......................... goshen passed test CheckSDRefDom
Running enterprise tests on : goshen.tau.ac.il
Starting test: Intersite
.......................... goshen.tau.ac.il passed test
Intersite
Starting test: FsmoCheck
.......................... goshen.tau.ac.il passed test
FsmoCheck
-------------------------------------------------------------------------------------
C:\Program Files\Resource Kit>setspn -L crowder
Registered ServicePrincipalNames for CN=CROWDER,OU=Domain
Controllers,DC=goshen,
DC=tau,DC=ac,DC=il:
MSSQLSvc/crowder.goshen.tau.ac.il:1433
NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/crowder.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/ForestDnsZones.goshen.tau.ac.il
GC/crowder.goshen.tau.ac.il/goshen.tau.ac.il
HOST/crowder.goshen.tau.ac.il/GOSHEN
HOST/CROWDER
HOST/crowder.goshen.tau.ac.il
HOST/crowder.goshen.tau.ac.il/goshen.tau.ac.il
E3514235-4B06-11D1-AB04-00C04FC2DCD2/45e87fb1-7225-42c7-8c7e-c18467177d47/go
shen.tau.ac.il
ldap/45e87fb1-7225-42c7-8c7e-c18467177d47._msdcs.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/GOSHEN
ldap/CROWDER
ldap/crowder.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/DomainDnsZones.goshen.tau.ac.il
ldap/crowder.goshen.tau.ac.il/goshen.tau.ac.il
DNS/crowder.goshen.tau.ac.il
-------------------------------------------------------------------------------------
Event log error I get frequently:
The dynamic registration of the DNS record
'_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.goshen.tau.ac.il.
600 IN SRV 0 100 389 crowder.goshen.tau.ac.il.' failed on the following
DNS server:
DNS server IP address: 132.66.32.10
Returned Response Code (RCODE): 5
Returned Status Code: 9017
For computers and users to locate this domain controller, this record
must be registered in DNS.
------------------------------------------------------------------------------------
Event log warning I get frequently:
Time Provider NtpClient: This machine is configured to use the domain
hierarchy to determine its time source, but it is the PDC emulator for
the domain at the root of the forest, so there is no machine above it
in the domain hierarchy to use as a time source. It is recommended
that you either configure a reliable time service in the root domain,
or manually configure the PDC to synchronize with an external time
source. Otherwise, this machine will function as the authoritative
time source in the domain hierarchy. If an external time source is
not configured or used for this computer, you may choose to disable
the NtpClient.
For more information, see Help and Support Center at
-----------------------------------------------------------------------------------------