Problema Critico!

Verifica que el servicio de netlogon este ejecutandose, y verifica el event
viewer por mayor informacion, verifica que el servicio de dns se este
ejecutando correctamente, usando el dcdiag te deberia dar informacion
adicional sobre que problemas estas teniendo en tu DC.

Saludos,

Emiliano G. Estevez
MVP Windows Server - Management Infrastructure
MCT/MCSA+M+S/MCSE+M/UCSE/CRS
Algeiba S.A.

NOTA. Por favor, las preguntas y comentarios en los grupos, así nos
beneficiamos todos.

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no
otorga ningún derecho. Ud. asume los riesgos.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.

"eLcHiNoTe" wrote in message
news:

Tengo un dominio en Win2003, modo mixto 2000.
De un momento a otro, las 130 PCs que tengo en el dominio, apuntando al
servidor SERVER1 (Win2003 con Ac.Directory), dejaron de tener acceso a
SERVER1. Si pingueo a SERVER1 (192.168.0.4) resuelve ping pero no accedo
por UNC. Por tal motivo no veo el NETLOGON ni el SYSVOL ya que no accedo
por UNC.
Por lo tanto, no me ejecuta el EXE que tengo en cada User como LogonScript
para que asigne unidades y cree impresoras.

Realice un DCDIAG, NETDIAG y tuve que realizar un NETDOM ya que me
aparecia en Domains and Sites que no tenia un RID, Infrastructure, PDC. Me
daba ERROR, lo volvi a setear el server SERVER1 pero sigue todo igual.

El problema se complica sumado a que tengo unos Linux con Samba
autenticando contraseñas en ese Server 1 Win2003 y no lo realiza ya que no
puede verificarla.
Al mismo tiempo, todos los otros servers (sql, wsus, remote access) no
tengo acceso por nombre. Verifique DNS y los chequeos dan ok, resuelve por
nombre (desde el Server1).


Que se les ocurre?

Actualmente para poder continuar tuve que sacarle al Linux la validacion
de pass via Win2003. Cada user puede loguearse al server1 pero nada màs.

Emiliano, desde ya muchas gracias por la ayuda.

Ya habia verificado que el Netlogon este ejecutandose.
Asimismo està levantads el servicio de DNS pero cuando habia intentado ver
los eventos de error en el event viewer me tira un error de que no puedo ver
los eventos porque no tengo permiso. Esto me sucede tanto desde el servidor
mismo como un event viewer remoto.
Tengo miedo que haya muerto por completo el dominio.

Cuando quiero meter una PC nueva al dominio, con una cuenta de equipo no
ingresada hasta el momento, no me deja hacerlo y de hecho me dice que no se
encuentra el dominio solicitado.

En un rato te copio el DCDiag a un TXT y si me lo permitis te lo reenvio por
aca para que veas que dice.


"Emiliano G. Estevez" escribió en el mensaje
news:

Verifica que el servicio de netlogon este ejecutandose, y verifica el
event viewer por mayor informacion, verifica que el servicio de dns se
este ejecutando correctamente, usando el dcdiag te deberia dar informacion
adicional sobre que problemas estas teniendo en tu DC.

Saludos,

Emiliano G. Estevez
MVP Windows Server - Management Infrastructure
MCT/MCSA+M+S/MCSE+M/UCSE/CRS
Algeiba S.A.

NOTA. Por favor, las preguntas y comentarios en los grupos, así nos
beneficiamos todos.

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y
no
otorga ningún derecho. Ud. asume los riesgos.

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use.

"eLcHiNoTe" wrote in message
news:

Tengo un dominio en Win2003, modo mixto 2000.
De un momento a otro, las 130 PCs que tengo en el dominio, apuntando al
servidor SERVER1 (Win2003 con Ac.Directory), dejaron de tener acceso a
SERVER1. Si pingueo a SERVER1 (192.168.0.4) resuelve ping pero no accedo
por UNC. Por tal motivo no veo el NETLOGON ni el SYSVOL ya que no accedo
por UNC.
Por lo tanto, no me ejecuta el EXE que tengo en cada User como
LogonScript para que asigne unidades y cree impresoras.

Realice un DCDIAG, NETDIAG y tuve que realizar un NETDOM ya que me
aparecia en Domains and Sites que no tenia un RID, Infrastructure, PDC.
Me daba ERROR, lo volvi a setear el server SERVER1 pero sigue todo igual.

El problema se complica sumado a que tengo unos Linux con Samba
autenticando contraseñas en ese Server 1 Win2003 y no lo realiza ya que
no puede verificarla.
Al mismo tiempo, todos los otros servers (sql, wsus, remote access) no
tengo acceso por nombre. Verifique DNS y los chequeos dan ok, resuelve
por nombre (desde el Server1).


Que se les ocurre?

Actualmente para poder continuar tuve que sacarle al Linux la validacion
de pass via Win2003. Cada user puede loguearse al server1 pero nada màs.

Adjunto info del DcDiag, NetDiag, NTDSutil y Netdom

Swad2 es mi server DC Principal. Swad3 es uno de backup que conecté tras el
error.

Desde ya muchas gracias a todos!!


-

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Nombre-predeterminado-primer-sitio\SWAD2
Starting test: Connectivity
. SWAD2 passed test Connectivity

Doing primary tests

Testing server: Nombre-predeterminado-primer-sitio\SWAD2
Starting test: Replications
[Replications Check,SWAD2] A recent replication attempt failed:
From SWAD3 to SWAD2
Naming Context: DC=ForestDnsZones,DC=aph,DC=com
The replication generated an error (1256):
The remote system is not available. For information about
network troubleshooting, see Windows Help.
The failure occurred at 2006-07-02 17:55:57.
The last success occurred at 2006-06-29 12:24:12.
78 failures have occurred since the last success.
[SWAD3] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,SWAD2] A recent replication attempt failed:
From SWAD3 to SWAD2
Naming Context: DC=DomainDnsZones,DC=aph,DC=com
The replication generated an error (1256):
The remote system is not available. For information about
network troubleshooting, see Windows Help.
The failure occurred at 2006-07-02 17:55:57.
The last success occurred at 2006-06-29 09:04:01.
79 failures have occurred since the last success.
[Replications Check,SWAD2] A recent replication attempt failed:
From SWAD3 to SWAD2
Naming Context: CN=Schema,CN=Configuration,DC=aph,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2006-07-02 17:56:39.
The last success occurred at 2006-06-29 08:59:12.
79 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,SWAD2] A recent replication attempt failed:
From SWAD3 to SWAD2
Naming Context: CN=Configuration,DC=aph,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2006-07-02 17:56:18.
The last success occurred at 2006-06-29 12:20:42.
78 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,SWAD2] A recent replication attempt failed:
From SWAD3 to SWAD2
Naming Context: DC=aph,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2006-07-02 17:55:57.
The last success occurred at 2006-06-29 12:27:17.
78 failures have occurred since the last success.
The source remains down. Please check the machine.
REPLICATION-RECEIVED LATENCY WARNING
SWAD2: Current time is 2006-07-02 18:35:04.
DC=ForestDnsZones,DC=aph,DC=com
Last replication recieved from SWAD3 at 2006-06-29 12:24:12.
DC=DomainDnsZones,DC=aph,DC=com
Last replication recieved from SWAD3 at 2006-06-29 09:04:01.
CN=Schema,CN=Configuration,DC=aph,DC=com
Last replication recieved from SWAD3 at 2006-06-29 08:59:12.
CN=Configuration,DC=aph,DC=com
Last replication recieved from SWAD3 at 2006-06-29 12:20:42.
DC=aph,DC=com
Last replication recieved from SWAD3 at 2006-06-29 12:27:17.
. SWAD2 passed test Replications
Starting test: NCSecDesc
. SWAD2 passed test NCSecDesc
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
* from network" right.
[SWAD2] An net use or LsaPolicy operation failed with error 1,
Incorrect function..
. SWAD2 failed test NetLogons
Starting test: Advertising
. SWAD2 passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: SWAD3 is the Schema Owner, but is not responding to DS RPC
Bind.
[SWAD3] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: SWAD3 is the Schema Owner, but is not responding to LDAP
Bind.
. SWAD2 failed test KnowsOfRoleHolders
Starting test: RidManager
. SWAD2 passed test RidManager
Starting test: MachineAccount
. SWAD2 passed test MachineAccount
Starting test: Services
. SWAD2 passed test Services
Starting test: ObjectsReplicated
. SWAD2 passed test ObjectsReplicated
Starting test: frssysvol
. SWAD2 passed test frssysvol
Starting test: frsevent
Error 5 opening FRS eventlog \\SWAD2:File Replication Service:
Access is denied.
. SWAD2 failed test frsevent
Starting test: kccevent
Error 5 opening FRS eventlog \\SWAD2:Directory Service:
Access is denied.
Failed to enumerate event log records, error Access is denied.
. SWAD2 failed test kccevent
Starting test: systemlog
Error 5 opening FRS eventlog \\SWAD2:System:
Access is denied.
Failed to enumerate event log records, error Access is denied.
. SWAD2 failed test systemlog
Starting test: VerifyReferences
. SWAD2 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
. ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
. ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
. DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
. DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
. Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
. Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
. Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
. Configuration passed test CheckSDRefDom

Running partition tests on : aph
Starting test: CrossRefValidation
. aph passed test CrossRefValidation
Starting test: CheckSDRefDom
. aph passed test CheckSDRefDom

Running enterprise tests on : aph.com
Starting test: Intersite
. aph.com passed test Intersite
Starting test: FsmoCheck
. aph.com passed test FsmoCheck












C:\Program Files\Support Tools>netdom query /domain:alvear fsmo
Schema owner swad3.aph.com

Domain role owner swad2.aph.com

PDC role swad2.aph.com

RID pool manager swad2.aph.com

Infrastructure owner swad2.aph.com

The command completed successfully.


C:\Program Files\Support Tools>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server swad2
Binding to swad2 ...
Connected to swad2 using credentials of locally logged on user.
server connections: q
fsmo maintenance: select operation target
select operation target: list roles for connected server
Server "swad2" knows about 5 roles
Schema - CN=NTDS
Settings,CN=SWAD3,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
Domain - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
PDC - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
RID - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
Infrastructure - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=aph,DC=com
select operation target: q
fsmo maintenance: q
ntdsutil: q
Disconnecting from swad2...




C:\Program Files\Support Tools>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server swad2
Binding to swad2 ...
Connected to swad2 using credentials of locally logged on user.
server connections: q
fsmo maintenance: seize domain naming master
Attempting safe transfer of domain naming FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "swad2" knows about 5 roles
Schema - CN=NTDS
Settings,CN=SWAD3,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
Domain - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
PDC - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
RID - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
Infrastructure - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-p
rimer-sitio,CN=Sites,CN=Configuration,DC=aph,DC=com
fsmo maintenance:



fsmo maintenance: seize infrastructure master
Attempting safe transfer of infrastructure FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "swad2" knows about 5 roles
Schema - CN=NTDS
Settings,CN=SWAD3,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
Domain - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
PDC - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
RID - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
Infrastructure - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-p
rimer-sitio,CN=Sites,CN=Configuration,DC=aph,DC=com
fsmo maintenance:



fsmo maintenance: seize PDC
Attempting safe transfer of PDC FSMO before seizure.
FSMO transferred successfully - seizure not required.
Server "swad2" knows about 5 roles
Schema - CN=NTDS
Settings,CN=SWAD3,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
Domain - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-si
tio,CN=Sites,CN=Configuration,DC=aph,DC=com
PDC - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
RID - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-primer-sitio
,CN=Sites,CN=Configuration,DC=aph,DC=com
Infrastructure - CN=NTDS
Settings,CN=SWAD2,CN=Servers,CN=Nombre-predeterminado-p
rimer-sitio,CN=Sites,CN=Configuration,DC=aph,DC=com
fsmo maintenance:



fsmo maintenance: seize RID master
The Selected Server is already the RID role owner
fsmo maintenance:



fsmo maintenance: seize schema master
Attempting safe transfer of schema FSMO before seizure.
ldap_modify_sW error 0x32(50 (Insufficient Rights).
Ldap extended error message is 00002098: SecErr: DSID-03151D7D, problem 4003
(IN
SUFF_ACCESS_RIGHTS), data 0

Win32 error returned is 0x2098(Insufficient access rights to perform the
operati
on.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of schema FSMO failed, proceeding with seizure ...
ldap_modify of SD failed with 0x32(50 (Insufficient Rights).
Ldap extended error message is 00000005: SecErr: DSID-03151E04, problem 4003
(IN
SUFF_ACCESS_RIGHTS), data 0

Win32 error returned is 0x5(Access is denied.)
)
fsmo maintenance: