Saturday, May 23, 2009

Preeti Jhangiani - HQ Wallpapers


Preeti Jhangiani - HQ Wallpapers







Preeti Jhangani Biography

Preeti Jhangani (born 18 August 1980 in Mangalore, Karnataka) is an Indian actress and model. She is fluent in Sindhi, Hindi, Telugu, English. She is cusp-born (Leo/Virgo) and stands 5'5" in height. She studied in Jai Hind College, Mumbai where her older sister Deepa studied as well. Her mother is the vice-principal of the junior college section of Jai Hind College.

Preeti first appeared in a Rajshri Music Video 'Chui Mui' opposite Abbas, this made them as well as the Koala bear symbol - famous. Thereafter she has appeared in Nirma Sandal soap ads. Her first film was in Malayalam which was called Mazhavillu. She made her Bollywood debut in 2000 with Mohabbatein. The film starred Amitabh Bachchan, Shahrukh Khan, Aishwarya Rai and Jugal Hansraj as well as four other debutantes (Uday Chopra, Shamita Shetty, Kim Sharma and Jimmy Shergill). The film was a huge hit and started her film career. Her next hit was the comedy Awara Paagal Deewana,

She married actor Parvin Dabas on March 23rd, 2008. She lives in Bandra, Mumbai.

Preeti Jhangiani - HQ Wallpapers


Preeti Jhangiani - HQ Wallpapers







Preeti Jhangani Biography

Preeti Jhangani (born 18 August 1980 in Mangalore, Karnataka) is an Indian actress and model. She is fluent in Sindhi, Hindi, Telugu, English. She is cusp-born (Leo/Virgo) and stands 5'5" in height. She studied in Jai Hind College, Mumbai where her older sister Deepa studied as well. Her mother is the vice-principal of the junior college section of Jai Hind College.

Preeti first appeared in a Rajshri Music Video 'Chui Mui' opposite Abbas, this made them as well as the Koala bear symbol - famous. Thereafter she has appeared in Nirma Sandal soap ads. Her first film was in Malayalam which was called Mazhavillu. She made her Bollywood debut in 2000 with Mohabbatein. The film starred Amitabh Bachchan, Shahrukh Khan, Aishwarya Rai and Jugal Hansraj as well as four other debutantes (Uday Chopra, Shamita Shetty, Kim Sharma and Jimmy Shergill). The film was a huge hit and started her film career. Her next hit was the comedy Awara Paagal Deewana,

She married actor Parvin Dabas on March 23rd, 2008. She lives in Bandra, Mumbai.

Friday, May 22, 2009

Event ID 1481 NTDS General : Internal error: The operation on the object failed.

Event ID 1481 NTDS General : Internal error: The operation on the object failed.
 
Event ID : 1481
Event Category : Internal Processing
Event Source : NTDS General
Type : Error
Date date
Time time
Computer ComputerName
Description: Internal error: The operation on the object failed.
 
Additional Data
Error value: 1 00002083: AtrErr: DSID-031510B7, #1: 0: 00002083: DSID-031510B7, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 90121 (printMediaReady)
 
You may experience this issue if you install a Windows Server 2003-based domain controller into an existing domain that contains Windows Server 2008-based domain controllers and Microsoft Windows 2000 Server Service Pack 4 (SP4)-based domain controllers. See 947020 for information on solving this problem.
 
This problem can occur because Security Accounts Manager (SAM) cannot use the configured global catalog server if the Windows Server 2003-based computer is also a global catalog server. See 923354 for a hotfix applicable to Microsoft Windows Server 2003.
 
This event can occur when you run an LDAP script that queries for Active Directory information after you bind to a Windows Server 2003-based domain controller because of a memory issue. See 934407 for a hotfix applicable to Microsoft Windows Server 2003.

See 832851 and the link to "EventID 1481 from source Active Directory" for information on this event.

Event ID 1173 NTDS KCC : Internal event: Active Directory has encountered the following exception and associated parameters.

Event ID 1173 NTDS KCC : Internal event: Active Directory has encountered the following exception and associated parameters.
 
Event ID : 1173
Event Category : Internal Processing
Event Source : NTDS General
Type : Warning
Date date
Time time
Computer ComputerName
Description: Internal event: Active Directory has encountered the following exception and associated parameters.
 
Exception:
e0010002
 
Parameter:
2083
 
As per Microsoft: "An LDAP version 2 client that performs a search that generates two or more referrals may cause the domain controller on which the search is running to stop responding (hang). The occurrence of the domain controller hanging is random. This is because it depends on the actual size of the buffer that is allocated for the referrals and the size of the referrals". See M324184 for a hotfix applicable to Microsoft Windows 2000 Server.
 
This event can occur when you run an LDAP script that queries for Active Directory information after you bind to a Windows Server 2003-based domain controller because of a memory issue. See 934407 for a hotfix applicable to Microsoft Windows Server 2003.
 
See M943576 and M948925 for hotfixes applicable to Microsoft Windows Server 2003.
 
You may experience this issue if you install a Windows Server 2003-based domain controller into an existing domain that contains Windows Server 2008-based domain controllers and Microsoft Windows 2000 Server Service Pack 4 (SP4)-based domain controllers. See 947020 for information on solving this problem.
 
See 914036 and the link to "EventID 1173 from source Active Directory" for additional information on this event.

As per Microsoft: "This problem may occur if you have installed Windows 2000 Service Pack 4". See 824226 to find out how to fix this problem. Also check 265090, 279093, 289612, 306091, 825952, 832851 and the link to Error code 0xC0000005 for more information about this event.
 
According to Microsoft, this issue may occur when destination domain controllers that are performing remote procedure call (RPC)-based replication do not receive replication changes from a source domain controller within the time that the RPC Replication Timeout (mins) registry setting specifies. See M830746 for information on what causes this problem and how to fix it.
 
See 834926 for a hotfix applicable to Microsoft Windows Server 2003.

828297 replaces 824226.
 
Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
 
To resolve this problem, modify Active Directory to remove the affected attribute data. To do this, follow these steps.
 
Important There are no known Microsoft programs that write these types of entries in Active Directory. The following steps describe a general procedure to remove the third-party attribute data. If you remove this attribute data, the related third-party program may stop working. For more information about how to remove a particular third-party attribute from Active Directory, or for specific instructions about how to remove the settings, contact the program vendor.

Thursday, May 21, 2009

Event ID 1311NTDS KCC : The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.

Event ID 1311NTDS KCC : The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
 
Event Type:Error
Event Source:NTDS KCC
Event Category:Knowledge Consistency Checker
Event ID:1311
Date:3/9/2005
Time:6:39:58 PM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
The Knowledge Consistency Checker (KCC) has detected problems with
the following directory partition.
 
Directory partition:
CN=Configuration,DC=contoso,DC=com
 
There is insufficient site connectivity information in Active Directory
Sites and Services for the KCC to create a spanning tree replication
topology. Or, one or more domain controllers with this directory
partition are unable to replicate the directory partition information.
This is probably due to inaccessible domain controllers.
 
User Action :

Use Active Directory Sites and Services to perform one of the
following actions:
- Publish sufficient site connectivity information so that the
KCC can determine a route by which this directory partition can
reach this site. This is the preferred option.
- Add a Connection object to a domain controller that contains
the directory partition in this site from a domain controller
that contains the same directory partition in another site.
 
If neither of the Active Directory Sites and Services tasks correct
this condition, see previous events logged by the KCC that identify
the inaccessible domain controllers.
 
Cause :

This problem can have the following causes:
 
Site link bridging is enabled on a network that does not support physical network connectivity between two domain controllers in different sites that are connected by a site link.
 
Bridge all site links is enabled in Active Directory Sites and Services, but the network does not allow network connectivity between any two domain controllers in the forest.
 
One or more sites are not contained in a site link.
 
Site links contain all sites, but the site links are not interconnected. This condition is known as disjointed site links.
 
One or more domain controllers are offline.
 
Bridgehead domain controllers are online, but errors occur when they try to replicate a required directory partition between Active Directory sites.
 
Administrator-defined preferred bridgehead servers are online, but they do not host the required directory partition. The most common misconfiguration is to define non–global catalog servers as bridgehead servers.
 
Preferred bridgeheads are defined correctly by the administrator, but they are currently offline.
 
The bridgehead server is overloaded because the server is undersized, too many branch sites are trying to replicate changes from the same hub domain controller, or the replication schedules on site links or connection objects are too frequent.
 
The Knowledge Consistency Checker (KCC) has built an alternate path around an intersite connection failure, but it continues to retry the failing connection every 15 minutes.
 
Solution:
 
Identify the scope of the problem.
 
Check site link bridging.
 
Determine whether the network is fully routed.
 
Verify that all sites are connected.
 
Check preferred bridgehead servers.
 
To locate the ISTG role holders for all sites
Click Start, click Run, type Ldp, and then click OK.
 
On the Connection menu, click Connect.
 
In the Connect dialog box, leave the Server box empty.
 
In Port, type 389, and then click OK.
 
On the Connection menu, click Bind.
 
In the Bind dialog box, provide Enterprise Admins credentials. Click Domain if it is not already selected.
 
In Domain, type the name of the forest root domain, and then click OK.
 
On the Browse menu, click Search.
 
In Base dn, type:
 
CN=Sites,CN=Configuration,DC=Forest_Root_Domain
 
In Filter, type:
 
(CN=NTDS Site Settings)
 
For Scope, click Subtree.
 
Click Options, and in the Attributes box, scroll to the end of the list, type:
 
interSiteTopologyGenerator
 
and then click OK.
 
In the Search dialog box, click Run.
 
Review the interSiteTopologyGenerator entries in the output, and make a note of the domain controller names.

This event sometimes may be logged along with event id 1988 which identifies "lingering objects" on one or more DCs. In our case, replication wasn''t occurring as a result of the lingering object and after removing the lingering object the replication problems were gone.
 
I was receiving this event followed by EventID 1312 from source NTDS KCC. The Intersite Messaging service was disabled on one of my domain controllers. Enabling and starting this service cleared up the issue.

Our environment was a mixed one, with 2k and 2k3 DCs. We installed 913446 on the Win2k3 DCs and 893066 on the Win2k DCs. Then, we added the following DWORD values under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters:
Value name:  EnablePMTUBHDetect
Value:  1
 
Value name:  MTU
Value:  1360
 
After a reboot, the problem was solved.

In my case, I had to modify the ISTG (Inter-Site Topology Generator) role in Active Directory. The ISTG role was not hold by the bridge-head server. After assigning it to the bridge-head server, the problem was gone. In the Microsoft knowledgebase there is an article concerning ISTG (224815).

This problem can have multiple causes. See the link to "Fixing replication topology problems" for troubleshooting.
 
Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here!

In my case, the problem was caused by hotfix 893066. Uninstalling the hotfix fixed the problem for me.

This event sometime occurs in an environment with large number of sites and domain controllers when connectivity to one or more sites is lost. ISTG tries to reach that site through alternate routes available and creates new connections for this purpose. By design in Windows 2003, these connections should be deleted automatically when original connectivity is restored, but in Windows 2000 these links are not deleted. You have to go to NTDS Settings of all the servers in affected site and delete all connections, and initiate "Check Replication Topology". ISTG will create all the links from scratch for all of these servers and problem will disappear.
 
In our case, this error came up after we deleted a server from Active Directory. When you open up Active Directory Sites and Services, look for the server that may have been deleted. If it is still in the site, and you are SURE it was taken out of AD via DCPROMO, go ahead and delete it. The errors will clear up shortly thereafter.

See the link to "Upgrading Windows NT 4.0 Domains to Windows Server 2003" for information on this problem.

In our case, every weekend a domain controller in a branch office had to be shut down (for maintenance on a temporary electricity generator). As soon as it went down the event logs on other DCs started filling up with these events. Once the DC was back online, everything went back to normal.
 
From a newsgroup post: "In certain rare conditions, the error will appear erroneously. This is more typical in environments with large numbers of sites, domain controllers, and domains. The steps from 214745 will very likely resolve the issue. If all steps from the article have been exhausted but the error still appears, you can open a free MS support case to obtain the fix referenced in 819249".
 
See the link to "EventID 1311 from source Active Directory" for additional information on this event.
 
I have also found that if the time on the servers has become out of sync (by 5 minutes either way) this error will appear. I had this issue and found that my domain controllers were out of sync. Changed the times and the errors went away.
 
307593 provides an approach in troubleshooting Event ID 1311 Messages on a Windows 2000 Domain.
 
There is also now a hotfix available for one instance of this problem. See 819249.

This behavior can occur if the Knowledge Consistency Checker (KCC) has determined that a site has been orphaned from the replication topology. See 214745, 244368 and 271997 for troubleshooting.
 
 

Tuesday, May 12, 2009

Event ID 2088 NTDS Replication : DNS lookup failure occurred with replication success.

 
----- Original Message -----
Sent: Wednesday, May 13, 2009 4:32 AM
Subject: Event ID 1925 NTDS Replication : Attempt to establish a replication link failed due to DNS lookup problem.

Event ID 2088: DNS lookup failure occurred with replication success.
 
Event Type:Warning
Event Source:NTDS Replication
Event Category:DS RPC Client
Event ID:2088
Date:3/21/2005
Time:2:29:34 PM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
Active Directory could not use DNS to resolve the IP address of the
source domain controller listed below. To maintain the consistency
of Security groups, group policy, users and computers and their passwords,
Active Directory successfully replicated using the NetBIOS or fully
qualified computer name of the source domain controller.
 
Invalid DNS configuration may be affecting other essential operations on
member computers, domain controllers or application servers in this
Active Directory forest, including logon authentication or access to network
resources.
 
You should immediately resolve this DNS configuration error so that
this domain controller can resolve the IP address of the source
domain controller using DNS.
 
Alternate server name:
dc1
Failing DNS host name:
4a8717eb-8e58-456c-995a-c92e4add7e8e._msdcs.contoso.com
 
NOTE: By default, only up to 10 DNS failures are shown for any given
12 hour period, even if more than 10 failures occur.  To log all
individual failure events, set the following diagnostics registry
value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
1) If the source domain controller is no longer functioning or its
operating system has been reinstalled with a different computer
name or NTDSDSA object GUID, remove the source domain controller's
metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
2) Confirm that the source domain controller is running Active Directory
and is accessible on the network by typing "net view
\\<source DC name>"
or "ping <source DC name>".
 
3) Verify that the source domain controller is using a valid DNS server
for DNS services, and that the source domain controller's host record
and CNAME record are correctly registered, using the DNS Enhanced
version of DCDIAG.EXE available on
http://www.microsoft.com/dns
 
dcdiag /test:dns
 
4) Verify that that this destination domain controller is using a
valid DNS server for DNS services, by running the DNS Enhanced
version of DCDIAG.EXE command on the console of the destination
domain controller, as follows:
 
dcdiag /test:dns
 
5) For further analysis of DNS error failures see KB 824449
 

Cause:
 
Failure to resolve the current CNAME resource record of the source domain controller to an IP address can have the following causes:
 
The source domain controller is powered off, is offline, or resides on an isolated network, and Active Directory and Domain Name System (DNS) data for the offline domain controller has not been deleted to indicate that the domain controller is inaccessible.
 
One of the following conditions exists:
 
The source domain controller has not registered its resource records in DNS.
 
The destination domain controller is configured to use an invalid DNS server.
 
The source domain controller is configured to use an invalid DNS server.
 
The DNS server that is used by the source domain controller does not host the correct zones or the zones are not configured to accept dynamic updates.
 
The direct DNS servers that are queried by the destination domain controller cannot resolve the IP address of the source domain controller as a result of nonexistent or invalid forwarders or delegations.
 
Active Directory has been removed on the source domain controller and then reinstalled with the same IP address, but knowledge of the new NTDS Settings GUID has not reached the destination domain controller.
 
Active Directory has been removed on the source domain controller and then reinstalled with a different IP address, but the current host address (A) resource record for the IP address of the source domain controller is either not registered or does not exist on the DNS servers that are queried by the destination domain controller as a result of replication latency or replication error.
 
The operating system of the source domain controller has been reinstalled with a different computer name, but its metadata either has not been removed or has been removed and not yet inbound-replicated by the destination domain controller.
 
Solution:
 
First, determine whether the source domain controller is functioning. If the source domain controller is not functioning, remove its remaining metadata from Active Directory.
 
If the source domain controller is functioning, continue with procedures to diagnose and solve the DNS problem, as needed:
 
Use Dcdiag to diagnose DNS problems.
 
Register DNS SRV resource records plus host records.
 
Synchronize replication between the source and destination domain controllers.
 
Verify consistency of the NTDS Settings GUID.
 
Determine Whether a Domain Controller Is Functioning
To determine whether the source domain controller is functioning, use the following test.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Domain Users group in the domain of the domain controller.
 
Tools: Net view
 
To determine whether a domain controller is functioning
To confirm that the domain controller is running Active Directory and is accessible on the network, at a command prompt type the following command, and then press ENTER:
 
 
where SourceDomainControllerName is the NetBIOS name of the domain controller.
 
This command displays the Netlogon and SYSVOL shares, indicating that the server is functioning as a domain controller. If this test shows that the domain controller is not functioning on the network, determine the nature of the disconnection and whether the domain controller can be recovered or whether its metadata must be removed from Active Directory manually. If the domain controller is not functioning and cannot be restored, use the procedure in the following section, "Clean Up Domain Controller Metadata," to delete the data from Active Directory that is associated with that server.
 
Clean Up Domain Controller Metadata
If tests show that the domain controller is no longer functioning but you still see objects representing the domain controller in Active Directory Sites and Services, replication will continue to be attempted, and you must remove these objects from Active Directory manually. You must use Ntdsutil to clean up (delete) the metadata for the defunct domain controller.
 
If the defunct domain controller is the last domain controller in the domain, you should also remove the metadata for the domain. Allow sufficient time for all global catalog servers in the forest to inbound-replicate the domain deletion before promoting a new domain with the same name.
 
The process for cleaning up metadata is improved in the version of Ntdsutil that is included with Windows Server 2003 SP1. Instructions for cleaning up metadata with the Windows Server 2003 version of Ntdsutil and the Windows Server 2003 SP1 version of Ntdsutil are provided in the following procedure.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Enterprise Admins group.
 
Tools: Ntdsutil (System32 command-line tool)
 
To clean up server metadata
Open a Command Prompt.
 
Type the following command, and then press ENTER:
 
ntdsutil
 
At the ntdsutil: command prompt, type the following command, and then press ENTER:
 
metadata cleanup
 
Perform metadata cleanup as follows:
 
If you are performing server metadata cleanup only and you are using the version of Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: command prompt, type the following, and then press ENTER:
remove selected server ServerName
Or
remove selected server ServerName1onServerName2
 

Value  Description 
ServerName, ServerName1
 The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain
 
ServerName2
 The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata
 
 
If you are performing metadata cleanup by using the version of Ntdsutil.exe that is included with Windows Server 2003 with no service pack, or if you are performing both domain metadata cleanup and server metadata cleanup, perform metadata cleanup as follows:
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
connection
 
At the server connections: command prompt, type the following command, and then press ENTER:
connect to server Server
 
At the connection: command prompt, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
select operation target
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list sites
 
A numbered list of sites appears. Type the following command, and then press ENTER:
select site SiteNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list domains in site
 
A numbered list of domains in the selected site appears. Type the following command, and then press ENTER:
select domain DomainNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list servers in site
 
A numbered list of servers in a domain and site is displayed. Type the following command, and then press ENTER:
select server ServerNumber
 
At the select operation target: command, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command, type the following command, and then press ENTER:
remove selected server
 
If the server whose metadata you have removed is the last domain controller in the domain and you want to remove the domain metadata, at the metadata cleanup: command prompt, type the following command, and then press ENTER:
remove selected domain
Metadata for the domain that you selected in step h is removed.
 
At the metadata cleanup: and ntdsutil: command prompts, type quit, and then press ENTER.
 

 

Event ID 1925 NTDS Replication : Attempt to establish a replication link failed due to DNS lookup problem.

Event ID 1925: Attempt to establish a replication link failed due to DNS lookup problem.
 
Event Type:Warning
Event Source:NTDS Replication
Event Category:DS RPC Client
Event ID:2088
Date:3/21/2005
Time:2:29:34 PM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
Active Directory could not use DNS to resolve the IP address of the
source domain controller listed below. To maintain the consistency
of Security groups, group policy, users and computers and their passwords,
Active Directory successfully replicated using the NetBIOS or fully
qualified computer name of the source domain controller.
 
Invalid DNS configuration may be affecting other essential operations on
member computers, domain controllers or application servers in this
Active Directory forest, including logon authentication or access to network
resources.
 
You should immediately resolve this DNS configuration error so that
this domain controller can resolve the IP address of the source
domain controller using DNS.
 
Alternate server name:
dc1
Failing DNS host name:
4a8717eb-8e58-456c-995a-c92e4add7e8e._msdcs.contoso.com
 
NOTE: By default, only up to 10 DNS failures are shown for any given
12 hour period, even if more than 10 failures occur.  To log all
individual failure events, set the following diagnostics registry
value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
1) If the source domain controller is no longer functioning or its
operating system has been reinstalled with a different computer
name or NTDSDSA object GUID, remove the source domain controller's
metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
2) Confirm that the source domain controller is running Active Directory
and is accessible on the network by typing "net view
\\<source DC name>"
or "ping <source DC name>".
 
3) Verify that the source domain controller is using a valid DNS server
for DNS services, and that the source domain controller's host record
and CNAME record are correctly registered, using the DNS Enhanced
version of DCDIAG.EXE available on
http://www.microsoft.com/dns
 
dcdiag /test:dns
 
4) Verify that that this destination domain controller is using a
valid DNS server for DNS services, by running the DNS Enhanced
version of DCDIAG.EXE command on the console of the destination
domain controller, as follows:
 
dcdiag /test:dns
 
5) For further analysis of DNS error failures see KB 824449
 

Cause:
 
Failure to resolve the current CNAME resource record of the source domain controller to an IP address can have the following causes:
 
The source domain controller is powered off, is offline, or resides on an isolated network, and Active Directory and Domain Name System (DNS) data for the offline domain controller has not been deleted to indicate that the domain controller is inaccessible.
 
One of the following conditions exists:
 
The source domain controller has not registered its resource records in DNS.
 
The destination domain controller is configured to use an invalid DNS server.
 
The source domain controller is configured to use an invalid DNS server.
 
The DNS server that is used by the source domain controller does not host the correct zones or the zones are not configured to accept dynamic updates.
 
The direct DNS servers that are queried by the destination domain controller cannot resolve the IP address of the source domain controller as a result of nonexistent or invalid forwarders or delegations.
 
Active Directory has been removed on the source domain controller and then reinstalled with the same IP address, but knowledge of the new NTDS Settings GUID has not reached the destination domain controller.
 
Active Directory has been removed on the source domain controller and then reinstalled with a different IP address, but the current host address (A) resource record for the IP address of the source domain controller is either not registered or does not exist on the DNS servers that are queried by the destination domain controller as a result of replication latency or replication error.
 
The operating system of the source domain controller has been reinstalled with a different computer name, but its metadata either has not been removed or has been removed and not yet inbound-replicated by the destination domain controller.
 
Solution:
 
First, determine whether the source domain controller is functioning. If the source domain controller is not functioning, remove its remaining metadata from Active Directory.
 
If the source domain controller is functioning, continue with procedures to diagnose and solve the DNS problem, as needed:
 
Use Dcdiag to diagnose DNS problems.
 
Register DNS SRV resource records plus host records.
 
Synchronize replication between the source and destination domain controllers.
 
Verify consistency of the NTDS Settings GUID.
 
Determine Whether a Domain Controller Is Functioning
To determine whether the source domain controller is functioning, use the following test.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Domain Users group in the domain of the domain controller.
 
Tools: Net view
 
To determine whether a domain controller is functioning
To confirm that the domain controller is running Active Directory and is accessible on the network, at a command prompt type the following command, and then press ENTER:
 
 
where SourceDomainControllerName is the NetBIOS name of the domain controller.
 
This command displays the Netlogon and SYSVOL shares, indicating that the server is functioning as a domain controller. If this test shows that the domain controller is not functioning on the network, determine the nature of the disconnection and whether the domain controller can be recovered or whether its metadata must be removed from Active Directory manually. If the domain controller is not functioning and cannot be restored, use the procedure in the following section, "Clean Up Domain Controller Metadata," to delete the data from Active Directory that is associated with that server.
 
Clean Up Domain Controller Metadata
If tests show that the domain controller is no longer functioning but you still see objects representing the domain controller in Active Directory Sites and Services, replication will continue to be attempted, and you must remove these objects from Active Directory manually. You must use Ntdsutil to clean up (delete) the metadata for the defunct domain controller.
 
If the defunct domain controller is the last domain controller in the domain, you should also remove the metadata for the domain. Allow sufficient time for all global catalog servers in the forest to inbound-replicate the domain deletion before promoting a new domain with the same name.
 
The process for cleaning up metadata is improved in the version of Ntdsutil that is included with Windows Server 2003 SP1. Instructions for cleaning up metadata with the Windows Server 2003 version of Ntdsutil and the Windows Server 2003 SP1 version of Ntdsutil are provided in the following procedure.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Enterprise Admins group.
 
Tools: Ntdsutil (System32 command-line tool)
 
To clean up server metadata
Open a Command Prompt.
 
Type the following command, and then press ENTER:
 
ntdsutil
 
At the ntdsutil: command prompt, type the following command, and then press ENTER:
 
metadata cleanup
 
Perform metadata cleanup as follows:
 
If you are performing server metadata cleanup only and you are using the version of Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: command prompt, type the following, and then press ENTER:
remove selected server ServerName
Or
remove selected server ServerName1onServerName2
 
 
Value  Description 
ServerName, ServerName1
 The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain
 
ServerName2
 The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata
 
 
If you are performing metadata cleanup by using the version of Ntdsutil.exe that is included with Windows Server 2003 with no service pack, or if you are performing both domain metadata cleanup and server metadata cleanup, perform metadata cleanup as follows:
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
connection
 
At the server connections: command prompt, type the following command, and then press ENTER:
connect to server Server
 
At the connection: command prompt, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
select operation target
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list sites
 
A numbered list of sites appears. Type the following command, and then press ENTER:
select site SiteNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list domains in site
 
A numbered list of domains in the selected site appears. Type the following command, and then press ENTER:
select domain DomainNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list servers in site
 
A numbered list of servers in a domain and site is displayed. Type the following command, and then press ENTER:
select server ServerNumber
 
At the select operation target: command, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command, type the following command, and then press ENTER:
remove selected server
 
If the server whose metadata you have removed is the last domain controller in the domain and you want to remove the domain metadata, at the metadata cleanup: command prompt, type the following command, and then press ENTER:
remove selected domain
Metadata for the domain that you selected in step h is removed.
 
At the metadata cleanup: and ntdsutil: command prompts, type quit, and then press ENTER.
 

 

Event ID 1925 NTDS KCC: Attempt to establish a replication link failed due to DNS lookup problem.

Event ID 1925: Attempt to establish a replication link failed due to DNS lookup problem.
 
Event Type:Warning
Event Source:NTDS KCC
Event Category:Knowledge Consistency Checker
Event ID:1925
Date:3/24/2005
Time:9:15:46 AM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
The attempt to establish a replication link for the following
writable directory partition failed.
 
Directory partition:
CN=Configuration,DC=contoso,DC=com
Source domain controller:
CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=contoso,DC=com
Source domain controller address:
f8786828-ecf5-4b7d-ad12-8ab60178f7cd._msdcs.contoso.com
Intersite transport (if any):
 
This domain controller will be unable to replicate with the
source domain controller until this problem is corrected. 
 
User Action
Verify if the source domain controller is accessible or
network connectivity is available.
 

Cause:

Failure to resolve the current CNAME resource record of the source domain controller to an IP address can have the following causes:
 
The source domain controller is powered off, is offline, or resides on an isolated network, and Active Directory and Domain Name System (DNS) data for the offline domain controller has not been deleted to indicate that the domain controller is inaccessible.
 
One of the following conditions exists:
 
The source domain controller has not registered its resource records in DNS.
 
The destination domain controller is configured to use an invalid DNS server.
 
The source domain controller is configured to use an invalid DNS server.
 
The DNS server that is used by the source domain controller does not host the correct zones or the zones are not configured to accept dynamic updates.
 
The direct DNS servers that are queried by the destination domain controller cannot resolve the IP address of the source domain controller as a result of nonexistent or invalid forwarders or delegations.
 
Active Directory has been removed on the source domain controller and then reinstalled with the same IP address, but knowledge of the new NTDS Settings GUID has not reached the destination domain controller.
 
Active Directory has been removed on the source domain controller and then reinstalled with a different IP address, but the current host address (A) resource record for the IP address of the source domain controller is either not registered or does not exist on the DNS servers that are queried by the destination domain controller as a result of replication latency or replication error.
 
The operating system of the source domain controller has been reinstalled with a different computer name, but its metadata either has not been removed or has been removed and not yet inbound-replicated by the destination domain controller.
 
Solution:
 
Use Dcdiag to Diagnose DNS Problems
If the domain controller is functioning online, continue by using Dcdiag to diagnose and fix DNS problems that might be interfering with Active Directory replication.
 
Use the following procedures to complete this process:
 
Verify connectivity and basic DNS functionality.
 
Verify registration of the CNAME resource record in DNS.
 
Verify and enable secure dynamic updates.
 
Before you begin these procedures, gather the following information, which is contained in the event ID 2087 message text:
 
The FQDN of the source domain controller and destination domain controller
 
The IP address of the source domain controller
 
The updated version of Dcdiag that is included in Windows Support Tools in Windows Server 2003 SP1 contains tests that provide consolidated and improved testing of basic and advanced DNS features. You can use this tool to diagnose basic DNS functionality and dynamic updates.
 

First, determine whether the source domain controller is functioning. If the source domain controller is not functioning, remove its remaining metadata from Active Directory.
 
If the source domain controller is functioning, continue with procedures to diagnose and solve the DNS problem, as needed:
 
Use Dcdiag to diagnose DNS problems.
 
Register DNS SRV resource records plus host records.
 
Synchronize replication between the source and destination domain controllers.
 
Verify consistency of the NTDS Settings GUID.
 
Determine Whether a Domain Controller Is Functioning
To determine whether the source domain controller is functioning, use the following test.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Domain Users group in the domain of the domain controller.
 
Tools: Net view
 
To determine whether a domain controller is functioning
To confirm that the domain controller is running Active Directory and is accessible on the network, at a command prompt type the following command, and then press ENTER:
 
 
where SourceDomainControllerName is the NetBIOS name of the domain controller.
 
This command displays the Netlogon and SYSVOL shares, indicating that the server is functioning as a domain controller. If this test shows that the domain controller is not functioning on the network, determine the nature of the disconnection and whether the domain controller can be recovered or whether its metadata must be removed from Active Directory manually. If the domain controller is not functioning and cannot be restored, use the procedure in the following section, "Clean Up Domain Controller Metadata," to delete the data from Active Directory that is associated with that server.
 
Clean Up Domain Controller Metadata
If tests show that the domain controller is no longer functioning but you still see objects representing the domain controller in Active Directory Sites and Services, replication will continue to be attempted, and you must remove these objects from Active Directory manually. You must use Ntdsutil to clean up (delete) the metadata for the defunct domain controller.
 
If the defunct domain controller is the last domain controller in the domain, you should also remove the metadata for the domain. Allow sufficient time for all global catalog servers in the forest to inbound-replicate the domain deletion before promoting a new domain with the same name.
 
The process for cleaning up metadata is improved in the version of Ntdsutil that is included with Windows Server 2003 SP1. Instructions for cleaning up metadata with the Windows Server 2003 version of Ntdsutil and the Windows Server 2003 SP1 version of Ntdsutil are provided in the following procedure.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Enterprise Admins group.
 
Tools: Ntdsutil (System32 command-line tool)
 
To clean up server metadata
Open a Command Prompt.
 
Type the following command, and then press ENTER:
 
ntdsutil
 
At the ntdsutil: command prompt, type the following command, and then press ENTER:
 
metadata cleanup
 
Perform metadata cleanup as follows:
 
If you are performing server metadata cleanup only and you are using the version of Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: command prompt, type the following, and then press ENTER:
remove selected server ServerName
Or
remove selected server ServerName1onServerName2
 
 
Value  Description 
ServerName, ServerName1
 The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain
 
ServerName2
 The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata
 
 
If you are performing metadata cleanup by using the version of Ntdsutil.exe that is included with Windows Server 2003 with no service pack, or if you are performing both domain metadata cleanup and server metadata cleanup, perform metadata cleanup as follows:
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
connection
 
At the server connections: command prompt, type the following command, and then press ENTER:
connect to server Server
 
At the connection: command prompt, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
select operation target
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list sites
 
A numbered list of sites appears. Type the following command, and then press ENTER:
select site SiteNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list domains in site
 
A numbered list of domains in the selected site appears. Type the following command, and then press ENTER:
select domain DomainNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list servers in site
 
A numbered list of servers in a domain and site is displayed. Type the following command, and then press ENTER:
select server ServerNumber
 
At the select operation target: command, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command, type the following command, and then press ENTER:
remove selected server
 
If the server whose metadata you have removed is the last domain controller in the domain and you want to remove the domain metadata, at the metadata cleanup: command prompt, type the following command, and then press ENTER:
remove selected domain
Metadata for the domain that you selected in step h is removed.
 
At the metadata cleanup: and ntdsutil: command prompts, type quit, and then press ENTER.
 

 

Event ID 2087 NTDS Replication : DNS lookup failure caused replication to fail

Event ID 2087: DNS lookup failure caused replication to fail
 
Event Type:Error
Event Source:NTDS Replication
Event Category:DS RPC Client
Event ID:2087
Date:3/9/2005
Time:11:00:21 AM
User:NT AUTHORITY\ANONYMOUS LOGON
Computer:DC3
Description:
Active Directory could not resolve the following DNS host name of
the source domain controller to an IP address. This error prevents
additions, deletions and changes in Active Directory from replicating
between one or more domain controllers in the forest. Security
groups, group policy, users and computers and their passwords will
be inconsistent between domain controllers until this error is
resolved, potentially affecting logon authentication and access
to network resources.
 
Source domain controller:
dc2
Failing DNS host name:
b0069e56-b19c-438a-8a1f-64866374dd6e._msdcs.contoso.com
 
NOTE: By default, only up to 10 DNS failures are shown for any
given 12 hour period, even if more than 10 failures occur.  To
log all individual failure events, set the following diagnostics
registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
1) If the source domain controller is no longer functioning or
its operating system has been reinstalled with a different
computer name or NTDSDSA object GUID, remove the source domain
controller's metadata with ntdsutil.exe, using the steps outlined
in MSKB article 216498.
 
2) Confirm that the source domain controller is running Active
Directory and is accessible on the network by typing
"net view
\\<source DC name>" or "ping <source DC name>".
 
3) Verify that the source domain controller is using a valid
DNS server for DNS services, and that the source domain
controller's host record and CNAME record are correctly
registered, using the DNS Enhanced version of DCDIAG.EXE
available on
http://www.microsoft.com/dns
 
dcdiag /test:dns
 
4) Verify that that this destination domain controller is using
a valid DNS server for DNS services, by running the DNS Enhanced
version of DCDIAG.EXE command on the console of the destination
domain controller, as follows:
 
dcdiag /test:dns
 
5) For further analysis of DNS error failures.
 
824449
 
Cause:

Failure to resolve the current CNAME resource record of the source domain controller to an IP address can have the following causes:
 
The source domain controller is powered off, is offline, or resides on an isolated network, and Active Directory and Domain Name System (DNS) data for the offline domain controller has not been deleted to indicate that the domain controller is inaccessible.
 
One of the following conditions exists:
 
The source domain controller has not registered its resource records in DNS.
 
The destination domain controller is configured to use an invalid DNS server.
 
The source domain controller is configured to use an invalid DNS server.
 
The DNS server that is used by the source domain controller does not host the correct zones or the zones are not configured to accept dynamic updates.
 
The direct DNS servers that are queried by the destination domain controller cannot resolve the IP address of the source domain controller as a result of nonexistent or invalid forwarders or delegations.
 
Active Directory has been removed on the source domain controller and then reinstalled with the same IP address, but knowledge of the new NTDS Settings GUID has not reached the destination domain controller.
 
Active Directory has been removed on the source domain controller and then reinstalled with a different IP address, but the current host address (A) resource record for the IP address of the source domain controller is either not registered or does not exist on the DNS servers that are queried by the destination domain controller as a result of replication latency or replication error.
 
The operating system of the source domain controller has been reinstalled with a different computer name, but its metadata either has not been removed or has been removed and not yet inbound-replicated by the destination domain controller.
 
Resolution:

First, determine whether the source domain controller is functioning. If the source domain controller is not functioning, remove its remaining metadata from Active Directory.
 
If the source domain controller is functioning, continue with procedures to diagnose and solve the DNS problem, as needed:
 
Use Dcdiag to diagnose DNS problems.
 
Register DNS SRV resource records plus host records.
 
Synchronize replication between the source and destination domain controllers.
 
Verify consistency of the NTDS Settings GUID.
 
Determine Whether a Domain Controller Is Functioning
To determine whether the source domain controller is functioning, use the following test.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Domain Users group in the domain of the domain controller.
 
Tools: Net view
 
To determine whether a domain controller is functioning
To confirm that the domain controller is running Active Directory and is accessible on the network, at a command prompt type the following command, and then press ENTER:
 
 
where SourceDomainControllerName is the NetBIOS name of the domain controller.
 
This command displays the Netlogon and SYSVOL shares, indicating that the server is functioning as a domain controller. If this test shows that the domain controller is not functioning on the network, determine the nature of the disconnection and whether the domain controller can be recovered or whether its metadata must be removed from Active Directory manually. If the domain controller is not functioning and cannot be restored, use the procedure in the following section, "Clean Up Domain Controller Metadata," to delete the data from Active Directory that is associated with that server.
 
Clean Up Domain Controller Metadata
If tests show that the domain controller is no longer functioning but you still see objects representing the domain controller in Active Directory Sites and Services, replication will continue to be attempted, and you must remove these objects from Active Directory manually. You must use Ntdsutil to clean up (delete) the metadata for the defunct domain controller.
 
If the defunct domain controller is the last domain controller in the domain, you should also remove the metadata for the domain. Allow sufficient time for all global catalog servers in the forest to inbound-replicate the domain deletion before promoting a new domain with the same name.
 
The process for cleaning up metadata is improved in the version of Ntdsutil that is included with Windows Server 2003 SP1. Instructions for cleaning up metadata with the Windows Server 2003 version of Ntdsutil and the Windows Server 2003 SP1 version of Ntdsutil are provided in the following procedure.
 
Requirements
 
Administrative credentials: To complete this procedure, you must be a member of the Enterprise Admins group.
 
Tools: Ntdsutil (System32 command-line tool)
 
To clean up server metadata
Open a Command Prompt.
 
Type the following command, and then press ENTER:
 
ntdsutil
 
At the ntdsutil: command prompt, type the following command, and then press ENTER:
 
metadata cleanup
 
Perform metadata cleanup as follows:
 
If you are performing server metadata cleanup only and you are using the version of Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: command prompt, type the following, and then press ENTER:
remove selected server ServerName
Or
remove selected server ServerName1onServerName2
 
 
Value  Description 
ServerName, ServerName1
 The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain
 
ServerName2
 The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata
 
 
If you are performing metadata cleanup by using the version of Ntdsutil.exe that is included with Windows Server 2003 with no service pack, or if you are performing both domain metadata cleanup and server metadata cleanup, perform metadata cleanup as follows:
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
connection
 
At the server connections: command prompt, type the following command, and then press ENTER:
connect to server Server
 
At the connection: command prompt, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command prompt, type the following command, and then press ENTER:
select operation target
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list sites
 
A numbered list of sites appears. Type the following command, and then press ENTER:
select site SiteNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list domains in site
 
A numbered list of domains in the selected site appears. Type the following command, and then press ENTER:
select domain DomainNumber
 
At the select operation target: command prompt, type the following command, and then press ENTER:
list servers in site
 
A numbered list of servers in a domain and site is displayed. Type the following command, and then press ENTER:
select server ServerNumber
 
At the select operation target: command, type the following command, and then press ENTER:
quit
 
At the metadata cleanup: command, type the following command, and then press ENTER:
remove selected server
 
If the server whose metadata you have removed is the last domain controller in the domain and you want to remove the domain metadata, at the metadata cleanup: command prompt, type the following command, and then press ENTER:
remove selected domain
Metadata for the domain that you selected in step h is removed.
 
At the metadata cleanup: and ntdsutil: command prompts, type quit, and then press ENTER.
 

 

Popular Posts