DC error?
in [Windows Servers]
|
Prev: Looking for info/recommendations on server file undelete software
Next: Windows 2008 domain admin has no rights
From: Miha on 4 Feb 2010 12:23 Hi We're dealing with the folloving event on some of the domain servers (Win2003/2008) Windows cannot determine the user or computer name. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted. We have 3 Win2003 DC's, one of them has been disconected from LAN for 4 days, now it's back on. Since then tihs error apperas. Can anyone please help or instruct me what to do? No changes have been made to all of the DC. Do I need to re-sinchronize all DC or sometnig like that? Regards, Miha
From: Ace Fekay [MVP-DS, MCT] on 4 Feb 2010 14:40 "Miha" <miha(a)positiva.si> wrote in message news:O%23i746bpKHA.3948(a)TK2MSFTNGP06.phx.gbl... > Hi > > We're dealing with the folloving event on some of the domain servers > (Win2003/2008) > > Windows cannot determine the user or computer name. (The system detected a > possible attempt to compromise security. Please ensure that you can > contact the server that authenticated you. ). Group Policy processing > aborted. > > > > We have 3 Win2003 DC's, one of them has been disconected from LAN for 4 > days, now it's back on. Since then tihs error apperas. Can anyone please > help or instruct me what to do? No changes have been made to all of the > DC. Do I need to re-sinchronize all DC or sometnig like that? > > Regards, > > Miha > > Hello Miha, To better assist, we will need additional info. Please post an ipconfig /all from each DC. This will allow use to evaluate any basic configuration issues. Also post any EventID# errors you see in the event logs of any of the DCs or other machines you are seeing errors regarding what you posted, or any other AD communication errors. Thank you, -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
From: Paul Bergson [MVP-DS] on 5 Feb 2010 08:43
Run diagnostics against your Active Directory domain. If you don't have the support tools installed, install them from your server install disk. d:\support\tools\setup.exe Run dcdiag, netdiag and repadmin in verbose mode. -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log -> netdiag.exe /v > c:\netdiag.log (On each dc) -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt -> ntfrsutl ds your_dc_name > c:\sysvol.log -> dnslint /ad /s "ip address of your dc" **Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's in the forest. If you have significant numbers of DC's this test could generate significant detail and take a long time. You also want to take into account slow links to dc's will also add to the testing time. If you download a gui script I wrote it should be simple to set and run (DCDiag and NetDiag). It also has the option to run individual tests without having to learn all the switch options. The details will be output in notepad text files that pop up automagically. The script is located on my website at http://www.pbbergs.com/windows/downloads.htm Just select both dcdiag and netdiag make sure verbose is set. (Leave the default settings for dcdiag as set when selected) When complete search for fail, error and warning messages. Description and download for dnslint http://support.microsoft.com/kb/321045 -- Paul Bergson MVP - Directory Services MCTS, MCT, MCSE, MCSA, Security+, BS CSci 2008, 2003, 2000 (Early Achiever), NT4 Microsoft's Thrive IT Pro of the Month - June 2009 http://www.pbbergs.com Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "Miha" <miha(a)positiva.si> wrote in message news:O%23i746bpKHA.3948(a)TK2MSFTNGP06.phx.gbl... > Hi > > We're dealing with the folloving event on some of the domain servers > (Win2003/2008) > > Windows cannot determine the user or computer name. (The system detected a > possible attempt to compromise security. Please ensure that you can > contact the server that authenticated you. ). Group Policy processing > aborted. > > > > We have 3 Win2003 DC's, one of them has been disconected from LAN for 4 > days, now it's back on. Since then tihs error apperas. Can anyone please > help or instruct me what to do? No changes have been made to all of the > DC. Do I need to re-sinchronize all DC or sometnig like that? > > Regards, > > Miha > > |