Userevnv errors 1065 and 1030 in the application log

Our server is still locking up

We get pairs of

userenv 1065
Can not perfom filter check for group policy object
CN=[CEFAF8E2-1122-4F33-8E7D-8OD5422BCC03] CN=Policies CN=System DC=Gabites
DC=Local

and

userenv 1030
Can not query for the list of Group policy objects

in the application log

followed by a string of DCom 10010, DfsSvc 14526 & 14529 and Application
Popup 333 errors in the system log

By which stage it is all over

Any suggestions to what might cause this?

Or how to debug further?

adfvTHANKXance

Jim

 

Hello jim.cox,

Please run support tools dcdiag /v, netdiag /v to check for errors and post
the output here.


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Our server is still locking up
>
> We get pairs of
>
> userenv 1065 Can not perfom filter check for group policy object
> CN=[CEFAF8E2-1122-4F33-8E7D-8OD5422BCC03] CN=Policies CN=System
> DC=Gabites DC=Local
>
> and
>
> userenv 1030 Can not query for the list of Group policy objects
>
> in the application log
>
> followed by a string of DCom 10010, DfsSvc 14526 & 14529 and
> Application Popup 333 errors in the system log
>
> By which stage it is all over
>
> Any suggestions to what might cause this?
>
> Or how to debug further?
>
> adfvTHANKXance
>
> Jim
>

 

"jim.cox" <jimcox@discussions.microsoft.com> wrote in message news:3714A635-A1F1-4420-BCB6-B6E948204A5C@microsoft.com...
> Our server is still locking up
>
> We get pairs of
>
> userenv 1065
> Can not perfom filter check for group policy object
> CN=[CEFAF8E2-1122-4F33-8E7D-8OD5422BCC03] CN=Policies CN=System DC=Gabites
> DC=Local
>
> and
>
> userenv 1030
> Can not query for the list of Group policy objects
>
> in the application log
>
> followed by a string of DCom 10010, DfsSvc 14526 & 14529 and Application
> Popup 333 errors in the system log
>
> By which stage it is all over
>
> Any suggestions to what might cause this?
>
> Or how to debug further?
>
> adfvTHANKXance
>
> Jim


When you run a gpresult, do you get any references to a framedyn.dll error?
Are you only using the internal DNS in your ipconfig?
Is the server multihomed?
Can you post an unedited ipconfig /all please?

In addition to Meinolf's request, please see if the following help:
http://www.eventid.net/display.asp?eventid=1065&eventno=5861&source=Userenv&phase=1
http://www.eventid.net/display.asp?eventid=1030&eventno=9033&source=GroupPolicy&phase=1

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay

 

"Meinolf Weber [MVP-DS]" wrote:

> Hello jim.cox,
>
> Please run support tools dcdiag /v, netdiag /v to check for errors and post
> the output here.


Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine sol, is a DC.
* Connecting to directory service on server sol.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SOL
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SOL passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SOL
Starting test: Replications
* Replications Check
* Replication Latency Check
* Replication Site Latency Check
......................... SOL passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SOL.
* Security Permissions Check for
DC=ForestDnsZones,DC=gabites,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=gabites,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=gabites,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=gabites,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=gabites,DC=local
(Domain,Version 2)
......................... SOL passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SOL\netlogon
Verified share \\SOL\sysvol
......................... SOL passed test NetLogons
Starting test: Advertising
The DC SOL is advertising itself as a DC and having a DS.
The DC SOL is advertising as an LDAP server
The DC SOL is advertising as having a writeable directory
The DC SOL is advertising as a Key Distribution Center
The DC SOL is advertising as a time server
The DS SOL is advertising as a GC.
......................... SOL passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local
......................... SOL passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2109 to 1073741823
* sol.gabites.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1609 to 2108
* rIDPreviousAllocationPool is 1109 to 1608
* rIDNextRID: 1534
* Warning :There is less than 15% available RIDs in the current pool
......................... SOL passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SOL on DC SOL.
* SPN found :LDAP/sol.gabites.local/gabites.local
* SPN found :LDAP/sol.gabites.local
* SPN found :LDAP/SOL
* SPN found :LDAP/sol.gabites.local/GABITES
* SPN found
:LDAP/f01b6577-a4a2-4508-a73b-a77cb4b633f9._msdcs.gabites.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/f01b6577-a4a2-4508-a73b-a77cb4b633f9/gabites.local
* SPN found :HOST/sol.gabites.local/gabites.local
* SPN found :HOST/sol.gabites.local
* SPN found :HOST/SOL
* SPN found :HOST/sol.gabites.local/GABITES
* SPN found :GC/sol.gabites.local/gabites.local
......................... SOL passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [SOL]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SOL failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
SOL is in domain DC=gabites,DC=local
Checking for CN=SOL,OU=Domain Controllers,DC=gabites,DC=local in
domain DC=gabites,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local
in domain CN=Configuration,DC=gabites,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SOL passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SOL passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Error Event occured. EventID: 0xC0003500
Time Generated: 05/22/2009 08:31:27
(Event String could not be retrieved)
......................... SOL failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... SOL passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SOL passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=SOL,OU=Domain Controllers,DC=gabites,DC=local and backlink on


CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=SOL,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=gabites,DC=local

and backlink on CN=SOL,OU=Domain Controllers,DC=gabites,DC=local are

correct.
The system object reference (serverReferenceBL)

CN=SOL,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=gabites,DC=local

and backlink on

CN=NTDS
Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gabites,DC=local

are correct.
......................... SOL passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : gabites
Starting test: CrossRefValidation
......................... gabites passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gabites passed test CheckSDRefDom

Running enterprise tests on : gabites.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... gabites.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\sol.gabites.local
Locator Flags: 0xe00001fd
PDC Name: \\sol.gabites.local
Locator Flags: 0xe00001fd
Time Server Name: \\sol.gabites.local
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\sol.gabites.local
Locator Flags: 0xe00001fd
KDC Name: \\sol.gabites.local
Locator Flags: 0xe00001fd
......................... gabites.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS

 

"Meinolf Weber [MVP-DS]" wrote:

> Hello jim.cox,
>
> Please run support tools dcdiag /v, netdiag /v to check for errors and post
> the output here.

Netdiag is way to big to post here - any suggestions?

 

> When you run a gpresult, do you get any references to a framedyn.dll error?

Soory, do not understand what is gpresult?

> Are you only using the internal DNS in your ipconfig?

I Believe so

> Is the server multihomed?

No,

> Can you post an unedited ipconfig /all please?

as below


Windows IP Configuration



Host Name . . . . . . . . . . . . : sol

Primary Dns Suffix . . . . . . . : gabites.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : gabites.local



PPP adapter RAS Server (Dial In) Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.2.141

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Ethernet adapter Server Local Area Connection:



Connection-specific DNS Suffix . : gabites.local

Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0C-F1-C9-FF-89

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.2.8

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.2.8

Primary WINS Server . . . . . . . : 192.168.2.8



Ethernet adapter Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter

Physical Address. . . . . . . . . : 00-02-B3-EC-C9-89

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.8

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.2.8

Primary WINS Server . . . . . . . : 192.168.2.8

NetBIOS over Tcpip. . . . . . . . : Disabled

 

"jim.cox" <jimcox@discussions.microsoft.com> wrote in message news:6D08C410-70A3-4E88-A747-860AFF046528@microsoft.com...
>
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello jim.cox,
>>
>> Please run support tools dcdiag /v, netdiag /v to check for errors and post
>> the output here.
>
> Netdiag is way to big to post here - any suggestions?
>
>


Post any errors or failures you may see.

Ace

 

"jim.cox" <jimcox@discussions.microsoft.com> wrote in message news:CAC80A08-BF63-46CC-8485-20A3F7568F62@microsoft.com...
>
>> When you run a gpresult, do you get any references to a framedyn.dll error?
>
> Soory, do not understand what is gpresult?
>
>> Are you only using the internal DNS in your ipconfig?
>
> I Believe so
>
>> Is the server multihomed?
>
> No,
>
>> Can you post an unedited ipconfig /all please?
>
> as below
>
>
> Windows IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : sol
>
> Primary Dns Suffix . . . . . . . : gabites.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : Yes
>
> WINS Proxy Enabled. . . . . . . . : Yes
>
> DNS Suffix Search List. . . . . . : gabites.local
>
>
>
> PPP adapter RAS Server (Dial In) Interface:
>
>
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.2.141
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>
> Default Gateway . . . . . . . . . :
>
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
>
>
> Ethernet adapter Server Local Area Connection:
>
>
>
> Connection-specific DNS Suffix . : gabites.local
>
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
>
> Physical Address. . . . . . . . . : 00-0C-F1-C9-FF-89
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.2.8
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . :
>
> DNS Servers . . . . . . . . . . . : 192.168.2.8
>
> Primary WINS Server . . . . . . . : 192.168.2.8
>
>
>
> Ethernet adapter Network Connection:
>
>
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
>
> Physical Address. . . . . . . . . : 00-02-B3-EC-C9-89
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.1.8
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.1.254
>
> DNS Servers . . . . . . . . . . . : 192.168.2.8
>
> Primary WINS Server . . . . . . . : 192.168.2.8
>
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
>


Jim,

Thanks for posting the info.

It appears the DC is multihomed. That means it has more than one interface.

Can you describe the role of this DC and it having multiple interfaces?

It appears to have RRAS installed as well as IP Routing is enabled. So I am assuming it is offering internet connectivity to your office as well as being a VPN server. Can you elaborate further?

Is it SBS?

This DC actually has three (3) IPs. This can cause numerous issues with AD/DC operations. This is more than likely the cause of the whole issue because of the additional records being registered into DNS. A DC has problems when it has more than one record associated with it. There are ways to straighten out a multihomed machine with regarding the DNS records produced by the additional NICs/interfaces, including the ones that RRAS is creating, but it involves registry alterations. I can post the instructions, and keep in mind they are elaborate. However, I don't usually recommend making the changes because it is altering default DC functionality. I normally suggest to get an inexpensive Cable/DSL router that also supports VPN functions, to perform the NAT functions and VPN features that your DC is doing so as to relieve the DC of this type of functionality and let the DC be a DC. But I can post them for you if this is not an option. You have to be careful making all the changes.

GPRESULT is a utility to find out if and which GPOs are being applied. Since the EventIDs that are manifesting themselves are related to GPOs, one of the tools we use is to determine if the GPOs are being applied, and which ones, and if there are any errors as they are being applied. You can run it in a CMD prompt. Run it for us, and post the result, please.

Ace

 

Hello jim.cox,

Dcdiag states about FRS errors, check that File replication service is running
and set to automatic.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello jim.cox,
>>
>> Please run support tools dcdiag /v, netdiag /v to check for errors
>> and post the output here.
>>
> Domain Controller Diagnosis
>
> Performing initial setup:
> * Verifying that the local machine sol, is a DC.
> * Connecting to directory service on server sol.
> * Collecting site info.
> * Identifying all servers.
> * Identifying all NC cross-refs.
> * Found 1 DC(s). Testing 1 of them.
> Done gathering initial info.
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\SOL
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
> ......................... SOL passed test Connectivity
> Doing primary tests
>
> Testing server: Default-First-Site-Name\SOL
> Starting test: Replications
> * Replications Check
> * Replication Latency Check
> * Replication Site Latency Check
> ......................... SOL passed test Replications
> Test omitted by user request: Topology
> Test omitted by user request: CutoffServers
> Starting test: NCSecDesc
> * Security Permissions check for all NC's on DC SOL.
> * Security Permissions Check for
> DC=ForestDnsZones,DC=gabites,DC=local
> (NDNC,Version 2)
> * Security Permissions Check for
> DC=DomainDnsZones,DC=gabites,DC=local
> (NDNC,Version 2)
> * Security Permissions Check for
> CN=Schema,CN=Configuration,DC=gabites,DC=local
> (Schema,Version 2)
> * Security Permissions Check for
> CN=Configuration,DC=gabites,DC=local
> (Configuration,Version 2)
> * Security Permissions Check for
> DC=gabites,DC=local
> (Domain,Version 2)
> ......................... SOL passed test NCSecDesc
> Starting test: NetLogons
> * Network Logons Privileges Check
> Verified share \\SOL\netlogon
> Verified share \\SOL\sysvol
> ......................... SOL passed test NetLogons
> Starting test: Advertising
> The DC SOL is advertising itself as a DC and having a DS.
> The DC SOL is advertising as an LDAP server
> The DC SOL is advertising as having a writeable directory
> The DC SOL is advertising as a Key Distribution Center
> The DC SOL is advertising as a time server
> The DS SOL is advertising as a GC.
> ......................... SOL passed test Advertising
> Starting test: KnowsOfRoleHolders
> Role Schema Owner = CN=NTDS
> Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=gabites,DC=local
> Role Domain Owner = CN=NTDS
> Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=gabites,DC=local
> Role PDC Owner = CN=NTDS
> Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=gabites,DC=local
> Role Rid Owner = CN=NTDS
> Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=gabites,DC=local
> Role Infrastructure Update Owner = CN=NTDS
> Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=gabites,DC=local
> ......................... SOL passed test KnowsOfRoleHolders
> Starting test: RidManager
> * Available RID Pool for the Domain is 2109 to 1073741823
> * sol.gabites.local is the RID Master
> * DsBind with RID Master was successful
> * rIDAllocationPool is 1609 to 2108
> * rIDPreviousAllocationPool is 1109 to 1608
> * rIDNextRID: 1534
> * Warning :There is less than 15% available RIDs in the
> current pool
> ......................... SOL passed test RidManager
> Starting test: MachineAccount
> Checking machine account for DC SOL on DC SOL.
> * SPN found :LDAP/sol.gabites.local/gabites.local
> * SPN found :LDAP/sol.gabites.local
> * SPN found :LDAP/SOL
> * SPN found :LDAP/sol.gabites.local/GABITES
> * SPN found
> :LDAP/f01b6577-a4a2-4508-a73b-a77cb4b633f9._msdcs.gabites.local
> * SPN found
> :E3514235-4B06-11D1-AB04-00C04FC2DCD2/f01b6577-a4a2-4508-a73b-a77cb4b6
> 33f9/gabites.local
> * SPN found :HOST/sol.gabites.local/gabites.local
> * SPN found :HOST/sol.gabites.local
> * SPN found :HOST/SOL
> * SPN found :HOST/sol.gabites.local/GABITES
> * SPN found :GC/sol.gabites.local/gabites.local
> ......................... SOL passed test MachineAccount
> Starting test: Services
> * Checking Service: Dnscache
> * Checking Service: NtFrs
> * Checking Service: IsmServ
> IsmServ Service is stopped on [SOL]
> * Checking Service: kdc
> * Checking Service: SamSs
> * Checking Service: LanmanServer
> * Checking Service: LanmanWorkstation
> * Checking Service: RpcSs
> * Checking Service: w32time
> * Checking Service: NETLOGON
> ......................... SOL failed test Services
> Test omitted by user request: OutboundSecureChannels
> Starting test: ObjectsReplicated
> SOL is in domain DC=gabites,DC=local
> Checking for CN=SOL,OU=Domain Controllers,DC=gabites,DC=local
> in
> domain DC=gabites,DC=local on 1 servers
> Object is up-to-date on all servers.
> Checking for CN=NTDS
> Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=gabites,DC=local
> in domain CN=Configuration,DC=gabites,DC=local on 1 servers
> Object is up-to-date on all servers.
> ......................... SOL passed test ObjectsReplicated
> Starting test: frssysvol
> * The File Replication Service SYSVOL ready test
> File Replication Service's SYSVOL is ready
> ......................... SOL passed test frssysvol
> Starting test: frsevent
> * The File Replication Service Event log test
> There are warning or error events within the last 24 hours
> after the
> SYSVOL has been shared. Failing SYSVOL replication problems
> may cause
>
> Group Policy problems.
> An Error Event occured. EventID: 0xC0003500
> Time Generated: 05/22/2009 08:31:27
> (Event String could not be retrieved)
> ......................... SOL failed test frsevent
> Starting test: kccevent
> * The KCC Event log test
> Found no KCC errors in Directory Service Event log in the
> last 15
> minutes.
> ......................... SOL passed test kccevent
> Starting test: systemlog
> * The System Event log test
> Found no errors in System Event log in the last 60 minutes.
> ......................... SOL passed test systemlog
> Test omitted by user request: VerifyReplicas
> Starting test: VerifyReferences
> The system object reference (serverReference)
> CN=SOL,OU=Domain Controllers,DC=gabites,DC=local and backlink
> on
>
> CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration
> ,DC=gabites,DC=local
>
> are correct.
> The system object reference (frsComputerReferenceBL)
> CN=SOL,CN=Domain System Volume (SYSVOL share),CN=File
> Replication Service,CN=System,DC=gabites,DC=local
>
> and backlink on CN=SOL,OU=Domain
> Controllers,DC=gabites,DC=local are
>
> correct.
> The system object reference (serverReferenceBL)
> CN=SOL,CN=Domain System Volume (SYSVOL share),CN=File
> Replication Service,CN=System,DC=gabites,DC=local
>
> and backlink on
>
> CN=NTDS
> Settings,CN=SOL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=gabites,DC=local
>
> are correct.
> ......................... SOL passed test VerifyReferences
> Test omitted by user request: VerifyEnterpriseReferences
> Test omitted by user request: CheckSecurityError
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test
> CheckSDRefDom
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test
> CheckSDRefDom
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test
> CheckSDRefDom
> Running partition tests on : gabites
> Starting test: CrossRefValidation
> ......................... gabites passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... gabites passed test CheckSDRefDom
> Running enterprise tests on : gabites.local
> Starting test: Intersite
> Skipping site Default-First-Site-Name, this site is outside
> the scope
> provided by the command line arguments provided.
> ......................... gabites.local passed test Intersite
> Starting test: FsmoCheck
> GC Name: \\sol.gabites.local
> Locator Flags: 0xe00001fd
> PDC Name: \\sol.gabites.local
> Locator Flags: 0xe00001fd
> Time Server Name: \\sol.gabites.local
> Locator Flags: 0xe00001fd
> Preferred Time Server Name: \\sol.gabites.local
> Locator Flags: 0xe00001fd
> KDC Name: \\sol.gabites.local
> Locator Flags: 0xe00001fd
> ......................... gabites.local passed test FsmoCheck
> Test omitted by user request: DNS
> Test omitted by user request: DNS

 

Hello jim.cox,

As Ace stated the DC is multihomed, 3 NIC's with different ip addresses,
please describe more detailed the needs for that and which OS version you
are using.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


>> When you run a gpresult, do you get any references to a framedyn.dll
>> error?
>>
> Soory, do not understand what is gpresult?
>
>> Are you only using the internal DNS in your ipconfig?
>>
> I Believe so
>
>> Is the server multihomed?
>>
> No,
>
>> Can you post an unedited ipconfig /all please?
>>
> as below
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : sol
>
> Primary Dns Suffix . . . . . . . : gabites.local
>
> Node Type . . . . . . . . . . . . : Unknown
>
> IP Routing Enabled. . . . . . . . : Yes
>
> WINS Proxy Enabled. . . . . . . . : Yes
>
> DNS Suffix Search List. . . . . . : gabites.local
>
> PPP adapter RAS Server (Dial In) Interface:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.2.141
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>
> Default Gateway . . . . . . . . . :
>
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . : gabites.local
>
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
>
> Physical Address. . . . . . . . . : 00-0C-F1-C9-FF-89
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.2.8
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . :
>
> DNS Servers . . . . . . . . . . . : 192.168.2.8
>
> Primary WINS Server . . . . . . . : 192.168.2.8
>
> Ethernet adapter Network Connection:
>
> Connection-specific DNS Suffix . :
>
> Description . . . . . . . . . . . : Intel(R) PRO/100 S Server
> Adapter
>
> Physical Address. . . . . . . . . : 00-02-B3-EC-C9-89
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 192.168.1.8
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.1.254
>
> DNS Servers . . . . . . . . . . . : 192.168.2.8
>
> Primary WINS Server . . . . . . . : 192.168.2.8
>
> NetBIOS over Tcpip. . . . . . . . : Disabled
>

 

"Meinolf Weber [MVP-DS]" wrote:

> Hello jim.cox,
>
> As Ace stated the DC is multihomed, 3 NIC's with different ip addresses,
> please describe more detailed the needs for that and which OS version you
> are using.
>
> Best regards
>
> Meinolf Weber

One server box (server 2003 sp2 with exchange (does that mean SBS?)

Two physical network cards, one talks to internet (.1.8) , the other to the
internal network (.2.8)

Plus we have VPN connectivity in - so presume this is where the third
ipconfig entry comes from.

This box is the server and communications gateway for all our office (about
15 seats). It handles all mail and internet traffic as well as providing
shared filespace

Does this make sense?

=mjc=

 

Hello jim.cox,

Maybe, SBS is Small Business server, a special server edition which includes
also Exchange. You can see the installed version if you choose the Windows
button to open the start menu. Or open "My Computer" properties.

Multihoming a DC and using for RRAS is not the best solution, but if your
version is SBS you should better use the SBS newsgroup, too many things are
different on it.

microsoft.public.windows.server.sbs

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello jim.cox,
>>
>> As Ace stated the DC is multihomed, 3 NIC's with different ip
>> addresses, please describe more detailed the needs for that and which
>> OS version you are using.
>>
>> Best regards
>>
>> Meinolf Weber
>>
> One server box (server 2003 sp2 with exchange (does that mean SBS?)
>
> Two physical network cards, one talks to internet (.1.8) , the other
> to the internal network (.2.8)
>
> Plus we have VPN connectivity in - so presume this is where the third
> ipconfig entry comes from.
>
> This box is the server and communications gateway for all our office
> (about 15 seats). It handles all mail and internet traffic as well as
> providing shared filespace
>
> Does this make sense?
>
> =mjc=
>

 

"jim.cox" <jimcox@discussions.microsoft.com> wrote in message news:455A0A07-DB4A-4D53-B77F-06314F2E37A3@microsoft.com...
>
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello jim.cox,
>>
>> As Ace stated the DC is multihomed, 3 NIC's with different ip addresses,
>> please describe more detailed the needs for that and which OS version you
>> are using.
>>
>> Best regards
>>
>> Meinolf Weber
>
> One server box (server 2003 sp2 with exchange (does that mean SBS?)
>
> Two physical network cards, one talks to internet (.1.8) , the other to the
> internal network (.2.8)
>
> Plus we have VPN connectivity in - so presume this is where the third
> ipconfig entry comes from.
>
> This box is the server and communications gateway for all our office (about
> 15 seats). It handles all mail and internet traffic as well as providing
> shared filespace
>
> Does this make sense?
>
> =mjc=
>
>
>
>
>


It does make sense. However, as Meinolf mentioned, this type of configuration for a domain controller having multiple NICs and/or IP addresses as well as RRAS on a domain controller, is not recommended and most engineers avoid this type of configuration due to issues it presents, such as exacty what you are currently experiencing. As I mentioned, I can post a series of steps to alter the DC to work under your desired configuration, but is tedious to follow including registry and other changes to the domain controller to force it to work properly.

Now as for if this machine is an SBS server, I have no idea. You would know that. You can check your installation by right-clicking on My Computer, then choose properties. In the resulting window, if it says Small Business Server, then it is an SBS server. If it is, multihoming (more than one NIC and/or IP) works a little differently than a regular, non-SBS Windows version. The best bet, as Meinolf suggested, is to post this to the SBS newsgroup.

Ace

 

"Ace Fekay [Microsoft Certified Trainer]" wrote:


> Now as for if this machine is an SBS server, I have no idea. You would know that. You can check your installation by right-clicking on My Computer, then choose properties. In the resulting window, if it says Small Business Server, then it is an SBS server. If it is, multihoming (more than one NIC and/or IP) works a little differently than a regular, non-SBS Windows version. The best bet, as Meinolf suggested, is to post this to the SBS newsgroup.

Thankx Gents,

It says "Microsoft Windows Server 2003 for Small Business Server"

So I'll direct my questions elsewhere.

Thankx again for your help

Jim

=mjc=
..

 

"jim.cox" <jimcox@discussions.microsoft.com> wrote in message news:6BB30C2E-BB44-4E4E-9443-587001C90167@microsoft.com...
>> Now as for if this machine is an SBS server, I have no idea. You would know that. You can check your installation by right-clicking on My Computer, then choose properties. In the resulting window, if it says Small Business Server, then it is an SBS server. If it is, multihoming (more than one NIC and/or IP) works a little differently than a regular, non-SBS Windows version. The best bet, as Meinolf suggested, is to post this to the SBS newsgroup.
>
> Thankx Gents,
>
> It says "Microsoft Windows Server 2003 for Small Business Server"
>
> So I'll direct my questions elsewhere.
>
> Thankx again for your help
>
> Jim
>
> =mjc=
> .
>


You are welcome, and good luck!!

Ace