I am getting the following eventlog system error reappearing around every 5
hours on my first DC on my child domain.

ERROR event ID 3224
"Changing machine account password for account ELLJHB$ failed with the
following error:
There are currently no logon servers available to service the logon request. "


My ad Domain layout is ellieshq.local
                                  elljhb.ellieshq.local

I am not getting this error on any of my other dc's I have 4 ; 2 Root
Forrest DC's and 2 Child Root DC's.

Now microsoft has got a hotfix out that supposedly resolves this issue.

http://support.microsoft.com/kb/941761/en-us

However I do not want to apply it as I cannot understand why this error is
only occuring on my one dc.

I have run replmon as well as repadmin I do not see any obvious errors. And
the fact that the error I think relates to my domain's netbios name ELLJHB$
makes me apprehensive.I do not like installing hotfixes and in this case to
keep all my servers to the same level I would have to patch all 4.

My repadmin options were :
repadmin.exe /showrepl jhbdc1 /verbose /all /intersite > c:\repl.txt

Replication seems to be working so why would a password not be replicating
to this DC.

Any comments or suggestions  welcomed.

Show quote Hide quote Just to make sure, I assume the Source name in the event is Netlogon, and not System.

Also, just to clear it up, you stated that your AD parent and child domains are:
Is the server name in question with the error, "ELLJHB?"

Anytime I see an error regarding "There are currently no logon servers available to service the logon request," in most cases is due to a DNS misconfigurations, regarding which DNS servers the DCs are using, or how the parent-child relationship has been configured, whether a parent-child delegation, or the whole infrastructure is using a common resolving infrastructure with the zone's scope set to Forest level replication. Forest/Domain functional levels can play a part in this as well, because I haven't seen this error in a number of years. It was usually an NT4 based error where the BDCs could not find the PDC to send password changes. However in your error, the ELLJHB$ indicates the DC's machine password, so it is a bit confusing, including whether the domain name and server name are the same or not, which I could not ascertain based on your post.

If you can elaborate on how DNS is setup, functional levels, provide unedited ipconfig /all's (you can modify your domain name for public posting), that would be helpful in diagnosing this.

I do not know if the zones are set to forrest level replication but ad does
replicate between parent and master dc's.

MY forrest and domain function levels are all still on windows 2000 level as
I had to have a trust between 2 NT 4 domains and my ad domains. I hope to
raise domain function level soon to 2003 integrated as well as the forrest
function level.

As stated above the domain name and the server names are not the same.So i
would expect the DC's machine name to be JHBDC1$ not ELLJHB$.

Is there a e-mail address I can respond to for either of you gentelman??

ACE or MEINHOFF?

IPCONFIG FOR SERVER WITH ISSUE (JHBDC1)




Windows IP Configuration



   Host Name . . . . . . . . . . . . : JHBDC1

   Primary Dns Suffix  . . . . . . . : ELLJHB.ELLIESHQ.LOCAL

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : ELLJHB.ELLIESHQ.LOCAL

                                       ELLIESHQ.LOCAL



Ethernet adapter Local Area Connection:



   Connection-specific DNS Suffix  . : ELLJHB.ELLIESHQ.LOCAL

   Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection

   Physical Address. . . . . . . . . : 00-15-17-1D-3D-66

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 10.0.0.32

   Subnet Mask . . . . . . . . . . . : 255.255.252.0

   Default Gateway . . . . . . . . . : 10.0.0.3

   DNS Servers . . . . . . . . . . . : 10.0.0.32

                                       10.0.0.30

                                       10.0.0.33

   Primary WINS Server . . . . . . . : 10.0.0.32

   Secondary WINS Server . . . . . . : 10.0.0.33



IPCONFIG FOR SERVER WITHOUT ERROR (JHBDC2)



Windows IP Configuration



   Host Name . . . . . . . . . . . . : JHBDC2

   Primary Dns Suffix  . . . . . . . : ELLJHB.ELLIESHQ.LOCAL

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : ELLJHB.ELLIESHQ.LOCAL

                                       ELLIESHQ.LOCAL



Ethernet adapter Local Area Connection:



   Connection-specific DNS Suffix  . : ELLJHB.ELLIESHQ.LOCAL

   Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection

   Physical Address. . . . . . . . . : 00-15-17-1D-41-32

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 10.0.0.33

   Subnet Mask . . . . . . . . . . . : 255.255.252.0

   Default Gateway . . . . . . . . . : 10.0.0.3

   DNS Servers . . . . . . . . . . . : 10.0.0.32

                                       10.0.0.30

                                       10.0.0.31

                                       10.0.0.33

   Primary WINS Server . . . . . . . : 10.0.0.32

   Secondary WINS Server . . . . . . : 10.0.0.33


THE NETDIAG IS VERY BIG is ther a specific part I cann provide??

Hello Ricus,

Please post an unedited ipconfig /all from the problem server and the functioning
one. Also run support tools dcdiag /v, netdiag /v and post the output here.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Show quoteHide quote

Ace you will see my dc's are called JHBDC1,JHBDC2,HQDC1,HQDC2 none are called
ELLJHB this is my domain name. And yes the source name is netlogon.

Below is the netdiag for the server I am getting this error  on

JHBDC1

________
NETDIAG
======

    Querying status of the Netcard drivers... Passed
    Testing IpConfig - pinging the Primary WINS server... Passed
    Testing IpConfig - pinging the Secondary WINS server... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing for autoconfiguration... Passed
    Testing IP loopback ping... Passed
    Testing default gateways... Passed
    Enumerating local and remote NetBT name cache... Passed
    Testing the WINS server
        Local Area Connection
            Sending name query to primary WINS server 10.0.0.32 - Passed
            Sending name query to secondary WINS server 10.0.0.33 - Passed
    Gathering Winsock information.
    Testing DNS
    PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.32' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.30' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.33' and other DCs also have some of the names registered.
    Testing redirector and browser... Passed
    Testing DC discovery.
        Looking for a DC
        Looking for a PDC emulator
        Looking for an Active Directory DC
    Gathering the list of Domain Controllers for domain 'ELLJHB'
    Testing trust relationships... Skipped
    Testing Kerberos authentication... Passed
    Testing LDAP servers in Domain ELLJHB ...
    Gathering routing information
    Gathering network statistics information.
    Gathering configuration of bindings.
    Gathering RAS connection information
    Gathering Modem information
    Gathering IP Security information

    Tests complete.


    Computer Name: JHBDC1
    DNS Host Name: JHBDC1.ELLJHB.ELLIESHQ.LOCAL
    DNS Domain Name: ELLJHB.ELLIESHQ.LOCAL
    System info : Microsoft Windows Server 2003 R2 (Build 3790)
    Processor : EM64T Family 6 Model 15 Stepping 6, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB921503
           Yes          KB924667-v2
           Yes          KB925398_WMP64
           Yes          KB925902
           Yes          KB926028
           Yes          KB926122
           Yes          KB927891
           Yes          KB929123
           Yes          KB930178
           Yes          KB932168
           Yes          KB932596
           Yes          KB933360
           Yes          KB933729
           Yes          KB935839
           Yes          KB935840
           Yes          KB936021
           Yes          KB936357
           Yes          KB936782
           Yes          KB937143
           Yes          KB937143-IE7
           Yes          KB938127
           Yes          KB938127-IE7
           Yes          KB938464
           Yes          KB939653-IE7
           Yes          KB940122
           Yes          KB941202
           Yes          KB941568
           Yes          KB941569
           Yes          KB941644
           Yes          KB941672
           Yes          KB941693
           Yes          KB942615-IE7
           Yes          KB942763
           Yes          KB943055
           Yes          KB943460
           Yes          KB943484
           Yes          KB943485
           Yes          KB943729
           Yes          KB944653
           Yes          KB945553
           Yes          KB946026
           Yes          KB947864-IE7
           Yes          KB948496
           Yes          KB948590
           Yes          KB948745
           Yes          KB948881
           Yes          KB949014
           Yes          KB950759-IE7
           Yes          KB950760
           Yes          KB950762
           Yes          KB950974
           Yes          KB951066
           Yes          KB951072-v2
           Yes          KB951698
           Yes          KB951746
           Yes          KB951748
           Yes          KB952069
           Yes          KB952954
           Yes          KB954211
           Yes          KB954600
           Yes          KB955069
           Yes          KB955839
           Yes          KB956390-IE7
           Yes          KB956391
           Yes          KB956802
           Yes          KB956803
           Yes          KB956841
           Yes          KB957095
           Yes          KB957097
           Yes          KB958215-IE7
           Yes          KB958644
           Yes          KB958687
           Yes          KB958690
           Yes          KB960225
           Yes          KB960714-IE7
           Yes          KB960715
           Yes          KB961063
           Yes          KB961064
           Yes          KB961260-IE7
           Yes          KB967715
           Yes          Q147222


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:


---------------------------------------------------------------------------
    Description: Intel(R) PRO/1000 PM Network Connection
    Device: \DEVICE\{754A66DA-64C7-435A-8B95-90B7E3201602}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    2 days, 21:46:51
    Media Speed:                     1 Gbps

    Packets Sent:                    2341657
    Bytes Sent (Optional):           0

    Packets Received:                5475575
    Directed Pkts Recd (Optional):   2478448
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0


---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Local Area Connection
        Adapter ID . . . . . . . . : {754A66DA-64C7-435A-8B95-90B7E3201602}

        Netcard queries test . . . : Passed

        Adapter type . . . . . . . : Ethernet
        Host Name. . . . . . . . . : JHBDC1.ELLJHB.ELLIESHQ.LOCAL
        Description. . . . . . . . : Intel(R) PRO/1000 PM Network Connection
        Physical Address . . . . . : 00-15-17-1D-3D-66
        Dhcp Enabled . . . . . . . : No
        DHCP ClassID . . . . . . . :
        Autoconfiguration Enabled. : Yes
        IP Address . . . . . . . . : 10.0.0.32
        Subnet Mask. . . . . . . . : 255.255.252.0
        Default Gateway. . . . . . : 10.0.0.3
        Primary WINS Server. . . . : 10.0.0.32
        Secondary WINS Server. . . : 10.0.0.33
        Dns Servers. . . . . . . . : 10.0.0.32
                                     10.0.0.30
                                     10.0.0.33

        IpConfig results . . . . . : Passed
            Pinging the Primary WINS server 10.0.0.32 - reachable
            Pinging the Secondary WINS server 10.0.0.33 - reachable

        AutoConfiguration results. . . . . . : Passed
            AutoConfiguration is not in use.

        Default gateway test . . . : Passed
            Pinging gateway 10.0.0.3 - reachable
            At least one gateway reachable for this adapter.

        NetBT name test. . . . . . : Passed
            NetBT_Tcpip_{754A66DA-64C7-435A-8B95-90B7E3201602}
            JHBDC1         <00>  UNIQUE      REGISTERED
            ELLJHB         <1C>  GROUP       REGISTERED
            ELLJHB         <00>  GROUP       REGISTERED
            JHBDC1         <20>  UNIQUE      REGISTERED
            ELLJHB         <1B>  UNIQUE      REGISTERED
            ELLJHB         <1E>  GROUP       REGISTERED
            ELLJHB         <1D>  UNIQUE      REGISTERED
            ..__MSBROWSE__.<01>  GROUP       REGISTERED
        [WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.

            NetBios Resolution : Enabled

        Netbios Remote Cache Table
            Name           Type              HostAddress         Life [sec]
            ---------------------------------------------------------------
            ELLIES         <1C>  GROUP       10.0.0.116            535
            JHBDC2.ELLJHB.E<4C>  UNIQUE      10.0.0.33             585


        WINS service test. . . . . : Passed
            Sending name query to primary WINS server 10.0.0.32 - Passed
            Sending name query to secondary WINS server 10.0.0.33 - Passed
            The test was successful. At least one WINS server was found.


Global results:


IP General configuration
    LMHOSTS Enabled. . . . . . . . : No
    DNS for WINS resolution. . . . : Enabled
    Node Type. . . . . . . . . . . : Hybrid
    NBT Scope ID . . . . . . . . . :
    Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled . . . . . . : No
    DNS resolution for NETBIOS . . : No



Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : ELLJHB
    Dns domain name. . . . . . . . : ELLJHB.ELLIESHQ.LOCAL
    Dns forest name. . . . . . . . : ELLIESHQ.LOCAL
    Domain Guid. . . . . . . . . . : {DD3DB4AA-11E5-4C7F-B543-EEABF7D65D21}
    Domain Sid . . . . . . . . . . : S-1-5-21-4235664591-3870358342-4114147815
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : ELLJHB


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{754A66DA-64C7-435A-8B95-90B7E3201602}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed
    PASS - you have at least one non-autoconfigured IP address


IP loopback ping test. . . . . . . : Passed
    PASS - pinging IP loopback address was successful.
    Your IP stack is most probably OK.


Default gateway test . . . . . . . : Passed
    PASS - you have at least one reachable gateway.


NetBT name test. . . . . . . . . . : Passed
   No NetBT scope defined
    [WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed
    The number of protocols which have been reported : 4
        Description: MSAFD Tcpip [TCP/IP]
            Provider Version   :2
            Max message size  : Stream Oriented
        Description: MSAFD Tcpip [UDP/IP]
            Provider Version   :2
        Description: RSVP UDP Service Provider
            Provider Version   :6
        Description: RSVP TCP Service Provider
            Provider Version   :6
            Max message size  : Stream Oriented

    Max UDP size : 65507 bytes


DNS test . . . . . . . . . . . . . : Passed
      Interface {754A66DA-64C7-435A-8B95-90B7E3201602}
        DNS Domain: ELLJHB.ELLIESHQ.LOCAL
        DNS Servers: 10.0.0.32 10.0.0.30 10.0.0.33
        IP Address:         Expected registration with PDN (primary DNS
domain name):
          Hostname: JHBDC1.ELLJHB.ELLIESHQ.LOCAL.
          Authoritative zone: ELLJHB.ELLIESHQ.LOCAL.
          Primary DNS server: JHBDC1.ELLJHB.ELLIESHQ.LOCAL 10.0.0.32
          Authoritative NS:10.0.0.33 10.0.0.32 10.0.0.30 10.0.0.31
Check the DNS registration for DCs entries on DNS server '10.0.0.32'
The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.ELLJHB.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 389 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME = _ldap._tcp.ELLJHB.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 389 jhbdc1.elljhb.ellieshq.local
            SRV 0 100 389 jhbdc2.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.ELLJHB.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 389 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME = _ldap._tcp.Default-First-Site-Name._sites.ELLJHB.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 389 jhbdc2.elljhb.ellieshq.local
            SRV 0 100 389 jhbdc1.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is correct on DNS server '10.0.0.32'.

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME =
_ldap._tcp.dd3db4aa-11e5-4c7f-b543-eeabf7d65d21.domains._msdcs.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 389 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME =
_ldap._tcp.dd3db4aa-11e5-4c7f-b543-eeabf7d65d21.domains._msdcs.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 389 jhbdc2.elljhb.ellieshq.local
            SRV 0 100 389 jhbdc1.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is correct on DNS server '10.0.0.32'.

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 88 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME = _kerberos._tcp.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 88 jhbdc1.elljhb.ellieshq.local
            SRV 0 100 88 jhbdc2.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME =
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 88 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME =
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 88 jhbdc2.elljhb.ellieshq.local
            SRV 0 100 88 jhbdc1.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 389 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME = _ldap._tcp.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 389 jhbdc1.elljhb.ellieshq.local
            SRV 0 100 389 jhbdc2.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME =
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 389 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME =
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ELLJHB.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 389 jhbdc2.elljhb.ellieshq.local
            SRV 0 100 389 jhbdc1.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.ELLJHB.ELLIESHQ.LOCAL.
DNS DATA =
            SRV 0 100 88 JHBDC1.ELLJHB.ELLIESHQ.LOCAL.

The record on DNS server 10.0.0.32 is:
DNS NAME = _kerberos._tcp.ELLJHB.ELLIESHQ.LOCAL
DNS DATA =
            SRV 0 100 88 jhbdc2.elljhb.ellieshq.local
            SRV 0 100 88 jhbdc1.elljhb.ellieshq.local
+------------------------------------------------------+

The Record is different on DNS server '10.0.0.32'.
DNS server has more than one entries for this name, usually this means there
are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.32', no need to
re-register.

Hello Ricus,

Check if this helps:
http://support.microsoft.com/kb/325850

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Show quoteHide quote

Meinholf I do not think the solution is applicable since I would assume the
machine account of the dc should be the one generating the error i.e. since
the dc is jhbdc1 the machine account generating the error should be JHBDC1$.

The account that is generating the error seem to be some kind of a domain
account since my child domain is ELLJHB.ELLIESHQ.LOCAL and the netbios name
for the domain is ELLJHB. I would think that ELLJHB$ would be something to do
with it raher than the MACHINE account of the Dc.

First, and I think this is already set on this server, point all DCs to themselves first, and a partner or another one in another site, as second. You don't need three DNS entries.

Second, on any WINS server, it must only point to itself for WINS. This is due to the way the NetBIOS registration works and how WINS servers work. Remove anything other than itself. On clients, you can choose two, but not the WINS server itself.

Is there possibly a machine, group name, username, service name, Site name, or anything you can think of, that has the same name as ELLJHB in the infrastructure?

After you make the changes, re-run netdiag as:
netdiag /v /fix

Also run:
dcdiag /v /fix
The dcdiag is not as large as the netdiag.

What event log errors are there?

Ace

Ace I am loath to make changes to something that has since october 2007
tended to ("JUST work"---Registered to APPLE Computers) however I will make
the dns ntry changes. And Do the Wins changes after a little while.

ELLJHB is my netbios domain name i.e. domain\username for my child domain is
ELLJHB\Ricus.vaneeden.
"Logon to " at the ctrl alt del screen gives me 3 options
ELLIESHQ/ELLJHB/local pc.
I do not know of anything new in my environment that would have ELLJHB in
it's name and as far as I am aware the AD will not let me add anything either.


Thanks for the replies I hope you have more suggestions/questions?

Show quoteHide quote

Show quote Hide quote Well, things may just seem to work, and I hear that from many folks and corporate IT admin students, but with all due respect, I'm not sure who designed it or implemented it, but there are little nuances with AD and Microsoft networking services that if a little research was done on the services and best practices based on Microsoft's recommendations, it would have been clear to setup things up correctly. But of course, that is up to you.

Oh, and you have a parent domain, ELLIESHQ, and a child domain, ELLJHB. Ok, didn't know that, unless I misread your original post. How is the parent-child DNS setup? Is it a parent-child delegation?

Still thinking...

Ace

I meant any event log errors other than the 3224.

Ace

Yes there was a machine account that was deleted appearing on both my child
domain dc's with: Source netlogon and event id 5723 and 5805 and 5722.

We have rejoined this machine and renamed it.AS for the one generating the
5722 error I do not know what to do as it has been rejoined to the domain a
few times.

Once again all replies welcome
Show quoteHide quote

What was the machine account name?

Ace

Ace do you have a e-mail I can send the netdiag to?

It's  in my sig.

ace***@mvps.RemoveThisPart.org

Thanks Ace for all the replies thus far just a quick bit of history. The
domain was initially setup according to best practise I hope since it was
done by MS certified partners. Also it is a Parent/Child setup becase it is
intended to eventualy host a few child domains at diffrent branches in a
bridgehead server setup scenario.

Now on to your questions:

The machine names generating the errors was ellslspetgol2. The one still
generating the event id 5722 error is ELLITRRICVAN.

As for the DNS Setup between the parent child as far as I know it is via
parent child deligation.

Thanks for the replies.

Show quote Hide quote With a parent-child delegation, the parent zone delegates the child zone to at least one or two (I like two) DNS servers in a child domain. Then on all child domain DNS servers, a forwarder must be set to the parent. The zone replication scopes for the parent zone, and for the child zones, must be set to the middle button (Domain DNS servers).

What functional level are the domains and the forest set to?

I know MS Certified partners usually means they know what they're doing, but from my experience, it really depends on the individual that performed it, and the individual may not know all the nuances and little rules behind all the various services. Just my two cents.

I also responded privately concerning your email with the dcdiag and netdiag. If possible, try to respond to the questions to the groups so others can benefit.

Ace

Ace what is the easy way for me to identify the parent child setup and give
you a more certain answer?

On the general tab for my domains dns manager it says
type: active directory integrated
replication:all dns servers in the active directory forest.

My zone Replication is set to the top tab all dns servers in the domain
forrest. ELLIESHQ.local

Not to the middel tab all dns servers in the active directory domain
ELLJHB.ellieshq.local

Under forward lookup zones both my root forrest domain and child root domain
dns settings are visible on all dc's.

On the zone transfers tab
allow zone transfers is ticked and the option is selected that says only
servers listed on the name servers tab.(The name servers specified are the
dc's in my forrest.)

I have looked in the forwarders tab in dns and the only forwarders setup is
to my firewall for dns lookup forwarding.

The Domain is set to ad integrated windows 2000 and the forrest is set to
windows 2000 level too because there was a down level trust to a nt4 Domain
machine required.

If you need any other info I will provide.



Show quoteHide quote

Show quote Hide quote Hi Ricus,

Ok, your zones scopes are set to the forest. That is one way to do it, which is good. It's not a parent-child delegation.

I suggest to set the DNS on all DCs to itself as the first, and another DC (doesn't matter which, but one that is closer is better).

You do not need Zone transfers checked. Uncheck the zone transfer setting, unless there is a non-DC DNS or a Unix BIND getting secondaries, but from what you said only allowing to other DCs, then you can safely uncheck it. Zones are replicated wtih the AD replication process, and zone transfers are not needed in this design.

If there are no Windows NT4 domain controllers as part of any of your domains, you can safely bump up the domain levels, and forest levels (in that order). This does not affect any trusts to a downlevel NT4 domain. The functional levels dictate features available for forest and domain domain controllers. It has nothing to do with an NTLM trust. If all your domain controllers in the forest are Windows 2003, you can safely move up to 2003 levels.

Ace

Oh, as for the 5722 for ELLITRRICVAN, is that machine a currently joined machine or has it been renamed or removed from the domain? Is it a laptop or a machine that gets shutdown often? Is the local firewall enabled on it, or some other security software blocking necessary traffic on it? Usually a disjoin/rejoin will fix this error.

Ace

The machine is joined to the domain ;it is not a laptop and has been
disjoined and rejoined a few times.It does not get switched off often and the
local firewall is on.
Show quoteHide quote

Any reason for the local firewall? If you disable the firewall, does it re-occur?

Ace

The machines local firewall is on just because I in general keep my machines
as locked down as possible.

I have now deleted the computer account and rejoined the machine again.

So far no error's again.

I have also made the dns and wins changes to the dc you suggested ,I will
role the changes out to the rest of my dc's in the next week if no obvious
error's crop up.

That is other than the ELLJHB$ issue which is still ongoing.
Show quoteHide quote

Show quote Hide quote Sounds good. We'll have to keep plugging about the elljhb$ issue. I received your email with the updated info. Ihaven't had time to review it. I'll respond as soon as I can.

Ace

Ace is there any info you still reuire from me?
Show quoteHide quote

Sorry, Ricus. I usually receive over a hundred emails a day. I must have forgotten about it. I just replied. Funny, I usually check the newsgroups first!

Ace

Windows Security Log
Rejoining Computers to domain
Error on adding external smtp email to user
DCPROMO then change IP?
64 Bit
Issue with Dual NICS on DC;s
How do restore AD 2003 : procedure
Active directory offline mode.
Check Folder Size
AD upgrade - what changes?