Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows AD Errors

Status
Not open for further replies.
Elway7

Elway7

MIS
Apr 5, 2002
41
CA
I am trying to set up a new AD domain. I am using windows 2003 SP1. After i dcpromo the server i get the following errors in the event logs 40960 and 53258.
When i join a computer to the domain i get netlogon errors on that computer. I can log in fine on the client for the first few times but then eventually it says that the domain or domain controller could not be contacted and i cannot log in. The event log shows lots of 1053 and 3210 errors. I have tried re-doing this a number of times but always get the same errors. I have tried to configure DNS before promoting the server to a dc then configuring it after and i have also had the machine configure DNS for me automatically during the DC promo process. I am at a total lost for what might be going on.

Thanks
 
Sort by date Sort by votes
Hi,
Not sure if this information will help

This issue occurs if the Network Service security account does not have sufficient privileges to access the following registry subkeys when you

upgrade to Windows Server 2003:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

To resolve this issue, assign the Network Service account full control access to the following registry subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

To do this, please perform the following steps:

1. On the Windows Server 2003-based domain controller, start Registry Editor (Regedit.exe).

2. Locate, and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

3. Right-click "Dhcp", and then click "Permissions".

4. Click Add, type network service

If this works credit to Cameron Ye rather than myself
joseph

 
Upvote 0 Downvote
Hi,

I am not running DHCP on the Domain Controller.
I just gave netwirk services full control over the tcpip entry. Will let you know what happend
 
Upvote 0 Downvote
Can you tell me something is this a new domain in an exsisting forrest or a new forrest.

Lars

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
This is a new domain in a new forest. I installed windows 2003 Enterprise Ed with SP1.
 
Upvote 0 Downvote
Do you see all the records in dns that are needed for ad ?

Lars

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
How many clients do you use to try to join are they are having the same problems?

Lars

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
Yes,
The structure in DNS seems to be fine but I am getting Errors 4004 and 4015 in the DNS log. This just started recently.
But when i do any dcdiag test on DNS it passes.
 
Upvote 0 Downvote
on all clients and how many clients are having this isseu ?

Regards Lars

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
I only have one added so far it is a member server that eventually i need to promote to a DC. But i want to make sure there are no errors before i do so.
 
Upvote 0 Downvote
Try replace the NIC sounds funny but this could be a NIC isseu.

Lars

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
One of our customers got this error on two of his Windows XP workstation. The workstations could initially be connected to the Windows Small Business Server 2003 domain, but after a reboot, the domain was not accessible (logon, network drive mapping, etc.). The resolve this problem we replaced the client’s network card. The old card was an Acer network adapter that had no drivers for Windows XP but worked fine with the Intel standard driver and the existing NT 4.0 domain. However, Kerberos authentication with SBS 2003 domain was impossible.



Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
found it on event id.net only thing i can think of and sounds like your solution

Network admin for worldwide freight forwarders company.
mcp mcsa\: Messaging mcse -2003
 
Upvote 0 Downvote
I am going to swap out the nic cards and let you know. I am currently using the onboard nic and they are intel cards.
I have some spare d-link cards to try.
 
Upvote 0 Downvote
I replaced the NIC cards on both the member server and the Dc. The member server now has no netlogon errors. The DC is still showing an Msdtc error in the application log of number 53258 and an LSAV error in the system log number 4096.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
979
suncit
suncit
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
739
Aquiles Vidal
Aquiles Vidal
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
581
antonio_dsanchez
antonio_dsanchez
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
1K
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
451
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top