Hello,

We have recently migrated to ADFS 3.0.  Everything is working except the update password feature.  In the KB articlehttp://technet.microsoft.com/en-us/library/dn280950.aspx  the section under Update Password says that I need to enable  the ADFS endpoint -/adfs/portal/updatepassword/ and restart the ADFS service.

This has been done, but when I go to https://sts.domain.com/adfs/portal/updatepassword.  All I get is a page that says "An error occurred.  contact your administrator."

What I am trying to accomplish is this. 

http://technet.microsoft.com/en-us/library/dn280950.aspx

Any help would be greatly appreciated.

Thanks

Cheston

Windows Server 2008 R2 sp1

well there's no specific "LDAP" forum like "WSUS" so i hope this is the right one.

on applications using LDAP to authenticate users, sometimes i find that the application itself is not syncing or talking with Active Directory. there are instances where settings that work previously would just stop and only a reboot can "fix" it.

settings like display name of an email address (in Exchange the display name is correct), or like one specific example, i renamed a PDC from PDC1 to PDC2 but the LDAP based application still keeps looking for PDC1. to fix the problem, i have to create a second DNS entry for the ip address of PDC2 and name it PDC1. then the application worked! developers said they didn't hardcode the PDC1 name in their application.

should i be worrying about my AD LDAP or is this an inherent problem with LDAP based applications?

Dear All,

I have windows server 2008r2  SP1 with DC and DNS. I have configured NIC teaming with LACP so i want to break teaming and update driver, after driver updation i will have to create teaming and will get new NIC, so i want to know what will be impact on DC and DNS and what will i have to do?

Thanks,

Thanks, Manish

Hi There,

I tried dc promo new server to be primary domain controller before replication completed from old domain controller. How to resolve this issue. Thanks.

Here is the DCDiag log from the new server. If you are not able to access through this link( https://drive.google.com/file/d/0B_kVgtolSFXGNHVtbjczdWJuaWNZdW51d3lnc2paTG5zSmJv/view?usp=sharing ):

Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine INTSRV, is a Directory Server.
   Home Server = INTSRV

   * Connecting to directory service on server INTSRV.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=integricity,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=integricity,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 1 DC(s). Testing 1 of them.

   Done gathering initial info.

Doing initial required tests

  
   Testing server: HQ\INTSRV

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... INTSRV passed test Connectivity

Doing primary tests

  
   Testing server: HQ\INTSRV

      Starting test: Advertising

         The DC INTSRV is advertising itself as a DC and having a DS.
         The DC INTSRV is advertising as an LDAP server
         The DC INTSRV is advertising as having a writeable directory
         The DC INTSRV is advertising as a Key Distribution Center
         The DC INTSRV is advertising as a time server
         Warning: INTSRV has not finished promoting to be a GC.

         Check the event log for domains that cannot be replicated.

         Warning: INTSRV is not advertising as a global catalog.

         Check that server finished GC promotion.

         Check the event log on server that enough source replicas for the GC

         are available.

         ......................... INTSRV failed test Advertising

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!
         Found KDC INTSRV for domain integricity.com in site HQ
         Checking machine account for DC INTSRV on DC INTSRV.
         * SPN found :LDAP/INTSRV.integricity.com/integricity.com
         * SPN found :LDAP/INTSRV.integricity.com
         * SPN found :LDAP/INTSRV
         * SPN found :LDAP/INTSRV.integricity.com/INTEGRICITY
         * SPN found :LDAP/5c4b560f-8cca-4edd-adc2-64584b032eab._msdcs.integricity.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5c4b560f-8cca-4edd-adc2-64584b032eab/integricity.com
         * SPN found :HOST/INTSRV.integricity.com/integricity.com
         * SPN found :HOST/INTSRV.integricity.com
         * SPN found :HOST/INTSRV
         * SPN found :HOST/INTSRV.integricity.com/INTEGRICITY
         * SPN found :GC/INTSRV.integricity.com/integricity.com
         [INTSRV] No security related replication errors were found on this DC!

          To target the connection to a specific source DC use

         /ReplSource:<DC>.

         ......................... INTSRV passed test CheckSecurityError

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... INTSRV passed test CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         Skip the test because the server is running DFSR.

         ......................... INTSRV passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         A warning event occurred.  EventID: 0x80001396

            Time Generated: 05/25/2015   03:00:59

            Event String:

            The DFS Replication service is stopping communication with partner TEC-SERV-001 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

            Additional Information:

            Error: 9036 (Paused for backup or restore)

            Connection ID: A8B31CBD-C5AD-46C9-B0CD-7FDF960CBC7E

            Replication Group ID: 0FF19654-A1A0-495E-8324-F62AB20CD4FB

         A warning event occurred.  EventID: 0x80001396

            Time Generated: 05/25/2015   09:30:22

            Event String:

            The DFS Replication service is stopping communication with partner TEC-SERV-001 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

            Additional Information:

            Error: 1723 (The RPC server is too busy to complete this operation.)

            Connection ID: A8B31CBD-C5AD-46C9-B0CD-7FDF960CBC7E

            Replication Group ID: 0FF19654-A1A0-495E-8324-F62AB20CD4FB

         An error event occurred.  EventID: 0xC000138A

            Time Generated: 05/25/2015   09:30:36

            Event String:

            The DFS Replication service encountered an error communicating with partner TEC-SERV-001 for replication group Domain System Volume.

            Partner DNS address: TEC-SERV-001.integricity.com

            Optional data if available:

            Partner WINS Address: TEC-SERV-001

            Partner IP Address: 192.168.48.20

            The service will retry the connection periodically.

            Additional Information:

            Error: 1753 (There are no more endpoints available from the endpoint mapper.)

            Connection ID: A8B31CBD-C5AD-46C9-B0CD-7FDF960CBC7E

            Replication Group ID: 0FF19654-A1A0-495E-8324-F62AB20CD4FB

         ......................... INTSRV failed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... INTSRV passed test SysVolCheck

      Starting test: FrsSysVol

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... INTSRV passed test FrsSysVol

      Starting test: KccEvent

         * The KCC Event log test
         An event occurred.  EventID: 0x40000617

            Time Generated: 05/25/2015   14:17:41

            Event String:

            The local domain controller has been selected to be a global catalog. However, the domain controller does not host a read-only replica of the following directory partition.

            Directory partition:

            DC=technology,DC=integricity,DC=com

            A precondition to becoming a global catalog is that a domain controller must host a read-only replica of all directory partitions in the forest. This event might have occurred because a Knowledge Consistency Checker (KCC) task has not completed or because the domain controller is unable to add a replica of the directory partition due to unavailable source domain controllers.

            An attempt to add the replica will be tried again at the next KCC interval.

         An event occurred.  EventID: 0x4000062A

            Time Generated: 05/25/2015   14:17:41

            Event String:

            Promotion of the local domain controller to a global catalog has been delayed because the directory partition occupancy requirements have not been met. The occupancy requirement level and current domain controller level are as follows.

            Occupancy requirement level:

            6

            Domain controller level:

            0

            The following registry key value defines the directory partition occupancy requirement level.

            Registry key value:

            HKeyLocalMachine\System\ CurrentControlSet\Services\NTDS\Parameters\Global Catalog Partition Occupancy

            Higher occupancy requirement levels include the lower levels. The levels are defined as follows:

            (0) Indicates no occupancy requirement.

            (1) Indicates at least one read-only directory partition in the site has been added by the Knowledge Consistency Checker (KCC).

            (2) Indicates at least one directory partition in the site has been fully synchronized.

            (3) Indicates all read-only directory partitions in the site have been added by the KCC (at least one has been synchronized).

            (4) Indicates all directory partitions in the site have been fully synchronized.

            (5) Indicates all read-only directory partitions in the forest have been added by the KCC (at least one has been synchronized).

            (6) Indicates all directory partitions in the forest have been fully synchronized.

         An event occurred.  EventID: 0x40000456

            Time Generated: 05/25/2015   14:17:41

            Event String:

            Promotion of this domain controller to a global catalog will be delayed for the following interval.

            Interval (minutes):

            30

            This delay is necessary so that the required directory partitions can be prepared before the global catalog is advertised. In the registry, you can specify the number of seconds that the directory system agent will wait before promoting the local domain controller to a global catalog. For more information about the Global Catalog Delay Advertisement registry value, see the Resource Kit Distributed Systems Guide.

         An error event occurred.  EventID: 0xC0000466

            Time Generated: 05/25/2015   14:18:30

            Event String:

            Active Directory Domain Services was unable to establish a connection with the global catalog.

            Additional Data

            Error value:

            1355 The specified domain either does not exist or could not be contacted.

            Internal ID:

            32013c0

            User Action:

            Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

         ......................... INTSRV failed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com
         Role Domain Owner = CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com
         Role PDC Owner = CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com
         Role Rid Owner = CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com
         ......................... INTSRV passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC INTSRV on DC INTSRV.
         * SPN found :LDAP/INTSRV.integricity.com/integricity.com
         * SPN found :LDAP/INTSRV.integricity.com
         * SPN found :LDAP/INTSRV
         * SPN found :LDAP/INTSRV.integricity.com/INTEGRICITY
         * SPN found :LDAP/5c4b560f-8cca-4edd-adc2-64584b032eab._msdcs.integricity.com
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5c4b560f-8cca-4edd-adc2-64584b032eab/integricity.com
         * SPN found :HOST/INTSRV.integricity.com/integricity.com
         * SPN found :HOST/INTSRV.integricity.com
         * SPN found :HOST/INTSRV
         * SPN found :HOST/INTSRV.integricity.com/INTEGRICITY
         * SPN found :GC/INTSRV.integricity.com/integricity.com
         ......................... INTSRV passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC INTSRV.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=integricity,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=integricity,DC=com
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=integricity,DC=com
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=integricity,DC=com
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=integricity,DC=com
            (Domain,Version 3)
         ......................... INTSRV passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\INTSRV\netlogon
         Verified share \\INTSRV\sysvol
         ......................... INTSRV passed test NetLogons

      Starting test: ObjectsReplicated

         INTSRV is in domain DC=integricity,DC=com
         Checking for CN=INTSRV,OU=Domain Controllers,DC=integricity,DC=com in domain DC=integricity,DC=com on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com in domain CN=Configuration,DC=integricity,DC=com on 1 servers
            Object is up-to-date on all servers.
         ......................... INTSRV passed test ObjectsReplicated

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test because /testdomain: was

         not entered

         ......................... INTSRV passed test OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=integricity,DC=com
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=DomainDnsZones,DC=integricity,DC=com
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            CN=Schema,CN=Configuration,DC=integricity,DC=com
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            CN=Configuration,DC=integricity,DC=com
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
            DC=integricity,DC=com
               Latency information for 2 entries in the vector were ignored.
                  2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
         ......................... INTSRV passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 2600 to 1073741823
         * INTSRV.integricity.com is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2100 to 2599
         * rIDPreviousAllocationPool is 2100 to 2599
         * rIDNextRID: 2100
         ......................... INTSRV passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... INTSRV passed test Services

      Starting test: SystemLog

         * The System Event log test
         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:13:23

            Event String:

            DCOM was unable to communicate with the computer 203.115.225.25 using any of the configured protocols; requested by PID     13ac (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:13:44

            Event String:

            DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols; requested by PID     13ac (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:14:05

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     13ac (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:15:47

            Event String:

            DCOM was unable to communicate with the computer 203.115.225.25 using any of the configured protocols; requested by PID     10cc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:16:08

            Event String:

            DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols; requested by PID     10cc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:16:29

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     10cc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:17:18

            Event String:

            DCOM was unable to communicate with the computer 203.115.225.25 using any of the configured protocols; requested by PID     10dc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:17:39

            Event String:

            DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols; requested by PID     10dc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 05/25/2015   14:18:00

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     10dc (C:\Windows\system32\dcdiag.exe).

         ......................... INTSRV failed test SystemLog

      Starting test: Topology

         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=integricity,DC=com.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... INTSRV passed test Topology

      Starting test: VerifyEnterpriseReferences

         ......................... INTSRV passed test

         VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=INTSRV,OU=Domain Controllers,DC=integricity,DC=com and backlink on

         CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com

         are correct.
         The system object reference (serverReferenceBL)

         CN=INTSRV,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=integricity,DC=com

         and backlink on

         CN=NTDS Settings,CN=INTSRV,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=integricity,DC=com

         are correct.
         The system object reference (msDFSR-ComputerReferenceBL)

         CN=INTSRV,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=integricity,DC=com

         and backlink on CN=INTSRV,OU=Domain Controllers,DC=integricity,DC=com

         are correct.
         ......................... INTSRV passed test VerifyReferences

      Starting test: VerifyReplicas

         ......................... INTSRV passed test VerifyReplicas

  
      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... INTSRV passed test DNS

  
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

  
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

  
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

  
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

  
   Running partition tests on : integricity

      Starting test: CheckSDRefDom

         ......................... integricity passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... integricity passed test CrossRefValidation

  
   Running enterprise tests on : integricity.com

      Starting test: DNS

         Test results for domain controllers:

           
            DC: INTSRV.integricity.com

            Domain: integricity.com

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft Windows Server 2012 R2 Standard (Service Pack level: 0.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Error: can't read network adapter information through WMI
                  [Error details: 0x80041001 (Type: HRESULT - Facility: WMI, Description: Generic failure) - Enumerate Win32_NetworkAdapterConfiguration class failed]
                  Warning: The A record for this DC was not found
                  Warning: The AAAA record for this DC was not found
                  No host records (A or AAAA) were found for this DC

                  The SOA record for the Active Directory zone was not found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     203.115.225.25 (<name unavailable>) [Valid]
                     8.8.4.4 (<name unavailable>) [Valid]
                     8.8.8.8 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: integricity.com.
                     Delegated domain name: _msdcs.integricity.com.
                        DNS server: intsrv.integricity.com. IP:192.168.48.25 [Valid]
                     Delegated domain name:www.integricity.com.
                        Warning: Delegation of DNS server intsrv.integricity.com. is broken on IP:192.168.48.25
                        Error: DNS server: intsrv.integricity.com.

                        IP:192.168.48.25 [Broken delegation]

                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone integricity.com
                  Test record dcdiag-test-record deleted successfully in zone integricity.com
              
            TEST: Records registration (RReg)
               Error: Record registrations cannot be found for all the network

               adapters

        
         Summary of test results for DNS servers used by the above domain

         controllers:

            DNS server: 192.168.48.25 (intsrv.integricity.com.)

               1 test failure on this DNS server

               DNS delegation for the domain  _msdcs.integricity.com. is operational on IP 192.168.48.25

               DNS delegation for the domainwww.integricity.com. is broken on IP 192.168.48.25

               [Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
              
            DNS server: 203.115.225.25 (<name unavailable>)

               All tests passed on this DNS server

              
            DNS server: 8.8.4.4 (<name unavailable>)

               All tests passed on this DNS server

              
            DNS server: 8.8.8.8 (<name unavailable>)

               All tests passed on this DNS server

              
         Summary of DNS test results:

        
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: integricity.com

               INTSRV                       PASS FAIL PASS FAIL PASS FAIL n/a 
        
         ......................... integricity.com failed test DNS

      Starting test: LocatorCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.

         PDC Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         Time Server Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         Preferred Time Server Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         KDC Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         ......................... integricity.com failed test LocatorCheck

      Starting test: FsmoCheck

         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

         A Global Catalog Server could not be located - All GC's are down.

         PDC Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         Time Server Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         Preferred Time Server Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         KDC Name: \\INTSRV.integricity.com
         Locator Flags: 0xe000f3f9
         ......................... integricity.com failed test FsmoCheck

      Starting test: Intersite

         Skipping site HQ, this site is outside the scope provided by the

         command line arguments provided.
         ......................... integricity.com passed test Intersite

Dear all,

We have a dot net nuke web service running on IIS v6.0 . And it uses windows authentication login. Web server used to authenticate using server 2008 dc but now we have upgraded our directory services to 2012r2.

Since then it takes a lot of time for web service to load and many times it doesnt authenticate automatically with the dc.

We disabled anonymous login on IIS and we use a policy to automatic logon only in Intranet.

Is there something that we are missing?

Regards

Nima

nimz

I have a 2008 R2 domain controller. I don't use the windows backup. I have a full image of the server using Appassure backups, so I can restore individual files.

I know I have to boot into Directory Services Restore Mode, but what files do I need to manually restore to the server from my backup to restore the Active Directory database to a previous date?

Do I just copy the contents of the %windir%\NTDS and %windir%\sysvol\sysvol from my backup and overwrite the same folders on the server? Or is there more to it than that? I can only find info on restoring active directory using the system state backup from windows backup.

Hi All,

We are using Windows 2012 Server as Sub-ordinate CA and recently we have got the observation that the folder "c:\windows\system32\certsrv\certenroll" is shared and everyone group is having read permission. We are planning to remove everyone and assign read permission to authenticated users.

Please suggest if that can be done because I cannot find any recommendation from Microsoft on the share permissions.

Also Some of the services like mentioned below are running ... Can we disable those

• certificate propagation
• certificate services
• cryptographic services
• cng key isolation
• distributed transaction coordinator
• distributed link tracking client

Hi,

I want to know how our servers Passwords are saved encrypted or decrypted ??? Where to check. And how the password topology works in AD ?

Hari

Regards, Hari Prasad.D

Hello,

I have my PKI in FO Cluster and everything works well except of Web Enrollment,

when I'm opening my webbrowser and typing https://cahostname/certsrv - webpage is opening but when I want to request any certificate then I receive an error - no certificate templates are available or you don't have rights to request - something like that.

I've read somewhere that certdat.inc under c$\Windows\System32\CertSrv must be modified, 

I've tried many possibilities, even if certutil -ping is working, I'm still receiving that error. Ofc IIS server s restarted everytime after I change the file.

Any ideas or advices are appreciated.

One of my clients has ADFS setup on Server 2012, so it is ADFS 2.1. They need to setup SSO with a vendor that uses Relaystate functionality.  I see articles on how to enable Relaystate on ADFS 2.0 and 3.0, but not sure what the procedure is for ADFS 2.1.

So, basically I have two questions:

1) Does ADFS 2.1 allow Relaystate functionality out of the box? (I know ADFS 2.0 needed Update Rollup 2 or 3)

2) If yes, what is the procedure to enable it in ADFS 2.1?  (There are two different procedures for doing this in either 2.0 or 3.0)

I am installing SQL Server 2012 onto a Windows Server 2012 R2 Machine.

I get an error "Enabling OS Feature 'NetFx3'".

How do you enable the Windows Feature: NetFx3 from the Windows Management Tools in 2012 R2 before I install SQL Server 2012?

Hi,

I need to search for the description part of the field using CAML query, but this doesn't work. Only the first part (URL) can be found using CAML query.

Below is my code which I am trying to.

<Where>
    <Contains>
        <FieldRefName='URL'/>
        <ValueType='URL'>TestURL</Value>
    </Contains>
</Where>

Thanks. khadar pasha

Hi,

I have been asked about a migration from a single AD forest structure to a 'Red Forest design' but I have not been able to find any info on this term. I assume it has something to do with AD security?

Any help would be greatly appreciated.

Regards

Neil

Hey guys,

I'm having some trouble downloading a copy of ADMT 3.2.  I am logged in with my Microsoft account.  Any ideas?

Link:

https://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=53423

Error Message:

Page Not Found 

The content that you requested cannot be found or you do not have permission to view it. 

If you believe you have reached this page in error, click the Help link at the top of the page to report the issue and include this ID in your e-mail: ae44572e-68cd-4df0-acda-7e3596d9ad15 

Microsoft Connect welcome page.

hi ! excuse me sir, could you help me to solve problem that happen when i create a new domain tree root in stead of a new child domain, i meet this problem:

Additional Data 
Error value:
1355 The specified domain either does not exist or could not be contacted. 
Internal ID:
3200e25 

User Action: 
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

1. what should i do to solve the problem?

2. Must we install Global Catalog to all domain controller ?

I am creating a new ADFS 3 farm.  I created the first server using WID and allowed the wizard to create the managed account.  I have tested that ADFS is working at a base level and now am trying to add the second server to the farm. I get through the wizard only to get an error about incorrect username /password verifying the database.  I have disabled the Windows firewall and verified the account info (it doesn't ask for the managed service account)

Reading seemed to indicate that the wizard may not have added the gMSA account to the first or second server so I added it manually, but I still have the same issue. What am I missing?

Hi all,

I have a troubled domain in the server 2008 r2 and when i tried to remove the domain by dcpromo i get the below error message

A Domain Controller could not be contacted for the domain dc1.local.net that contained an account for this computer make the computer member of a workgroup then rejoin the domain before retrying the promotion.

The specified domain either does not exist or could not be contacted.

After checking with netdom query fsmo am getting the Domain Controller name not the domain name for all the roles along ending with this error message

DsBindWithSpnExW error 0x6ba(The RPC server is unavailable) 

When trying to access a share by it's UNC name it only works when I am authenticated to an 2008 R2 domain controller.

When authenticated to the 2012 R2 domain controller I am not able to access the same share by it's UNC name.

When replacing the server name with it's ip address the share can be accessed.

It's not related to name resolution.

There are no cached credentials in the Credential Manager.

Any idea ?

Hi, 
I need to verify that in system state backup of child domain what database is backed-up. can someone tell me the difference between parent DC system state backup and child DC system state backup

1. which type partition of AD hold by child DC as compare to Child DC

2. Is there Parent DC users object exist in child domain its system state backup

3. If the Child DC down then users of child dc can login'

Please give your valuable opinion

pwnkmr

I am getting the following error on a domain controller.  

"Active Directory Domain Services Replication encountered the existence of objects in the following partition that have been deleted from the local domain controllers (DCs) Active Directory Domain Services database.  Not all direct or transitive replication partners replicated in the deletion before the tombstone lifetime number of days passed.  Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". "

This started after the domain started up and the system clock was incorrect and was set to 8 months prior.  I've correct the system clock, however, I now need to recover from this error.  I've read this article which talks about this error being caused by a clock skew, however, it is not clear what steps should be taken to correct the problem.  

What steps should I take to correct this problem that was caused by a clock skew.