Hi there.

As I wanted to install new Microsoft  Lync Server, I tried to prepare a virtual machine for this. For some reason I used a virtual machine that I tested for some another services, therefore it had some changes on it.

As you know before installing Lync Server your client must be join a domain and when I tried to joined it I faced with this error "The following error occurred attempting to join the domain “ysatech”; the network path was not found "

Before my search, I thought it was DNS problem. I checked DNS but nothing was wrong.

I searched for it and I read some forums answers and I resolved it:

As I said my client server had some changes, the problem was in the NIC but not about DNS or WINS. The "Client for Microsoft Networks" of NIC of my domain network was not checked and it must be checked.

Hi,

I've inherited quite a server mess and I'm hoping that the AD experts in this group might help.  Currently I have 2 servers and one of them has AD on it and the other does not.  The issue I'm seeing is that when I do a dcdiag I find references to an old server that doesn't exist.  Does anyone know how I go about cleaning this stuff out before I got and add AD to this new server?   

I've got 2 servers configured as follows

mailserv - W2k8 R2 Standard - Windows AD Domain Controller
dataserv2 - W2k8 Standard - Non AD DC (I'd like to add it here)
server2 - I'm assuming this is a server that my predecessor created years ago and long since retired.  But it could also be this newer server (dataserv2) before a rename. 

I've attached a copy of the dcdiag output here for you below:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = mailserv

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests


   Testing server: Default-First-Site-Name\MAILSERV

      Starting test: Connectivity

         ......................... MAILSERV passed test Connectivity


   Testing server: Default-First-Site-Name\SERVER2

      Starting test: Connectivity

         Ldap search capabality attribute search failed on server SERVER2,

         return value = 81
         ......................... SERVER2 failed test Connectivity



Doing primary tests


   Testing server: Default-First-Site-Name\MAILSERV

      Starting test: Advertising

         ......................... MAILSERV passed test Advertising

      Starting test: FrsEvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... MAILSERV passed test FrsEvent

      Starting test: DFSREvent

         ......................... MAILSERV passed test DFSREvent

      Starting test: SysVolCheck

         ......................... MAILSERV passed test SysVolCheck

      Starting test: KccEvent

         ......................... MAILSERV passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... MAILSERV passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... MAILSERV passed test MachineAccount

      Starting test: NCSecDesc

         ......................... MAILSERV passed test NCSecDesc

      Starting test: NetLogons

         ......................... MAILSERV passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... MAILSERV passed test ObjectsReplicated

      Starting test: Replications

         [Replications Check,MAILSERV] A recent replication attempt failed:

            From SERVER2 to MAILSERV

            Naming Context: CN=Schema,CN=Configuration,DC=example,DC=com

            The replication generated an error (1753):

            There are no more endpoints available from the endpoint mapper.

            The failure occurred at 2014-10-17 14:48:40.

            The last success occurred at 2011-06-23 17:56:45.

            29095 failures have occurred since the last success.

            The directory on SERVER2 is in the process.

            of starting up or shutting down, and is not available.

            Verify machine is not hung during boot.

         [Replications Check,MAILSERV] A recent replication attempt failed:

            From SERVER2 to MAILSERV

            Naming Context: CN=Configuration,DC=example,DC=com

            The replication generated an error (1753):

            There are no more endpoints available from the endpoint mapper.

            The failure occurred at 2014-10-17 14:48:40.

            The last success occurred at 2012-03-07 20:58:21.

            22896 failures have occurred since the last success.

            The directory on SERVER2 is in the process.

            of starting up or shutting down, and is not available.

            Verify machine is not hung during boot.

         [Replications Check,MAILSERV] A recent replication attempt failed:

            From SERVER2 to MAILSERV

            Naming Context: DC=example,DC=com

            The replication generated an error (1753):

            There are no more endpoints available from the endpoint mapper.

            The failure occurred at 2014-10-17 14:48:40.

            The last success occurred at 2011-06-23 18:15:25.

            29095 failures have occurred since the last success.

            The directory on SERVER2 is in the process.

            of starting up or shutting down, and is not available.

            Verify machine is not hung during boot.

         ......................... MAILSERV failed test Replications

      Starting test: RidManager

         ......................... MAILSERV passed test RidManager

      Starting test: Services

         ......................... MAILSERV passed test Services

      Starting test: SystemLog

         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:21:25

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:26:28

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:31:30

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:36:32

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:41:34

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:46:36

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x40000004

            Time Generated: 10/17/2014   14:51:38

            Event String:

            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server dataserv2$. The target name used was cifs/server2.example. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (BELMONTDENTAL.COM) is different from the client domain (BELMONTDENTAL.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:51:38

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   14:56:40

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   15:01:43

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   15:03:59

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   15:06:45

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   15:11:47

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         An Error Event occurred.  EventID: 0x00000422

            Time Generated: 10/17/2014   15:16:49

            Event String:

            The processing of Group Policy failed. Windows attempted to read the file \\example\sysvol\example\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:


         ......................... MAILSERV failed test SystemLog

      Starting test: VerifyReferences

         ......................... MAILSERV passed test VerifyReferences


   Testing server: Default-First-Site-Name\SERVER2

      Skipping all tests, because server SERVER2 is not responding to directory

      service requests.




   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation


   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation


   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation


   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation


   Running partition tests on : example

      Starting test: CheckSDRefDom

         ......................... example passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... example passed test CrossRefValidation


   Running enterprise tests on : example

      Starting test: LocatorCheck

         ......................... example passed test LocatorCheck

      Starting test: Intersite

         ......................... example passed test Intersite

Any help is appreciated...

TIA,
J

I got this Error in Eventvwr in one Member server(2003 R2 SP2).

Event Type:        Error

Event Source:    Userenv

Event Category:                None

Event ID:              1054

Date:                     05/06/11

Time:                     12:18:23 PM

User:                     NT AUTHORITY\SYSTEM

Computer:          FS001.Contoso.com

Description:

Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

When I run gpresult I get this error

"INFO: The user "Domain\user" does not have RSOP data".

When i run rsop.msc I can see all computer policies is getting applied But I cannot see any user setting.

I tried netdiag /test:DNS. Out put I got all passed.

I can ping the DC(2003 Std SP2). The DNS Setting also perfect.(I do not want to disjoin and rejoin this server to doamin)

Any help is greatly appriciated.

Hello everyone,  I am in the middle of testing a 2003 to 2012 domain controller migration.  I have cloned our 2 current 2003 DC's and spun up 2 additional 2012 DCs, all of this in an isolated virtual environment.  I have transferred all roles to the 2012 DC's, everything went fine.  I am now at the point of demoting the 2003 DC's, during the dcpromo process I am prompted with "This domain controller holds the last replica of the following application directory partitions:  DC=TAPI3Directory,DC=xxx,DC=local. I understand that TAPI3 is used for telephony that relies on AD.  I cannot get a clear answer (recent turnover) whether we actually need this.  My question is, how can I copy/replicate/move or re-create this Application Directory Partition on a Server 2012 DC?  Everything I research leads to tapicfg but this is not a valid command in server 2012.   If there is a way to do this can someone please explain?

Thanks for your time.

Damien

Thanks & Regards, Amol . Amol Dhaygude

I´m troubleshooting different Workstation slowness scenarios, and one of the conserning event ID is 3210 which indicates some authorization issues between Client Computer and Domain. Also group policy errors (lack of connectivity to domain controller) follows this error.

I´m tryng to solve this event ID 3210 issue without succsess, so far I´ve done:

- Ports are opened between Client and DC (I ran portQui tests)
- Computer is patched 100%, also KB2958122 included.
- Computer account deleted, Computer re-joined to domain

I have a weird problem.

Background: I had 2003 sbs and migrated to 08R2. I demoted sbs and 08R2 worked just fine. I added domain services to 2012 R2 and clicked GC and moved the FSMO roles to the new 2012 R2 server. They both show up in ADUC under domain controllers. I can ping lf.local from any workstation and get the round robin reply from DNS.

Here's the problem. When I shutdown the 08R2 server, AD goes down too. I tried to run ADUC from my workstation and from the 12R2 server but they both say there are no directory servers available.

If I boot up the 08R2 server then all is well. I can manually change to 12R2 server in ADUC and it comes up fine while the 08R2 server is running also. My goal is to continue the migration from 08R2 to 12R2 and demote the 08R2 asap.

I've checked a million times everything in AD I can, and it all says both servers are domain controllers. DNS works fine. I modified an A record on 08R2 and it changed on 12R2. I then changed it back on the 12R2 and it changed on the 08R2. I changed the description field in a user and it changed both ways. Replication seems to be bi-directional and working. Plus I've check in ADSS a bunch too to make sure the replication is set correctly.

What did I miss on the 12R2 server? I'm not seeing my mistake.

What is diffrence in OU and Groups ?

Thanks & Regards, Amol . Amol Dhaygude

Hi everyone,

In our company we have Windows 8.1 systems. In some systems we are getting issues. whenever i login in to a system i get a error. "recycle bin on d: is corrupted do you want to empty the recycle bin for this drive ?" Also i am not able to create, delete file or folders. i search this on Google and try all options but no luck !!

even i format system and did a clean install but still same issue. i changed permissions, Ownerships etc. also tried to run "rd /s/q D:\$Recycle.bin" from CMD with Administrator a/c but still facing same issue.

Any help would be really appreciated.

Thanks,

Satya Pal Menariya

Hi all,

My domain controllers on the Azure and on-premise used to replicate the directory until few days ago. I didn't realize there was some payment problem on my Azure subscriptions and my services were disabled. After I made the payment, I recreated the removed VNet gateway and established the site-to-site VPN.

Even the domain controllers are able to ping and nslookup to each other now, the directory service has stopped replicate between two DCs. There are many Error 1863 and Warning 2089 on the event viewer.

I tried to look for solutions of Error 1863 for a day but I found very little knowledge and solution about it. I also tried to demote DC2 (on-premise) and promote it again. I got errors while demoting it. Below is the print screen of the error.

I have an idea now which is disjoin DC2 from the domain and force it to remove the AD role. Then, rejoin the domain and promote it to DC2 again. Can anyone advice if this is something do-able ? Any suggestions or advices are much appreciated.

Thanks,

Chee-Kian

Hi Team,

We have created a Active Directory on Windows server 2012 DC(Root first DC in the forest) and ADC Windows Server 2008 R2 EE SP1 with Chinese OS and a long domain name .

We have created a long domain name like:

Hello,

I am trying to setup Web Application Proxy Preauthentication for HTTP Basic application publishing. 

I have Windows 2012R2 std. with Remote Access - We Application Proxy role. 

This Technet article describes how-to publish HTTP basic app: https://technet.microsoft.com/en-US/library/dn765483.aspx

But it when I run Add-WebApplicationProxyApplication command with ADFSforRichClients parameter, it returns an error message:

Add-WebApplicationProxyApplication : Cannot validate argument on parameter 'ExternalPreauthentication'. The argument
"ADFSforRichClients" does not belong to the set "PassThrough,ADFS,ClientCertificate" specified by the ValidateSet
attribute. Supply an argument that is in the set and then try the command again.
At line:1 char:320
+ ... Authentication ADFSforRichClients -ADFSRelyingPartyName 'Exchange EAS'
+                    ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Add-WebApplicationProxyApplication], ParameterBindingValidationExcepti
   on
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Add-WebApplicationProxyApplication

It seems that ExternalPreAuthentication parameter on my server only supports "PassThrough,ADFS,ClientCertificate" parameters. But according to technet it should support additional parameters:

-- ADFS
-- ClientCertificate
-- PassThrough
-- ADFSforRichClients
-- ADFSforOAuth
-- ADFSforBrowsersAndOffice

What I am missing?

Thanks on advise.

Hello All.

I have read loads of forums and tried numerous fixes and configurations, but nothing seems to work and I am extremely frustrated at this point.

I have a client where I setup Server 2012 Standard with Exchange 2013. After reading best practice documentation for DNS naming and reasons not to use ".LOCAL" I opted to use ".com.na" in which case the Internal Domain Name and Internet Website now has the same name.

When attempting to open the extarnal website eg. "www.company.com.na" from a client PC within the internal "company.com.na" Domain, I keep getting error "403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied."

I should also mention, the website is hosted by an ISP and not locally.

I added a "www" Host record in the Forward Lookup Zone, I have added the url and ip address to the Hosts file on a client pc (Windows 7) and even tried setting up Split-Brains DNS. Nothing seems to work.

Running a Tracert takes me to the correct public ip address of the website, but I keep getting this 403 error.

I am so sick and tired of this issue that iI am at the point of backing up the Exchange and re-rolling the entire server with the ".local" DNS domain name. I have a mirror setup in a VMWare environment and simply using "rendom" to rename the domain seems to cause new issues with Exchange connectivity.

Any pointers and help will be greatly appreciated.

Thanks in advance.

Hentie Loots

Francisco Mercado Jr.

need to Migrate the Domain having only one DC with public IP Address, and Exchange Server running on it need to migrate to other Server with upgrade also as this Server Hardware are too Old and cannot be Upgraded.

as People use Email from internet, Are There any Problems after Migration to New Server and Configure Public IP Address of Old Server in New Server?

Please tell me in detail about best practice to Migrate and Upgrade to 2012 R2 Server and Need to Shut Down Currently running DC?

Hello Guys,

I have a question if I'm doing it the correct way... Please read my configuration en tell me what you think.

I now have a costumer with some small firms and 1 big firm. The big firm has a DC & exchange. I want to create a extra DC so i can put all the computers from 1 of the small firms in that domain. i will also make this domain a sub of the big firm DC.

Then i want to configure the exchange it does e-mail for both domains.

I am very curios about your comments.

Greetz Vincent Bal

Just demoted old PDC and added and promoted new PDC.  Dcdiag passed all tests before promoting.  Have not raised functional level to 2008 yet.

I believe I scrubbed the old PDC from DNS though I have seen it show up in some queries (can't remember which).

Dcdiag on the PDC still has no errors.

Other DCs all have this error:

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.

On all DCs netdom query fsmo list the PDC for all roles.

On all DCs nltest /dclist:domain.com lists the correct DC as the PDC.

The PDC seems to be the authoritative time server.

In DFS Management, when I try to list the namespaces I receive the following error:

\\domain.com\namespace:  The namespace cannot be queried. The specified domain either does not exist or could not be contacted.

Replication groups do populate.

I need help troubleshooting.  Thanks