I have a problem between two onsite DNS servers. The Primary FSMO DC "server" seems to be ok, but I will post its DCDiag in a minute. The second DC, "DC2", has problems reaching one particular new server via DNS name, the file server called "Server2". If DC2 tries \\server2\ an error box appears "Logon Failure: The target account name is incorrect" however accessing via Server2 IP address is fine. No other systems on the network are having issues with Server2 or each others. This problem is isolated between DC2 and Server2. Over the weekend Server2 file server, which was Windows 2003 x32, was removed. The Server2 computer name was deleted in AD. A new file server with Windows 2008 Standard x64 was created - IT'S NAME IS ALSO SERVER2 and with the same IP. I think this is what caused the problem. Searching on the net I found a lot of info but not very specific to my issue. This could be a combo of DNS, AD replication and Kerberos but it is beyond my abilities to decipher. I believe it is the Kerberos cache on DC2 as maybe it never got notification that Server2 was deleted and removed from AD via the FSMO Server dc. *Both DC's are in a virtual environment. DC2 - DCDIAG (Contains errors where the other DC does not) Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\DC2 Starting test: Connectivity ......................... DC2 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\DC2 Starting test: Replications [Replications Check,DC2] Inbound replication is disabled. To correct, run "repadmin /options DC2 -DISABLE_INBOUND_REPL" [Replications Check,DC2] Outbound replication is disabled. To correct, run "repadmin /options DC2 -DISABLE_OUTBOUND_REPL" ......................... DC2 failed test Replications Starting test: NCSecDesc ......................... DC2 passed test NCSecDesc Starting test: NetLogons ......................... DC2 passed test NetLogons Starting test: Advertising Warning: DsGetDcName returned information for \\SERVER.urbanco.local, w hen we were trying to reach DC2. Server is not responding or is not considered suitable. ......................... DC2 failed test Advertising Starting test: KnowsOfRoleHolders ......................... DC2 passed test KnowsOfRoleHolders Starting test: RidManager ......................... DC2 passed test RidManager Starting test: MachineAccount ......................... DC2 passed test MachineAccount Starting test: Services NETLOGON Service is paused on [DC2] ......................... DC2 failed test Services Starting test: ObjectsReplicated ......................... DC2 passed test ObjectsReplicated Starting test: frssysvol ......................... DC2 passed test frssysvol Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... DC2 failed test frsevent Starting test: kccevent ......................... DC2 passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x40000004 Time Generated: 08/23/2010 09:44:20 Event String: The kerberos client received a An Error Event occured. EventID: 0x40000004 Time Generated: 08/23/2010 10:03:02 Event String: The kerberos client received a An Error Event occured. EventID: 0x40000004 Time Generated: 08/23/2010 10:03:07 Event String: The kerberos client received a ......................... DC2 failed test systemlog Starting test: VerifyReferences ......................... DC2 passed test VerifyReferences Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : urbanco Starting test: CrossRefValidation ......................... urbanco passed test CrossRefValidation Starting test: CheckSDRefDom ......................... urbanco passed test CheckSDRefDom Running enterprise tests on : urbanco.local Starting test: Intersite ......................... urbanco.local passed test Intersite Starting test: FsmoCheck ......................... urbanco.local passed test FsmoCheck *Netdiag on DC2 shows no errors, same with Server "Server" DCDIAG: Netcard queries test . . . . . . . : Passed [WARNING] The net card 'VMware Virtual Ethernet Adapter for VMnet1' may not be working because it has not received any packets. Per interface results: Adapter : Local Area Connection 2 Netcard queries test . . . : Passed Host Name. . . . . . . . . : SERVER IP Address . . . . . . . . : 10.10.10.5 Subnet Mask. . . . . . . . : 255.0.0.0 Default Gateway. . . . . . : 10.10.10.254 Dns Servers. . . . . . . . : 10.10.10.5 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge r Service', <20> 'WINS' names is missing. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Adapter : VMware Network Adapter VMnet1 Netcard queries test . . . : Passed Host Name. . . . . . . . . : SERVER IP Address . . . . . . . . : 192.168.149.1 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : Dns Servers. . . . . . . . : AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Skipped [WARNING] No gateways defined for this adapter. NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge r Service', <20> 'WINS' names is missing. No remote names have been found. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Adapter : VMware Network Adapter VMnet8 Netcard queries test . . . : Passed Host Name. . . . . . . . . : SERVER IP Address . . . . . . . . : 192.168.244.1 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : Dns Servers. . . . . . . . : AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Skipped [WARNING] No gateways defined for this adapter. NetBT name test. . . . . . : Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge r Service', <20> 'WINS' names is missing. No remote names have been found. WINS service test. . . . . : Skipped There are no WINS servers configured for this interface. Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{DE0887FD-FD0D-4375-8C2D-42FACD7932D5} NetBT_Tcpip_{1319E633-80A0-4BCC-905E-7D163A36AE08} NetBT_Tcpip_{A67C99EF-8178-4961-B160-84BCDB413DFF} 3 NetBt transports currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed [WARNING] You don't have a single interface with the <00> 'WorkStation Servi ce', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '10.10.10.5' and other DCs also have some of the names registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{DE0887FD-FD0D-4375-8C2D-42FACD7932D5} NetBT_Tcpip_{1319E633-80A0-4BCC-905E-7D163A36AE08} NetBT_Tcpip_{A67C99EF-8178-4961-B160-84BCDB413DFF} The redir is bound to 3 NetBt transports. List of NetBt transports currently bound to the browser NetBT_Tcpip_{A67C99EF-8178-4961-B160-84BCDB413DFF} NetBT_Tcpip_{1319E633-80A0-4BCC-905E-7D163A36AE08} NetBT_Tcpip_{DE0887FD-FD0D-4375-8C2D-42FACD7932D5} The browser is bound to 3 NetBt transports. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully Hope I provided enough info.

Testing server: Default-First-Site-Name\DC2 Starting test: Replications [Replications Check,DC2] Inbound replication is disabled. To correct, run "repadmin /options DC2 -DISABLE_INBOUND_REPL" [Replications Check,DC2] Outbound replication is disabled. To correct, run "repadmin /options DC2 -DISABLE_OUTBOUND_REPL" ......................... DC2 failed test Replications Like it is mentioned running the following commands should solve this problem. repadmin /options DC2 -DISABLE_INBOUND_REPL repadmin /options DC2 -DISABLE_OUTBOUND_REPL

Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... DC2 failed test frsevent Starting test: kccevent ......................... DC2 passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x40000004 Time Generated: 08/23/2010 09:44:20 Event String: The kerberos client received a An Error Event occured. EventID: 0x40000004 Time Generated: 08/23/2010 10:03:02 Event String: The kerberos client received a An Error Event occured. EventID: 0x40000004 Time Generated: 08/23/2010 10:03:07 Event String: The kerberos client received a ......................... DC2 failed test systemlog As you see there is an error with the eventID 0x40000004. I searched on the net a possible resolution for this problem but did not found something intersting. I found someone who had the same error and as a resolution an expert recommanded to simply demote the failed DC, and re-promote. Have a look to this link: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24469030.html Best regards.

Thanks for the reply but what makes me worried is that if I disable the REPLICATION how would I enable it again? This message may be incorrect for me and cause even more problems.

I am tempted as well to demote and promote as this is mainly just a secondary DC, VPN and a Kaspersky AV Admin unit. All other tests show communication is fine so this is probably my only option though I would like to hear from someone more versed in AD replication before doing so. As is, we are still functional and working fine with the primary DC.

Thanks for the reply but what makes me worried is that if I disable the REPLICATION how would I enable it again? This message may be incorrect for me and cause even more problems. If you demote the failed DC and re-promote it you will not have a replication problem. By doing that, it will be in the same site (default site) as your first DC and replication will start automatically. So, you don't have to worry.

Ok, I will try that after hours. What about other programs that might rely on AD? Such as backups, my AntiVirus Admin, VPN. Do you think by demoting, rebooting, promoting, rebooting that will cause the problem or a total unknown? Its worth a shot for sure and probably will run the risk. Thanks.

Mike, I would like to tell you that I am a MCP, MCSA Security and MCSE Security. So, I know what I am writing and I refered to an article to give a solution for this problem. As I said, I found an article on internet about this kind of error which is the following: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24469030.html So, please work as a professional and stop saying such things. If you have another solution, you are welcome. Best regards.

Venom66, based on search on the internet, I found the following for the use of the dcpromo /forceremoval command: If the domain controller hosts any operations master (also known as flexible single master operations or FSMO) roles or if it is a Domain Name System (DNS) server or a global catalog server, warnings appear that explain how the forced removal will affect the rest of the environment. After you read each warning, click Yes . To suppress the warnings in advance of the removal operation, type /demotefsmo:yes at the command prompt. If you forcefully removal AD DS from a server that hosts an operations master role, you must seize the role after the Dcpromo operation. I found it in this Microsoft article: http://technet.microsoft.com/en-us/library/cc816826%28WS.10%29.aspx I found also that if your domain controller is also an exchange server, the demote may affect your exchange environment. This is a link to the article speaking about a such thing: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22939677.html As a conclusion, the demote operation should not affect your environment if your server is not an exchange server and you follow correctely the mentioned procedure. Best regards.

Thanks. This is a secondary peer DC, holding no FSMO roles. The other has the Exchange and that DC seems to be fine with no problems affecting the other systems. I will give this a shot tonight and post my results but I may hold off as I have a vacation coming end of week and since we are functioning fine I could be opening a can of worms.

Okay, so proceed like I mentioned because I have not found another possible resolution on the internet. Don't forget to read the warnings. They will allow you to detect the problems that you may have (So just believe to Microsoft and its warning system). Have a good vacation. Best regards.