Hi, When ever i reboot our additional domain controller( using windows 2003 standard edition sp1) the net logon service paused. If i start the net logon service manualy its starting not an issue. The only problem is every reboot that service paused. Blow is the log for your reference. Event Type: Error Event Source: NTDS General Event Category: Service Control Event ID: 2103 Date: 3/16/2010 Time: 1:26:54 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: CHD1DOMINO2 Description: The Active Directory database has been restored using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Hello,was the server restored from an image or snapshot of a VM? It sounds that you are run into USN rollback. Please check the following article:http://support.microsoft.com/kb/875495Also run dcdiag /v on all DCs(at least the problem one and a second) and post the output here.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, Thanks, Its not an image restore I have pasted both servers output. server1= chd1domino1 server2= chd1domino2 the problem is in chd1domino2 Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine chd1domino2, is a DC. * Connecting to directory service on server chd1domino2. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CHD1DOMINO2 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... CHD1DOMINO2 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CHD1DOMINO2 Starting test: Replications * Replications Check * Replication Latency Check DC=ForestDnsZones,DC=vernalis,DC=com Latency information for 3 entries in the vector were ignored. 3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=vernalis,DC=com Latency information for 3 entries in the vector were ignored. 3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=vernalis,DC=com Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=vernalis,DC=com Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=vernalis,DC=com Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... CHD1DOMINO2 passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC CHD1DOMINO2. * Security Permissions Check for DC=ForestDnsZones,DC=vernalis,DC=com (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=vernalis,DC=com (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=vernalis,DC=com (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=vernalis,DC=com (Configuration,Version 2) * Security Permissions Check for DC=vernalis,DC=com (Domain,Version 2) ......................... CHD1DOMINO2 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CHD1DOMINO2\netlogon Verified share \\CHD1DOMINO2\sysvol ......................... CHD1DOMINO2 passed test NetLogons Starting test: Advertising The DC CHD1DOMINO2 is advertising itself as a DC and having a DS. The DC CHD1DOMINO2 is advertising as an LDAP server The DC CHD1DOMINO2 is advertising as having a writeable directory The DC CHD1DOMINO2 is advertising as a Key Distribution Center Warning: CHD1DOMINO2 is not advertising as a time server. ......................... CHD1DOMINO2 failed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role Domain Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role PDC Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role Rid Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com ......................... CHD1DOMINO2 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 5106 to 1073741823 * chd1domino1.vernalis.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 4606 to 5105 * rIDPreviousAllocationPool is 4106 to 4605 * rIDNextRID: 4406 ......................... CHD1DOMINO2 passed test RidManager Starting test: MachineAccount Checking machine account for DC CHD1DOMINO2 on DC CHD1DOMINO2. * SPN found :LDAP/chd1domino2.vernalis.com/vernalis.com * SPN found :LDAP/chd1domino2.vernalis.com * SPN found :LDAP/CHD1DOMINO2 * SPN found :LDAP/chd1domino2.vernalis.com/VERNALIS * SPN found :LDAP/c965921e-927d-4e64-b32c-b677fdf81c96._msdcs.vernalis.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c965921e-927d-4e64-b32c-b677fdf81c96/vernalis.com * SPN found :HOST/chd1domino2.vernalis.com/vernalis.com * SPN found :HOST/chd1domino2.vernalis.com * SPN found :HOST/CHD1DOMINO2 * SPN found :HOST/chd1domino2.vernalis.com/VERNALIS * SPN found :GC/chd1domino2.vernalis.com/vernalis.com ......................... CHD1DOMINO2 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time w32time Service is stopped on [CHD1DOMINO2] * Checking Service: NETLOGON ......................... CHD1DOMINO2 failed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated CHD1DOMINO2 is in domain DC=vernalis,DC=com Checking for CN=CHD1DOMINO2,OU=Domain Controllers,DC=vernalis,DC=com in domain DC=vernalis,DC=com on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CHD1DOMINO2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com in domain CN=Configuration,DC=vernalis,DC=com on 1 servers Object is up-to-date on all servers. ......................... CHD1DOMINO2 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CHD1DOMINO2 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... CHD1DOMINO2 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... CHD1DOMINO2 passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 19:59:56 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 19:59:57 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 19:59:58 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 20:38:22 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 20:38:23 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 20:38:23 (Event String could not be retrieved) ......................... CHD1DOMINO2 failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=CHD1DOMINO2,OU=Domain Controllers,DC=vernalis,DC=com and backlink on CN=CHD1DOMINO2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com are correct. The system object reference (frsComputerReferenceBL) CN=CHD1DOMINO2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=vernalis,DC=com and backlink on CN=CHD1DOMINO2,OU=Domain Controllers,DC=vernalis,DC=com are correct. The system object reference (serverReferenceBL) CN=CHD1DOMINO2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=vernalis,DC=com and backlink on CN=NTDS Settings,CN=CHD1DOMINO2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com are correct. ......................... CHD1DOMINO2 passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : vernalis Starting test: CrossRefValidation ......................... vernalis passed test CrossRefValidation Starting test: CheckSDRefDom ......................... vernalis passed test CheckSDRefDom Running enterprise tests on : vernalis.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... vernalis.com passed test Intersite Starting test: FsmoCheck GC Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd PDC Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd Time Server Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd Preferred Time Server Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd KDC Name: \\chd1domino2.vernalis.com Locator Flags: 0xe00001b8 ......................... vernalis.com passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS ###################################################################################### Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine chd1domino1, is a DC. * Connecting to directory service on server chd1domino1. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\CHD1DOMINO1 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... CHD1DOMINO1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\CHD1DOMINO1 Starting test: Replications * Replications Check * Replication Latency Check DC=ForestDnsZones,DC=vernalis,DC=com Latency information for 3 entries in the vector were ignored. 3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=vernalis,DC=com Latency information for 3 entries in the vector were ignored. 3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=vernalis,DC=com Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=vernalis,DC=com Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=vernalis,DC=com Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... CHD1DOMINO1 passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC CHD1DOMINO1. * Security Permissions Check for DC=ForestDnsZones,DC=vernalis,DC=com (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=vernalis,DC=com (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=vernalis,DC=com (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=vernalis,DC=com (Configuration,Version 2) * Security Permissions Check for DC=vernalis,DC=com (Domain,Version 2) ......................... CHD1DOMINO1 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\CHD1DOMINO1\netlogon Verified share \\CHD1DOMINO1\sysvol ......................... CHD1DOMINO1 passed test NetLogons Starting test: Advertising The DC CHD1DOMINO1 is advertising itself as a DC and having a DS. The DC CHD1DOMINO1 is advertising as an LDAP server The DC CHD1DOMINO1 is advertising as having a writeable directory The DC CHD1DOMINO1 is advertising as a Key Distribution Center The DC CHD1DOMINO1 is advertising as a time server The DS CHD1DOMINO1 is advertising as a GC. ......................... CHD1DOMINO1 passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role Domain Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role PDC Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role Rid Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com ......................... CHD1DOMINO1 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 5106 to 1073741823 * chd1domino1.vernalis.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 3606 to 4105 * rIDPreviousAllocationPool is 3606 to 4105 * rIDNextRID: 3837 ......................... CHD1DOMINO1 passed test RidManager Starting test: MachineAccount Checking machine account for DC CHD1DOMINO1 on DC CHD1DOMINO1. * SPN found :LDAP/chd1domino1.vernalis.com/vernalis.com * SPN found :LDAP/chd1domino1.vernalis.com * SPN found :LDAP/CHD1DOMINO1 * SPN found :LDAP/chd1domino1.vernalis.com/VERNALIS * SPN found :LDAP/32202f44-cd9b-4322-94b1-2d8486921250._msdcs.vernalis.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/32202f44-cd9b-4322-94b1-2d8486921250/vernalis.com * SPN found :HOST/chd1domino1.vernalis.com/vernalis.com * SPN found :HOST/chd1domino1.vernalis.com * SPN found :HOST/CHD1DOMINO1 * SPN found :HOST/chd1domino1.vernalis.com/VERNALIS * SPN found :GC/chd1domino1.vernalis.com/vernalis.com ......................... CHD1DOMINO1 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... CHD1DOMINO1 passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated CHD1DOMINO1 is in domain DC=vernalis,DC=com Checking for CN=CHD1DOMINO1,OU=Domain Controllers,DC=vernalis,DC=com in domain DC=vernalis,DC=com on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com in domain CN=Configuration,DC=vernalis,DC=com on 1 servers Object is up-to-date on all servers. ......................... CHD1DOMINO1 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... CHD1DOMINO1 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... CHD1DOMINO1 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... CHD1DOMINO1 passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 20:40:08 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 20:40:09 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/17/2010 20:40:10 (Event String could not be retrieved) ......................... CHD1DOMINO1 failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=CHD1DOMINO1,OU=Domain Controllers,DC=vernalis,DC=com and backlink on CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com are correct. The system object reference (frsComputerReferenceBL) CN=CHD1DATASERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=vernalis,DC=com and backlink on CN=CHD1DOMINO1,OU=Domain Controllers,DC=vernalis,DC=com are correct. The system object reference (serverReferenceBL) CN=CHD1DATASERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=vernalis,DC=com and backlink on CN=NTDS Settings,CN=CHD1DOMINO1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=vernalis,DC=com are correct. ......................... CHD1DOMINO1 passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : vernalis Starting test: CrossRefValidation ......................... vernalis passed test CrossRefValidation Starting test: CheckSDRefDom ......................... vernalis passed test CheckSDRefDom Running enterprise tests on : vernalis.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... vernalis.com passed test Intersite Starting test: FsmoCheck GC Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd PDC Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd Time Server Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd Preferred Time Server Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd KDC Name: \\chd1domino1.vernalis.com Locator Flags: 0xe00003fd ......................... vernalis.com passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS

Hi Alagar, According to your description, I understand that you are experiencing an Netlogon service issue with event ID 2103. To narrow down this issue, please check the following stuffs: 1. Check for USN rollback by using the command Repadmin /showutdvec (KB Article: 875495, 885875) 2. Check the Registry value "HKLM\System\CurrentControlSet\Services\NTDS\Parameters, "DSA Not Writable" (REG_DWORD) and its value is 0x4. 3. Delete "DSA Not Writable" (REG_DWORD) from registry and reboot the server. Please try above steps and let us know your results, thanks. Sincerely, Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.

Many many thanks to Wilson.I was suffering with this problem from long time ago.I googled it many times but couln't come up with any real solution.Your steps actually fix my problem.Keep it up Wilson.

Thanks! I too, have been looking for a LONG time to find a cure for this issue and could never find anything until this post! Thanks again!