an error on AD DS role with event ID:1168 internal processing
hello,
I got this error on my active directory domain services role:
internal error:an active directory domain sevices error has occured.
additional data:error value(decimal):-1073741536 error value(hex):c0000120
internal Id:300162a
event ID:1168 task catecory:internal processing
source:active directory domain services
I searched in google but I couldn't solve this problem. it is happened after I run DCpromo to promote my 2008r2 server as domain controller.
thanks
johanh.david
April 30th, 2012 4:41pm
Hi,
Please refer following KB article and see if that helps
"Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller
http://support.microsoft.com/kb/258062A UNIVERSE without WINDOWS is CHAOS !
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
About Me !!!
Free Windows Admin Tool Kit Click here and download it now
April 30th, 2012 4:46pm
According to Microsoft you should check the following:
Verify that the default domain controllers policy exists in Active Directory and is granting the Enable computer and user accounts to be trusted for delegation user right to the Administrators security group or alternate user accounts used to promote
and demote domain controllers in the target domain.Verify that the user account performing the DCPROMO operation has been granted the
Enable computer and user accounts to be trusted for delegation user right in the default domain controllers policy.Verify that the default domain controllers policy is linked to the domain controllers OU and that all DC machine accounts reside in that OU. If DC machine accounts reside in an alternate OU container, either move all DC machine accounts to the domain
controllers OU or link the default domain controllers policy to the alternate OU container (not a best practice).Verify that the file system portion of default domain controllers policy exists in the SYSVOL share of the DC being used to apply policy on the computer being promoted or demoted. If not present, evaluate whether that condition is due to simple replication
latency, a replication failure in FRS / DFSR, or whether the policy has been deleted from the SYSVOL. Resolve as required.
The default domain policy or policy in general is not applying to the logged on user.
Check for policy inheritance, WMI filtering or security descriptor problem that may be preventing policy from applying.
More : http://support.microsoft.com/kb/2002413
http://support.microsoft.com/kb/2000939
MCTS - Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
http://mariusene.wordpress.com/
April 30th, 2012 5:00pm
Hi,
Please refer following KB article and see if that helps
"Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller
http://support.microsoft.com/kb/258062A UNIVERSE without WINDOWS is CHAOS !
This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
About Me !!!
Free Windows Admin Tool Kit Click here and download it now
April 30th, 2012 11:35pm
According to Microsoft you should check the following:
Verify that the default domain controllers policy exists in Active Directory and is granting the Enable computer and user accounts to be trusted for delegation user right to the Administrators security group or alternate user accounts used to promote
and demote domain controllers in the target domain.Verify that the user account performing the DCPROMO operation has been granted the
Enable computer and user accounts to be trusted for delegation user right in the default domain controllers policy.Verify that the default domain controllers policy is linked to the domain controllers OU and that all DC machine accounts reside in that OU. If DC machine accounts reside in an alternate OU container, either move all DC machine accounts to the domain
controllers OU or link the default domain controllers policy to the alternate OU container (not a best practice).Verify that the file system portion of default domain controllers policy exists in the SYSVOL share of the DC being used to apply policy on the computer being promoted or demoted. If not present, evaluate whether that condition is due to simple replication
latency, a replication failure in FRS / DFSR, or whether the policy has been deleted from the SYSVOL. Resolve as required.
The default domain policy or policy in general is not applying to the logged on user.
Check for policy inheritance, WMI filtering or security descriptor problem that may be preventing policy from applying.
More : http://support.microsoft.com/kb/2002413
http://support.microsoft.com/kb/2000939
MCTS - Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
http://mariusene.wordpress.com/
April 30th, 2012 11:49pm
Hello,
this is an internal error.
You can start by that: http://support.microsoft.com/kb/265090
If you have another healthy DC / DNS /GC server in your AD domain then you can simply re-install the new DC, perform a metadata cleanup and resize FSMO roles if it was an FSMO holder. Once done, re-install the server and promote it again as a DC.
More if you contact Microsoft PSS.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft
Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 6:51am
hello,
first when I go to users and computers I don't see under computer tab any computer. also to enable a user to trusted for delegation I don't see any delegation tab on the user properties. so I searched in google and found that I have to configure SPN
for users. with setspn.exe utility. but now I am confused, when I use set spn command do I have to use (a) switch or (S) switch.
for example my computer FQDN is dave.john.local ,dave is my computer name and john.local is my domain name,
1---can you give me a little example how I have to use here setspn command to configure spn for my trusted user account?which switch I have to use?
second ,do I have to run spn also for my computer domain name,if yes can you also give me a little example?
thanks
johanh.david
May 1st, 2012 11:10am
hello,
I have read the article you advise me. so I go to restore mode as the article tells then I run ntdsutil files info at the command prompt(with administrator privilege) and I get this answer.
active instance not set. to set active instance use "Activate instance".
error parsing input -invalid syntax
ntdsutil:
I don't understand nothing of it ,can you tell me wat this mean and wat I have to do to get the right answer.
thanks
johan
h.david
Free Windows Admin Tool Kit Click here and download it now
May 1st, 2012 11:33am
Hello,
this is an internal error.
You can start by that: http://support.microsoft.com/kb/265090
If you have another healthy DC / DNS /GC server in your AD domain then you can simply re-install the new DC, perform a metadata cleanup and resize FSMO roles if it was an FSMO holder. Once done, re-install the server and promote it again as a DC.
More if you contact Microsoft PSS.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft
Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
May 1st, 2012 1:48pm
Hello,
please stick to one thread for the same problem. And that one is already answered.
http://social.technet.microsoft.com/Forums/en/winservergen/thread/1c4dc666-2d27-4ab7-ac0a-864f7ff2a582Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
May 2nd, 2012 5:09am
Hello,
please stick to one thread for the same problem. And that one is already answered.
http://social.technet.microsoft.com/Forums/en/winservergen/thread/1c4dc666-2d27-4ab7-ac0a-864f7ff2a582Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
May 2nd, 2012 12:06pm