Cannot log on to DC in normal mode and users cannot access files on 2008 R2 server

-

as administrator, cannot log on primary domain controller (2008 r2) in normal mode , users cannot access files on server. able log in safe mode.

this server virtual machine, primary dc , has operations masters there 2 other 2003 dc's 1 of runs dns.

in directory services restore mode have tried removing windows updates night before , disabling mcafee services. restored system state (but not entire system drive) previous nights backup. steps didn't me anywhere. in trying resolve problem noticed whenever boot system time seems freeze , when restart safe mode have reset time , works fine while in mode.

the event logs when problem started show these items:
system log

log name:      system
source:        netlogon
date:          8/17/2012 1:42:18 pm
event id:      5737
task category: none
level:         error
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
system returned following unexpected error code:
internal error occurred.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="netlogon" />
    <eventid qualifiers="0">5737</eventid>
    <level>2</level>
    <task>0</task>
    <keywords>0x80000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:42:18.000000000z" />
    <eventrecordid>50301</eventrecordid>
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata>
    <data>%%1359</data>
    <binary>4f050000</binary>
  </eventdata>
</event>


log name:      system
source:        service control manager
date:          8/17/2012 1:42:21 pm
event id:      7023
task category: none
level:         error
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
netlogon service terminated following error:
internal error occurred.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="service control manager" guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" eventsourcename="service control manager" />
    <eventid qualifiers="49152">7023</eventid>
    <version>0</version>
    <level>2</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x8080000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:42:21.671875000z" />
    <eventrecordid>50305</eventrecordid>
    <correlation />
    <execution processid="520" threadid="584" />
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata>
    <data name="param1">netlogon</data>
    <data name="param2">%%1359</data>
  </eventdata>
</event>

log name:      system
source:        microsoft-windows-dfssvc
date:          8/17/2012 1:42:29 pm
event id:      14548
task category: none
level:         error
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
dfs namespace service not initialize trusted domain information on domain controller, periodically retry operation. return code in record data.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="microsoft-windows-dfssvc" guid="{7da4fe0e-fd42-4708-9aa5-89b77a224885}" eventsourcename="dfssvc" />
    <eventid qualifiers="49152">14548</eventid>
    <version>0</version>
    <level>2</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x80000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:42:29.000000000z" />
    <eventrecordid>50320</eventrecordid>
    <correlation />
    <execution processid="0" threadid="0" />
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata name="dfsnotrusteddomaininfo">
    <binary>b5060000</binary>
  </eventdata>
</event>

log name:      system
source:        microsoft-windows-time-service
date:          8/17/2012 1:42:50 pm
event id:      46
task category: none
level:         error
keywords:     
user:          local service
computer:      ccaddc2.mydomain.com
description:
time service encountered error , forced shut down. error was: 0x80070700: attempt made logon, network logon service not started.

event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="microsoft-windows-time-service" guid="{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}" />
    <eventid>46</eventid>
    <version>0</version>
    <level>2</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x8000000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:42:50.734375000z" />
    <eventrecordid>50338</eventrecordid>
    <correlation />
    <execution processid="980" threadid="2792" />
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security userid="s-1-5-19" />
  </system>
  <eventdata name="tmp_event_error_shutdown">
    <data name="errormessage">0x80070700: attempt made logon, network logon service not started.
</data>
  </eventdata>
</event>

log name:      system
source:        service control manager
date:          8/17/2012 1:42:50 pm
event id:      7023
task category: none
level:         error
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
windows time service terminated following error:
attempt made logon, network logon service not started.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="service control manager" guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" eventsourcename="service control manager" />
    <eventid qualifiers="49152">7023</eventid>
    <version>0</version>
    <level>2</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x8080000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:42:50.750000000z" />
    <eventrecordid>50340</eventrecordid>
    <correlation />
    <execution processid="520" threadid="720" />
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata>
    <data name="param1">windows time</data>
    <data name="param2">%%1792</data>
  </eventdata>
</event>

log name:      system
source:        microsoft-windows-grouppolicy
date:          8/17/2012 1:27:59 pm
event id:      1097
task category: none
level:         error
keywords:     
user:          system
computer:      ccaddc2.mydomain.com
description:
processing of group policy failed. windows not determine computer account enforce group policy settings. may transient. group policy settings, including computer configuration, not enforced computer.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="microsoft-windows-grouppolicy" guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
    <eventid>1097</eventid>
    <version>0</version>
    <level>2</level>
    <task>0</task>
    <opcode>1</opcode>
    <keywords>0x8000000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:27:59.827375000z" />
    <eventrecordid>50350</eventrecordid>
    <correlation activityid="{8500a3fc-136d-4174-9c69-d19d9e7a7da0}" />
    <execution processid="904" threadid="2388" />
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security userid="s-1-5-18" />
  </system>
  <eventdata>
    <data name="supportinfo1">1</data>
    <data name="supportinfo2">2346</data>
    <data name="processingmode">1</data>
    <data name="processingtimeinmilliseconds">2953</data>
    <data name="errorcode">2148074252</data>
    <data name="errordescription">the logon attempt failed </data>
    <data name="dcname">\\ccbackup1.mydomain.com</data>
  </eventdata>
</event>

log name:      system
source:        lsasrv
date:          8/17/2012 1:28:01 pm
event id:      40961
task category: none
level:         warning
keywords:     
user:          system
computer:      ccaddc2.mydomain.com
description:
security system not establish secured connection server ldap/ccaddc1.mydomain.com/mydomain.com@mydomain.com. no authentication protocol available.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="lsasrv" guid="{199fe037-2b82-40a9-82ac-e1d46c792b99}" />
    <eventid>40961</eventid>
    <version>0</version>
    <level>3</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x8000000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:28:01.671125000z" />
    <eventrecordid>50353</eventrecordid>
    <correlation />
    <execution processid="528" threadid="576" />
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security userid="s-1-5-18" />
  </system>
  <eventdata>
    <data name="target">ldap/ccaddc1.mydomain.com/mydomain.com@mydomain.com</data>
  </eventdata>
</event>

log name:      system
source:        microsoft-windows-winrm
date:          8/17/2012 1:29:53 pm
event id:      10154
task category: none
level:         warning
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
winrm service failed create following spns: wsman/ccaddc2.mydomain.com; wsman/ccaddc2.

 additional data
 the error received 1355: %%1355.

 user action
 the spns can created administrator using setspn.exe utility.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="microsoft-windows-winrm" guid="{a7975c8f-ac13-49f1-87da-5a984a4ab417}" eventsourcename="winrm" />
    <eventid qualifiers="7">10154</eventid>
    <version>0</version>
    <level>3</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x80000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:29:53.000000000z" />
    <eventrecordid>50373</eventrecordid>
    <correlation />
    <execution processid="0" threadid="0" />
    <channel>system</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata>
    <data name="spn1">wsman/ccaddc2.mydomain.com</data>
    <data name="spn2">wsman/ccaddc2</data>
    <data name="error">1355</data>
  </eventdata>
</event>

application log
log name:      application
source:        srmsvc
date:          8/17/2012 1:42:32 pm
event id:      12317
task category: none
level:         warning
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
file server resource manager failed enumerate share paths or dfs paths.  mappings local file paths share , dfs paths may incomplete or temporarily unavailable.  fsrm retry operation @ later time.

context:
   domain: mydomain

error-specific details:
   error: dfsmapcacheadd(domain), 0x8007054b, specified domain either not exist or not contacted.

event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="srmsvc" />
    <eventid qualifiers="32772">12317</eventid>
    <level>3</level>
    <task>0</task>
    <keywords>0x80000000000000</keywords>
    <timecreated systemtime="2012-08-17t17:42:32.000000000z" />
    <eventrecordid>22423</eventrecordid>
    <channel>application</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata>
    <data>

context:
   domain: mydomain

error-specific details:
   error: dfsmapcacheadd(domain), 0x8007054b, specified domain either not exist or not contacted.
</data>
    <binary>2d20436f64653a20504d43414348454330303030303830322d2043616c6c3a20504d43414348454330303030303732362d205049443a202030303030313835322d205449443a202030303030313938302d20434d443a2020433a5c57696e646f77735c73797374656d33325c737663686f7374202d6b2073726d7376637320202d20557365723a204e616d653a204e5420415554484f524954595c53595354454d2c205349443a532d312d352d313820</binary>
  </eventdata>
</event>

log name:      application
source:        microsoft-windows-certificateservicesclient-autoenrollment
date:          8/17/2012 3:26:43 pm
event id:      6
task category: none
level:         error
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
automatic certificate enrollment local system failed (0x8007052e) logon failure: unknown user name or bad password.
.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="microsoft-windows-certificateservicesclient-autoenrollment" guid="{f0db7ef8-b6f3-4005-9937-feb77b9e1b43}" eventsourcename="autoenrollment" />
    <eventid qualifiers="16384">6</eventid>
    <version>0</version>
    <level>2</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x80000000000000</keywords>
    <timecreated systemtime="2012-08-17t19:26:43.000000000z" />
    <eventrecordid>22483</eventrecordid>
    <correlation />
    <execution processid="0" threadid="0" />
    <channel>application</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata>
    <data name="context">local system</data>
    <data name="errorcode">0x8007052e</data>
    <data name="errormsg">logon failure: unknown user name or bad password.
</data>
  </eventdata>
</event>

log name:      application
source:        microsoft-windows-winlogon
date:          8/17/2012 5:23:40 pm
event id:      6000
task category: none
level:         warning
keywords:      classic
user:          n/a
computer:      ccaddc2.mydomain.com
description:
winlogon notification subscriber <gpclient> unavailable handle notification event.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="microsoft-windows-winlogon" guid="{dbe9b383-7cf3-4331-91cc-a3cb16a3b538}" eventsourcename="wlclntfy" />
    <eventid qualifiers="32768">6000</eventid>
    <version>0</version>
    <level>3</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x80000000000000</keywords>
    <timecreated systemtime="2012-08-17t21:23:40.000000000z" />
    <eventrecordid>22585</eventrecordid>
    <correlation />
    <execution processid="0" threadid="0" />
    <channel>application</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security />
  </system>
  <eventdata>
    <data>gpclient</data>
    <binary>d9060000</binary>
  </eventdata>
</event>

log name:      application
source:        microsoft-windows-efs
date:          8/17/2012 5:23:41 pm
event id:      7002
task category: none
level:         error
keywords:     
user:          mydomain\kimmel1
computer:      ccaddc2.mydomain.com
description:
default group policy object cannot created. error 8007054b open gpo domain efs recovery policy in domain ldap://dc=mydomain,dc=com.
event xml:
<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <system>
    <provider name="microsoft-windows-efs" guid="{3663a992-84be-40ea-bba9-90c7ed544222}" />
    <eventid>7002</eventid>
    <version>0</version>
    <level>2</level>
    <task>0</task>
    <opcode>0</opcode>
    <keywords>0x4000000000000000</keywords>
    <timecreated systemtime="2012-08-17t21:23:41.656250000z" />
    <eventrecordid>22587</eventrecordid>
    <correlation />
    <execution processid="1744" threadid="1748" />
    <channel>application</channel>
    <computer>ccaddc2.mydomain.com</computer>
    <security userid="s-1-5-21-3652510090-3284530662-2708934488-1003" />
  </system>
  <eventdata>
    <data name="reason">error 8007054b open gpo domain efs recovery policy in domain ldap://dc=mydomain,dc=com.</data>
  </eventdata>
</event>

jeff speirs

i have witnessed before , in previous case there sort of underlying os / driver corruption. recommend transferring fsmo roles directory services restore mode (if can), demoting, rebuilding thing. if fails may need seize roles , force removal.

backup before starting.



Windows Server  >  Windows Server General Forum



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more