Не удалось запросить журнал событий dfs replication на сервере ошибка 0x6ba сервер rpc недоступен

But i am getting this error in very large amount and very frequently.

Subs

Hi,

It
seems the secure channel is broken. You can test by removing the computer from the domain, delete the computer account,
then
add the computer back to the domain and let the computer account be recreated.

For domain controller, use below to reset secure channel:
http://support.microsoft.com/kb/325850

Regards,

Abhijit Waikar — MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA

Hello,

are the machines installed from an image that is NOT prepared with sysprep?

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

This is because the secure channel between the machine has been broken. Is all these errors coming from a single machine ? Youw ould need to reset the computer account and probably remove and add the machine back to domain.

Regards Rahul A

I agree with Meinolf, did you prepare the system with image/clone, if yes is sysprep/new sid tool been executed to assign unique SID to them? Second question is all you machine is updated with latest SP and patches and do you have consistent network connection
across client and DC?  The another reason for broken secure channel can be due to existing duplicate computer objects or host records in AD/DNS.

http://awinish.wordpress.com/2010/12/24/when-secure-channel-is-broken/

Regards

Awinish Vishwakarma

MY BLOG:
 awinish.wordpress.com

This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Thanks Meinolf,

Please explain this a bit more,  i am not getting your point.

Subs

Thanks Awinish,

No I have not installed these from any clone CD

These errors are coming from different machines randomly.

When I am searching an faulty computer name in AD it is showing only single computer name, then how can I identify that three are duplicate computer name exist in
AD.

For DNS I have configured the Scavenging, the period is 7 days, should I reduce this.

Subs

Please explain this a bit more,  i am not getting your point.

---

Subs

SYSPREP: It is an image based installation, you can create image on one reference computer, and duplicate it to computers with the same hardware abstraction layer, meaning this computers will use the same hardware platform (CPU) and will use
the same hal.dll file as an interface between the operating system and the hardware. When deploying computers using images, you copy the entire computer configuration including the computer name and SID (security identifier).

You can use the SYSPREP tool to solve duplicate computer names and duplicate SIDs (security identifier) problem, caused by this method of deployment.

Read more on SYSPREP:
http://technet.microsoft.com/en-us/library/cc783215(WS.10).aspx

http://www.petri.co.il/using_sysprep_in_an_image_based_installation.htm

How many machines are affected with this error messages? Are some of them Domian Controllers?

If you have not prepared the system with image/clone then you need to think about secure channel, information and links about secure channel are provided in my earlier post.

Regards,

Abhijit Waikar — MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA

Thanks for this comprehensive answer.

1.      
DNS setting is correct.

2.      
No public DNS in client DNS setting.

3.      
Firewall setting is on, but the Windows firewall is off from control panel.

4.      
We are using McAfee AV

5.      
Client PCs are not connected with the wireless network

6.      
We have assigned the IPs dynamically using Router as DHCP.

7.      
Machine account are enabled.

8.      
Dcdiag result is posted and no error in replication check.

 DCDIAG,

https://skydrive.live.com/redir.aspx?cid=85e7b22b0c07394f&resid=85E7B22B0C07394F!116&parid=85E7B22B0C07394F!108&authkey=!AIXJp3Jinhz2vdU

One more thing, the lease period
 for IPs in DHCP (Router) is 24 hours, I think I should increase this to
 7 days as per my scavenging setting in DNS or reduce the scavenging setting to 24 hours, which one is best ?

Subs

Hello,

as this is not really going on that way please upload the following files:

ipconfig /all >c:ipconfig.txt [from each DC/DNS Server]
dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt
netdiag /v >c:netdiag.txt [from each DC, netdiag may work but isn’t supported with Windows server 2008 and don’t run on Windows server 2008 R2]

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt  [«dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s «DCipaddress» (http://support.microsoft.com/kb/321045)

As the output will become large, DON’T
post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc’s in the forest. If you have significant numbers of DC’s this test could generate significant detail and take a long time. You also want to take into account slow links to dc’s will
also add to the testing time.

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.

Since Ip address is assigned by dhcp,assign Static IP address
and check the same.

Also ensure that Register this connection’s address in DNS is checked in the TCPIP setting of DNS tab.

Disable unrequired NIC if multiple NIC is present on the Clent PC.

Also is this only the PC facing issue or its multiple PC.

If multiple PC are facing the issue check the health of DC.Run dcdiag /q and repadmin /replsum to check for ant errors or warning and post the logs.

Hope this helps

Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.

Hi,

I already provide this in my previous post.

Subs

Hello,

as this is not really going on that way please upload the following files:

ipconfig /all >c:ipconfig.txt [from each DC/DNS Server]
dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt
netdiag /v >c:netdiag.txt [from each DC, netdiag may work but isn’t supported with Windows server 2008 and don’t run on Windows server 2008 R2]

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt  [«dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s «DCipaddress» (http://support.microsoft.com/kb/321045)

As the output will become large, DON’T
post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc’s in the forest. If you have significant numbers of DC’s this test could generate significant detail and take a long time. You also want to take into account slow links to dc’s will
also add to the testing time.

---

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Hi Meinolf,

Thanks for your reply,

I am getting this error for many of the computer account and very frequently.

As you told, the Output is below

https://skydrive.live.com/redir.aspx?cid=85e7b22b0c07394f&resid=85E7B22B0C07394F!108&parid=85E7B22B0C07394F!106&authkey=!AHCCa5ftZs4njJ4 

The lease time set on my DHCP (router) is 24 Hours, and my scavenging time is 7 Days.

Now,

Should I increase my lease period for my IPs to 7 Days?

What will be the refresh interval in DNS scavenging ?

What will be the no refresh interval ?

Similarly, I am getting NETLOGON 5807 which is indicating that there are some client machines whose IP addresses don’t map to any of the existing sites,

But when I am checking logs (‘%SystemRoot%debugnetlogon.log’) all the IP segment already added in AD site and services.

Subs

Subs,

Earlier you said DNS settings are correct and not using external DNS. Is the router being used as a DNS server?

I noticed this in the dcdiag:

         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 01/16/2012   09:38:58
            Event String:
            Name resolution for the name
www.microsoft.com timed out after none of the configured DNS servers responded.

That’s indicative of DNS issues.

I also noticed the following, which are indicative of replication failure, and more than likely directly related to DNS problems as by the indicated RPC errors below, which is 99% of the time caused by DNS issues.

      Starting test: DFSREvent
         The DFS Replication Event Log.

         The event log DFS Replication on server
         DR-DC2.My_DOMAIN.com could not be queried, error 0x6ba
         «The RPC server is unavailable.»
         ……………………. DR-DC2 failed test DFSREvent

      Starting test: KccEvent
         * The KCC Event log test
         The event log Directory Service on server
         DR-DC2.My_DOMAIN.com could not be queried, error 0x6ba
        «The RPC server is unavailable.»
         ……………………. DR-DC2 failed test KccEvent

I also noticed hardware errors, below.

         A warning event occurred.  EventID: 0x00000011
            Time Generated: 01/16/2012   08:51:55
            Event String:
            A corrected hardware error has occurred.           

            Component: PCI Express Root Port
            Error Source: Advanced Error Reporting (PCI Express)    

            Bus:Device:Function: 0x0:0x0:0x0
            Vendor ID:Device ID: 0x8086:0x3406
            Class Code: 0x30000

Is this your NIC? Is so, that could be the cause of everything, that is as long as it’s not something else.

What type of server is it? If a Dell, HP, Lenovo, etc, you can check with the supplied diagnostics the manufacturers provide. If a third party server, or self built, try to find out what this hardware is.

Is there a firewall on it? ANtivirus software? AV is known to block AD communications.

Also, I think you may still be unsure what Sysprep is? Previously Meinolf and others asked if you had cloned an image. You responded that you did not use a cloned CD. As Meinolf said, it’s not about what CD you used and was not the answer we were looking
for.

If you had imaged one machine using something like Ghost or Altaris, or other imaging tools, and you made multiple machines from that one image, then you will have multiple machines with identical SIDs. AD uses the SIDS to identify machines. If there are
multiples, then there will be problems that arise from it.

To circumvent this when cloning, we use Sysprep on teh original machine before we copy the image. This tool simply forces the machine at initial boot to generate a new, unique SID. so subsequent machines you make off it are now all unique.

I would also suggest to change DHCP from the router/firewall to a Windows DHCP. THe Windows DHCP APIs work hand in hand with the WIndows DNS APIs for Secure Updates to work using Kerberos. You can also configure WIndows DHCP to own all records so it
can keep all records it regsiters updated, otherwise you may see duplicates. I can offer more on this, but let’s not distract too far from the current issue.

Ace

Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP — Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

In the dcdiag /q you are getiing the error «The RPC server is unavailable» relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related
AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

It can also be caused by antivirus software with many of them sporting a new feature called «network traffic protection,» which can efffectively block necessary AD traffic

Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.

But i am getting this error in very large amount and very frequently.

Subs

Hi,

It
seems the secure channel is broken. You can test by removing the computer from the domain, delete the computer account,
then
add the computer back to the domain and let the computer account be recreated.

For domain controller, use below to reset secure channel:
http://support.microsoft.com/kb/325850

Regards,

Abhijit Waikar — MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA

Hello,

are the machines installed from an image that is NOT prepared with sysprep?

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

This is because the secure channel between the machine has been broken. Is all these errors coming from a single machine ? Youw ould need to reset the computer account and probably remove and add the machine back to domain.

Regards Rahul A

I agree with Meinolf, did you prepare the system with image/clone, if yes is sysprep/new sid tool been executed to assign unique SID to them? Second question is all you machine is updated with latest SP and patches and do you have consistent network connection
across client and DC?  The another reason for broken secure channel can be due to existing duplicate computer objects or host records in AD/DNS.

http://awinish.wordpress.com/2010/12/24/when-secure-channel-is-broken/

Regards

Awinish Vishwakarma

MY BLOG:
 awinish.wordpress.com

This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Thanks Meinolf,

Please explain this a bit more,  i am not getting your point.

Subs

Thanks Awinish,

No I have not installed these from any clone CD

These errors are coming from different machines randomly.

When I am searching an faulty computer name in AD it is showing only single computer name, then how can I identify that three are duplicate computer name exist in
AD.

For DNS I have configured the Scavenging, the period is 7 days, should I reduce this.

Subs

Please explain this a bit more,  i am not getting your point.

---

Subs

SYSPREP: It is an image based installation, you can create image on one reference computer, and duplicate it to computers with the same hardware abstraction layer, meaning this computers will use the same hardware platform (CPU) and will use
the same hal.dll file as an interface between the operating system and the hardware. When deploying computers using images, you copy the entire computer configuration including the computer name and SID (security identifier).

You can use the SYSPREP tool to solve duplicate computer names and duplicate SIDs (security identifier) problem, caused by this method of deployment.

Read more on SYSPREP:
http://technet.microsoft.com/en-us/library/cc783215(WS.10).aspx

http://www.petri.co.il/using_sysprep_in_an_image_based_installation.htm

How many machines are affected with this error messages? Are some of them Domian Controllers?

If you have not prepared the system with image/clone then you need to think about secure channel, information and links about secure channel are provided in my earlier post.

Regards,

Abhijit Waikar — MCSA 2003|MCSA 2003:Messaging|MCTS|MCITP:SA

Thanks for this comprehensive answer.

1.      
DNS setting is correct.

2.      
No public DNS in client DNS setting.

3.      
Firewall setting is on, but the Windows firewall is off from control panel.

4.      
We are using McAfee AV

5.      
Client PCs are not connected with the wireless network

6.      
We have assigned the IPs dynamically using Router as DHCP.

7.      
Machine account are enabled.

8.      
Dcdiag result is posted and no error in replication check.

 DCDIAG,

https://skydrive.live.com/redir.aspx?cid=85e7b22b0c07394f&resid=85E7B22B0C07394F!116&parid=85E7B22B0C07394F!108&authkey=!AIXJp3Jinhz2vdU

One more thing, the lease period
 for IPs in DHCP (Router) is 24 hours, I think I should increase this to
 7 days as per my scavenging setting in DNS or reduce the scavenging setting to 24 hours, which one is best ?

Subs

Hello,

as this is not really going on that way please upload the following files:

ipconfig /all >c:ipconfig.txt [from each DC/DNS Server]
dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt
netdiag /v >c:netdiag.txt [from each DC, netdiag may work but isn’t supported with Windows server 2008 and don’t run on Windows server 2008 R2]

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt  [«dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s «DCipaddress» (http://support.microsoft.com/kb/321045)

As the output will become large, DON’T
post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc’s in the forest. If you have significant numbers of DC’s this test could generate significant detail and take a long time. You also want to take into account slow links to dc’s will
also add to the testing time.

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.

Since Ip address is assigned by dhcp,assign Static IP address
and check the same.

Also ensure that Register this connection’s address in DNS is checked in the TCPIP setting of DNS tab.

Disable unrequired NIC if multiple NIC is present on the Clent PC.

Also is this only the PC facing issue or its multiple PC.

If multiple PC are facing the issue check the health of DC.Run dcdiag /q and repadmin /replsum to check for ant errors or warning and post the logs.

Hope this helps

Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.

Hi,

I already provide this in my previous post.

Subs

Hello,

as this is not really going on that way please upload the following files:

ipconfig /all >c:ipconfig.txt [from each DC/DNS Server]
dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt
netdiag /v >c:netdiag.txt [from each DC, netdiag may work but isn’t supported with Windows server 2008 and don’t run on Windows server 2008 R2]

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt  [«dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s «DCipaddress» (http://support.microsoft.com/kb/321045)

As the output will become large, DON’T
post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.

**Note: Using the /E switch in dcdiag will run diagnostics against ALL dc’s in the forest. If you have significant numbers of DC’s this test could generate significant detail and take a long time. You also want to take into account slow links to dc’s will
also add to the testing time.

---

Best regards Meinolf Weber Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Hi Meinolf,

Thanks for your reply,

I am getting this error for many of the computer account and very frequently.

As you told, the Output is below

https://skydrive.live.com/redir.aspx?cid=85e7b22b0c07394f&resid=85E7B22B0C07394F!108&parid=85E7B22B0C07394F!106&authkey=!AHCCa5ftZs4njJ4 

The lease time set on my DHCP (router) is 24 Hours, and my scavenging time is 7 Days.

Now,

Should I increase my lease period for my IPs to 7 Days?

What will be the refresh interval in DNS scavenging ?

What will be the no refresh interval ?

Similarly, I am getting NETLOGON 5807 which is indicating that there are some client machines whose IP addresses don’t map to any of the existing sites,

But when I am checking logs (‘%SystemRoot%debugnetlogon.log’) all the IP segment already added in AD site and services.

Subs

Subs,

Earlier you said DNS settings are correct and not using external DNS. Is the router being used as a DNS server?

I noticed this in the dcdiag:

         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 01/16/2012   09:38:58
            Event String:
            Name resolution for the name
www.microsoft.com timed out after none of the configured DNS servers responded.

That’s indicative of DNS issues.

I also noticed the following, which are indicative of replication failure, and more than likely directly related to DNS problems as by the indicated RPC errors below, which is 99% of the time caused by DNS issues.

      Starting test: DFSREvent
         The DFS Replication Event Log.

         The event log DFS Replication on server
         DR-DC2.My_DOMAIN.com could not be queried, error 0x6ba
         «The RPC server is unavailable.»
         ……………………. DR-DC2 failed test DFSREvent

      Starting test: KccEvent
         * The KCC Event log test
         The event log Directory Service on server
         DR-DC2.My_DOMAIN.com could not be queried, error 0x6ba
        «The RPC server is unavailable.»
         ……………………. DR-DC2 failed test KccEvent

I also noticed hardware errors, below.

         A warning event occurred.  EventID: 0x00000011
            Time Generated: 01/16/2012   08:51:55
            Event String:
            A corrected hardware error has occurred.           

            Component: PCI Express Root Port
            Error Source: Advanced Error Reporting (PCI Express)    

            Bus:Device:Function: 0x0:0x0:0x0
            Vendor ID:Device ID: 0x8086:0x3406
            Class Code: 0x30000

Is this your NIC? Is so, that could be the cause of everything, that is as long as it’s not something else.

What type of server is it? If a Dell, HP, Lenovo, etc, you can check with the supplied diagnostics the manufacturers provide. If a third party server, or self built, try to find out what this hardware is.

Is there a firewall on it? ANtivirus software? AV is known to block AD communications.

Also, I think you may still be unsure what Sysprep is? Previously Meinolf and others asked if you had cloned an image. You responded that you did not use a cloned CD. As Meinolf said, it’s not about what CD you used and was not the answer we were looking
for.

If you had imaged one machine using something like Ghost or Altaris, or other imaging tools, and you made multiple machines from that one image, then you will have multiple machines with identical SIDs. AD uses the SIDS to identify machines. If there are
multiples, then there will be problems that arise from it.

To circumvent this when cloning, we use Sysprep on teh original machine before we copy the image. This tool simply forces the machine at initial boot to generate a new, unique SID. so subsequent machines you make off it are now all unique.

I would also suggest to change DHCP from the router/firewall to a Windows DHCP. THe Windows DHCP APIs work hand in hand with the WIndows DNS APIs for Secure Updates to work using Kerberos. You can also configure WIndows DHCP to own all records so it
can keep all records it regsiters updated, otherwise you may see duplicates. I can offer more on this, but let’s not distract too far from the current issue.

Ace

Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP — Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

This posting is provided AS-IS with no warranties or guarantees and confers no rights.

In the dcdiag /q you are getiing the error «The RPC server is unavailable» relates to port being blocked or network connectivity issue or due to dns misconfig.I would suggest contact network/security team to verify whether all the related
AD ports being configured and allowed on the firewall for communication. Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.

Also, disable local windows firewall service, by default it is enabled in vista/windows 2008 and above. Check the network connectivity and latency.
Disable Windows Firewall:http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx

It can also be caused by antivirus software with many of them sporting a new feature called «network traffic protection,» which can efffectively block necessary AD traffic

Active Directory and Active Directory Domain Services Port Requirements
http://technet.microsoft.com/en-us/library/dd772723%28WS.10%29.aspx

Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.