Ошибка 1783 заглушке переданы неправильные данные windows server 2019 - Исправление ошибок и поиск оптимальных решений проблем

Содержание

Windows server 2019 ошибка 1783 заглушке переданы неправильные данные
Вопрос
Ответы
Все ответы
Windows server 2019 ошибка 1783 заглушке переданы неправильные данные
Вопрос
Ответы
Все ответы

Windows server 2019 ошибка 1783 заглушке переданы неправильные данные

Вопрос

Коллеги, вечер добрый! Помогите разобраться с серьезной неожиданно возникшей проблемой, пож-та!

Перешли с 2008 на 2016 терм. сервер. Имеем: RDS ферму с двумя мощными серверами, на обоих роли CB, SH + в сети выделенный SQL-сервер. Порядка 300 терм. сессий на каждом сервере. CPU загружен максимум на 30%, оперативная память — занято порядка 25 % от общего объема. По работе самой фермы — никаких нареканий, все работает, все довольны.

Но! Когда кол-во юзверей переваливает примерно за 150 человек на каждой ноде — оба сервера становятся полностью неуправляемыми со стороны администраторов:

— не посмотреть любые логи в Журналах Windows («Средство просмотра событий не может открыть журнал событий или пользовательское представление. Убедитесь, что служба событий запущена, либо слишком длинный запрос. Сервер RPC занят и не может завершить операцию (1723)»

— не посмотреть службы («Возникла следующая ошибка при чтении списка служб на: Ошибка 1783: Заглушке переданы неправильные данные.»

— не доступна консоль управления RDS в Диспетчера сервера («Якобы, не запущены службы RDS. )

Когда кол-во юзверей на терминалах снова падает до 100-150 человек — снова все приходит в норму и прекрасно работает. В какой стороне копать, коллеги? Кто-нибудь сталкивался с подобным явлением?

Ответы

Закрываю тему — инженер Microsoft в рамках созданного кейса на эту тему официально ответил, что несмотря на физические характеристики сервера максимальное кол-во RDP подключений к серверу для его полноценной нормальной работы — не более 120 сессий 🙂

Даже привел ссылки на статьи сторонних ресурсов:)

Предложено в качестве ответа SQx Moderator 7 октября 2019 г. 12:30
Помечено в качестве ответа Vector BCO Moderator 7 октября 2019 г. 22:47

Все ответы

Уточните пожалуйста какой контроллер дисков используется на данных сервера?
На момент проблемы есть ли возможно увидеть нагруженость дисков?

Avis de non-responsabilité:
Mon opinion ne peut pas coïncider avec la position officielle de Microsoft.

Bien cordialement, Andrei .

MCP

Сервера — HP DL380 G10

Дисковый контроллер: HPE Smart Array P408i-a SR Gen10

По данным мониторинга производительности в момент появления описанного глюка:

— %активности диска на обоих серверах — 4-5

— текущая длина очереди диска — 0-1

т.е. загруженности дисковой подсистемы никакой нет

Добрый! Очередь на чтение/запись диска — нулевая. По сети — тоже самое. Средствами системного монитора — все свободно. С этого начал копать проблему, собственно

Бакапы на данных серверах отсутствуют. Перемещаемые профили не использую, за исключением того, что средствами GPO перемещаю папки «Desktop» и «Documents» при входе пользователей на терминалы на серверный ресурс.

Даже привел ссылки на статьи сторонних ресурсов:)

Предложено в качестве ответа SQx Moderator 7 октября 2019 г. 12:30
Помечено в качестве ответа Vector BCO Moderator 7 октября 2019 г. 22:47

Закрываю тему — инженер Microsoft в рамках созданного кейса на эту тему официально ответил, что несмотря на физические характеристики сервера максимальное кол-во RDP подключений к серверу для его полноценной нормальной работы — не более 120 сессий 🙂

Даже привел ссылки на статьи сторонних ресурсов:)

Дайте-ка, пожалуйста, скриншот официального ответа.

Ещё бы и на ссылки посмотреть.

Т.е. это проблема в 2016 сервере, хотите сказать? Если на 2008 всё работало.

Вот пример с моего хоста (правда оно 2012r2):

PS C:> (query user).count
229

Проблема ваша скорее всего в этом баяне

Так же обсуждалось тут

Кол-во RDP-соединений (не более 110) инженер озвучил устно по телефону:)

Ссылки, которые он направил ниже:

Ниже ссылка, на статью которая говорит о количестве соединений, которые в нашем разговоре назвал; «нииточками»

Comparison of Standard and Datacenter editions of Windows Server 2019

об обстоятельствах которые виляют на количество пользователей

How many concurrent Remote Desktop Sessions can run on a single Windows Remote Desktop Server?

Remote Desktop Services — planning

Remote Desktop Services — High availability

Не зря Vector BCO говорил, что по его наблюдению проблемы начинаются от 70 пользователей)

Со стороны инженера приводить ссылку на сторонний ресурс, мягко горя странно, тем более, что на этом ресурсе излагаются какие-то директивные вещи непонятно на чем основанные.

У нас, например, без проблем на терминальном сервере живет порядка 200 rds-сессий пользователей (и это не предел, ресурсы сервера позволяют пережить и большее количество пользователей на сервер)

Что касается потери управляемости, с которой вы столкнулись, то связана она с двумя сущностями:

1) пользовательские службы, которые в подавляющем большинстве не нужны на сервере, но создаются по умолчанию для каждого пользователя залогинившегося на сервер. Их можно и нужно отключать (см параметр UserServiceFlags https://docs.microsoft.com/en-us/windows/application-management/per-user-services-in-windows). Если вы не отключите большинство ненужных служб это вызовет переполнение какого-то там буфера или области памяти, которая не была рассчитана на такое дикое количество служб и вы потеряете возможность управления службами

2) UWP-приложения, входящие в состав сервера, для которых при каждом входе пользователя создаются правила firewall’а (приложения эти так же большинстве своем не понадобятся вашим пользователям и их желательно вырезать либо в application mode, либо на этапе winPE phase of depoyment, либо придется действовать скриптами, удаляя нарастающий как снежный ком правила firewall’а. Для борьбы с правилами множищимися из-за UWP-приложениями рекомендуется использовать ключ реестра DeleteUserAppContainersOnLogoff (google it!), который, правда проблему радикально не решит, но значительно ее смягчит, остаток правил все равно придется регулярно дорабатывать напильником (скриптами).

Огромное количество правил FW (даже если у вас FW выключен!), если с ними не бороться, приводит к следующим проблемам:

— долгий вход в сессию

— черный экран при входе в сессию, вместо рабочего стола

— не работает кнопка Пуск (при нажатии на нее ничего не происходит)

Windows server 2019 ошибка 1783 заглушке переданы неправильные данные

Вопрос

Коллеги, вечер добрый! Помогите разобраться с серьезной неожиданно возникшей проблемой, пож-та!

— не доступна консоль управления RDS в Диспетчера сервера («Якобы, не запущены службы RDS. )

Ответы

Даже привел ссылки на статьи сторонних ресурсов:)

Предложено в качестве ответа SQx Moderator 7 октября 2019 г. 12:30
Помечено в качестве ответа Vector BCO Moderator 7 октября 2019 г. 22:47

Все ответы

Avis de non-responsabilité:
Mon opinion ne peut pas coïncider avec la position officielle de Microsoft.

Bien cordialement, Andrei .

MCP

Сервера — HP DL380 G10

Дисковый контроллер: HPE Smart Array P408i-a SR Gen10

По данным мониторинга производительности в момент появления описанного глюка:

— %активности диска на обоих серверах — 4-5

— текущая длина очереди диска — 0-1

т.е. загруженности дисковой подсистемы никакой нет

Даже привел ссылки на статьи сторонних ресурсов:)

Предложено в качестве ответа SQx Moderator 7 октября 2019 г. 12:30
Помечено в качестве ответа Vector BCO Moderator 7 октября 2019 г. 22:47

Закрываю тему — инженер Microsoft в рамках созданного кейса на эту тему официально ответил, что несмотря на физические характеристики сервера максимальное кол-во RDP подключений к серверу для его полноценной нормальной работы — не более 120 сессий 🙂

Даже привел ссылки на статьи сторонних ресурсов:)

Дайте-ка, пожалуйста, скриншот официального ответа.

Ещё бы и на ссылки посмотреть.

Т.е. это проблема в 2016 сервере, хотите сказать? Если на 2008 всё работало.

Вот пример с моего хоста (правда оно 2012r2):

PS C:> (query user).count
229

Проблема ваша скорее всего в этом баяне

Так же обсуждалось тут

Кол-во RDP-соединений (не более 110) инженер озвучил устно по телефону:)

Ссылки, которые он направил ниже:

Comparison of Standard and Datacenter editions of Windows Server 2019

об обстоятельствах которые виляют на количество пользователей

How many concurrent Remote Desktop Sessions can run on a single Windows Remote Desktop Server?

Remote Desktop Services — planning

Remote Desktop Services — High availability

Не зря Vector BCO говорил, что по его наблюдению проблемы начинаются от 70 пользователей)

Что касается потери управляемости, с которой вы столкнулись, то связана она с двумя сущностями:

— долгий вход в сессию

— черный экран при входе в сессию, вместо рабочего стола

— не работает кнопка Пуск (при нажатии на нее ничего не происходит)

Источник

Question
We have 2 domain controllers. Serv1 and Serv2. Serv1 has all the roles and is functioning 100%, when I promote Serv2 into the domain I get the following error message:

Additional Data

Error value:

1783 The stub received bad data.

Both the servers shows in ad sites and services, when I replicate from serv1 to Serv2 to I also get the error message: The stub received bad data.

All replies

Check the below article & if it doesn’t help you, provide more info about your infra(No fo Forest/domain, no of DC’s with their OS, SP level, sites & b/w, DFL/FFL level).

http://support.microsoft.com/kb/2015644

Also, post the complete & other relevant error message.

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
I have followed the the KB, no luck.

1 domain, 1 DC Server 2008 standard edition 64 bit with sp2.

The full error message:

The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.

Attempts:

19

Domain controller:

CN=NTDS Settings,CN=ZABLVZN-DC01,CN=Servers,CN=Verizon,CN=Sites,CN=Configuration,DC=blue,DC=local

Period of time (minutes):

1047999

The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.

Additional Data

Error value:

1783 The stub received bad data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I am also getting the following error while promoting:

The local domain controller has not completed a full synchronization of the following directory partition. The local domain controller will not be advertised to clients by the domain controller locator service until this task is completed.

Directory partition:

DC=blue,DC=local

An attempt to complete a full synchronization of this directory partition will be tried again later.
Hello,

have a look to this Microsoft article about such error:

http://support.microsoft.com/kb/2028588

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
This is a clean installed server and promoted to a DC, no extra installation/s on the server exeprt for backups and antivirus.
Did you create a subnet for new dc & linked to appropriate site or its into same subnet as previous DC.

Please check connectivity from both the DC & able to resolve each other name using nslookup.

Type net share & verfiy sysvol & netlogon is shared on the new DC.

Post unedited ipconfig /all from both the dc’s.

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
DC01:

Windows IP Configuration. The servers are both in the same site, the subnets are present in the site. Yes, I am able to resolve each other using nslookup.

   Host Name . . . . . . . . . . . . : ZABLVZN-DC01
   Primary Dns Suffix . . . . . . . : blue.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : blue.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
   Physical Address. . . . . . . . . : 00-19-B9-E2-8F-16
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 66.8.56.44(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 66.8.56.253
   DNS Servers . . . . . . . . . . . : 66.8.56.44
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : isatap.{DFD01E40-1870-49A6-AC70-9D89BC7E3
326}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4208:382c::4208:382c(Preferred)
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
   DNS Servers . . . . . . . . . . . : 66.8.56.44
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

DC02:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : bluevznex03
   Primary Dns Suffix . . . . . . . : blue.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : blue.local

Ethernet adapter 66.8.56.43:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
   Physical Address. . . . . . . . . : 00-17-A4-EC-F0-CA
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 66.8.56.43
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 66.8.56.253
   DNS Servers . . . . . . . . . . . : 66.8.56.44
I have followed the the KB, no luck.

1 domain, 1 DC Server 2008 standard edition 64 bit with sp2.

The full error message:

The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.

Attempts:

19

Domain controller:

CN=NTDS Settings,CN=ZABLVZN-DC01,CN=Servers,CN=Verizon,CN=Sites,CN=Configuration,DC=blue,DC=local

Period of time (minutes):

1047999

The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.

Additional Data

Error value:

1783 The stub received bad data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Have a look to this Microsoft article:

http://www.microsoft.com/products/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2.3790.0&EvtID=1308&EvtSrc=NTDS%20KCC&FileVer=5.2.3790.0&FileName=ntdsmsg.dll&EvtType=Warning&LCID

please use Microsoft Skydrive to upload the output of these commands on all your DCs:

netdom query fsmo

netdom query dc

ipconfig /all >c:ipconfig.txt [from each DC/DNS Server]

dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt
[«dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]

dnslint /ad /s «DCipaddress» (http://support.microsoft.com/kb/321045)

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
There are warning or error events within the last 24 hours after the
```
   SYSVOL has been shared. Failing SYSVOL replication problems may cause

   Group Policy problems. 
```
Check event viewer for logged errors.
```
ZABLVZN-DC01 failed test NCSecDesc
```
Have a look to this thread:

http://zkvkea.blu.livefilestore.com/y1pHIQsh9IF5f3TuLIFyZsYtAXOW2OwOmkqzedEIZAOxj3up3HMZuM1XH7euIDRGsPmVeCzl80NyYq3FGqkDWkhTQ/dcdiag.txt?psid=1
```
Failed to delete the test record _dcdiag_test_record in zone blue.local
```
Please use secure updates only on your domain DNS zones.
```
There are no more endpoints available from the endpoint mapper
```
Have a look to this Microsoft article:

http://support.microsoft.com/kb/839880/en

__________________________________________________________

Please let your two DCs DNS servers and make sure that your zone is an AD integrated one. Once done, make sure that each DC points to itself as primary DNS server and to the other one as secondary one. After that, restart netlogon service on both DCs.

Also, make sure that there is no firewall blocking traffic between both DCs. Disable all security softwares and check again.

http://technet.microsoft.com/en-us/library/bb727063.aspx

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
VerizonBLUEVZNEX03ADEL:2c52d94b-8a36-482e-a224-d25ad0680ead (deleted DSA) via RPC

There are no more endpoints available from the endpoint mapper.

VerizonZABLHQ-DC02ADEL:abde6e5d-a36c-498e-9fcf-070291e04f10 (deleted DSA) via RPC

VerizonZABLVZNEXC02ADEL:38c053d1-7e37-4d0e-9944-41e31fc8a371 (deleted DSA) via RPC

VerizonZABLHQ-DC01ADEL:f688d9d5-0f49-4ee1-b528-e7019f46552e (deleted DSA) via RPC
VerizonZABLHQ-DC01ADEL:b84d6002-7d70-462d-8bed-78afd6f06ac2 (deleted DSA) via RPC
VerizonZABLHQ-DC02ADEL:abde6e5d-a36c-498e-9fcf-070291e04f10 (deleted DSA) via RPC

LynwoodADEL:e8f10dc9-8a4b-45f4-a388-540b2a46cbb0ZABLHQ-DC01ADEL:f616e21f-de09-4f11-8953-158bc542dfb8 (deleted DSA) via RPC

The above error are taken from repadmin /showrepl, it looks to be above listed DC( ZABLHQ-DC02,ZABLVZNEXC02,ZABLHQ-DC01,BLUEVZNEX03)DC were removed & metadata cleanup were not performed. What happened to these DC’s.

Apart from above, IPconfig report, i find public IP has been used for configuring DC, is there any reason for using public IP assigned for DC. Publishing your domain on internet or using public IP on DC is not the recommended practice from the security point.

Disable all the NIC from the DC ZABLVZN-DC01 except one, because multihomed DC’s are not recommended.

In bluevznex03, add the secondary DNS IP to itself & when replication is completed, you can interchange.

You need to perform metadata cleanup of removed DC, until you remove all the failed DC records from the AD, replication will not work. Problem of lingering object can’t be ignored too.

Metadata cleanup for windows 2003

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Metadata cleanup for windows 2008

http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx

It looks to be there is lingering object too in the forest.

Lingering object issues

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9f114f3f-e8ef-4ac6-846f-8e61d6324d9a

For RPC endpoint mapper error, check the ports are open on the firewall.

http://support.microsoft.com/kb/839880

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Same error when I replicate:

C:Documents and Settingsadm-nickyj>repadmin /showreps
VerizonBLUEVZNEX03
DC Options: (none)
Site Options: (none)
DC object GUID: e8dfb429-f7fd-4a9f-9679-eb068ddb04f7
DC invocationID: de7adc56-84ee-46a1-a576-c7c46cb4d38e

==== INBOUND NEIGHBORS ======================================

DC=blue,DC=local
    VerizonZABLVZN-DC01 via RPC
        DC object GUID: 933ef2e8-2f90-4ac3-8d5e-47a99030f7b5
        Last attempt @ 2011-04-21 10:44:06 failed, result 1783 (0x6f7):
            The stub received bad data.
        1 consecutive failure(s).
        Last success @ (never).

CN=Configuration,DC=blue,DC=local
    VerizonZABLVZN-DC01 via RPC
        DC object GUID: 933ef2e8-2f90-4ac3-8d5e-47a99030f7b5
        Last attempt @ 2011-04-21 10:24:07 was successful.

CN=Schema,CN=Configuration,DC=blue,DC=local
    VerizonZABLVZN-DC01 via RPC
        DC object GUID: 933ef2e8-2f90-4ac3-8d5e-47a99030f7b5
        Last attempt @ 2011-04-21 10:24:07 was successful.
It replicated the schema and configuration without any issues. The secondary dc that I am adding does not replicate all the users and groups to. It only replicates about 560 items and then stops.

When promoting the new dc it does not complete the full transfer of all the users and groups in dc-blue.dc=local. I then receive the error the stub received bad data.
The reason for replication not working is presence of stale records in Domain directory parititon or lingering object in the domain. You need to follow the article posted for getting rid of failed DC records from the AD as well as dealing with lingering
objects.

Did you restore second DC from VM, image/snpashot or from old backup?

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Please upload again the output of the commands I suggested previously on all DCs (all commands please).

Also, please check that you don’t have blocked ports. Use PortQry v2 to check ports. Also, disable all security softwares.

Have you deleted DCs without performing a metadata cleanup? If yes, please perform a metadata cleanup.

Also, please mentioned how many DCs you have now and their FQDNs.

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
- Edited by
  
  Thursday, April 21, 2011 9:10 AM
  add info
I only have one DC now because I can’t promote any other dc’s. It will not allow transfer of all the users and groups. If I promote it the sysvol becomes available but there’s only 560 odd users on the new dc. Users can’t authenticate on mail etc. The error
occures while promoting the new dc. I cleaned up metadata and retried promoting, no luck.
If you are down to one dc you should run dcdiag again and then repost the results on skyDrive. The forum can then eval the output for additional clues.

—
Paul Bergson
MVP — Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson

Please no e-mails, any questions should be posted in the NewsGroup. This
posting is provided «AS IS» with no warranties, and confers no rights.
I can replicate any new DC to the domain controller zablvzn-dc01 but nothing will replicate from the dc. No firewall blocking and no security software loaded on the server. The issu started about a week ago and I had to remove the other dc’s because if we
create new users it will not replicate to other dc’s.

[Replications Check,ZABLHQ-DC01] A recent replication attempt failed:

From BLUEVZNEX03 to ZABLHQ-DC01

Naming Context: DC=blue,DC=local

The replication generated an error (1783):

The stub received bad data.

The failure occurred at 2011-04-11 05:58:54.

The last success occurred at (never).
The DC diag was done on the 11th, that’s when everything started. We haven’t installed a new firewall or anything like that, no changes loaded for software installations etc and no patch management done.
Dcdiag show ok apart from adprep /rodcprep is not run & thats ok, but repadmin /showrepl show the data posted by me earlier, why these AD objects were appearing part of the domain.

Can you post below report on skydrive

Repadmin /syncall /APed >>c:syncall.log

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt [«dc* is a place holder for the starting name of the DCs if they all
begin the same (if more then one DC exists)]

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Added them to the skydrive.
Dcdiag looks fine to me. I would recommend transfer everything(FSMO,DNS,DHCP) from DC
ZABLVZN-DC01 to DC
BLUEVZNEX03(this is working DC), demote the problem DC & promote it back. Make Bluevznex03 as GC too.

If DNS is AD-Integrated, installing DNS service on other DC will make the server as DNS server too.

FSMO role transfer

http://www.petri.co.il/transferring_fsmo_roles.htm

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
- Marked as answer by
  Brent Hu
  Tuesday, April 26, 2011 2:35 AM
- Unmarked as answer by
  njooste
  Wednesday, August 15, 2012 1:43 PM

Источник

Question
We have 2 domain controllers. Serv1 and Serv2. Serv1 has all the roles and is functioning 100%, when I promote Serv2 into the domain I get the following error message:

Additional Data

Error value:

1783 The stub received bad data.

Both the servers shows in ad sites and services, when I replicate from serv1 to Serv2 to I also get the error message: The stub received bad data.

All replies

Check the below article & if it doesn’t help you, provide more info about your infra(No fo Forest/domain, no of DC’s with their OS, SP level, sites & b/w, DFL/FFL level).

http://support.microsoft.com/kb/2015644

Also, post the complete & other relevant error message.

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
I have followed the the KB, no luck.

1 domain, 1 DC Server 2008 standard edition 64 bit with sp2.

The full error message:

The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.

Attempts:

19

Domain controller:

CN=NTDS Settings,CN=ZABLVZN-DC01,CN=Servers,CN=Verizon,CN=Sites,CN=Configuration,DC=blue,DC=local

Period of time (minutes):

1047999

The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.

Additional Data

Error value:

1783 The stub received bad data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I am also getting the following error while promoting:

The local domain controller has not completed a full synchronization of the following directory partition. The local domain controller will not be advertised to clients by the domain controller locator service until this task is completed.

Directory partition:

DC=blue,DC=local

An attempt to complete a full synchronization of this directory partition will be tried again later.
Hello,

have a look to this Microsoft article about such error:

http://support.microsoft.com/kb/2028588

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
This is a clean installed server and promoted to a DC, no extra installation/s on the server exeprt for backups and antivirus.
Did you create a subnet for new dc & linked to appropriate site or its into same subnet as previous DC.

Please check connectivity from both the DC & able to resolve each other name using nslookup.

Type net share & verfiy sysvol & netlogon is shared on the new DC.

Post unedited ipconfig /all from both the dc’s.

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
DC01:

Windows IP Configuration. The servers are both in the same site, the subnets are present in the site. Yes, I am able to resolve each other using nslookup.

   Host Name . . . . . . . . . . . . : ZABLVZN-DC01
   Primary Dns Suffix . . . . . . . : blue.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : blue.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
   Physical Address. . . . . . . . . : 00-19-B9-E2-8F-16
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 66.8.56.44(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 66.8.56.253
   DNS Servers . . . . . . . . . . . : 66.8.56.44
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : isatap.{DFD01E40-1870-49A6-AC70-9D89BC7E3
326}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:4208:382c::4208:382c(Preferred)
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
   DNS Servers . . . . . . . . . . . : 66.8.56.44
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

DC02:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : bluevznex03
   Primary Dns Suffix . . . . . . . : blue.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : blue.local

Ethernet adapter 66.8.56.43:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
   Physical Address. . . . . . . . . : 00-17-A4-EC-F0-CA
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 66.8.56.43
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 66.8.56.253
   DNS Servers . . . . . . . . . . . : 66.8.56.44
I have followed the the KB, no luck.

1 domain, 1 DC Server 2008 standard edition 64 bit with sp2.

The full error message:

The Knowledge Consistency Checker (KCC) has detected that successive attempts to replicate with the following domain controller has consistently failed.

Attempts:

19

Domain controller:

CN=NTDS Settings,CN=ZABLVZN-DC01,CN=Servers,CN=Verizon,CN=Sites,CN=Configuration,DC=blue,DC=local

Period of time (minutes):

1047999

The Connection object for this domain controller will be ignored, and a new temporary connection will be established to ensure that replication continues. Once replication with this domain controller resumes, the temporary connection will be removed.

Additional Data

Error value:

1783 The stub received bad data.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Have a look to this Microsoft article:

http://www.microsoft.com/products/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2.3790.0&EvtID=1308&EvtSrc=NTDS%20KCC&FileVer=5.2.3790.0&FileName=ntdsmsg.dll&EvtType=Warning&LCID

please use Microsoft Skydrive to upload the output of these commands on all your DCs:

netdom query fsmo

netdom query dc

ipconfig /all >c:ipconfig.txt [from each DC/DNS Server]

dcdiag /v /c /d /e /s:dcname >c:dcdiag.txt

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt
[«dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]

dnslint /ad /s «DCipaddress» (http://support.microsoft.com/kb/321045)

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
There are warning or error events within the last 24 hours after the
```
   SYSVOL has been shared. Failing SYSVOL replication problems may cause

   Group Policy problems. 
```
Check event viewer for logged errors.
```
ZABLVZN-DC01 failed test NCSecDesc
```
Have a look to this thread:

http://zkvkea.blu.livefilestore.com/y1pHIQsh9IF5f3TuLIFyZsYtAXOW2OwOmkqzedEIZAOxj3up3HMZuM1XH7euIDRGsPmVeCzl80NyYq3FGqkDWkhTQ/dcdiag.txt?psid=1
```
Failed to delete the test record _dcdiag_test_record in zone blue.local
```
Please use secure updates only on your domain DNS zones.
```
There are no more endpoints available from the endpoint mapper
```
Have a look to this Microsoft article:

http://support.microsoft.com/kb/839880/en

__________________________________________________________

Please let your two DCs DNS servers and make sure that your zone is an AD integrated one. Once done, make sure that each DC points to itself as primary DNS server and to the other one as secondary one. After that, restart netlogon service on both DCs.

Also, make sure that there is no firewall blocking traffic between both DCs. Disable all security softwares and check again.

http://technet.microsoft.com/en-us/library/bb727063.aspx

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
VerizonBLUEVZNEX03ADEL:2c52d94b-8a36-482e-a224-d25ad0680ead (deleted DSA) via RPC

There are no more endpoints available from the endpoint mapper.

VerizonZABLHQ-DC02ADEL:abde6e5d-a36c-498e-9fcf-070291e04f10 (deleted DSA) via RPC

VerizonZABLVZNEXC02ADEL:38c053d1-7e37-4d0e-9944-41e31fc8a371 (deleted DSA) via RPC

VerizonZABLHQ-DC01ADEL:f688d9d5-0f49-4ee1-b528-e7019f46552e (deleted DSA) via RPC
VerizonZABLHQ-DC01ADEL:b84d6002-7d70-462d-8bed-78afd6f06ac2 (deleted DSA) via RPC
VerizonZABLHQ-DC02ADEL:abde6e5d-a36c-498e-9fcf-070291e04f10 (deleted DSA) via RPC

LynwoodADEL:e8f10dc9-8a4b-45f4-a388-540b2a46cbb0ZABLHQ-DC01ADEL:f616e21f-de09-4f11-8953-158bc542dfb8 (deleted DSA) via RPC

The above error are taken from repadmin /showrepl, it looks to be above listed DC( ZABLHQ-DC02,ZABLVZNEXC02,ZABLHQ-DC01,BLUEVZNEX03)DC were removed & metadata cleanup were not performed. What happened to these DC’s.

Apart from above, IPconfig report, i find public IP has been used for configuring DC, is there any reason for using public IP assigned for DC. Publishing your domain on internet or using public IP on DC is not the recommended practice from the security point.

Disable all the NIC from the DC ZABLVZN-DC01 except one, because multihomed DC’s are not recommended.

In bluevznex03, add the secondary DNS IP to itself & when replication is completed, you can interchange.

You need to perform metadata cleanup of removed DC, until you remove all the failed DC records from the AD, replication will not work. Problem of lingering object can’t be ignored too.

Metadata cleanup for windows 2003

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Metadata cleanup for windows 2008

http://technet.microsoft.com/en-us/library/cc816907%28WS.10%29.aspx

It looks to be there is lingering object too in the forest.

Lingering object issues

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9f114f3f-e8ef-4ac6-846f-8e61d6324d9a

For RPC endpoint mapper error, check the ports are open on the firewall.

http://support.microsoft.com/kb/839880

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Same error when I replicate:

C:Documents and Settingsadm-nickyj>repadmin /showreps
VerizonBLUEVZNEX03
DC Options: (none)
Site Options: (none)
DC object GUID: e8dfb429-f7fd-4a9f-9679-eb068ddb04f7
DC invocationID: de7adc56-84ee-46a1-a576-c7c46cb4d38e

==== INBOUND NEIGHBORS ======================================

DC=blue,DC=local
    VerizonZABLVZN-DC01 via RPC
        DC object GUID: 933ef2e8-2f90-4ac3-8d5e-47a99030f7b5
        Last attempt @ 2011-04-21 10:44:06 failed, result 1783 (0x6f7):
            The stub received bad data.
        1 consecutive failure(s).
        Last success @ (never).

CN=Configuration,DC=blue,DC=local
    VerizonZABLVZN-DC01 via RPC
        DC object GUID: 933ef2e8-2f90-4ac3-8d5e-47a99030f7b5
        Last attempt @ 2011-04-21 10:24:07 was successful.

CN=Schema,CN=Configuration,DC=blue,DC=local
    VerizonZABLVZN-DC01 via RPC
        DC object GUID: 933ef2e8-2f90-4ac3-8d5e-47a99030f7b5
        Last attempt @ 2011-04-21 10:24:07 was successful.
It replicated the schema and configuration without any issues. The secondary dc that I am adding does not replicate all the users and groups to. It only replicates about 560 items and then stops.

When promoting the new dc it does not complete the full transfer of all the users and groups in dc-blue.dc=local. I then receive the error the stub received bad data.
The reason for replication not working is presence of stale records in Domain directory parititon or lingering object in the domain. You need to follow the article posted for getting rid of failed DC records from the AD as well as dealing with lingering
objects.

Did you restore second DC from VM, image/snpashot or from old backup?

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Please upload again the output of the commands I suggested previously on all DCs (all commands please).

Also, please check that you don’t have blocked ports. Use PortQry v2 to check ports. Also, disable all security softwares.

Have you deleted DCs without performing a metadata cleanup? If yes, please perform a metadata cleanup.

Also, please mentioned how many DCs you have now and their FQDNs.

This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
- Edited by
  
  Thursday, April 21, 2011 9:10 AM
  add info
I only have one DC now because I can’t promote any other dc’s. It will not allow transfer of all the users and groups. If I promote it the sysvol becomes available but there’s only 560 odd users on the new dc. Users can’t authenticate on mail etc. The error
occures while promoting the new dc. I cleaned up metadata and retried promoting, no luck.
If you are down to one dc you should run dcdiag again and then repost the results on skyDrive. The forum can then eval the output for additional clues.

—
Paul Bergson
MVP — Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson

Please no e-mails, any questions should be posted in the NewsGroup. This
posting is provided «AS IS» with no warranties, and confers no rights.
I can replicate any new DC to the domain controller zablvzn-dc01 but nothing will replicate from the dc. No firewall blocking and no security software loaded on the server. The issu started about a week ago and I had to remove the other dc’s because if we
create new users it will not replicate to other dc’s.

[Replications Check,ZABLHQ-DC01] A recent replication attempt failed:

From BLUEVZNEX03 to ZABLHQ-DC01

Naming Context: DC=blue,DC=local

The replication generated an error (1783):

The stub received bad data.

The failure occurred at 2011-04-11 05:58:54.

The last success occurred at (never).
The DC diag was done on the 11th, that’s when everything started. We haven’t installed a new firewall or anything like that, no changes loaded for software installations etc and no patch management done.
Dcdiag show ok apart from adprep /rodcprep is not run & thats ok, but repadmin /showrepl show the data posted by me earlier, why these AD objects were appearing part of the domain.

Can you post below report on skydrive

Repadmin /syncall /APed >>c:syncall.log

repadmin /showrepl dc* /verbose /all /intersite >c:repl.txt [«dc* is a place holder for the starting name of the DCs if they all
begin the same (if more then one DC exists)]

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Added them to the skydrive.
Dcdiag looks fine to me. I would recommend transfer everything(FSMO,DNS,DHCP) from DC
ZABLVZN-DC01 to DC
BLUEVZNEX03(this is working DC), demote the problem DC & promote it back. Make Bluevznex03 as GC too.

If DNS is AD-Integrated, installing DNS service on other DC will make the server as DNS server too.

FSMO role transfer

http://www.petri.co.il/transferring_fsmo_roles.htm

Regards

Awinish Vishwakarma| MY Blog

Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
- Marked as answer by
  Brent Hu
  Tuesday, April 26, 2011 2:35 AM
- Unmarked as answer by
  njooste
  Wednesday, August 15, 2012 1:43 PM

Источник

Windows server 2019 ошибка 1783 заглушке переданы неправильные данные

Вопрос

Ответы

Все ответы

Windows server 2019 ошибка 1783 заглушке переданы неправильные данные

Вопрос

Ответы

Все ответы

Question

All replies

Question

All replies