# domain log on error



## lebalang (Nov 7, 2009)

roaming profile is not available but you will be log on locally


----------



## rhynes (Aug 14, 2006)

Need more information. 

first time trying to launch this roaming profile or did it work before? 
Domain controller? 2000? 2003? 2008?

The more info you provide, the easier it is to get answers.


----------



## lebalang (Nov 7, 2009)

am using 2003 server ,yes when i first created they roaming profiles it worked just fine and it is like is on and off ,sometime it work oh it will bring this message and it will nerve work 


windows cannot locate the copy of your roaming profile and is attempting to log you on with the local profile ,possible reason network is not accessible or you dont have permission


----------



## rhynes (Aug 14, 2006)

Ok, first thing, check the event logs on both the server and whatever workstations that can't access the profiles - there should be something under the system logs to tell you what went wrong. 

DNS is another big cause - make sure your domain controller IP is the first DNS server configured in dhcp or for static assigned workstations. Post an IPCONFIG /ALL from one of your workstation

Any updates or service packs installed lately?


----------



## lebalang (Nov 7, 2009)

but one thing am using one server that house both the DNS and DHCP SERVER 
when i went through the event viewer 
this is some of the errors 

DNS ERROR

the dns server has encountered a critical error from the active directory check that the active directory is function properly the extended error debug information(which is empty) is 000020ef: svcErr -DSID 0208017F problem 5012(DIR -ERROR) data -1090 the event data contain the error

Question is how do i check that my active directory is functioning properly????


----------



## lebalang (Nov 7, 2009)

errors from the workstation

warning 
tcp/ip has reached the security limit imposed on the number of concurrent tcp connect attempts

but here am lost what should i do to fix this one

warning 

the redirector failed to determine the connection type

error

the service control manager tried to take a corrective action (restart the service) after the unexpected termination of the windows management instrumentation service. but this action failed with the following error. an instance of the service already running


----------



## rhynes (Aug 14, 2006)

ok, go here: 
http://www.microsoft.com/downloads/...78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en

and download the tools. Install it to c:\support on both servers to make it easy

open a cmd prompt and navigate to c:\support 
run the following command on each of your servers.
health_chk server

This will create a directory under c:\support\server with a bunch of files - the main ones i'm interested in are the dcdiag.txt and netdiag.txt files. You can post them here minus any identifyable information.

Post an ipconfig /all from your workstation. What ip address to you have as the first dns server on both your servers?


----------



## lebalang (Nov 7, 2009)

after running the health_chk command this is what i got 

netdiag/debug is running 
NTFRSUTL checks are running
dumping FRS inbound and outbound logs...
dumping FRS registry paramenter...
SYSVOL check is running 
SMB/DFS check is running
repadmin/showreps ghanzi is running
repadmin/showcon ghanzi is running
dediag/v/s: ghanzi is running
scanning eventslogs....
scanning FRS DEBUG LOGS FOR ERROR/WARNING REF...
DONE...


----------



## rhynes (Aug 14, 2006)

ok, there should be a bunch of txt files - run the command: 
health_check server

this will create a directory called "server" within the directory you installed your files... look for dcdiag and netdiag.


----------



## lebalang (Nov 7, 2009)

i have run the command but the same thing


----------



## lebalang (Nov 7, 2009)

let say i have sav them under E
: maybe that is why i cannot see the files you want


----------



## rhynes (Aug 14, 2006)

open windows explorer and navigate to where you installed the support tools. you should see the dcdiag and netdiag files either in the same directory or under a folder called server.


----------



## lebalang (Nov 7, 2009)

Gathering IPX configuration information. Opening \Device\NwlnkIpx failed Querying status of the Netcard drivers... Passed Testing IpConfig - pinging the Primary WINS server... Passed Testing Domain membership... Passed Gathering NetBT configuration information. Testing for autoconfiguration... Passed Testing IP loopback ping... Passed Testing default gateways... Passed Enumerating local and remote NetBT name cache... Passed Testing the WINS server Server Local Area Connection Sending name query to primary WINS server 192.- querying name GHANZI on server 192. bytes sent 50Passed There is no secondary WINS server defined for this adapter. Gathering Winsock information. Testing DNS PASS - All the DNS entries for DC are registered on DNS server '192'. Testing redirector and browser... Passed Testing DC discovery. Looking for a DC Looking for a PDC emulator Looking for an Active Directory DC Gathering the list of Domain Controllers for domain 'GBDT' DC list for domain GBDT: ghanzi.GBDT.LOCAL [PDC emulator] [DS] Site: Default-First-Site-Name Testing trust relationships... Skipped Testing Kerberos authentication... Passed Testing LDAP servers in Domain GBDT ... Gathering routing information Gathering network statistics information. Gathering configuration of bindings. Gathering RAS connection information Gathering Modem information Gathering Netware information Gathering IP Security information Tests complete. Computer Name: GHANZI DNS Host Name: ghanzi.GBDT.LOCAL DNS Domain Name: GBDT.LOCAL System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 6 Model 15 Stepping 11, GenuineIntel Hotfixes : Installed? Name Yes KB923561 Yes KB924667-v2 Yes KB925398_WMP64 Yes KB925902-v2 Yes KB927891 Yes KB929123 Yes KB930178 Yes KB932168 Yes KB933714 Yes KB933854 Yes KB936357 Yes KB938127 Yes KB941569 Yes KB942830 Yes KB942831 Yes KB943055 Yes KB943460 Yes KB944338-v2 Yes KB944653 Yes KB945553 Yes KB946026 Yes KB948496 Yes KB950762 Yes KB950974 Yes KB951066 Yes KB951748 Yes KB952004 Yes KB952069 Yes KB952954 Yes KB953298 Yes KB954155 Yes KB955069 Yes KB956572 Yes KB956802 Yes KB956803 Yes KB956844 Yes KB957097 Yes KB958469 Yes KB958644 Yes KB958687 Yes KB958869 Yes KB959426 Yes KB960225 Yes KB960803 Yes KB960859 Yes KB961063 Yes KB961371-v2 Yes KB961501 Yes KB967715 Yes KB967723 Yes KB968389 Yes KB968537 Yes KB968816 Yes KB969059 Yes KB969805 Yes KB969883 Yes KB969947 Yes KB970238 Yes KB970483 Yes KB970653-v3 Yes KB971032 Yes KB971486 Yes KB971557 Yes KB971633 Yes KB971657 Yes KB971961 Yes KB971961-IE8 Yes KB973037 Yes KB973354 Yes KB973507 Yes KB973525 Yes KB973540 Yes KB973687 Yes KB973815 Yes KB973825 Yes KB973869 Yes KB974112 Yes KB974455 Yes KB974455-IE8 Yes KB974571 Yes KB975025 Yes KB975364-IE8 Yes KB975467 Yes KB976098-v2 Yes KB976749 Yes KB976749-IE8 Yes Q147222Netcard queries test . . . . . . . : Passed Information of Netcard drivers: --------------------------------------------------------------------------- Description: HP NC326i PCIe Dual Port Gigabit Server Adapter Device: \DEVICE\{3923B439-0F3A-4EB6-BEA3-413B430C479F} Media State: Connected Device State: Connected Connect Time: 5 days, 09:28:47 Media Speed: 100 Mbps Packets Sent: 37483880 Bytes Sent (Optional): 0 Packets Received: 33645129 Directed Pkts Recd (Optional): 33581872 Bytes Received (Optional): 0 Directed Bytes Recd (Optional): 0


----------



## lebalang (Nov 7, 2009)

Domain Controller DiagnosisPerforming initial setup: * Connecting to directory service on server GHANZI. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 1 DC(s). Testing 1 of them. Done gathering initial info.Doing initial required tests Testing server: Default-First-Site-Name\GHANZI Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... GHANZI passed test ConnectivityDoing primary tests Testing server: Default-First-Site-Name\GHANZI Starting test: Replications * Replications Check * Replication Latency Check * Replication Site Latency Check ......................... GHANZI passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC GHANZI. * Security Permissions Check for DC=ForestDnsZones,DC=GBDT,DC=LOCAL (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=GBDT,DC=LOCAL (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=GBDT,DC=LOCAL (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=GBDT,DC=LOCAL (Configuration,Version 2) * Security Permissions Check for DC=GBDT,DC=LOCAL (Domain,Version 2) ......................... GHANZI passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\GHANZI\netlogon Verified share \\GHANZI\sysvol ......................... GHANZI passed test NetLogons Starting test: Advertising The DC GHANZI is advertising itself as a DC and having a DS. The DC GHANZI is advertising as an LDAP server The DC GHANZI is advertising as having a writeable directory The DC GHANZI is advertising as a Key Distribution Center The DC GHANZI is advertising as a time server The DS GHANZI is advertising as a GC. ......................... GHANZI passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL Role Domain Owner = CN=NTDS Settings,CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL Role PDC Owner = CN=NTDS Settings,CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL Role Rid Owner = CN=NTDS Settings,CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL Role Infrastructure Update Owner = CN=NTDS Settings,CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL ......................... GHANZI passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 1606 to 1073741823 * ghanzi.GBDT.LOCAL is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 1106 to 1605 * rIDPreviousAllocationPool is 1106 to 1605 * rIDNextRID: 1346 ......................... GHANZI passed test RidManager Starting test: MachineAccount Checking machine account for DC GHANZI on DC GHANZI. * SPN found :LDAP/ghanzi.GBDT.LOCAL/GBDT.LOCAL * SPN found :LDAP/ghanzi.GBDT.LOCAL * SPN found :LDAP/GHANZI * SPN found :LDAP/ghanzi.GBDT.LOCAL/GBDT * SPN found :LDAP/a7ec8b82-53d6-468a-8a22-4c46d4445e39._msdcs.GBDT.LOCAL * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a7ec8b82-53d6-468a-8a22-4c46d4445e39/GBDT.LOCAL * SPN found :HOST/ghanzi.GBDT.LOCAL/GBDT.LOCAL * SPN found :HOST/ghanzi.GBDT.LOCAL * SPN found :HOST/GHANZI * SPN found :HOST/ghanzi.GBDT.LOCAL/GBDT * SPN found :GC/ghanzi.GBDT.LOCAL/GBDT.LOCAL ......................... GHANZI passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ IsmServ Service is stopped on [GHANZI] * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... GHANZI failed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated GHANZI is in domain DC=GBDT,DC=LOCAL Checking for CN=GHANZI,OU=Domain Controllers,DC=GBDT,DC=LOCAL in domain DC=GBDT,DC=LOCAL on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL in domain CN=Configuration,DC=GBDT,DC=LOCAL on 1 servers Object is up-to-date on all servers. ......................... GHANZI passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... GHANZI passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... GHANZI passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... GHANZI passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x00000457 Time Generated: 12/01/2009 12:35:08 (Event String could not be retrieved) ......................... GHANZI failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=GHANZI,OU=Domain Controllers,DC=GBDT,DC=LOCAL and backlink on CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL are correct. The system object reference (frsComputerReferenceBL) CN=GHANZI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=GBDT,DC=LOCAL and backlink on CN=GHANZI,OU=Domain Controllers,DC=GBDT,DC=LOCAL are correct. The system object reference (serverReferenceBL) CN=GHANZI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=GBDT,DC=LOCAL and backlink on CN=NTDS Settings,CN=GHANZI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=GBDT,DC=LOCAL are correct. ......................... GHANZI passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : GBDT Starting test: CrossRefValidation ......................... GBDT passed test CrossRefValidation Starting test: CheckSDRefDom ......................... GBDT passed test CheckSDRefDom Running enterprise tests on : GBDT.LOCAL Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... GBDT.LOCAL passed test Intersite Starting test: FsmoCheck GC Name: \\ghanzi.GBDT.LOCAL Locator Flags: 0xe00003fd PDC Name: \\ghanzi.GBDT.LOCAL Locator Flags: 0xe00003fd Time Server Name: \\ghanzi.GBDT.LOCAL Locator Flags: 0xe00003fd Preferred Time Server Name: \\ghanzi.GBDT.LOCAL Locator Flags: 0xe00003fd KDC Name: \\ghanzi.GBDT.LOCAL Locator Flags: 0xe00003fd ......................... GBDT.LOCAL passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS


----------



## lebalang (Nov 7, 2009)

for security reason i didnt include other information i believe will compromise my network .thanks


----------



## rhynes (Aug 14, 2006)

ok, your domain seems to be running fine according to the logs you posted... Is your server running dhcp or is it coming from a router? If it's on the server, please check your scope and tell me if the IP of your domain controller is the first dns server. Also, double check the IP addressing of the offending workstation(s) to ensure the addressing is correct. 

Other things to try:
check your dns snaping on the server to ensure there are no extra records for the offending workstations. be sure the computer name matches the IP. 

Check the user profiles to ensure the paths are correct to the roaming profiles. reapply them if necessary. Sometimes updates to your server or workstations can create disconnects. You may also want to readd the workstation to the domain - check the server event logs (system) to see if there are any real errors and research them. 

Disable any/all firewalls on the offending workstation(s), reboot and try logging in again.

Do you have WINS installed on the server? If not, install it and configure it. 

Do you have reverse dns set up on your server? If not, please set it up.


----------



## lebalang (Nov 7, 2009)

yes the IP of my domain controller is the first dns server


----------



## lebalang (Nov 7, 2009)

i have decided to format the pc , to resolve that problem but now i have this problem on the event viewer

errorr message
 The master browser has received a server announcement from the computer TUTUOFFICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{363705D7-135F-466. The master browser is stopping or an election is being forced.

warning message

The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service is no longer synchronized and cannot provide the time to other clients or update the system clock. Monitor the system events displayed in the Event Viewer to make sure that a more serious problem does not exist.


----------

