Server 2003 add user problem
Hi All,
I have a problem in adding a user in my AD.
I have a single AD and have 2 DC on it. 2 of them are Windows 2003
Server.
When I try to add a user in one of the DC, which should be the first DC in
the AD, the user added cannot be shown in the next DC.
Besides, when I try to add an user in another DC, the following message
shown:
"Windows cannot verify that the user name is unique because the following
error occured while contacting the global catalog: The server is not
operational.
Windows will create this user account, but the user can log on only after
the user name is verified to be unique. Make sure the global is available.
Re: Server 2003 add user problem
What you are seeing is a symptom of something much more
serious that is broken in Active Directory replication between
your domain controllers. You need to fix this.
It is almost impossible to give you any specifics, because there
are so many ways for AD to break.
If you look in the system and FRS event logs on both DCs you no doubt will
see a lot of errors invoving AD and replication. Posting these would help
us figure out where your problem could be.
A few general ideas:
1) Make sure the time and time zone are set correctly and
are in sync with each other on the two DCs.
2) Go in to AD Sites and services and make sure there
is a functional replication path established between the two
DCs if they are in different sites. You probably want to make
both DCs global catalog servers, but I don't recommend that
you make any change like that at this time as it might make
your problem harder to figure out.
3) Run a netdiag /fix and a dcdiag /fix on both servers
(if these are not already on your servers then you can install them
from the \tools folder on the CD.) If a second pass of a /fix
is not reasonably clean, then something is wrong in
the AD configuration, and the log from these also will help figure
out your problem.
Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
"birdto" <birdto@mail.hongkong.com> wrote in message news:eGnBi$KuEHA.3392@TK2MSFTNGP10.phx.gbl...
> Hi All,
>
> I have a problem in adding a user in my AD.
>
> I have a single AD and have 2 DC on it. 2 of them are Windows 2003
> Server.
>
> When I try to add a user in one of the DC, which should be the first DC in
> the AD, the user added cannot be shown in the next DC.
>
> Besides, when I try to add an user in another DC, the following message
> shown:
> "Windows cannot verify that the user name is unique because the following
> error occured while contacting the global catalog: The server is not
> operational.
> Windows will create this user account, but the user can log on only after
> the user name is verified to be unique. Make sure the global is available.
>
>
Re: Server 2003 add user problem
Thanks.
When I try to run "dcdiag /v" in my first DC, it shown the following error
message:-
Testing server: Default-First-Site\WCLSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 1a4da01a-6b3a-4dd4-9682-f1081898142d._msdcs.Wclnet.local
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(1a4da01a-6b3a-4dd4-9682-f1081898142d._msdcs.Wclnet.local)
couldn't be resolved, the server name
(wclserver.Wclnet.local) resolved to the IP address
(192.168.0.11) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... WCLSERVER failed test Connectivity
What should be the problem of it?
"Steve Duff [MVP]" <ergodic@ergodic-systems.com> ¼¶¼g©ó¶l¥ó·s»D:ewJ7fkLuEHA.1280@TK2MSFTNGP10.phx.gbl...
> What you are seeing is a symptom of something much more
> serious that is broken in Active Directory replication between
> your domain controllers. You need to fix this.
>
> It is almost impossible to give you any specifics, because there
> are so many ways for AD to break.
>
> If you look in the system and FRS event logs on both DCs you no doubt will
> see a lot of errors invoving AD and replication. Posting these would help
> us figure out where your problem could be.
>
> A few general ideas:
>
> 1) Make sure the time and time zone are set correctly and
> are in sync with each other on the two DCs.
>
> 2) Go in to AD Sites and services and make sure there
> is a functional replication path established between the two
> DCs if they are in different sites. You probably want to make
> both DCs global catalog servers, but I don't recommend that
> you make any change like that at this time as it might make
> your problem harder to figure out.
>
> 3) Run a netdiag /fix and a dcdiag /fix on both servers
> (if these are not already on your servers then you can install them
> from the \tools folder on the CD.) If a second pass of a /fix
> is not reasonably clean, then something is wrong in
> the AD configuration, and the log from these also will help figure
> out your problem.
>
> Steve Duff, MCSE, MVP
> Ergodic Systems, Inc.
>
> "birdto" <birdto@mail.hongkong.com> wrote in message
> news:eGnBi$KuEHA.3392@TK2MSFTNGP10.phx.gbl...
>> Hi All,
>>
>> I have a problem in adding a user in my AD.
>>
>> I have a single AD and have 2 DC on it. 2 of them are Windows 2003
>> Server.
>>
>> When I try to add a user in one of the DC, which should be the first DC
>> in
>> the AD, the user added cannot be shown in the next DC.
>>
>> Besides, when I try to add an user in another DC, the following message
>> shown:
>> "Windows cannot verify that the user name is unique because the
>> following
>> error occured while contacting the global catalog: The server is not
>> operational.
>> Windows will create this user account, but the user can log on only
>> after
>> the user name is verified to be unique. Make sure the global is
>> available.
>>
>>
>
>
Re: Server 2003 add user problem
You have a DNS problem with names that
should be registered for your domain.
A netdiag /fix should have re-registered all the
names correctly in the DNS server, so the
fact that they aren't there means your configuration
is broken.
Take a look at your DNS zones. You should have
a zone named _mscds.wcinet.local. In that
zone should be a CNAME for the "1a4da01a-..."
name that aliases to the DC.
What the connectivity test is telling you is that
it can't find that name, or that it's CNAME alias
doesn't resolve. This should be fairly easy to trace
back manually to find the cause since a netdiag /fix
should register it.
So make sure you are pointing to the right
DNS server, that it is reachable, that
dynamic updates are enabled on all its zones,
and -- after checking those things -- that you've run
a netdiag /fix and a dcdiag /fix. If you do these
things, the names will show up.
The other possibility is that there is some sort
of deeper replication problem. But these also are
typically related to DNS problems too, in a
chicken-and-egg kind of way.
The best way to eliminate this from the diagnostic
process is to temporarily point all servers to just
one of the DC's for DNS. Once this config. is working,
simply tear down and re-enable AD-integrated DNS
on the other server(s) and replication takes care
of the rest.
And again, be sure to double-check time sync and time
zones on both servers. Any serious misadjustment
of time can wreak havoc on replication.
Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
"birdto" <birdto@mail.hongkong.com> wrote in message news:OcQdbuYuEHA.3320@TK2MSFTNGP15.phx.gbl...
> Thanks.
>
> When I try to run "dcdiag /v" in my first DC, it shown the following error
> message:-
>
> Testing server: Default-First-Site\WCLSERVER
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> The host 1a4da01a-6b3a-4dd4-9682-f1081898142d._msdcs.Wclnet.local
> could not be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
>
> (1a4da01a-6b3a-4dd4-9682-f1081898142d._msdcs.Wclnet.local)
>
> couldn't be resolved, the server name
>
> (wclserver.Wclnet.local) resolved to the IP address
>
> (192.168.0.11) and was pingable. Check that the IP address is
>
> registered correctly with the DNS server.
> ......................... WCLSERVER failed test Connectivity
>
> What should be the problem of it?
>
> "Steve Duff [MVP]" <ergodic@ergodic-systems.com> ¼¶¼g©ó¶l¥ó·s»D:ewJ7fkLuEHA.1280@TK2MSFTNGP10.phx.gbl...
> > What you are seeing is a symptom of something much more
> > serious that is broken in Active Directory replication between
> > your domain controllers. You need to fix this.
> >
> > It is almost impossible to give you any specifics, because there
> > are so many ways for AD to break.
> >
> > If you look in the system and FRS event logs on both DCs you no doubt will
> > see a lot of errors invoving AD and replication. Posting these would help
> > us figure out where your problem could be.
> >
> > A few general ideas:
> >
> > 1) Make sure the time and time zone are set correctly and
> > are in sync with each other on the two DCs.
> >
> > 2) Go in to AD Sites and services and make sure there
> > is a functional replication path established between the two
> > DCs if they are in different sites. You probably want to make
> > both DCs global catalog servers, but I don't recommend that
> > you make any change like that at this time as it might make
> > your problem harder to figure out.
> >
> > 3) Run a netdiag /fix and a dcdiag /fix on both servers
> > (if these are not already on your servers then you can install them
> > from the \tools folder on the CD.) If a second pass of a /fix
> > is not reasonably clean, then something is wrong in
> > the AD configuration, and the log from these also will help figure
> > out your problem.
> >
> > Steve Duff, MCSE, MVP
> > Ergodic Systems, Inc.
> >
> > "birdto" <birdto@mail.hongkong.com> wrote in message
> > news:eGnBi$KuEHA.3392@TK2MSFTNGP10.phx.gbl...
> >> Hi All,
> >>
> >> I have a problem in adding a user in my AD.
> >>
> >> I have a single AD and have 2 DC on it. 2 of them are Windows 2003
> >> Server.
> >>
> >> When I try to add a user in one of the DC, which should be the first DC
> >> in
> >> the AD, the user added cannot be shown in the next DC.
> >>
> >> Besides, when I try to add an user in another DC, the following message
> >> shown:
> >> "Windows cannot verify that the user name is unique because the
> >> following
> >> error occured while contacting the global catalog: The server is not
> >> operational.
> >> Windows will create this user account, but the user can log on only
> >> after
> >> the user name is verified to be unique. Make sure the global is
> >> available.
> >>
> >>
> >
> >
>
>
Re: Server 2003 add user problem
Hi, man
your server is using 192.168.0.0 IP address this is an invalid IP address
you can not use such IP address
Change your server IP to 192.168.0.1 for example or any failed IP
"alliesv" <alliesv.3eexvc@DoNotSpam.com> wrote in message
news:alliesv.3eexvc@DoNotSpam.com...
>
> Hi I am having issues with adding new user to my work server!! I have
> never dealt with servers before and my boss gave me this server to work
> with but when i try to add new user it gives me *error* sayign DNS is
> not registered!! So I followed dcdiag/v and it failed connectivity test
> so ran netdiag /fix and this is wat i get :
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\PBSERVER
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> The host
> afed4542-62e3-4db3-912c-5a73b2a3862e._msdcs.pbsc.local could n
> ot be resolved to an
> IP address. Check the DNS server, DHCP, server name, etc
> Although the Guid DNS name
> (afed4542-62e3-4db3-912c-5a73b2a3862e._msdcs.pbsc.local)
> couldn't be
> resolved, the server name (pbserver.pbsc.local) resolved to
> the IP
> address (192.168.0.0) and was pingable. Check that the IP
> address is
> registered correctly with the DNS server.
> ........................ PBSERVER failed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\PBSERVER
> Skipping all tests, because server PBSERVER is
> not responding to directory service requests
> Test omitted by user request: Topology
> Test omitted by user request: CutoffServers
> Test omitted by user request: OutboundSecureChannels
> Test omitted by user request: VerifyReplicas
> Test omitted by user request: VerifyEnterpriseReferences
> Test omitted by user request: CheckSecurityError
>
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ........................ ForestDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ........................ ForestDnsZones passed test
> CheckSDRefDom
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ........................ DomainDnsZones passed test
> CrossRefValidation
>
> Starting test: CheckSDRefDom
> ........................ DomainDnsZones passed test
> CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ........................ Schema passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ........................ Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ........................ Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ........................ Configuration passed test
> CheckSDRefDom
>
> Running partition tests on : pbsc
> Starting test: CrossRefValidation
> ........................ pbsc passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ........................ pbsc passed test CheckSDRefDom
>
> Running enterprise tests on : pbsc.local
> Starting test: Intersite
> Skipping site Default-First-Site-Name, this site is outside
> the scope
> provided by the command line arguments provided.
> ........................ pbsc.local passed test Intersite
> Starting test: FsmoCheck
> GC Name: \\pbserver.pbsc.local
> Locator Flags: 0xe00003fd
> PDC Name: \\pbserver.pbsc.local
> Locator Flags: 0xe00003fd
> Time Server Name: \\pbserver.pbsc.local
> Locator Flags: 0xe00003fd
> Preferred Time Server Name: \\pbserver.pbsc.local
> Locator Flags: 0xe00003fd
> KDC Name: \\pbserver.pbsc.local
> Locator Flags: 0xe00003fd
> ........................ pbsc.local passed test FsmoCheck
> Test omitted by user request: DNS
> Test omitted by user request: DNS
>
> C:\Documents and Settings\Administrator>netdiag /fix
>
> ........................................
>
> Computer Name: PBSERVER
> DNS Host Name: pbserver.pbsc.local
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
> List of installed hotfixes :
> KB911164
> Q147222
>
>
> Netcard queries test . . . . . . . : Passed
> [WARNING] The net card '1394 Net Adapter' may not be working
> because it has
> not received any packets.
> [WARNING] The net card 'Microsoft Tun Miniport Adapter' may not be
> working.
>
>
>
> Per interface results:
>
> Adapter : Server Local Area Connection
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : pbserver.home
> IP Address . . . . . . . . : 192.168.0.0
> Subnet Mask. . . . . . . . : 255.255.255.0
> Default Gateway. . . . . . : 192.168.0.0
> Primary WINS Server. . . . : 192.168.0.0
> Dns Servers. . . . . . . . : 192.168.0.0
>
> IpConfig results . . . . . : Failed
> Pinging the Primary WINS server 192.168.0.0 - not
> reachable
>
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
> [WARNING] At least one of the <00> 'WorkStation Service', <03>
> 'Messenge
> r Service', <20> 'WINS' names is missing.
> No remote names have been found.
>
> WINS service test. . . . . : Failed
> The test failed. We were unable to query the WINS
> servers.
>
>
> Global results:
>
>
> Domain membership test . . . . . . : Passed
>
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{26C7FCF2-04BE-455A-A570-B337A686F300}
> 1 NetBt transport currently configured.
>
>
> Autonet address test . . . . . . . : Passed
>
>
> IP loopback ping test. . . . . . . : Passed
>
>
> Default gateway test . . . . . . . : Passed
>
>
> NetBT name test. . . . . . . . . . : Passed
> [WARNING] You don't have a single interface with the <00>
> 'WorkStation Servi
> ce', <03> 'Messenger Service', <20> 'WINS' names defined.
>
>
> Winsock test . . . . . . . . . . . : Passed
>
>
> DNS test . . . . . . . . . . . . . : Failed
> [WARNING] Cannot find a primary authoritative DNS server for
> the name
> 'pbserver.pbsc.local.'. [WSAEADDRNOTAVAIL ]
> The name 'pbserver.pbsc.local.' may not be registered in
> DNS.
> [WARNING] Cannot find a primary authoritative DNS server for
> the name
> 'pbserver.pbsc.local.'. [ERROR_TIMEOUT]
> The name 'pbserver.pbsc.local.' may not be registered in
> DNS.
> [WARNING] Cannot find a primary authoritative DNS server for
> the name
> 'pbserver.pbsc.local.'. [WSAEADDRNOTAVAIL ]
> The name 'pbserver.pbsc.local.' may not be registered in
> DNS.
> [WARNING] Cannot find a primary authoritative DNS server for
> the name
> 'pbserver.home.'. [WSAEADDRNOTAVAIL ]
> The name 'pbserver.home.' may not be registered in DNS.
> [WARNING] Cannot find a primary authoritative DNS server for
> the name
> 'pbserver.pbsc.local.'. [ERROR_TIMEOUT]
> The name 'pbserver.pbsc.local.' may not be registered in
> DNS.
> [FATAL] Failed to fix: DC DNS entry _ldap._tcp.pbsc.local.
> re-registeration
> on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.pbsc.local. re-registeration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.pdc._msdcs.pbsc.local. re-reg
> isteration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.gc._msdcs.pbsc.local. re-regi
> steration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.gc._msdcs.pbsc.local. re-registeration on DNS server '0.0.0.0'
> failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.90b3879e-d872-4f0d-a875-e0f48
> c90e89c.domains._msdcs.pbsc.local. re-registeration on DNS server
> '0.0.0.0' fail
> ed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> afed4542-62e3-4db3-912c-5a73b2a3862e._ms
> dcs.pbsc.local. re-registeration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _kerberos._tcp.dc._msdcs.pbsc.local. re-
> registeration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _kerberos._tcp.Default-First-Site-Name._
> sites.dc._msdcs.pbsc.local. re-registeration on DNS server '0.0.0.0'
> failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.dc._msdcs.pbsc.local. re-regi
> steration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.dc._msdcs.pbsc.local. re-registeration on DNS server '0.0.0.0'
> failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.pbsc.local.
> re-registerat
> ion on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _kerberos._tcp.Default-First-Site-Name._
> sites.pbsc.local. re-registeration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry _gc._tcp.pbsc.local.
> re-registeration on
> DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _gc._tcp.Default-First-Site-Name._sites.
> pbsc.local. re-registeration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry _kerberos._udp.pbsc.local.
> re-registerat
> ion on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.pbsc.local.
> re-registerati
> on on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.pbsc.local.
> re-registerati
> on on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.DomainDnsZones.pbsc.local. re
> -registeration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.DomainDnsZones.pbsc.local. re-registeration on DNS server '0.0.0.0'
> failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.ForestDnsZones.pbsc.local. re
> -registeration on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry
> _ldap._tcp.Default-First-Site-Name._site
> s.ForestDnsZones.pbsc.local. re-registeration on DNS server '0.0.0.0'
> failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry pbsc.local. re-registeration on
> DNS serv
> er '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry gc._msdcs.pbsc.local.
> re-registeration o
> n DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry ForestDnsZones.pbsc.local.
> re-registerat
> ion on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Failed to fix: DC DNS entry DomainDnsZones.pbsc.local.
> re-registerat
> ion on DNS server '0.0.0.0' failed.
> DNS Error code: 0x00002741
> [FATAL] Fix Failed: netdiag failed to re-register missing DNS
> entries for th
> is DC on DNS server '0.0.0.0'.
> [FATAL] No DNS servers have the DNS records for this DC
> registered.
>
>
> Redir and Browser test . . . . . . : Passed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{26C7FCF2-04BE-455A-A570-B337A686F300}
> The redir is bound to 1 NetBt transport.
>
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{26C7FCF2-04BE-455A-A570-B337A686F300}
> The browser is bound to 1 NetBt transport.
>
>
> DC discovery test. . . . . . . . . : Passed
>
>
> DC list test . . . . . . . . . . . : Passed
>
>
> Trust relationship test. . . . . . : Skipped
>
>
> Kerberos test. . . . . . . . . . . : Passed
>
>
> LDAP test. . . . . . . . . . . . . : Passed
>
>
> Bindings test. . . . . . . . . . . : Passed
>
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
>
>
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed
> information
>
>
> The command completed successfully
> PLEASE SOME ONE CAN EXPLAIN WHAT THIS CRAP MEANS
> ???????
>
> Thanks
> alliesv
>
>
> --
> alliesv
> ------------------------------------------------------------------------
> alliesv's Profile: http://forums.techarena.in/members/alliesv.htm
> View this thread: http://forums.techarena.in/windows-s...help/12920.htm
>
> http://forums.techarena.in
>