Dom
Member
Registered: 13th Sep 03
User status: Offline
|
This stems from my last SBS 2008 thread but managed to get access to the box to find the events viewer is lit up like an Xmas tree 
Currently my concern is two issues with AD Certification Authority.
First -
quote:
Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 03/10/2012 15:44:20
Event ID: 44
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: MonkeySrv.MonkeySoft.local
Description:
The "Windows default" Policy Module "Initialize" method returned an error. A directory service error has occurred. The returned status code is 0x80072095 (8341). The Active Directory containing the Certification Authority could not be contacted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">44</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-10-03T14:44:20.000Z" />
<EventRecordID>152737</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>MonkeySrv.MonkeySoft.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_POLICY_ERROR">
<Data Name="PolicyModuleDescription">Windows default</Data>
<Data Name="MethodName">Initialize</Data>
<Data Name="ErrorCode">0x80072095 (8341)</Data>
<Data Name="param4">The Active Directory containing the Certification Authority could not be contacted.
</Data>
<Data Name="ErrorString">A directory service error has occurred.</Data>
</EventData>
</Event>
Second -
quote:
Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 03/10/2012 15:44:17
Event ID: 91
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: MonkeySrv.MonkeySoft.local
Description:
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">91</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-10-03T14:44:17.000Z" />
<EventRecordID>152734</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>MonkeySrv.MonkeySoft.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DS_RETRY">
</EventData>
</Event>
Been through the usual but it appears ok. One thing i have noticed is that the box hasn't been auto-approving updates, so there are a few SP's for Exchange and Sharepoint that haven't installed but i can't see that causing this problem :boogle:
So can anyone shed any light or point me in some sort of direction to what it could be?
As i'm getting to the head-banging-desk stage
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
Is the CA still installed?
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Yup
|
VrsTurbo
Premium Member
Registered: 8th Jun 10
User status: Offline
|
I'd remove that role and add it again.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by VrsTurbo
I'd remove that role and add it again.
AD Certificate Services?
Edit - Nevermind, being completely thick. Will give it ago and see how far i get.....
[Edited on 03-10-2012 by Dom]
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
Errors like this normally point to a screwed ad. Have you got system state backup before the problems? You could also try setting up a second box joining it to your domain let ad replicate across transfer the fsmo roles and see if you get the same problem on the other box if not demote the original server and repeat the process to transfer it all back
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
If you transfer the fsmo rolls from an SBS box will it not think it's being migrated and start shutting down?
I know a 2003 box would do that but haven't done a migration from 2008.
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
Gunna have trouble on an SBS box mirgrating the role to and from
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
im usually dealing with 2008 R2 boxes, but am sure iv done a 2003 SBS in the past
why would there be trouble? you can either use mmc snapins to do it visually or ntdsutil
unless the 2008 SBS server doesnt permit more than one server in a domain
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
It permits more than one server but it has to hold some or all of the fsmo's.
If you move them off SBS2003 it gives you a certain number of days then starts randomly shutting down.
|
Steve
Premium Member
Registered: 30th Mar 02
Location: Worcestershire Drives: Defender
User status: Offline
|
a day is all you need 
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
Removing CA and re-adding the roll did squat.
Steve - Could re-image the box from a previous backup but i'd like to keep that as last resort.
Does anyone have any idea what could bork the AD? The box has been happily running for 18months without issue 
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
BIND order for NIC's?
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4112db9e-c5c8-47cf-891d-4da712ea85d5
Lots of posts about network config actually.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by John
BIND order for NIC's?
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/4112db9e-c5c8-47cf-891d-4da712ea85d5
Lots of posts about network config actually.
Single NIC box (HP Microserver).
However, since it's last reboot (early hours this morning) it seems to be holding up and the event list appears to be a lot calmer (just getting a VSS error which started when ShadowProtect was installed).
Although i have noticed that i'm also getting a userprofile (cannot locate Desktop; shows a black desktop) issue with the Admin account on the box when logging in. Re-logging in a few times seems to sort it though 
[Edited on 04-10-2012 by Dom]
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
Back up any documents on the admin side and fuck the user profile off, let it recreate on log on
|
