Ntds General Error 2103
Contents |
(עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) Home20132010Other VersionsLibraryForumsGallery Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: Net logon service paused When Server Reboot Windows Server
Event Id 2103 Activedirectory_domainservice
> Windows Server General Forum Question 0 Sign in to vote Hi, the active directory database has been restored using an unsupported restoration procedure When ever i reboot our additional domain controller( using windows 2003 standard edition sp1) the net logon dsa not writable service paused. If i start the net logon service manualy its starting not an issue. The only problem is every reboot that service paused. Blow is the log for
Repadmin /showutdvec
your reference. Event Type: Error Event Source: NTDS General Event Category: Service Control Event ID: 2103 Date: 3/16/2010 Time: 1:26:54 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: CHD1DOMINO2 Description: The Active Directory database has been restored using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Wednesday, March 17, 2010 2:54 PM Reply | Quote Answers 7 Sign in to vote Hi Alagar, According to your description, I understand that you are experiencing an Netlogon service issue with event ID 2103. To narrow down this issue, please check the following stuffs: 1. Check for USN rollback by using the command Repadmin /showutdvec (KB Article: 875495, 885875) 2. Check the Registry value "HKLM\System\CurrentControlSet\Services\NTDS\Parameters, "DSA Not Writable" (REG_DWORD) and its value is 0x4. 3. Delete "DSA Not Writable" (REG_DWORD) from registry and reboot the server. Please try above steps and let us know your results, thanks. Sincerely, Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights. Marked as answer by Wilson Jia Tuesday, March 23, 2010 2:51 AM Thursday, March 18, 2010 3:44 AM Reply | Quote All replies 0 Sign in to vote Hello,was the
that rear their heads after the server reboots. The error was an NTDS General event 2103, which indicates that the AD database "was restored using an unsupported procedure and Net Logon service has been paused". Research and KB Article 875495 lists event 2103 and 3 other events related to a condition known as USN Rollback. This DC is running Windows 2003 SP2, so based on the article, I should be seeing at least the more serious NTDS Replication 2095 event as well, due to a hotfix in SP1 that made the error logging somewhat more verbose. But I'm not. This makes it more curious. Am I in a rollback state or not?KB 8759495 also lists some possible causes of this state, some of which https://social.technet.microsoft.com/Forums/office/en-US/2865f5c0-a0ca-4596-b8ee-b9ad0b6ec50c/net-logon-service-paused-when-server-reboot?forum=winservergen are possible in a virtual environment - the case for this DC. It points me to another KB Article 888794 which lists out a bunch of considerations for hosting DCs as VMs. However our environment met all the requirements, including one related to write caching on disks, as our host machine has battery backed disk caching. So I rule out that we actively caused a potential rollback. Repadmin has a switch (/showutdvec) that can be used to determine USN status https://blog.techbunny.com/2009/06/19/ntds-error-2103/ by displaying the up-to-dateness vector USN for all DCs that replicate a common naming context. If the direct replication partners have a higher USN for the DC in question than that DC has for itself, that's considered evidence of a USN rollback. My DC did not have this problem, as it had a USN higher than it's partners. So at this point I couldn't confirm or deny a true USN rollback issue, however it seemed the the DC "thought" it was having this problem. Maybe I could figure out why the DC was in this limbo. So I returned to the original article to look for specific causes. One line reads, "Starting an AD domain controller whose AD database file was restored (copied) into place by using an imaging program such as Norton Ghost." Thinking back, the conversion of this DC from physical to virtual did not go as smoothly as I would have hoped. I remembered I had to resolve some issue where I was getting an error in the logs related to the directory database file not being where the OS expected it, even though the path on the server hadn't changed during the conversion. It was odd at the time, but the posted fix seemed to clear the issue and I'd moved on.
I'm guessing that perhaps that was the start of my issues - maybe the P2V process made the OS think the database was differSession - hanging on 'Please wait forUser Profile'. Once logged in, there were also issues http://www.alexheer.co.uk/it-blog/error-2103-on-domain-controller with Outlook 'Theconnection to Microsoft Exchange is unavaliable'.I investigated the issue, firstly checking the event logson each DomainController and also the server which held the roaming profiles.On one DC, I found event 2103 in the Directory Services log.‘Active Directory Domain Services database has been restored using anunsupported restoration procedure'. This may have been caused by ntds general a rollback to an image or virtual machinesnapshot.As a result, Windows had paused the Net Logon service, thereforethis domain controller would no longer be able to provide authentication orregister DNS records. (Those users experiencing issues were trying to autheticate to this domain controller).The Net logon service "Maintains a secure channel between this computer andthe domain controller ntds general error for authenticating users and services. If this service iss topped, the computer may not authenticate users and services, and the domaincontroller cannot register DNS records."To fix this issue. on the domain controller experiencing the issue,1) Check the Registry value "HKLM\System\CurrentControlSet\Services\NTDS\Parameters, for "DSA Not Writable" (REG_DWORD) with a value of 0x4.2) Delete "DSA Not Writable"(REG_DWORD) from registry and reboot the server.3) Check the Net Logon service is started and the Direcory Services event log is clean of new errors orwarnings. 0 Comments Leave a Reply. Author Alex Heer Archives October 2016 August 2016 June 2016 May 2016 March 2016 February 2016 October 2015 September 2015 August 2015 July 2015 April 2015 March 2015 January 2015 December 2014 September 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 Categories All Active Directory Awards Certification Cyber Dpm Exchange Genera
be down. Please try the request again. Your cache administrator is webmaster. Generated Sat, 22 Oct 2016 03:17:01 GMT by s_wx1011 (squid/3.5.20)