Hi guys,
First of all sorry for the big read but ive been working on this for a few weeks and just cant work out whats wrong. Ive searched online for hours and none of the fixes i have found have made any difference, so im hoping someone else has come across the problem.
We currently have a two DC 2003 domain, one primary server and a backup. Both are running DNS with Active Directory integration and point to themselves as primary DNS and the other server as a backup.
I have attempted to add a new 2008 R2 DC to the domain and i cant get it to work properly, it keeps coming up with errors relating to group policy processing not working due to DNS and LDAP errors.
Before i added the the new DC i did the following to the existing servers;
Updated both servers to latest service packs and hot fixes
Check for errors with DCdiag, NetDiag, checked replication was working successfully with replmon (no errors found anywhere)
Backed up both servers
adprep32 /forestprep
adprep32 /domainprep
adprep32 /domainprep /gpprep
Setup a new virtual 2008 R2 server, updated it fully and added it to the domain.
Added the AD services role and ran dcpromo, to add AD, Global Catalog and DNS.
Rebooted server and instantly get the Group Policy errors as below;
Event ID: 1006 - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event ID: 40961 - The Security System could not establish a secured connection with the server LDAP/server.domain.com/[email protected] No authentication protocol was available.
Event ID: 1097 - The processing of Group Policy failed. Windows could not determine the computer account to enforce Group Policy settings. This may be transient. Group Policy settings, including computer configuration, will not be enforced for this computer.
There are also a few errors relating to DNS, Event ID: 5774.
Now if i leave the server as it is overnight the problems go away and it will run fine until its rebooted. Obviously this is no good to put in our network as it is.
Anyone got any tips suggestions or come across this before?
Thanks
Jacko
First of all sorry for the big read but ive been working on this for a few weeks and just cant work out whats wrong. Ive searched online for hours and none of the fixes i have found have made any difference, so im hoping someone else has come across the problem.
We currently have a two DC 2003 domain, one primary server and a backup. Both are running DNS with Active Directory integration and point to themselves as primary DNS and the other server as a backup.
I have attempted to add a new 2008 R2 DC to the domain and i cant get it to work properly, it keeps coming up with errors relating to group policy processing not working due to DNS and LDAP errors.
Before i added the the new DC i did the following to the existing servers;
Updated both servers to latest service packs and hot fixes
Check for errors with DCdiag, NetDiag, checked replication was working successfully with replmon (no errors found anywhere)
Backed up both servers
adprep32 /forestprep
adprep32 /domainprep
adprep32 /domainprep /gpprep
Setup a new virtual 2008 R2 server, updated it fully and added it to the domain.
Added the AD services role and ran dcpromo, to add AD, Global Catalog and DNS.
Rebooted server and instantly get the Group Policy errors as below;
Event ID: 1006 - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event ID: 40961 - The Security System could not establish a secured connection with the server LDAP/server.domain.com/[email protected] No authentication protocol was available.
Event ID: 1097 - The processing of Group Policy failed. Windows could not determine the computer account to enforce Group Policy settings. This may be transient. Group Policy settings, including computer configuration, will not be enforced for this computer.
There are also a few errors relating to DNS, Event ID: 5774.
Now if i leave the server as it is overnight the problems go away and it will run fine until its rebooted. Obviously this is no good to put in our network as it is.
Anyone got any tips suggestions or come across this before?
Thanks
Jacko