Wednesday, September 28, 2011

dcpromo fails with error 1326: unknown user name or password

Problem:
Recieved an error 1325 (Logon failure: unknown user name or bad password) while attempting a dcpromo.
Here's a screenshot of the error: 


The Solution:
I ended up just setting the local administrator password to match my domain administrator password and magically it worked! It made no sense to me! Anyone know why?


Thanks to http://tsoorad.blogspot.com/2010/01/oh-my-aching-brain-cell-or-dcpromo-u.html for the fix!
Posted by at 1 comment:
Labels:

Wednesday, September 21, 2011

Event Id 34 and 50 Time-Service errors fixed on Virtual DC

Recently I deployed a 2008 R2 Domain Controller running off VMware vSphere with VMware tools installed. I had found out that the VMware tools had Time synchronization with ESX host enabled (which the ESX hosts did not have ntp configured properly) and thus threw the DC's time sync way off. As a note it is best practice to either use only one of the time synchronization methods with DC's..... either all use Sync with ESX host or all use w32time...from my experience w32time seems to work better.


 


After discovering the time sync with esx host was checked I ended up getting lots of event errors 34 and 50 in the event logs. The fix was to uncheck the Sync with ESX host and edit the following Registry keys to allow me to sync the time back beyond the allowed sync change thresholds:


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
 MaxAllowedPhaseOffset 0xffffffff
MaxPosPhaseCorrection 0xffffffff
MaxNegPhaseCorrection 0xffffffff

 After changing those keys I ran the following script and everything was fixed. :)

NET TIME /DOMAIN:<your domain> /SET

w32tm /config /update

w32tm /config /manualpeerlist:<your PDCe DC>

w32tm /config /syncfromflags:domhier /update

net stop w32time && net start w32time
Posted by at No comments:
Labels: ,

Monday, September 19, 2011

Workstation trust relationship issues and iPhone login prompt issues: RESOLVED

Just recently I worked on resolving an authentication issue that took a month long to solve with Microsoft Premier Support Services on a Sev-A case. The issue ended up just needing a hotfix applied to all the remaining 2003 DCs in the domain.

The symptoms were the following:

1) iPhones were randomly prompting for logon and sometimes would not allow authentication for up to 30 minutes. This was also logged in the UAG 2010 servers as Event ID 14 mentioning the "trust relationship" has failed. Android phones also had the same issue however they never prompted on error so it was quiet on the android front.


 
2)  Workstations would randomly fall off the domain and get errors like Workstation trust relationship between this workstation and primary domain failed, or no logon servers available to process this logon request. The workaround was to logon with your username with the SPN like user@user.com or rejoin the machine to the domain.

Environment for the affected AD site:

5 2003 R2 DCs, 2 2008 R2 DCs, Exchange 2010 in the site (3 CAS) with iPhones/Android phones coming in through 2 UAG 2010 array.

Problem and Solution:

We found out that the KRBTGT object had been authoritatively restored causing it increase it's version number basically making it unreadable by the 2003 DCs. We also found that the KRBTGT object had been moved to a different OU folder (possibly by a disabled users script moving disabled accounts to the "Disabled Users" OU). Simply applying the hotfix from MSFT to all the 2003 DCs solved the problem.Another solution would be to upgrade all the remaining 2003 DCs.


Takeaways:
Solving kerberos authentication issues is sometimes very hard to do. We ended up working on many fronts to solve this problem (UAG, Exchange, AD). Some good debugging techniques are to Enable Kerberos Logging, Enable netlogon.log logging on all the effected DC's and try to actively start up netmon traces as well when you notice the issue occuring.

Microsoft KB with hotfix: http://support.microsoft.com/kb/939820
Posted by at No comments:
Labels:

Domain Controller Upgrade causes Exchange outage

The other day we experienced an exchange outage at a customer site while doing DC upgrades from 2003 to 2008 R2. The exchange box was reporting the error below:





The fix was simply to recycle the Microsoft Exchange Active Directory Topology Service and it's dependents (it was pointing to the DC we were upgrading and thus it went down and the outage occurred). We recycled the service and it pointed to the other healthy DC in the site.
Posted by at No comments:
Labels: ,

Tuesday, August 30, 2011

Powershell Script to automate WINS install/configuration

Here's a  short powershell script I wrote that will automate the installation of WINS server and configure a two way replication partnership.


Import-Module Servermanager

Add-WindowsFeature WINS-Server

[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') | Out-Null

$computer = [Microsoft.VisualBasic.Interaction]::InputBox("Enter Host of Replication Partner", "Computer", "$env:computername")

$myip=((ipconfig | findstr [0-9].\.)[0]).Split()[-1]



$partner=([System.Net.Dns]::GetHostaddresses("$computer".split('.')[0]))[0].ipaddresstostring

netsh wins server $myip add partner Server=$partner type=2

netsh wins server $partner add partner Server=$myip type=2
Posted by at No comments:
Labels:

Vbscript to compare services among hosts inside domain

Below is a script I wrote to compare services on a list of hosts versus a "template" list of services and show the differences, very useful if your trying to find differences among roles/services running on a large number of hosts.


How to use:

Run inside domain or do runas and make sure your vpn

C:\Windows\System32\runas.exe /u:<domain>\<account> /netonly cmd

Cscript services.vbs

Cscript makeTemplate /computer:<Computer to make template services>

Template.txt = The list of services that is used to compare against
compareList.txt = Dump of Hosts to look against

services.vbs
----------------------------------------------------------------
Dim args,computername

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile("template.txt", ForReading)

Const ForReading = 1

'Read template
Dim arrFileLinesTemplate()
i = 0
Do Until objFile.AtEndOfStream
Redim Preserve arrFileLines(i)
arrFileLines(i) = objFile.ReadLine
i = i + 1
Loop
objFile.Close

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile1 = objFSO.OpenTextFile("CompareList.txt", ForReading)


'Read Compare To List
Dim ListToProcess()
i = 0
Do Until objFile1.AtEndOfStream
Redim Preserve ListToProcess(i)
ListToProcess(i) = objFile1.ReadLine
i = i + 1
Loop
objFile1.Close

For Each strLine in ListToProcess

    if strLine <> "" then
    computername = strLine
    Call enumServices(strLine,1)
    End if

Next

Function enumServices(computername,flag)
On Error Resume Next
Dim objsvc,svccount,count, tempStr, found, strCompName
found = 1
count = 0
strCompName = computername
wscript.echo "==============Checking " & ucase(computername) & "=============="
set objsvc = GetObject("winmgmts:{impersonationLevel=impersonate}\\" & computername & "\root\cimv2").ExecQuery _
            ("SELECT * FROM Win32_Service")
if not (errorChecking (computername)) then
    for each svc in objsvc
        count = count + 1
        Call writetoLog(svc.displayname,svc.state,svc.startmode,svc.pathname,svc.processid,computername)
        if flag = 1 then
            tempStr = svc.displayname
            For Each strLine in arrFileLines
                intCompare = StrComp(strLine, tempStr, vbTextCompare)
               
                if intCompare = 0 then
                    'Wscript.Echo svc.displayname & " xxxx found in template xxxx"
                    found=0
                    exit For
                end if
            Next
            if found = 1 then
                Wscript.Echo svc.displayname & " hosted on " & strCompName & " was not found in template "
               

            end if
            found = 1
        end if
    next       
    wscript.echo "There are " & count & " Services on " & ucase(strCompName)
    wscript.echo "Disconnecting from " & ucase(strCompName)
    wscript.echo ""
end if
set objsvc = nothing
End Function



Function writetoLog(displayname,state,startmode,pathname,processid,computername)
Dim FSO,objFSOwriteline
Set FSO = CreateObject("Scripting.FileSystemObject")
Set objFSOwriteline = FSO.OpenTextFile(logPath & "\services_" & computername & ".txt", 8,True)
    objFSOwriteline.WriteLine(displayname)
    objFSOwriteline.close
Set objFSOwriteline = nothing
Set FSO = nothing
End Function

----------------------------------------------------------------

makeTemplate.vbs
----------------------------------------------------------------
Dim args,computername,adwg,logPath
Set args = Wscript.Arguments.Named
computername = args.Item("computer")
logPath = getLogPath()

if wscript.arguments.count = 0 then
    wscript.echo "Script Usage:"
    wscript.echo "Enum Service on Single PC: cscript makeTemplate.vbs /computer:[ComputerName]"
   
elseif args.exists("computer") then
    if computername = "" then
        computername = getComputer()
    else
        computername = computername
    end if
    Call enumServices(computername,1)

End if


Function enumServices(computername,flag)
On Error Resume Next
Dim objsvc,svccount,count
count = 0
wscript.echo "Connecting to " & ucase(computername) & " building template..... "
set objsvc = GetObject("winmgmts:{impersonationLevel=impersonate}\\" & computername & "\root\cimv2").ExecQuery _
            ("SELECT * FROM Win32_Service")
if not (errorChecking (computername)) then
    for each svc in objsvc
        count = count + 1
        Call writetoLog(svc.displayname,svc.state,svc.startmode,svc.pathname,svc.processid,computername)
        if flag = 1 then
            'wscript.echo svc.displayname & "," & svc.state & "," & svc.startmode
        end if
    next       
    wscript.echo "There are " & count & " Services on " & ucase(computername)
    wscript.echo "Disconnecting from " & ucase(computername)
    wscript.echo ""
end if
set objsvc = nothing
End Function


Function writetoLog(displayname,state,startmode,pathname,processid,computername)
Dim FSO,objFSOwriteline
Set FSO = CreateObject("Scripting.FileSystemObject")
Set objFSOwriteline = FSO.OpenTextFile("Template.txt", 8,True)
    objFSOwriteline.WriteLine(displayname)
    objFSOwriteline.close
Set objFSOwriteline = nothing
Set FSO = nothing
End Function

Function getLogPath()
Dim temp,temp2
temp = split(wscript.scriptfullname,"\")
for i = 0 to ubound(temp) - 1
    temp2 = temp2 & temp(i) & "\"
next
getLogPath = temp2
End Function

----------------------------------------------------------------


Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)