Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, November 15, 2013 9:47 AM
We run DC, CA and DNS on W2012 (VMware virtual server). It worked well but some time ago I've noticed Event ID 91 after restart. I've checked permissions following http://technet.microsoft.com/en-us/library/cc774525(v=ws.10).aspx and there are 2 folders missing in the public key services node: "NTAuthCertificates object" and "Domain Computers and Domain Users containers". All other rights are set well. But it's a W2008R2 help and I can't find any relevant for W2012.
Running "nltest /sc_verify:[domainname]" command on CA/DC/DNS server I got "I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN" error message. But the same command works well on other W2012 server in the domain.
All replies (3)
Monday, November 18, 2013 2:09 AM
Hi,
For error "I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN", here is a discusstion:
The article you followed should be also suitable for Windows 2012, please follow it to troubleshoot this issue:
http://technet.microsoft.com/en-us/library/cc774525(v=ws.10).aspx
Regards,
Yan Li
Regards, Yan Li
Tuesday, November 19, 2013 1:50 PM
Thanks for an answer. I'm new in Windows Servers so every tip is appreciated for me.
I've checked DNS settings and it looks well. I've played with nltest command parameters and much of them work well:
PS C:\ nltest.exe /query
Flags: 0
Connection Status = 0 0x0 NERR_Succ
The command completed successfully
PS C:\ nltest.exe /sc_query:racom.eu
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
PS C:\ nltest.exe /dclist:racom.eu
Get list of DCs in domain 'racom.eu' from '\ad.racom.eu'.
ad.racom.eu [PDC] [DS] Site: Racom
The command completed successfully
PS C:\ nltest.exe /dcname:racom.eu
NetGetDCName failed: Status = 2453 0x995 NERR_DCNotFound
PS C:\ nltest.exe /dsgetdc:racom.eu /pdc
DC: \ad.racom.eu
Address: \192.168.20.201
Dom Guid: 119b225b-b0c3-4c80-ac67-f347d2087af6
Dom Name: racom.eu
Forest Name: racom.eu
Dc Site Name: Racom
Our Site Name: Racom
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8
The command completed successfully
PS C:\ nltest.exe /dnsgetdc:racom.eu /pdc
List of DCs in pseudo-random order taking into account SRV priorities and weights:
Non-Site specific:
ad.racom.eu fe80::c80b:3316:f454:cd55%12 192.168.20.201
The command completed successfully
PS C:\ nltest.exe /dsgetfti:racom.eu
Getting forest trust information failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
PS C:\ nltest.exe /domain_trusts
List of domain trusts:
0: RACOMEU racom.eu (NT 5) (Forest Tree Root) (Primary Domain) (Native)
The command completed successfully
PS C:\ nltest.exe /dsquerydns
Flags: 0
Connection Status = 0 0x0 NERR_Success
There was no failure in the last update for all DC-specific DNS records
The command completed successfully
It looks like AD server depended. Command work well for other server.
PS C:\ nltest.exe /server:ad.racom.eu /sc_query:racom.eu
I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
PS C:\ nltest.exe /server:smak.racom.eu /sc_query:racom.eu
Flags: 30 HAS_IP HAS_TIMESERV
Trusted DC Name \ad.racom.eu
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
What could be reason of problem? What else I could check, please?
Thanks in advance.
Tomas Lavicky
Thursday, November 21, 2013 2:38 PM
It looks like "I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN" error after running "nltest /sc_verify:[domainname]" on PDC is some undocumented bug. Is any other way to check the connection between a CA and AD DS, please?
I'm not sure if "Event ID 91" message isn't post Windows restart warning only. No similar message appears if I restart AD CS service in running W2012.
CA Web Enrollment works for user certificates and I can revoke old certificate via cersrv too. But we can't issue new smartcards via ActivID Card Management System. It ends with "The card issuance failed. Synch Error: Security module synchronization failed. An internal provider error has occured in provider Microsoft Certificate Server 2003, context xxxxxxxx-AD-CA. External operation error. (0x00000005) MSPKI_CA_NOT_ISSUE : Access is denied." message and support put it in connection with "Event ID 91" error.