Dcpromo Error: No Other Active Directory Controllers?

KB ID 0001453

Problem

I was trying to demote a domain controller yesterday morning, it was a 2008 R2 Domain controller, (in fact it was SBS 2011). I’d already added a nice new Server 2016 Domain Controller to the domain, and transferred all the FSMO roles, so I was surprised when I tried to gracefully demote the old DC and got this;

You did not indicate that this Active Directory domain controller is the last domain controller for the domain {domain-name}. However, no other Active Directory domain controllers for that domain can be contacted.

Do you want to proceed anyway?

If you click Yes, any Active Directory Domain Services changes that have been made on this domain controller will be lost.

Well, that’s a scary error, and pretty much made me cancel the demotion right away.

Solution

Well I could ping the other domain controller, by name and by IP address, and it was listed in ‘Sites and Services’, and I could replicate Active Directory? (Very Strange). It was not until I ran dcdiag that I saw some warnings about ‘sysvol replication‘. that steered my in the right direction.

On the ‘outgoing’ Domain Controller, run regedit, then navigate to the following location;

[box]HKEY LOCAL MACHINE > SYSTEM > CurrentControlSet > services > Netlogon > Parameters[/box]

Locate the SysvolReady value, (it’s probably set to 0 (Zero)).

Change it to 1 (one) then click OK, (this sort of ‘kicks windows up the backside’, and re-shares Sysvol with the correct permissions). Then after you have changed it, change it back to ZERO. You don’t need to restart any services, just change it, then change it back. Repeat the process on your other domain controllers. Have a coffee, then attempt to demote your Domain Controller again.

Related Articles, References, Credits, or External Links

NA

Event ID 9646

KB ID 0000282 

Problem

Event ID 9646

Mapi session “/o=domain/ou=first administrative group/cn=Recipients/cn=username” exceeded the maximum of 32 objects of type “session”.

Seen on Exchange 2003 (and SBS2003) Post Service pack 2.

Solution

1. On the server in question, Click Start > Run > cmd {enter}.

2. At command line issue the following command,

[box]netsh int ip set chimney disabled[/box]

Related Articles, References, Credits, or External Links

NA

Event ID 7023

KB ID 0000353 0

Problem

Event ID 7023

Source: Service Control Manager

Description: The Internet Authentication Service service terminated with the following error: Only one usage of each socket address (protocol/network address/port) is normally permitted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Cause: In my case the server (SBS2003) had recently been patched and updated. It was one of those updates that had stopped the IAS service from running, this was originally seen with MS KB 956189. But the update mentioned in that article (MS KB 953230) was not visible on the list of installed updates. However the fix is the same.

<palign=”left”>The Internet Authentication service was not running, and manually starting it, caused it to stall straight away.

1. On the affected server > Start > run regedit {Enter}.

2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters

3. Locate the ReservedPorts entry and double click it.

4. For IAS to run you need to have the following port ranges 1812-1813 and 1645-1646 (I was missing the second range) > OK.

Note: DO NOT remove or change any existing entries!

5. You MUST reboot the server for this to take effect.

Related Articles, References, Credits, or External Links

NA

Event ID 7023

KB ID 0000353 

Problem

Event ID 7023

Source: Service Control Manager

Description: The Internet Authentication Service service terminated with the following error:
Only one usage of each socket address (protocol/network address/port) is normally permitted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

In my case the server (SBS2003) had recently been patched and updated. It was one of those updates that had stopped the IAS service from running, this was originally seen with MS KB 956189. But the update mentioned in that article (MS KB 953230) was not visible on the list of installed updates. However the fix is the same.

The Internet Authentication service was not running, and manually starting it, caused it to stall straight away.

Solution

1. On the affected server > Start > run regedit {Enter}.

2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters

3. Locate the ReservedPorts entry and double click it.

4. For IAS to run you need to have the following port ranges 1812-1813 and 1645-1646 (I was missing the second range) > OK.

Note: DO NOT remove or change any existing entries!

5. You MUST reboot the server for this to take effect.

 

Related Articles, References, Credits, or External Links

NA

Windows Server – DHCP Service Starts then Stops again

KB ID 0000617 

Problem

Saw this last week on an SBS 2011 Server. When attempting to get the DHCP service running it span up then stopped straight away.

Solution

A quick look in Event Viewer showed me what the problem was,

Event ID 1054

The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons

Fair enough lets see the previous error on the same server;

Event ID 1053

The DHCP/BINL service has encountered another server on this network with IP Address, (IPv4 or IPv6 address), belonging to the domain

In this example the offending IP (192.168.87.254) Was a Cisco PIX 501 firewall that was running a DHCP server. Thankfully My main job that day was to replace the firewall so when I put in a new ASA I didn’t have the DHCPD service running.

If you see this elsewhere you will need to locate the offending IP and disable DHCP on it.

 

Related Articles, References, Credits, or External Links

NA

Error sqlservr.exe is using too much memory

KB ID 0000190 

Problem

Seen on SBS 2008 with WSUS.

The Windows internal database (the one used by WSUS) has no memory reservation limit, so it can use as much as it wants, this is a BAD thing!

Your server will struggle because the following consumes to much memory.

SQL/MSSQL$MICROSOFT##SSEE

Solution

1. Click Start > In the search/run box type CMD {enter}.

2. At command line issue the following commands,

    1. [box]
sqlcmd -S .pipemssql$microsoft##sseesqlquery -E
sp_configure ’show advanced options’, 1;
reconfigure;
go
sp_configure ‘max server memory’, 512;
reconfigure;
go
exit
[/box]

Related Articles, References, Credits, or External Links

NA

Stop the SBS 2003 Internet Connection Wizard

KB ID 0000003 Dtd 08/09/08

Problem

SBS 2003 Internet connection wizard (ICW) keeps launching all the time.

Solution

SBS Stop Internet Connection Wizard (ICW).

1. Start Run > msconfig {enter}
2. Select the startup Tab
3. Untick icwnotify > Apply > Close
4. Exit without Restart.
5. Right Click the Taskbar > Task Manager > Rocesses
6. Locate icwnotify.exe > Right Click > End Process Tree > Yes.

 

Related Articles, References, Credits, or External Links

NA

SBS Cannot access ‘Companyweb’ after changing the IP Address

KB ID 0000151 

Problem

After changing the SBS Server IP address you can no longer access the sharepoint services web site on http://companyweb.

Solution

Launch the “Windows SBS Console” > Navigate to Network > Connectivity > Click “Fix My Network”

Related Articles, References, Credits, or External Links

NA

SBS 2008 – Cannot RDP to machines via VPN or from other sites

KB ID 0000193

Problem

The firewall policy that Server 2008 uses out of the box only allows RDP connections from the local LAN. This is great in an office environment, but it you have remote VPN clients (On a different IP range) that can’t get access to your client PC’s or member servers via RDP, not so good. If you have a member server running terminal services for example, then having RDP blocked will stop it working.

You would think that, to fix the problem you would change the policies either at..

Windows Firewall: Allow inbound remote administration exception.
or
Windows Firewall: Allow inbound Remote Desktop exceptions.

But I did that and it still didn’t work!

Solution

1. Assuming the affected machines are in the My Business > Computers > SBSComputers OU in Active Directory. (If not either move them or change policies accordingly).

2. On the SBS Server, Click Start > Administrative Tools > Group Policy Management > Navigate to Computer Configuration > Policies > Administrative Templates >Network > Network Connections > Windows Firewall > Domain Profile > Locate “Windows Firewall: Define inbound Port Exceptions” > Double Click it > Click Enabled > Click Show

3. CLick Add > In the “Enter the Item to be added” box type the following,

3389:TCP:*:enabled:RDP

Note: the asterisk denotes accept traffic from any IP, you can enter a range of IP addresses i.e. 192.168.1.0/24 or a single IP address like 172.16.3.1, or the word localsubnet, or a combination, seperated by commas e.g.

3389:TCP:192.168.1.0/24,172.16.3.1.localsubnet:enabled:RDP

4. Click OK > Apply > OK.

5. On the machine you are trying to get to Click Start > In the run/search box type cmd {enter} > At command line issue the gpupdate /force command.

 

Related Articles, References, Credits, or External Links

NA

SBS – Outlook Web Access shows a 404.0 Error

KB ID 0000205 

Problem

SBS 2008 (which runs Exchange 2007) displays a 404 error when you try and view Outlook Web Access.

https://sites/owa and https://localhost/owa don’t work

Solution

A 404 Error just means page not found, so there are lots of different reasons why this might happen, this is just one of many fixes.

1. On the SBS Server > Click Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand {server name} > Sites > Expand SBS Web Applications > Ensure “owa” is listed below > Notice this site is in a stopped state (indicated by the arrow).

2. If you try and start the site it will probably complain that the port is in use (Look upwards and you will see the “Default Web Site” is running and will be using the same ports).

3. To stop the Default Web Site (if it’s running) Select “Site” > Right click “Default Web Site” > Manage Web Site > Stop.

4. The to Start the “SBS Web Applications” site, Select “Site” > Right click “SBS Web Applications” > Manage Web Site > Start.

Related Articles, References, Credits, or External Links

NA