LDAP Error 58 on DCDIAG

Giganews Newsgroups
Subject: LDAP Error 58 on DCDIAG
Posted by:  Jeff (Je…@discussions.microsoft.com)
Date: Fri, 23 Jun 2006

Hello everyone,

We're running an Active Directory Domain running a 2003 sp1 DC as the GCS
and a 2000 sp4 DC as the secondary DC/DNS server.  ADS was built in Mixed
Mode as we had migrated from an NT 4 domain.

I noticed a few event viewer errors from the 2000 DC that seemed to indicate
a DNS or replication problem as follows:

Ntfrs, Event ID: 13562
Could not find computer object for this computer. Will try again at next
polling cycle

NtFrs, Event ID: 13509
The File Replication Service has enabled replication from DC 1 to DC 2 for
c:\winnt\sysvol\domain after repeated retries.

Error, DNS, Event ID: 4004
The DNS server was unable to complete directory service enumeration of zone
OUR DOMAIN.  This DNS server is configured to use information obtained from
Active Directory for this zone and is unable to load the zone without it.
Check that the Active Directory is functioning properly and repeat
enumeration of the zone. The event data contains the error.
Data:
0000: 2a 23 00 00              *#..

Warning, NTDS Replication, Event ID: 1083
Description:
Replication warning: The directory is busy. It couldn't update object
CN=USER DISPLAY NAME,OU=Users,OU=OFFICE
LOCATION,DC=child-domain,DC=domain,DC=com with changes made by directory
8b4f4e80-7eb4-49ba-a0f9-55f623996dd8._msdcs.child.domain.com. Will try again
later.

When I investigated, the 2000 DC (#2) seems to believe that it is the SOA
for DNS, but the 2003 DC (#1) also believes it is the SOA for DNS.  When I
tried to update the SOA manually, it reverts back to the original after a
refresh.

When I ran DCDIAG on the 2000 DC (#2), I got the following errors:
Starting test: KnowsOfRoleHolders
Warning: DC01 is the Schema Owner, but is not responding to DS RPC Bind.
[DC01] LDAP connection failed with error 58,
The specified server cannot perform the requested operation..
Warning: DC01 is the Schema Owner, but is not responding to LDAP Bind.

Warning: DC01 is the Domain Owner, but is not responding to DS RPC Bind.
Warning: DC01 is the Domain Owner, but is not responding to LDAP Bind.

Warning: DC01 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC01 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC01 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC01 is the Rid Owner, but is not responding to LDAP Bind.
Warning: DC01 is the Infrastructure Update Owner, but is not responding to
DS RPC Bind.
Warning: DC01 is the Infrastructure Update Owner, but is not responding to
LDAP Bind.
......................... DC02 failed test KnowsOfRoleHolders

DC01 = 2003 Server, Global Catalog Server
DC02 = 2000 Server, DC / Secondary DNS Server

Security and logons across the domain are unaffected, and the Security
Policy appears to be enforced across the domain.

I found this problem after attempting to install SQL MSDE on the 2000 DC for
use with a backup application.

Can anyone point me in the right direction on how to correct this issue?

--
Thanks, Jeff

Replies