LDAP Error 58 (re-post)

Giganews Newsgroups
Subject: LDAP Error 58 (re-post)
Posted by:  Jeff (Je…@discussions.microsoft.com)
Date: Tue, 27 Jun 2006

Sorry for the double post, but this is now buried 4 pages down and there has
been no response.  If anyone can review the following and possibly provide
some input, it would be greatly appreciated.

I am currently running through the replication steps for AD right now.

Thanks!

--------
Thanks for the reply, hopefully you are still checking.  Here is the output
from DCDIAG on DC1:

Domain Controller Diagnosis

Performing initial setup:
  Done gathering initial info.

Doing initial required tests

  Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
        ......................... DC1 passed test Connectivity

Doing primary tests

  Testing server: Default-First-Site-Name\DC1
      Starting test: Replications
        ......................... DC1 passed test Replications
      Starting test: NCSecDesc
        ......................... DC1 passed test NCSecDesc
      Starting test: NetLogons
        ......................... DC1 passed test NetLogons
      Starting test: Advertising
        ......................... DC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
        ......................... DC1 passed test KnowsOfRoleHolders
      Starting test: RidManager
        ......................... DC1 passed test RidManager
      Starting test: MachineAccount
        ......................... DC1 passed test MachineAccount
      Starting test: Services
        ......................... DC1 passed test Services
      Starting test: ObjectsReplicated
        ......................... DC1 passed test ObjectsReplicated
      Starting test: frssysvol
        ......................... DC1 passed test frssysvol
      Starting test: frsevent
        ......................... DC1 passed test frsevent
      Starting test: kccevent
        ......................... DC1 passed test kccevent
      Starting test: systemlog
        An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/23/2006  12:16:41
            (Event String could not be retrieved)
        An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/23/2006  12:16:42
            (Event String could not be retrieved)
        An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/23/2006  12:16:42
            (Event String could not be retrieved)
        An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/23/2006  12:16:43
            (Event String could not be retrieved)
        An Error Event occured.  EventID: 0x00000457
            Time Generated: 06/23/2006  12:16:44
            (Event String could not be retrieved)
        ......................... DC1 failed test systemlog
      Starting test: VerifyReferences
        ......................... DC1 passed test VerifyReferences

  Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
        ......................... ForestDnsZones passed test
CrossRefValidation

      Starting test: CheckSDRefDom
        ......................... ForestDnsZones passed test CheckSDRefDom

  Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
        ......................... DomainDnsZones passed test
CrossRefValidation

      Starting test: CheckSDRefDom
        ......................... DomainDnsZones passed test CheckSDRefDom

  Running partition tests on : Schema
      Starting test: CrossRefValidation
        ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... Schema passed test CheckSDRefDom

  Running partition tests on : Configuration
      Starting test: CrossRefValidation
        ......................... Configuration passed test
CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... Configuration passed test CheckSDRefDom

  Running partition tests on : DOMAIN
      Starting test: CrossRefValidation
        ......................... DOMAIN passed test CrossRefValidation
      Starting test: CheckSDRefDom
        ......................... DOMAIN passed test CheckSDRefDom

  Running enterprise tests on : child.domain.com
      Starting test: Intersite
        ......................... child.domain.com passed test Intersite
      Starting test: FsmoCheck
        ......................... child.domain.com passed test FsmoCheck

-end of output-

Seems like it passed all the necessary tests for being the primary domain
controller.  Do you think it has something to do with security/communication
between the two DC's?  (i.e. 2k3 has more secure communications that w2k is
not compatible with?)  I remember setting up the security policy and making
sure that they were able to communicate, but I could have missed something.

Again, thanks for your help.

--
Thanks, Jeff

"chriss3 [MVP]" wrote:

> Hello.
> It seems like there is some problem with DC1 verify communication and name
> resolution.
>
> What happens if you running dcdiag on the DC1 itself?
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
>http://www.chrisse.se - Active Directory Resources
>
> "Jeff" <Je…@discussions.microsoft.com> wrote in message
> news:0B1087E2-C7D2-4913-8B0A-E88A38CEEF…@microsoft.com...
> > Hello everyone,
> >
> > We're running an Active Directory Domain running a 2003 sp1 DC as the GCS
> > and a 2000 sp4 DC as the secondary DC/DNS server.  ADS was built in Mixed
> > Mode as we had migrated from an NT 4 domain.
> >
> > I noticed a few event viewer errors from the 2000 DC that seemed to
> > indicate
> > a DNS or replication problem as follows:
> >
> > Ntfrs, Event ID: 13562
> > Could not find computer object for this computer. Will try again at next
> > polling cycle
> >
> > NtFrs, Event ID: 13509
> > The File Replication Service has enabled replication from DC 1 to DC 2 for
> > c:\winnt\sysvol\domain after repeated retries.
> >
> > Error, DNS, Event ID: 4004
> > The DNS server was unable to complete directory service enumeration of
> > zone
> > OUR DOMAIN.  This DNS server is configured to use information obtained
> > from
> > Active Directory for this zone and is unable to load the zone without it.
> > Check that the Active Directory is functioning properly and repeat
> > enumeration of the zone. The event data contains the error.
> > Data:
> > 0000: 2a 23 00 00              *#..
> >
> > Warning, NTDS Replication, Event ID: 1083
> > Description:
> > Replication warning: The directory is busy. It couldn't update object
> > CN=USER DISPLAY NAME,OU=Users,OU=OFFICE
> > LOCATION,DC=child-domain,DC=domain,DC=com with changes made by directory
> > 8b4f4e80-7eb4-49ba-a0f9-55f623996dd8._msdcs.child.domain.com. Will try
> > again
> > later.
> >
> >
> > When I investigated, the 2000 DC (#2) seems to believe that it is the SOA
> > for DNS, but the 2003 DC (#1) also believes it is the SOA for DNS.  When I
> > tried to update the SOA manually, it reverts back to the original after a
> > refresh.
> >
> > When I ran DCDIAG on the 2000 DC (#2), I got the following errors:
> > Starting test: KnowsOfRoleHolders
> > Warning: DC01 is the Schema Owner, but is not responding to DS RPC Bind.
> > [DC01] LDAP connection failed with error 58,
> > The specified server cannot perform the requested operation..
> > Warning: DC01 is the Schema Owner, but is not responding to LDAP Bind.
> >
> > Warning: DC01 is the Domain Owner, but is not responding to DS RPC Bind.
> > Warning: DC01 is the Domain Owner, but is not responding to LDAP Bind.
> >
> > Warning: DC01 is the PDC Owner, but is not responding to DS RPC Bind.
> > Warning: DC01 is the PDC Owner, but is not responding to LDAP Bind.
> > Warning: DC01 is the Rid Owner, but is not responding to DS RPC Bind.
> > Warning: DC01 is the Rid Owner, but is not responding to LDAP Bind.
> > Warning: DC01 is the Infrastructure Update Owner, but is not responding to
> > DS RPC Bind.
> > Warning: DC01 is the Infrastructure Update Owner, but is not responding to
> > LDAP Bind.
> > ......................... DC02 failed test KnowsOfRoleHolders
> >
> > DC01 = 2003 Server, Global Catalog Server
> > DC02 = 2000 Server, DC / Secondary DNS Server
> >
> > Security and logons across the domain are unaffected, and the Security
> > Policy appears to be enforced across the domain.
> >
> > I found this problem after attempting to install SQL MSDE on the 2000 DC
> > for
> > use with a backup application.
> >
> > Can anyone point me in the right direction on how to correct this issue?
> >
> > --
> > Thanks, Jeff

Replies