Errors on newly promoted DC in my SBS 2003 domain

I recently wiped a server and did a clean install of Server 2003 SP1. After
joining it to my SBS domain using the wizard and connectcomputer tool, I
dcpromoed the machine to be a second domain controller on my network. I now
have a string of continuous Failure Audit errors in the Security log on that
machine Details:

Date: [date] Source: Security
Time: [time] Category: Logon/Logoff
Type: Failure Aud Event ID: 529
User: NT AUTHORITY\SYSTEM
Computer: [computername]

Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: {valid, assigned internal address}
Source Port: {various}

More information:

These messages appear with Source IPs of various machines in our office,
both workstations and servers. The events appear in big bunches, with
multiple events appearing during the same second, or in consecutive seconds,
for a single IP and port. The port numbers vary, and the port is sometimes
0.

Over 2200 of these events have appeared just since midnight this morning.
None of the workstations has been configured to do anything with this server
yet. After promoting this machine to be a DC, the only configuration I
performed on it was to make it a Global Catalog Server.

Thanks in advance for any ideas.

Bryan

Hi Bryan

Does your SBS have SBS SP1 Installed? Why are you making the member server a
DC?

--
Frank McCallister SBS MVP
COMPUMAC
"Bryan L" <(E-Mail Removed)> wrote in message
news:%23khGQW%(E-Mail Removed)...
>I recently wiped a server and did a clean install of Server 2003 SP1.
>After joining it to my SBS domain using the wizard and connectcomputer
>tool, I dcpromoed the machine to be a second domain controller on my
>network. I now have a string of continuous Failure Audit errors in the
>Security log on that machine Details:
>
> Date: [date] Source: Security
> Time: [time] Category: Logon/Logoff
> Type: Failure Aud Event ID: 529
> User: NT AUTHORITY\SYSTEM
> Computer: [computername]
>
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: {valid, assigned internal address}
> Source Port: {various}
>
> More information:
>
> These messages appear with Source IPs of various machines in our office,
> both workstations and servers. The events appear in big bunches, with
> multiple events appearing during the same second, or in consecutive
> seconds, for a single IP and port. The port numbers vary, and the port is
> sometimes 0.
>
> Over 2200 of these events have appeared just since midnight this morning.
> None of the workstations has been configured to do anything with this
> server yet. After promoting this machine to be a DC, the only
> configuration I performed on it was to make it a Global Catalog Server.
>
> Thanks in advance for any ideas.
>
> Bryan
>

Thanks for the reply Frank.

Yes, the SBS has SP1 installed; I held off even installing the OS on the
Server 2003 DC until the SBS and all other member servers were running 2003
SP1, since my Server 2003 Std CD has SP1 slipstreamed into it. I carefully
planned the SP1 upgrade for SBS and happily, have had few issues.

As to your second question, I'd like to have a replica DC in my network to
improve availability of services (specifically, logon, authentication, and
DNS services) in case my SBS goes down or requires a reboot during business
hours. I realize this may add complexity to my network environment, but I'm
willing to accept that on two conditions: 1) It achieves the desired result
of minimizing the impact to users if SBS 2003 goes down, and 2) I can
succeeed in running down and eliminating recurring event log errors I
currently am seeing. If I understand correctly, I should be able to
continue providing all major services to my users, with the obvious
exception of Exchange, if I have a replica DC.

Does that make sense, and is it correct?

I should add that since my last post, I have configured the DNS service on
the replica DC and pointed it to itself for DNS, with a forwarder to the SBS
box. Immediately after installing and configuring DNS, the DNS Console
already showed my DNS zones and records. I'm using AD-integrated zones.

Thanks,

Bryan



"Frank McCallister SBS MVP" <anonymous> wrote in message
news:%23x697X$(E-Mail Removed)...
> Hi Bryan
>
> Does your SBS have SBS SP1 Installed? Why are you making the member server
> a DC?
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "Bryan L" <(E-Mail Removed)> wrote in message
> news:%23khGQW%(E-Mail Removed)...
>>I recently wiped a server and did a clean install of Server 2003 SP1.
>>After joining it to my SBS domain using the wizard and connectcomputer
>>tool, I dcpromoed the machine to be a second domain controller on my
>>network. I now have a string of continuous Failure Audit errors in the
>>Security log on that machine Details:
>>
>> Date: [date] Source: Security
>> Time: [time] Category: Logon/Logoff
>> Type: Failure Aud Event ID: 529
>> User: NT AUTHORITY\SYSTEM
>> Computer: [computername]
>>
>> Description:
>> Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>> Caller User Name: -
>> Caller Domain: -
>> Caller Logon ID: -
>> Caller Process ID: -
>> Transited Services: -
>> Source Network Address: {valid, assigned internal address}
>> Source Port: {various}
>>
>> More information:
>>
>> These messages appear with Source IPs of various machines in our office,
>> both workstations and servers. The events appear in big bunches, with
>> multiple events appearing during the same second, or in consecutive
>> seconds, for a single IP and port. The port numbers vary, and the port
>> is sometimes 0.
>>
>> Over 2200 of these events have appeared just since midnight this morning.
>> None of the workstations has been configured to do anything with this
>> server yet. After promoting this machine to be a DC, the only
>> configuration I performed on it was to make it a Global Catalog Server.
>>
>> Thanks in advance for any ideas.
>>
>> Bryan
>>
>
>

As long as you don't make the member server a TS this is permissable but you
aren't going to get the ability you think you will to continue smooth
operation this way with SBS failure AFAIK. Perhaps others can provide more
info along this line. Does the SBS have one or two nics? Standard or Premium
with ISA?

--
Frank McCallister SBS MVP
COMPUMAC
"Bryan L" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thanks for the reply Frank.
>
> Yes, the SBS has SP1 installed; I held off even installing the OS on the
> Server 2003 DC until the SBS and all other member servers were running
> 2003 SP1, since my Server 2003 Std CD has SP1 slipstreamed into it. I
> carefully planned the SP1 upgrade for SBS and happily, have had few
> issues.
>
> As to your second question, I'd like to have a replica DC in my network to
> improve availability of services (specifically, logon, authentication, and
> DNS services) in case my SBS goes down or requires a reboot during
> business hours. I realize this may add complexity to my network
> environment, but I'm willing to accept that on two conditions: 1) It
> achieves the desired result of minimizing the impact to users if SBS 2003
> goes down, and 2) I can succeeed in running down and eliminating
> recurring event log errors I currently am seeing. If I understand
> correctly, I should be able to continue providing all major services to my
> users, with the obvious exception of Exchange, if I have a replica DC.
>
> Does that make sense, and is it correct?
>
> I should add that since my last post, I have configured the DNS service on
> the replica DC and pointed it to itself for DNS, with a forwarder to the
> SBS box. Immediately after installing and configuring DNS, the DNS
> Console already showed my DNS zones and records. I'm using AD-integrated
> zones.
>
> Thanks,
>
> Bryan
>
>
>
> "Frank McCallister SBS MVP" <anonymous> wrote in message
> news:%23x697X$(E-Mail Removed)...
>> Hi Bryan
>>
>> Does your SBS have SBS SP1 Installed? Why are you making the member
>> server a DC?
>>
>> --
>> Frank McCallister SBS MVP
>> COMPUMAC
>> "Bryan L" <(E-Mail Removed)> wrote in message
>> news:%23khGQW%(E-Mail Removed)...
>>>I recently wiped a server and did a clean install of Server 2003 SP1.
>>>After joining it to my SBS domain using the wizard and connectcomputer
>>>tool, I dcpromoed the machine to be a second domain controller on my
>>>network. I now have a string of continuous Failure Audit errors in the
>>>Security log on that machine Details:
>>>
>>> Date: [date] Source: Security
>>> Time: [time] Category: Logon/Logoff
>>> Type: Failure Aud Event ID: 529
>>> User: NT AUTHORITY\SYSTEM
>>> Computer: [computername]
>>>
>>> Description:
>>> Logon Failure:
>>> Reason: Unknown user name or bad password
>>> User Name:
>>> Domain:
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: {valid, assigned internal address}
>>> Source Port: {various}
>>>
>>> More information:
>>>
>>> These messages appear with Source IPs of various machines in our office,
>>> both workstations and servers. The events appear in big bunches, with
>>> multiple events appearing during the same second, or in consecutive
>>> seconds, for a single IP and port. The port numbers vary, and the port
>>> is sometimes 0.
>>>
>>> Over 2200 of these events have appeared just since midnight this
>>> morning. None of the workstations has been configured to do anything
>>> with this server yet. After promoting this machine to be a DC, the only
>>> configuration I performed on it was to make it a Global Catalog Server.
>>>
>>> Thanks in advance for any ideas.
>>>
>>> Bryan
>>>
>>
>>
>
>

The SBS has just one NIC at present, but that's easy to change if two can
simplify or improve things. It's running Standard. We use DHCP, DNS (of
course), make extensive use of Group Policy, and use Exchange. I'm hoping
that, other than access to exchange and the unique SBS tools, I can provide
a much more fault-tolerant environment for my users.

Bryan

"Frank McCallister SBS MVP" <anonymous> wrote in message
news:(E-Mail Removed)...
> As long as you don't make the member server a TS this is permissable but
> you aren't going to get the ability you think you will to continue smooth
> operation this way with SBS failure AFAIK. Perhaps others can provide more
> info along this line. Does the SBS have one or two nics? Standard or
> Premium with ISA?
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "Bryan L" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Thanks for the reply Frank.
>>
>> Yes, the SBS has SP1 installed; I held off even installing the OS on the
>> Server 2003 DC until the SBS and all other member servers were running
>> 2003 SP1, since my Server 2003 Std CD has SP1 slipstreamed into it. I
>> carefully planned the SP1 upgrade for SBS and happily, have had few
>> issues.
>>
>> As to your second question, I'd like to have a replica DC in my network
>> to improve availability of services (specifically, logon, authentication,
>> and DNS services) in case my SBS goes down or requires a reboot during
>> business hours. I realize this may add complexity to my network
>> environment, but I'm willing to accept that on two conditions: 1) It
>> achieves the desired result of minimizing the impact to users if SBS 2003
>> goes down, and 2) I can succeeed in running down and eliminating
>> recurring event log errors I currently am seeing. If I understand
>> correctly, I should be able to continue providing all major services to
>> my users, with the obvious exception of Exchange, if I have a replica DC.
>>
>> Does that make sense, and is it correct?
>>
>> I should add that since my last post, I have configured the DNS service
>> on the replica DC and pointed it to itself for DNS, with a forwarder to
>> the SBS box. Immediately after installing and configuring DNS, the DNS
>> Console already showed my DNS zones and records. I'm using AD-integrated
>> zones.
>>
>> Thanks,
>>
>> Bryan
>>
>>
>>
>> "Frank McCallister SBS MVP" <anonymous> wrote in message
>> news:%23x697X$(E-Mail Removed)...
>>> Hi Bryan
>>>
>>> Does your SBS have SBS SP1 Installed? Why are you making the member
>>> server a DC?
>>>
>>> --
>>> Frank McCallister SBS MVP
>>> COMPUMAC
>>> "Bryan L" <(E-Mail Removed)> wrote in message
>>> news:%23khGQW%(E-Mail Removed)...
>>>>I recently wiped a server and did a clean install of Server 2003 SP1.
>>>>After joining it to my SBS domain using the wizard and connectcomputer
>>>>tool, I dcpromoed the machine to be a second domain controller on my
>>>>network. I now have a string of continuous Failure Audit errors in the
>>>>Security log on that machine Details:
>>>>
>>>> Date: [date] Source: Security
>>>> Time: [time] Category: Logon/Logoff
>>>> Type: Failure Aud Event ID: 529
>>>> User: NT AUTHORITY\SYSTEM
>>>> Computer: [computername]
>>>>
>>>> Description:
>>>> Logon Failure:
>>>> Reason: Unknown user name or bad password
>>>> User Name:
>>>> Domain:
>>>> Logon Type: 3
>>>> Logon Process: Kerberos
>>>> Authentication Package: Kerberos
>>>> Workstation Name: -
>>>> Caller User Name: -
>>>> Caller Domain: -
>>>> Caller Logon ID: -
>>>> Caller Process ID: -
>>>> Transited Services: -
>>>> Source Network Address: {valid, assigned internal address}
>>>> Source Port: {various}
>>>>
>>>> More information:
>>>>
>>>> These messages appear with Source IPs of various machines in our
>>>> office, both workstations and servers. The events appear in big
>>>> bunches, with multiple events appearing during the same second, or in
>>>> consecutive seconds, for a single IP and port. The port numbers vary,
>>>> and the port is sometimes 0.
>>>>
>>>> Over 2200 of these events have appeared just since midnight this
>>>> morning. None of the workstations has been configured to do anything
>>>> with this server yet. After promoting this machine to be a DC, the
>>>> only configuration I performed on it was to make it a Global Catalog
>>>> Server.
>>>>
>>>> Thanks in advance for any ideas.
>>>>
>>>> Bryan
>>>>
>>>
>>>
>>
>>
>
>

Please post the IPCONFIG /ALL from both servers so we can see the
configuration.

--
Frank McCallister SBS MVP
COMPUMAC
"Bryan L" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The SBS has just one NIC at present, but that's easy to change if two can
> simplify or improve things. It's running Standard. We use DHCP, DNS (of
> course), make extensive use of Group Policy, and use Exchange. I'm hoping
> that, other than access to exchange and the unique SBS tools, I can
> provide a much more fault-tolerant environment for my users.
>
> Bryan
>
> "Frank McCallister SBS MVP" <anonymous> wrote in message
> news:(E-Mail Removed)...
>> As long as you don't make the member server a TS this is permissable but
>> you aren't going to get the ability you think you will to continue smooth
>> operation this way with SBS failure AFAIK. Perhaps others can provide
>> more info along this line. Does the SBS have one or two nics? Standard or
>> Premium with ISA?
>>
>> --
>> Frank McCallister SBS MVP
>> COMPUMAC
>> "Bryan L" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Thanks for the reply Frank.
>>>
>>> Yes, the SBS has SP1 installed; I held off even installing the OS on the
>>> Server 2003 DC until the SBS and all other member servers were running
>>> 2003 SP1, since my Server 2003 Std CD has SP1 slipstreamed into it. I
>>> carefully planned the SP1 upgrade for SBS and happily, have had few
>>> issues.
>>>
>>> As to your second question, I'd like to have a replica DC in my network
>>> to improve availability of services (specifically, logon,
>>> authentication, and DNS services) in case my SBS goes down or requires a
>>> reboot during business hours. I realize this may add complexity to my
>>> network environment, but I'm willing to accept that on two conditions:
>>> 1) It achieves the desired result of minimizing the impact to users if
>>> SBS 2003 goes down, and 2) I can succeeed in running down and
>>> eliminating recurring event log errors I currently am seeing. If I
>>> understand correctly, I should be able to continue providing all major
>>> services to my users, with the obvious exception of Exchange, if I have
>>> a replica DC.
>>>
>>> Does that make sense, and is it correct?
>>>
>>> I should add that since my last post, I have configured the DNS service
>>> on the replica DC and pointed it to itself for DNS, with a forwarder to
>>> the SBS box. Immediately after installing and configuring DNS, the DNS
>>> Console already showed my DNS zones and records. I'm using
>>> AD-integrated zones.
>>>
>>> Thanks,
>>>
>>> Bryan
>>>
>>>
>>>
>>> "Frank McCallister SBS MVP" <anonymous> wrote in message
>>> news:%23x697X$(E-Mail Removed)...
>>>> Hi Bryan
>>>>
>>>> Does your SBS have SBS SP1 Installed? Why are you making the member
>>>> server a DC?
>>>>
>>>> --
>>>> Frank McCallister SBS MVP
>>>> COMPUMAC
>>>> "Bryan L" <(E-Mail Removed)> wrote in message
>>>> news:%23khGQW%(E-Mail Removed)...
>>>>>I recently wiped a server and did a clean install of Server 2003 SP1.
>>>>>After joining it to my SBS domain using the wizard and connectcomputer
>>>>>tool, I dcpromoed the machine to be a second domain controller on my
>>>>>network. I now have a string of continuous Failure Audit errors in the
>>>>>Security log on that machine Details:
>>>>>
>>>>> Date: [date] Source: Security
>>>>> Time: [time] Category: Logon/Logoff
>>>>> Type: Failure Aud Event ID: 529
>>>>> User: NT AUTHORITY\SYSTEM
>>>>> Computer: [computername]
>>>>>
>>>>> Description:
>>>>> Logon Failure:
>>>>> Reason: Unknown user name or bad password
>>>>> User Name:
>>>>> Domain:
>>>>> Logon Type: 3
>>>>> Logon Process: Kerberos
>>>>> Authentication Package: Kerberos
>>>>> Workstation Name: -
>>>>> Caller User Name: -
>>>>> Caller Domain: -
>>>>> Caller Logon ID: -
>>>>> Caller Process ID: -
>>>>> Transited Services: -
>>>>> Source Network Address: {valid, assigned internal address}
>>>>> Source Port: {various}
>>>>>
>>>>> More information:
>>>>>
>>>>> These messages appear with Source IPs of various machines in our
>>>>> office, both workstations and servers. The events appear in big
>>>>> bunches, with multiple events appearing during the same second, or in
>>>>> consecutive seconds, for a single IP and port. The port numbers vary,
>>>>> and the port is sometimes 0.
>>>>>
>>>>> Over 2200 of these events have appeared just since midnight this
>>>>> morning. None of the workstations has been configured to do anything
>>>>> with this server yet. After promoting this machine to be a DC, the
>>>>> only configuration I performed on it was to make it a Global Catalog
>>>>> Server.
>>>>>
>>>>> Thanks in advance for any ideas.
>>>>>
>>>>> Bryan
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Ooops hit send to quick! Also how did you make this a GC and are you getting
any Replication errors on either server?

--
Frank McCallister SBS MVP
COMPUMAC
"Bryan L" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The SBS has just one NIC at present, but that's easy to change if two can
> simplify or improve things. It's running Standard. We use DHCP, DNS (of
> course), make extensive use of Group Policy, and use Exchange. I'm hoping
> that, other than access to exchange and the unique SBS tools, I can
> provide a much more fault-tolerant environment for my users.
>
> Bryan
>
> "Frank McCallister SBS MVP" <anonymous> wrote in message
> news:(E-Mail Removed)...
>> As long as you don't make the member server a TS this is permissable but
>> you aren't going to get the ability you think you will to continue smooth
>> operation this way with SBS failure AFAIK. Perhaps others can provide
>> more info along this line. Does the SBS have one or two nics? Standard or
>> Premium with ISA?
>>
>> --
>> Frank McCallister SBS MVP
>> COMPUMAC
>> "Bryan L" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Thanks for the reply Frank.
>>>
>>> Yes, the SBS has SP1 installed; I held off even installing the OS on the
>>> Server 2003 DC until the SBS and all other member servers were running
>>> 2003 SP1, since my Server 2003 Std CD has SP1 slipstreamed into it. I
>>> carefully planned the SP1 upgrade for SBS and happily, have had few
>>> issues.
>>>
>>> As to your second question, I'd like to have a replica DC in my network
>>> to improve availability of services (specifically, logon,
>>> authentication, and DNS services) in case my SBS goes down or requires a
>>> reboot during business hours. I realize this may add complexity to my
>>> network environment, but I'm willing to accept that on two conditions:
>>> 1) It achieves the desired result of minimizing the impact to users if
>>> SBS 2003 goes down, and 2) I can succeeed in running down and
>>> eliminating recurring event log errors I currently am seeing. If I
>>> understand correctly, I should be able to continue providing all major
>>> services to my users, with the obvious exception of Exchange, if I have
>>> a replica DC.
>>>
>>> Does that make sense, and is it correct?
>>>
>>> I should add that since my last post, I have configured the DNS service
>>> on the replica DC and pointed it to itself for DNS, with a forwarder to
>>> the SBS box. Immediately after installing and configuring DNS, the DNS
>>> Console already showed my DNS zones and records. I'm using
>>> AD-integrated zones.
>>>
>>> Thanks,
>>>
>>> Bryan
>>>
>>>
>>>
>>> "Frank McCallister SBS MVP" <anonymous> wrote in message
>>> news:%23x697X$(E-Mail Removed)...
>>>> Hi Bryan
>>>>
>>>> Does your SBS have SBS SP1 Installed? Why are you making the member
>>>> server a DC?
>>>>
>>>> --
>>>> Frank McCallister SBS MVP
>>>> COMPUMAC
>>>> "Bryan L" <(E-Mail Removed)> wrote in message
>>>> news:%23khGQW%(E-Mail Removed)...
>>>>>I recently wiped a server and did a clean install of Server 2003 SP1.
>>>>>After joining it to my SBS domain using the wizard and connectcomputer
>>>>>tool, I dcpromoed the machine to be a second domain controller on my
>>>>>network. I now have a string of continuous Failure Audit errors in the
>>>>>Security log on that machine Details:
>>>>>
>>>>> Date: [date] Source: Security
>>>>> Time: [time] Category: Logon/Logoff
>>>>> Type: Failure Aud Event ID: 529
>>>>> User: NT AUTHORITY\SYSTEM
>>>>> Computer: [computername]
>>>>>
>>>>> Description:
>>>>> Logon Failure:
>>>>> Reason: Unknown user name or bad password
>>>>> User Name:
>>>>> Domain:
>>>>> Logon Type: 3
>>>>> Logon Process: Kerberos
>>>>> Authentication Package: Kerberos
>>>>> Workstation Name: -
>>>>> Caller User Name: -
>>>>> Caller Domain: -
>>>>> Caller Logon ID: -
>>>>> Caller Process ID: -
>>>>> Transited Services: -
>>>>> Source Network Address: {valid, assigned internal address}
>>>>> Source Port: {various}
>>>>>
>>>>> More information:
>>>>>
>>>>> These messages appear with Source IPs of various machines in our
>>>>> office, both workstations and servers. The events appear in big
>>>>> bunches, with multiple events appearing during the same second, or in
>>>>> consecutive seconds, for a single IP and port. The port numbers vary,
>>>>> and the port is sometimes 0.
>>>>>
>>>>> Over 2200 of these events have appeared just since midnight this
>>>>> morning. None of the workstations has been configured to do anything
>>>>> with this server yet. After promoting this machine to be a DC, the
>>>>> only configuration I performed on it was to make it a Global Catalog
>>>>> Server.
>>>>>
>>>>> Thanks in advance for any ideas.
>>>>>
>>>>> Bryan
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Replication errors:
No replication errors as far as I can tell, but I haven't worked much with
AD replication yet; do I look in the Directory Service log for those? No
errors there in the past 5 days on either machine, just informational
messages about online defragmentation completing every 12 hours.

I *am* getting these errors regularly on the new DC's System log; there are
no matching messages in the System log of the SBS. They appear every two
hours, alternating back and forth one hour apart from each other:

------------------------------
Event Type: Warning
Event Source: BROWSER
Event Category: None
Event ID: 8021
Date: 7/18/2005
Time: 8:06:37 AM
User: N/A
Computer: NewDC
Description:
The browser service was unable to retrieve a list of servers from the
browser master \\SBS on the network
\Device\NetBT_Tcpip_{A6D5FA65D46A-A6DF-ASDF-ADF5-ADFAD65FAD}.

Browser master: \\SBS
Network: \Device\NetBT_Tcpip_{ADADF4FADF-6546-5465-ADFADF654ADSFA}

This event may be caused by a temporary loss of network connectivity. If
this message appears again, verify that the server is still connected to the
network. The return code is in the Data text box.

---------------------------
Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date: 7/18/2005
Time: 9:06:37 AM
User: N/A
Computer: NewDC
Description:
The browser service has failed to retrieve the backup list too many times on
transport \Device\NetBT_Tcpip_{ADSFADF-15ADF-1ADF-15ADSFADFAADF}. The backup
browser is stopping.

-------------------------------
Global Catalog:
I made it a GC in AD Sites and Services > Sites > Default-First-Site-Name >
Servers > [servername] > NTDS Settings, right-click > Properties, checkbox
Global Catalog.

Windows IP Configuration - SBS
--------------------------------------
Host Name . . . . . . . . . . . . : SBS
Primary Dns Suffix . . . . . . . : Domain.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : Domain.local

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
Connection
Physical Address. . . . . . . . . : 00-11-22-33-44-55
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.xxx.9
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.xxx.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.xxx.1
DNS Servers . . . . . . . . . . . : 192.168.xxx.8
Primary WINS Server . . . . . . . : 192.168.xxx.8
__________________________________________

Windows IP Configuration - New DC
----------------------------------------
Host Name . . . . . . . . . . . . : NewDC
Primary Dns Suffix . . . . . . . : Domain.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Domain.local

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.xxx.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.xxx.1
DNS Servers . . . . . . . . . . . : 192.168.xxx.7


Hope this helps.

Thanks,
Bryan


"Frank McCallister SBS MVP" <anonymous> wrote in message
news:(E-Mail Removed)...

> Ooops hit send to quick! Also how did you make this a GC and are you
> getting any Replication errors on either server?
>
> --
> Frank McCallister SBS MVP
> COMPUMAC
> "Bryan L" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> The SBS has just one NIC at present, but that's easy to change if two can
>> simplify or improve things. It's running Standard. We use DHCP, DNS (of
>> course), make extensive use of Group Policy, and use Exchange. I'm
>> hoping that, other than access to exchange and the unique SBS tools, I
>> can provide a much more fault-tolerant environment for my users.
>>
>> Bryan
>>
>> "Frank McCallister SBS MVP" <anonymous> wrote in message
>> news:(E-Mail Removed)...
>>> As long as you don't make the member server a TS this is permissable but
>>> you aren't going to get the ability you think you will to continue
>>> smooth operation this way with SBS failure AFAIK. Perhaps others can
>>> provide more info along this line. Does the SBS have one or two nics?
>>> Standard or Premium with ISA?
>>>
>>> --
>>> Frank McCallister SBS MVP
>>> COMPUMAC
>>> "Bryan L" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> Thanks for the reply Frank.
>>>>
>>>> Yes, the SBS has SP1 installed; I held off even installing the OS on
>>>> the Server 2003 DC until the SBS and all other member servers were
>>>> running 2003 SP1, since my Server 2003 Std CD has SP1 slipstreamed into
>>>> it. I carefully planned the SP1 upgrade for SBS and happily, have had
>>>> few issues.
>>>>
>>>> As to your second question, I'd like to have a replica DC in my network
>>>> to improve availability of services (specifically, logon,
>>>> authentication, and DNS services) in case my SBS goes down or requires
>>>> a reboot during business hours. I realize this may add complexity to
>>>> my network environment, but I'm willing to accept that on two
>>>> conditions: 1) It achieves the desired result of minimizing the impact
>>>> to users if SBS 2003 goes down, and 2) I can succeeed in running down
>>>> and eliminating recurring event log errors I currently am seeing. If I
>>>> understand correctly, I should be able to continue providing all major
>>>> services to my users, with the obvious exception of Exchange, if I have
>>>> a replica DC.
>>>>
>>>> Does that make sense, and is it correct?
>>>>
>>>> I should add that since my last post, I have configured the DNS service
>>>> on the replica DC and pointed it to itself for DNS, with a forwarder to
>>>> the SBS box. Immediately after installing and configuring DNS, the DNS
>>>> Console already showed my DNS zones and records. I'm using
>>>> AD-integrated zones.
>>>>
>>>> Thanks,
>>>>
>>>> Bryan
>>>>
>>>>
>>>>
>>>> "Frank McCallister SBS MVP" <anonymous> wrote in message
>>>> news:%23x697X$(E-Mail Removed)...
>>>>> Hi Bryan
>>>>>
>>>>> Does your SBS have SBS SP1 Installed? Why are you making the member
>>>>> server a DC?
>>>>>
>>>>> --
>>>>> Frank McCallister SBS MVP
>>>>> COMPUMAC
>>>>> "Bryan L" <(E-Mail Removed)> wrote in
>>>>> message news:%23khGQW%(E-Mail Removed)...
>>>>>>I recently wiped a server and did a clean install of Server 2003 SP1.
>>>>>>After joining it to my SBS domain using the wizard and connectcomputer
>>>>>>tool, I dcpromoed the machine to be a second domain controller on my
>>>>>>network. I now have a string of continuous Failure Audit errors in
>>>>>>the Security log on that machine Details:
>>>>>>
>>>>>> Date: [date] Source: Security
>>>>>> Time: [time] Category: Logon/Logoff
>>>>>> Type: Failure Aud Event ID: 529
>>>>>> User: NT AUTHORITY\SYSTEM
>>>>>> Computer: [computername]
>>>>>>
>>>>>> Description:
>>>>>> Logon Failure:
>>>>>> Reason: Unknown user name or bad password
>>>>>> User Name:
>>>>>> Domain:
>>>>>> Logon Type: 3
>>>>>> Logon Process: Kerberos
>>>>>> Authentication Package: Kerberos
>>>>>> Workstation Name: -
>>>>>> Caller User Name: -
>>>>>> Caller Domain: -
>>>>>> Caller Logon ID: -
>>>>>> Caller Process ID: -
>>>>>> Transited Services: -
>>>>>> Source Network Address: {valid, assigned internal address}
>>>>>> Source Port: {various}
>>>>>>
>>>>>> More information:
>>>>>>
>>>>>> These messages appear with Source IPs of various machines in our
>>>>>> office, both workstations and servers. The events appear in big
>>>>>> bunches, with multiple events appearing during the same second, or in
>>>>>> consecutive seconds, for a single IP and port. The port numbers
>>>>>> vary, and the port is sometimes 0.
>>>>>>
>>>>>> Over 2200 of these events have appeared just since midnight this
>>>>>> morning. None of the workstations has been configured to do anything
>>>>>> with this server yet. After promoting this machine to be a DC, the
>>>>>> only configuration I performed on it was to make it a Global Catalog
>>>>>> Server.
>>>>>>
>>>>>> Thanks in advance for any ideas.
>>>>>>
>>>>>> Bryan
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Hi Bryan,

You can't have multiple IP's on the SBS internal nic. You are missing WINS
on the member DC. Please change it and post the complete ipconfig/all again.
No use using xxx as they are private IP's anyway.

--
Regards,

Marina Roos
Microsoft SBS-MVP
One of the Magical M&M's
www.smallbizserver.net
Take part in SBS forum:
http://www.smallbizserver.net/Default.aspx?tabid=53

"Bryan L" <(E-Mail Removed)> schreef in bericht
news:%(E-Mail Removed)...
> Replication errors:
> No replication errors as far as I can tell, but I haven't worked much with
> AD replication yet; do I look in the Directory Service log for those? No
> errors there in the past 5 days on either machine, just informational
> messages about online defragmentation completing every 12 hours.
>
> I *am* getting these errors regularly on the new DC's System log; there
are
> no matching messages in the System log of the SBS. They appear every two
> hours, alternating back and forth one hour apart from each other:
>
> ------------------------------
> Event Type: Warning
> Event Source: BROWSER
> Event Category: None
> Event ID: 8021
> Date: 7/18/2005
> Time: 8:06:37 AM
> User: N/A
> Computer: NewDC
> Description:
> The browser service was unable to retrieve a list of servers from the
> browser master \\SBS on the network
> \Device\NetBT_Tcpip_{A6D5FA65D46A-A6DF-ASDF-ADF5-ADFAD65FAD}.
>
> Browser master: \\SBS
> Network: \Device\NetBT_Tcpip_{ADADF4FADF-6546-5465-ADFADF654ADSFA}
>
> This event may be caused by a temporary loss of network connectivity. If
> this message appears again, verify that the server is still connected to
the
> network. The return code is in the Data text box.
>
> ---------------------------
> Event Type: Error
> Event Source: BROWSER
> Event Category: None
> Event ID: 8032
> Date: 7/18/2005
> Time: 9:06:37 AM
> User: N/A
> Computer: NewDC
> Description:
> The browser service has failed to retrieve the backup list too many times
on
> transport \Device\NetBT_Tcpip_{ADSFADF-15ADF-1ADF-15ADSFADFAADF}. The
backup
> browser is stopping.
>
> -------------------------------
> Global Catalog:
> I made it a GC in AD Sites and Services > Sites > Default-First-Site-Name
>
> Servers > [servername] > NTDS Settings, right-click > Properties, checkbox
> Global Catalog.
>
> Windows IP Configuration - SBS
> --------------------------------------
> Host Name . . . . . . . . . . . . : SBS
> Primary Dns Suffix . . . . . . . : Domain.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : Yes
> DNS Suffix Search List. . . . . . : Domain.local
>
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
> Connection
> Physical Address. . . . . . . . . : 00-11-22-33-44-55
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.xxx.9
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> IP Address. . . . . . . . . . . . : 192.168.xxx.8
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.xxx.1
> DNS Servers . . . . . . . . . . . : 192.168.xxx.8
> Primary WINS Server . . . . . . . : 192.168.xxx.8
> __________________________________________
>
> Windows IP Configuration - New DC
> ----------------------------------------
> Host Name . . . . . . . . . . . . : NewDC
> Primary Dns Suffix . . . . . . . : Domain.local
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : Domain.local
>
> Ethernet adapter Local Area Connection 2:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop
Adapter
> Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.xxx.7
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.xxx.1
> DNS Servers . . . . . . . . . . . : 192.168.xxx.7
>
>
> Hope this helps.
>
> Thanks,
> Bryan
>
>
> "Frank McCallister SBS MVP" <anonymous> wrote in message
> news:(E-Mail Removed)...
>
> > Ooops hit send to quick! Also how did you make this a GC and are you
> > getting any Replication errors on either server?
> >
> > --
> > Frank McCallister SBS MVP
> > COMPUMAC
> > "Bryan L" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> The SBS has just one NIC at present, but that's easy to change if two
can
> >> simplify or improve things. It's running Standard. We use DHCP, DNS
(of
> >> course), make extensive use of Group Policy, and use Exchange. I'm
> >> hoping that, other than access to exchange and the unique SBS tools, I
> >> can provide a much more fault-tolerant environment for my users.
> >>
> >> Bryan
> >>
> >> "Frank McCallister SBS MVP" <anonymous> wrote in message
> >> news:(E-Mail Removed)...
> >>> As long as you don't make the member server a TS this is permissable
but
> >>> you aren't going to get the ability you think you will to continue
> >>> smooth operation this way with SBS failure AFAIK. Perhaps others can
> >>> provide more info along this line. Does the SBS have one or two nics?
> >>> Standard or Premium with ISA?
> >>>
> >>> --
> >>> Frank McCallister SBS MVP
> >>> COMPUMAC
> >>> "Bryan L" <(E-Mail Removed)> wrote in
message
> >>> news:%(E-Mail Removed)...
> >>>> Thanks for the reply Frank.
> >>>>
> >>>> Yes, the SBS has SP1 installed; I held off even installing the OS on
> >>>> the Server 2003 DC until the SBS and all other member servers were
> >>>> running 2003 SP1, since my Server 2003 Std CD has SP1 slipstreamed
into
> >>>> it. I carefully planned the SP1 upgrade for SBS and happily, have
had
> >>>> few issues.
> >>>>
> >>>> As to your second question, I'd like to have a replica DC in my
network
> >>>> to improve availability of services (specifically, logon,
> >>>> authentication, and DNS services) in case my SBS goes down or
requires
> >>>> a reboot during business hours. I realize this may add complexity to
> >>>> my network environment, but I'm willing to accept that on two
> >>>> conditions: 1) It achieves the desired result of minimizing the
impact
> >>>> to users if SBS 2003 goes down, and 2) I can succeeed in running
down
> >>>> and eliminating recurring event log errors I currently am seeing. If
I
> >>>> understand correctly, I should be able to continue providing all
major
> >>>> services to my users, with the obvious exception of Exchange, if I
have
> >>>> a replica DC.
> >>>>
> >>>> Does that make sense, and is it correct?
> >>>>
> >>>> I should add that since my last post, I have configured the DNS
service
> >>>> on the replica DC and pointed it to itself for DNS, with a forwarder
to
> >>>> the SBS box. Immediately after installing and configuring DNS, the
DNS
> >>>> Console already showed my DNS zones and records. I'm using
> >>>> AD-integrated zones.
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Bryan
> >>>>
> >>>>
> >>>>
> >>>> "Frank McCallister SBS MVP" <anonymous> wrote in message
> >>>> news:%23x697X$(E-Mail Removed)...
> >>>>> Hi Bryan
> >>>>>
> >>>>> Does your SBS have SBS SP1 Installed? Why are you making the member
> >>>>> server a DC?
> >>>>>
> >>>>> --
> >>>>> Frank McCallister SBS MVP
> >>>>> COMPUMAC
> >>>>> "Bryan L" <(E-Mail Removed)> wrote in
> >>>>> message news:%23khGQW%(E-Mail Removed)...
> >>>>>>I recently wiped a server and did a clean install of Server 2003
SP1.
> >>>>>>After joining it to my SBS domain using the wizard and
connectcomputer
> >>>>>>tool, I dcpromoed the machine to be a second domain controller on my
> >>>>>>network. I now have a string of continuous Failure Audit errors in
> >>>>>>the Security log on that machine Details:
> >>>>>>
> >>>>>> Date: [date] Source: Security
> >>>>>> Time: [time] Category: Logon/Logoff
> >>>>>> Type: Failure Aud Event ID: 529
> >>>>>> User: NT AUTHORITY\SYSTEM
> >>>>>> Computer: [computername]
> >>>>>>
> >>>>>> Description:
> >>>>>> Logon Failure:
> >>>>>> Reason: Unknown user name or bad password
> >>>>>> User Name:
> >>>>>> Domain:
> >>>>>> Logon Type: 3
> >>>>>> Logon Process: Kerberos
> >>>>>> Authentication Package: Kerberos
> >>>>>> Workstation Name: -
> >>>>>> Caller User Name: -
> >>>>>> Caller Domain: -
> >>>>>> Caller Logon ID: -
> >>>>>> Caller Process ID: -
> >>>>>> Transited Services: -
> >>>>>> Source Network Address: {valid, assigned internal address}
> >>>>>> Source Port: {various}
> >>>>>>
> >>>>>> More information:
> >>>>>>
> >>>>>> These messages appear with Source IPs of various machines in our
> >>>>>> office, both workstations and servers. The events appear in big
> >>>>>> bunches, with multiple events appearing during the same second, or
in
> >>>>>> consecutive seconds, for a single IP and port. The port numbers
> >>>>>> vary, and the port is sometimes 0.
> >>>>>>
> >>>>>> Over 2200 of these events have appeared just since midnight this
> >>>>>> morning. None of the workstations has been configured to do
anything
> >>>>>> with this server yet. After promoting this machine to be a DC, the
> >>>>>> only configuration I performed on it was to make it a Global
Catalog
> >>>>>> Server.
> >>>>>>
> >>>>>> Thanks in advance for any ideas.
> >>>>>>
> >>>>>> Bryan
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>