Event ID 1411

[pacer]

I am having trouble resolving event id 1411 on our sub domain. This is the only sub domain DC, but I believe this was rebuilt after a HDD failure. Could these error messages be a result of a rebuild, i.e server with the same name?

I was reading thread thread931-1157866, but this hasn't helped me find a solution to resolve this error.

Another problem we are facing is we cannot move users from a domain group to our sub domain group. When you add the user in the subdomain group and click OK, they dissapear when you look at the users of this subdomain group.

Our subdomain DC server is Windows 2000 and our domain controller servers are Windows 2003.

The error I get on the subdomain Windows 2000 server is:

Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1411
Date: 18/07/2006
Time: 10:26:02
User: Everyone
Computer: abcd-ef-ghij
Description:
The Directory Service failed to construct a mutual authentication Service Principal Name (SPN) for server bb42232d-05d9-4129-9109-d51de665fb74._msdcs.abcd.com. The call is denied. The error was:
The DSA object could not be found.

The record data is the status code.
Data:
0000: e3 20 00 00 ã ..

Any suggestions on how this can be fixed?

Thanks,

Pacer

 

[itsp1965]

Try the solutions offered on Eventid.net

http://www.eventid.net/display.asp?eventid=1411&eventno=1264&source=NTDS Replication&phase=1

Hope this helps.

Regards

Terry

 

[pacer]

Thanks Terry - this is some help.



I believe the child domain "B" was restored after a server crash, but its AD data may be old.

When I run dcdiag /test:knowsof roleholders on the child domain "B", I get a 2 warnings:

1st warning: 'DC of domain B' could not resolve the name for role Schema Owner. The name error was Not Found.

2nd warning: CN="NTDS Settings DEL:xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",CN="NAME_OF_OLD_DOMAIN_A_DC

I think the child domain "b" is trying to contact a DC in domain "a" that does not exist anymore as its hostname was changed , but not the IP address.

Does anyone know what are the best practices to remove a reference to an old DC that doesn't exist anymore?

Thanks,

Pacer

 

[pacer]

Looking further into the domain "b" DC, and viewing the properties of the Operations Master, there is an error in all tabs, RID, PDC and Infrastructure. The operations master field says: ERROR and underneath this next to the 'Change...' button, it says 'The current operations master is offline. The role cannot be transferred.

 

[pacer]

After opening the Schema snap-in and looking at the Operations Master, I can see that the 'Current schema master' says offline and in the box below it says 'ERROR'.
I have the option to transfer the schema master role to another domain controller.
My question is what impact will this make to users on the domain during the transfer?

 

[pacer]

I have tried to transfer the Schema Role to a new DC, but I get the following error.
"The role owner attribute could not be read. The transfer of the current Operations Master could not be performed"

What would be the next procedure?

Thanks,

Pacer

 

[itsp1965]

Pacer did you ntdsutil to perform the FSMO role transfer to another DC. At this point you cannot use the GUI tools.

Terry

 

[pacer]

I used the GUI. Are you saying that I need to use ntsdutil instead?

I assumed the tranfer from the gui failed because the current Schema master has 'ERROR' in the GUI box.

I will look at the command I need to issue to transfer the roles.