|
Posted by Roger Abell [MVP] on March 30, 2007, 9:27 am
Please log in for more thread options Lucvdv,
I am x-posting to the active_directory newsgroup which would
likely be a better choice than the general group you have added.
Roger
> It's getting worse with every reboot (other errors start occurring), so I
> guess I shouldn't have posted this to the security group. Crossposted now
> and followups set to .general in an attempt to move the thread.
>
> A small mistake in the original post: the problem didn't start after
> upgrading to Server 2003 - it started after installing SP2.
> The upgrade was a few days earlier, and everything looked fine then.
>
>
> Now I'm wondering if it's a hardware problem (doesn't look like it - the
> RAID controller the harddisks seem OK, and chkdsk finds no errors), or if
> SP2 inflicted it on me.
>
> More below the quote.
>
>
>
>> After upgrading a Win2000 server (PDC) to Server 2003 R2, I get the old
>> 'at
>> least one service or driver failed to start' popup on the logon screen at
>> every boot.
>>
>> There are two messages in the event log that look related, an error and a
>> warning:
>>
>> error
>> SCM event 7022,
>> "The Kerberos Key Distribution service hung on starting"
>>
>> warning
>> KDC event 20,
>> "The currently selected KDC certificate was once valid, but now is
>> invalid and no replacement was found"
>>
>>
>> I ran 'netdiag /test:kerberos /v' and 'certutil -DCInfo', neither reports
>> an error.
>>
>> I started MMC with the certificates plugin, and looked up the KDC
>> certificate by the serial number that certutil reported: it is OK and
>> still
>> valid until February 2009, but after a new reboot the warning and the
>> hang
>> at startup both just came back.
>>
>>
>> Does anyone have an idea what might cause this?
>
>
>
> I changed the KDC service to manual start and rebooted, just to see what
> it
> would give.
>
> The service didn't start anymore, but
> - the 'preparing network connections' boot phase took minutes to complete
> - now the DNS server service hung on starting (which it didn't do
> before)??
>
>
> Changed KDC back to auto-start, and changed the service startup timeout to
> 60 seconds.
>
> Result: KDC no longer hangs (so 60 seconds seems to be enough).
>
> But now I got a message saying the system just rebooted from an
> 'unexpected
> shutdown' (which isn't true, it was a normal reboot), there are a ton of
> error messages from DNS and DHCP services because they can't find the AD
> anymore, and directory services in turn have an error saying connecting to
> the global catalog failed because of an internal error.
>
>
> I think it's reinstall/restore time - thank it's only a test
> setup.
| 
XML Sitemap