List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Parent DC fails Trusted Machine Account test

Prev Next

You are not authorized to post a reply.

Author

Messages

MikeLeone

Posts:55

02/24/2010 3:28 PM
I have a Win2000 domain, in a parent/child configuration. We're trying to upgrade it to Win2003 this weekend. (Way overdue, I know) I have 4 DCs in the parent domain, 2 in the child. One of the parent DCs is showing an error in DCDIAG. Starting test: MachineAccount * ADMNRDC001 is not a server trust account * ADMNRDC001 is not trusted for account delegation * SPN found :LDAP/admnrdc001.ads.pha.phila.gov/ads.pha.phila.gov * SPN found :LDAP/admnrdc001.ads.pha.phila.gov * SPN found :LDAP/ADMNRDC001 * SPN found :LDAP/admnrdc001.ads.pha.phila.gov/ADS * SPN found :LDAP/edcb95d8-2a02-4cd7-8fa7-3a92f9647144._msdcs.ads.pha.phila.gov * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/edcb95d8-2a02-4cd7-8fa7-3a92f9647144/ads.pha.phila.gov * SPN found :HOST/admnrdc001.ads.pha.phila.gov/ads.pha.phila.gov * SPN found :HOST/admnrdc001.ads.pha.phila.gov * SPN found :HOST/ADMNRDC001 * SPN found :HOST/admnrdc001.ads.pha.phila.gov/ADS * SPN found :GC/admnrdc001.ads.pha.phila.gov/ads.pha.phila.gov ......................... ADMNRDC001 failed test MachineAccount Starting test: Services Searches have indicated verifying that the DC is marked with "Trust computer for delegation" in AD U&C - and it is. Others indicate verifying that the UserAccountControl is set properly, and the value is the same for all 4 DCs in the parent domain. The server is shown as a DC in AD U&C. This server is Schema, Domain and Infrastructure Master for the parent domain. Not sure where to go next. I'd really love to clear up all my DCDIAG errors, so we can upgrade the domain this weekend. (we have new 2003 member servers all ready to go, just waiting to be DCPROMOed). Thanks for any help.

ZJORZ

Posts:363

04/29/2010 8:41 PM
Have you looked at?: http://blogs.dirteam.com/blogs/jorge/archive/2006/08/27/Incorrect-_2600_quot _3B00_userAccountControl_2600_quot_3B00_-Attribute-value-causes-error-when-r unning-DCDIAG-or-during-promotion-of-a-server-to-a-DC.aspx does it apply? Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) Ing. Jorge de Almeida Pinto Senior Technical Consultant MVP Identity & Access - Directory Services (MVP Profile) (Blog) * This posting is provided "AS IS" with no warranties and confers no rights! * Always test before implementing! -----Original Message----- From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Michael Leone Sent: Wednesday, February 24, 2010 16:28 To: NT Admin Mailing List; Active Dir ML Subject: [ActiveDir] Parent DC fails Trusted Machine Account test I have a Win2000 domain, in a parent/child configuration. We're trying to upgrade it to Win2003 this weekend. (Way overdue, I know) I have 4 DCs in the parent domain, 2 in the child. One of the parent DCs is showing an error in DCDIAG. Starting test: MachineAccount * ADMNRDC001 is not a server trust account * ADMNRDC001 is not trusted for account delegation * SPN found :LDAP/admnrdc001.ads.pha.phila.gov/ads.pha.phila.gov * SPN found :LDAP/admnrdc001.ads.pha.phila.gov * SPN found :LDAP/ADMNRDC001 * SPN found :LDAP/admnrdc001.ads.pha.phila.gov/ADS * SPN found :LDAP/edcb95d8-2a02-4cd7-8fa7-3a92f9647144._msdcs.ads.pha.phila.gov * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/edcb95d8-2a02-4cd7-8fa7-3a92f9647144/a ds.pha.phila.gov * SPN found :HOST/admnrdc001.ads.pha.phila.gov/ads.pha.phila.gov * SPN found :HOST/admnrdc001.ads.pha.phila.gov * SPN found :HOST/ADMNRDC001 * SPN found :HOST/admnrdc001.ads.pha.phila.gov/ADS * SPN found :GC/admnrdc001.ads.pha.phila.gov/ads.pha.phila.gov ......................... ADMNRDC001 failed test MachineAccount Starting test: Services Searches have indicated verifying that the DC is marked with "Trust computer for delegation" in AD U&C - and it is. Others indicate verifying that the UserAccountControl is set properly, and the value is the same for all 4 DCs in the parent domain. The server is shown as a DC in AD U&C. This server is Schema, Domain and Infrastructure Master for the parent domain. Not sure where to go next. I'd really love to clear up all my DCDIAG errors, so we can upgrade the domain this weekend. (we have new 2003 member servers all ready to go, just waiting to be DCPROMOed). Thanks for any help.

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Parent DC fails Trusted Machine Account test

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads