1. Verify the status and startup type for the following services on the server that gets the error:Type of computer RPC service RPC Locator service
Windows Server 2003-based domain controller Started, Automatic Stopped, Manual
Windows Server 2003-based member server Started, Automatic Stopped, Manual
Windows Server 2003-based standalone server Started, Automatic Stopped, Manual
Windows 2000 Server-based domain controller Started, Automatic Started, Automatic
Windows 2000 Server-based member server Started, Automatic Started, Manual
Windows 2000 Server-based standalone server Started, Automatic Stopped, Manual
If you make any changes to the RPC service or to the RPC Locator service settings, restart the computer, and then test for the problem again.
2. Verify that the following keys exist in the registry (the keys are grouped according to operating system).
Windows XP, Windows Server 2003 and Microsoft Windows 2000
Verify that the ClientProtocols key exists under the HKEY_Local_Machine\Software\Microsoft\Rpcregistry subkey and that the ClientProtocolsentry contains at least the following five default values: Name Type Data
ncacn_http REG_SZ rpcrt4.dll
ncacn_ip_tcp REG_SZ rpcrt4.dll
ncacn_nb_tcp REG_SZ rpcrt4.dll
ncacn_np REG_SZ rpcrt4.dll
ncacn_ip_udp REG_SZ rpcrt4.dll
3. Verify that DNS is working correctly.
4. Verify connectivity:
1) Ports greater than 1024 are not blocked. (portqry)
2) Not blackhole in network path (ping -l -f)
3) Firewall/AV/Backup software/NIC drivers etc.
4) there are ports available for RPC (netstat)
Search This Blog
Apr 4, 2008
Mar 13, 2008
Beyond AdminSDHolder Object
Many people should know the object AdminSDHolder and what it does by now. It checks and reverts back protected group's ACL periodically, if found modified. This is a desirable feature (if you know how it works otherwise you will really be surprised). However, on the top of the above knowledge, it's also tricky to get a user's permission changed if he is a former member of protected group.
For example, if John was Domain Admin and later became a normal user. You will find out that John's permission still gets reverted periodically. This is very hard to figure if you didn't know the history of John's account. To correct this, two things need to be done before permissions can be changed.
1. Change adminCount's value to 0
2. Enable "inheritance"
For example, if John was Domain Admin and later became a normal user. You will find out that John's permission still gets reverted periodically. This is very hard to figure if you didn't know the history of John's account. To correct this, two things need to be done before permissions can be changed.
1. Change adminCount's value to 0
2. Enable "inheritance"
Feb 14, 2008
Alternative Way To Recover Deleted Objects
The recommended way to recover a deleted user or group is through Authorized Restore. It's not always desirable, however. It requires you to take the DC offline, normally for a time length that most of business can't tolerant, depending on how fast you can retore from backup.
With Windows 2003 AD, Microsoft provides another way to move tomestoned objects back to their original state, partially. Basically, you have to specify "Return Deleted Objects" in order to search deleted objects; and you then remove its isDeleted attribute and replace the DN with the location you want this object to be.
Side note: Controls are a mechanism, defined in the LDAP standard, used to extend the LDAP protocol to provide additional functionality beyond what is defined in standard LDAP while remaining compatible with other LDAP-compliant software. AD supports 22 controls, including "return Deleted Objects" control.
With Windows 2003 AD, Microsoft provides another way to move tomestoned objects back to their original state, partially. Basically, you have to specify "Return Deleted Objects" in order to search deleted objects; and you then remove its isDeleted attribute and replace the DN with the location you want this object to be.
Side note: Controls are a mechanism, defined in the LDAP standard, used to extend the LDAP protocol to provide additional functionality beyond what is defined in standard LDAP while remaining compatible with other LDAP-compliant software. AD supports 22 controls, including "return Deleted Objects" control.
Subscribe to:
Posts (Atom)