:strip_icc():strip_exif()/u/80031/crop5de22a11a1a45_cropped.jpeg?f=community)
Mensen,
Ik heb een nieuwe server geinstalled.
Vervolgens succesvol DC promo gedraait.
En ik krijg de volgende foutmeldingen in m'n eventvwr:
Netwerk verbinding is ook in orde.
Als ik via m'n AD users & computers wil connecten naar SERVER2, krijg ik de melding access denied.
In de KB van microsoft staat het volgende:
zie: http://support.microsoft....aspx?scid=kb;en-us;248410
Wat zou ik nu nog meer na kunnen kijken? microsoft zegt er verder niet veel van.
Ik heb een nieuwe server geinstalled.
Vervolgens succesvol DC promo gedraait.
En ik krijg de volgende foutmeldingen in m'n eventvwr:
DNS is volledige functioneel, en ik kan alle FQDN's pingenEvent Type: Error
Event Source: SAM
Event Category: None
Event ID: 16650
Date: 6/23/2003
Time: 9:02:02 AM
User: N/A
Computer: SERVER2
Description:
The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 will retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.
Data:
0000: a7 02 00 c0 §..À
Netwerk verbinding is ook in orde.
Als ik via m'n AD users & computers wil connecten naar SERVER2, krijg ik de melding access denied.
In de KB van microsoft staat het volgende:
zie: http://support.microsoft....aspx?scid=kb;en-us;248410
dus precies de foutmelding die ik heb, maar laten we ff verder kijkenError Message: The Account-Identifier Allocator Failed to Initialize Properly
The information in this article applies to:
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
This article was previously published under Q248410
SYMPTOMSYou may receive the following event approximately every two minutes in the NTDS event log:
Event 16650
MessageId=0x410A
SymbolicName=SAMMSG_RID_INIT_FAILURE
Language=English
The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 may retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.
netwerk + dns werken 300% dus dat is waarschijnlijk niet het probleem.CAUSEThis behavior can occur because the RID Master FSMO is unavailable or fails to replicate. The Domain Controller cannot obtain and initialize the RID pool.
This behavior can also occur when the User Right "Access this computer from the network" has not been given to the appropriate groups such as "Enterprise Domain Controllers" or "Authenticated Users".
RESOLUTIONTo troubleshoot this behavior, examine the NTDS event log for further detail about the replication failure.
Determine the RID Master FSMO by following the steps in the following Microsoft Knowledge Base article:
234790 How to Find FSMO Role Holders (Servers).
Verify network connectivity by using the ping command. For additional information about how to use the PING command, click the article numbers below to view the articles in the Microsoft Knowledge Base:
169790 How to Troubleshoot Basic TCP/IP Problems in Windows NT 4.0
200525 Using NSlookup.exe
Rid master is niet down, dus ook geen probleem.If the RID Master is down for an extended period of time, follow the steps in the following Microsoft Knowledge Base article:
223787 Flexible Single Master Operation Transfer and Seizure Process
dit heb ik dus allemaal gedaan, maar NOG om de 2 minuten die SAM foutmelding..
To add either the "Enterprise Domain Controllers" or "Authenticated Users" group to the right "access this computer from the network", perform the following steps in Domain Controller Security Policy:
Open this policy by clicking Start, then programs, then Administrative Tools, and then Domain Controller Security Policy.Expand the Security Settings to Local Policies, and then to User Rights Assignment.Double click the right "access this computer from the network" and Add either the Everyone or Authenticated Users to this right.
If there are multiple Win2k Domain Controllers, then from a command prompt also run the following command to refresh this change on their policies as well. Run the command without "" marks.
"secedit /refreshpolicy machine_policy /enforce"
Wat zou ik nu nog meer na kunnen kijken? microsoft zegt er verder niet veel van.
/u/9273/crop576bd2537abe7_cropped.png?f=community)
:strip_exif()/u/12572/4-3hoek-r-b-g-g.gif?f=community)
