Windows Server 2003
1820879 Members
4986 Online
109628 Solutions
New Discussion юеВ

Access denied for Windows 2003 domain tree setup

 
Ying Li_1
Occasional Contributor

Access denied for Windows 2003 domain tree setup

I need to setup a Windows 2003 Domain forest for testing. The setup of the first domain controller of Windows 2003 with DNS server is OK via "Configure Your Server". When setting up the second domain controller as a child DC, or a separate DC for an existing Win2003 domain forest(the first DC), I ran into a problem with "Access denied" with "Anonymous Logon"(Event ID 1168). The message looks like:

The operation failed because: Active Directory could not replicate the directory partition CN=Schema,CN=Configuration,DC=cifsforest,DC=com from the remote domain controller hpcif16.cifsforest.com. "Access is denied."

source: NTDS General
Event ID 1168
User: NT AUTHORITY\ANONYMOUS LOGON
Internal error: An Active Directory error has occurred.
Computer: hpcif16


Additional Data
Error value (decimal):
-1073741790
Error value (hex):
c0000022
Internal ID:
3000e54

Actually, Administrator and its password for root domain in the forest is required for the setup. I can make sure my input correct. But I couldn't get successful for setup the second domain controller as a child domain or a separate domain.

I couldn't figure out what reason causes the issue and how to fix it. From the error message, it looks replication of Active Directory from root domain to current domain needs anonymous connection. I'm not sure if I need to change default domain policy on the first DC, or need to do something before setup the second domain controller.

Any hints or helps would be appreciated.
thanks
-Ying
6 REPLIES 6
Igor Karasik
Honored Contributor

Re: Access denied for Windows 2003 domain tree setup

Ying Li_1
Occasional Contributor

Re: Access denied for Windows 2003 domain tree setup

Hi Lgor,

I never saw the site. I've seen a bunch of links related to event ID 1168. When I click a link of them, it needs EventID.net subscribers registry for more information. So I coulnd't seen any details.

Thanks.
-Ying
Igor Karasik
Honored Contributor

Re: Access denied for Windows 2003 domain tree setup

Ying,
subscription only give you
"direct hyperlinks to the Q articles mentioned in the event comments as well as hyperlinks for automatic search for that event at Microsoft and Google Newsgroups."
http://www.eventid.net/subscription.asp
But you always can open Microsoft KB as
http://support.microsoft.com/?id=
For example, if you see:
"Error: 8352(20a0) - See M826892"
Open http://support.microsoft.com/?id=826892
for see Microsoft KB article
Ying Li_1
Occasional Contributor

Re: Access denied for Windows 2003 domain tree setup

Thank you very much for more information.

After i read the MS document
https://www118.livemeeting.com/cc/wwe_us/viewFormatWMM?ticketID=xqthnzrl8jkmclnh. I recognized that the separate domain tree or child domain should be join to the first domain for the forest vi my computer/Computer name/Change for domain to the first domain before running dcpromo. After that, the issue has been resolved.
:)

thanks
Roger Faucher
Honored Contributor

Re: Access denied for Windows 2003 domain tree setup

Ying Li:

Since you're a newcomer to these forums, I'd like to suggest that the read the link naled "How to earn points" in the blue sidebar on the left side of the main forums page.

http://forums1.itrc.hp.com/service/forums/helptips.do?#28

Make a great day!

Roger
Make a great day!

Roger
Jamison roderick
New Member

Re: Access denied for Windows 2003 domain tree setup

I have the same event error:
Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1168
Date: 9/12/2006
Time: 8:54:26 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: NYJOB06
Description:
Internal error: An Active Directory error has occurred.

Additional Data
Error value (decimal):
-1073741823
Error value (hex):
c0000001
Internal ID:
3000e54

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I am building out a site in NY. Our corp in in Cali. I want to add NYJOB06 subnet as 10.0.2.x. On NYJOB06 box I give it a static IP as 10.0.2.104. In primary DNS I have 10.0.2.104 and DNS2 as my DC in Cali as 10.0.0.32. I want to make NYJOB06 as a DC to the child domain to our corp DC in Cali CALJOB32.

I have been spending a few days going thru most of MS kB and kbs on Google, but still not able to fix this issue.

Did all the diagnostics, dcdiag, etc..
Thanks in advance for the help because I am at a lost as what to do next.

Jamison