How to repair multiple KDC an Netlogon errors

i have had similar problems. it seems to be related to logging in to a different server with a different password. for instance, i had a user password for one share and a different one for another - both with the same login id. after i attached both of the shares, it would forever mess up logging into one of them. even after i no longer used one of them, the remaining one always prompted me to login. the solution that seemed to fix it for me was:

1. removed all network mapped drives
2. i remapped everything on the command line: net use z: \myserver\theshare /persistent:yes

after doing that, the drive map worked fine. windows seems to be saving authentication for old shares and gets confused.

-don

I've been installing Active Directory on W2K and W2K3 for years without any of the gyrations you're talking about.

Item 1 - That's an event ID 1005 from source DSrestor (per http://www.eventid.net/display.asp?eventid=1005&eventno=4658&source=dsrestor&phase=1). I've got a W2K3 R2 test box in my lab, installed from a slipstreamed W2K3 SP2 VL media and DCPROMO'd immediately after install. I have the full events log back to the OS load and this event isn't in any of them. I also checked out the archived event logs from the first W2K3 domain controller (installed with RTM W2K3 media in 2004) at a Customer site and I don't find this error anywhere. I don't know exactly what you're doing to make this error occur, but I've never seen it anywhere.

Item 2 - Microsoft has never fixed this. I tend to just ignore it. My various event log notification applications have been configured to ignore it, too. Yeah, you can resolve it if you want to. It doesn't bother me.

Item 3 - This isn't an error at all! This is telling you to do something. Configure a time source external to the domain. It's a one command-line procedure, if you don't mind using public NTP servers: "NET TIME /setsntp:pool.ntp.org" (specify any NTP server you want). I have no idea why the article you refer to makes such a big deal about it. You need an external-to-the-forest time source. (BTW: This only happens on the PDC emulator FSMO role-holder in the forest root domain. All subsequent DCPROMOs of all other DCs in the forest won't generate this message...)

You mention an "Item 4" that's a "DNS error", but you're really talking about event ID 1555, source "NTDS replication" I think. This isn't an error either. This article describes how the feature works and it's actually in the product for a utility purpose. If the initial synchronization isn't happening on your FSMO role-holder DC(s) you should really fix the replication problem instead of just squelching the error message. I can understand doing this in a test environment or in a DR dry-run, but in real life you should be fixing initial synchronization issues with your FSMO role-holders.

In summary: I don't know what you're doing to make item 1 happen. I can't tell you why Microsoft hasn't fixed item 2 but I don't care about it. Item 3 isn't an issue. Item 4 is an issue insofar as it's telling you that you need to fix broken initial synchronization.