Its a no go still. The box still hangs while shutting down. FWIW, I ran dcdiag and following is the output. I have changed the dns name to hide it in public. This could probably help identify the problem. I appreciate your help.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = my142
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\my22
Starting test: Connectivity
......................... my22 passed test Connectivity
Testing server: Default-First-Site\my142
Starting test: Connectivity
......................... my142 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\my22
Starting test: Advertising
......................... my22 passed test Advertising
Starting test: FrsEvent
......................... my22 passed test FrsEvent
Starting test: DFSREvent
......................... my22 passed test DFSREvent
Starting test: SysVolCheck
......................... my22 passed test SysVolCheck
Starting test: KccEvent
......................... my22 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... my22 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... my22 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4
......................... my22 failed test NCSecDesc
Starting test: NetLogons
......................... my22 passed test NetLogons
Starting test: ObjectsReplicated
......................... my22 passed test ObjectsReplicated
Starting test: Replications
......................... my22 passed test Replications
Starting test: RidManager
......................... my22 passed test RidManager
Starting test: Services
Invalid service type: RpcSs on my22, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
......................... my22 failed test Services
Starting test: SystemLog
......................... my22 passed test SystemLog
Starting test: VerifyReferences
......................... my22 passed test VerifyReferences
Testing server: Default-First-Site\my142
Starting test: Advertising
......................... my142 passed test Advertising
Starting test: FrsEvent
......................... my142 passed test FrsEvent
Starting test: DFSREvent
......................... my142 passed test DFSREvent
Starting test: SysVolCheck
......................... my142 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 05/09/2011 13:41:22
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
......................... my142 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... my142 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... my142 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=dom1,DC=dom2,DC=dom3,DC=dom4
......................... my142 failed test NCSecDesc
Starting test: NetLogons
......................... my142 passed test NetLogons
Starting test: ObjectsReplicated
......................... my142 passed test ObjectsReplicated
Starting test: Replications
......................... my142 passed test Replications
Starting test: RidManager
......................... my142 passed test RidManager
Starting test: Services
......................... my142 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00000029
Time Generated: 05/09/2011 13:40:56
Event String:
The system has rebooted without cledom3y shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
A warning event occurred. EventID: 0x8000001D
Time Generated: 05/09/2011 13:41:20
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x000003F6
Time Generated: 05/09/2011 13:41:30
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.dom1.dom2.dom3.dom4 timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0x0000168E
Time Generated: 05/09/2011 13:41:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Default-First-Site._sites.dom1.dom2.dom3.dom4. 600 IN SRV 0 100 389 my142.dom1.dom2.dom3.dom4.' failed on the following DNS server:
A warning event occurred. EventID: 0x0000000C
Time Generated: 05/09/2011 13:42:01
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x000003F6
Time Generated: 05/09/2011 13:42:38
Event String:
Name resolution for the name 2.0.0.2.ip6.arpa timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000727AA
Time Generated: 05/09/2011 13:44:01
Event String:
The WinRM service failed to create the following SPNs: WSMAN/my142.dom1.dom2.dom3.dom4; WSMAN/my142.
......................... my142 failed test SystemLog
Starting test: VerifyReferences
......................... my142 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : dom1
Starting test: CheckSDRefDom
......................... dom1 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... dom1 passed test CrossRefValidation
Running enterprise tests on : dom1.dom2.dom3.dom4
Starting test: LocatorCheck
......................... dom1.dom2.dom3.dom4 passed test LocatorCheck
Starting test: Intersite
......................... dom1.dom2.dom3.dom4 passed test Intersite
